Skip to content

nuget: fix PR missing commits in message when using private registry#5002

Merged
jakecoffman merged 9 commits intomainfrom
jakecoffman/nuget-repo-from-private
Apr 19, 2022
Merged

nuget: fix PR missing commits in message when using private registry#5002
jakecoffman merged 9 commits intomainfrom
jakecoffman/nuget-repo-from-private

Conversation

@jakecoffman
Copy link
Copy Markdown
Member

@jakecoffman jakecoffman commented Apr 14, 2022
edited
Loading

Context

Dependabot PRs are missing the release notes and commits sections that we expect them to have when using a private NuGet registry like nuget.pkg.github.com.

This is because the GitHub NuGet registry doesn't support downloading .nuspec files currently, and this is the way we're finding the source repo of the project.

The .nuspec URL is part of the NuGet Server spec.

A solution

This PR adds a fallback to try to find the projectUrl or licenseUrl in the search data, which might contain the repo. The search URL is supported by GitHub Packages and the official NuGet server.

This will require users to enter a repo URL in the projectUrl, instead of the repositoryUrl field, since repositoryUrl isn't exposed in the search endpoint. The only way to get to that repositoryUrl seems to be in that .nuspec file.

Another possible solution is downloading the .nupkg and extracting the .nuspec, but I think that could have an effect on billing and that is probably undesirable. Also there's a risk the .nupkg is quite large since it contains binaries.

We could also ask GitHub Packages to implement that endpoint, this PR is meant as a stopgap or fallback when the nuspec is not available.

No tests yet: Wanted to get buy-in from the approach here.

@jakecoffman jakecoffman requested a review from a team as a code owner April 14, 2022 20:40
mctofu
mctofu reviewed Apr 14, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@mctofu mctofu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This approach makes sense to me! Thanks for the detailed explanation!

Agree that it's best to avoid downloading the .nupkg.

@jakecoffman
Copy link
Copy Markdown
Member Author

jakecoffman commented Apr 15, 2022

@dependabot/reviewers This is ready for review now.

brrygrdn
brrygrdn reviewed Apr 19, 2022
View reviewed changes
brrygrdn
brrygrdn approved these changes Apr 19, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@brrygrdn brrygrdn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻 I like this approach, :shipit:

@jakecoffman jakecoffman merged commit ae2a2a3 into main Apr 19, 2022
@jakecoffman jakecoffman deleted the jakecoffman/nuget-repo-from-private branch April 19, 2022 17:34
@brrygrdn brrygrdn mentioned this pull request Apr 25, 2022
Merged
@brrygrdn brrygrdn restored the jakecoffman/nuget-repo-from-private branch April 25, 2022 14:07
@brrygrdn brrygrdn deleted the jakecoffman/nuget-repo-from-private branch April 25, 2022 14:07
brrygrdn added a commit that referenced this pull request Apr 25, 2022
@brrygrdn
Revert "Merge pull request #5002 from dependabot/jakecoffman/nuget-re…
e798ef6 
…po-from-private"

This reverts commit ae2a2a3, reversing
changes made to 8851caa.
@brrygrdn brrygrdn mentioned this pull request Apr 25, 2022
Merged
brrygrdn added a commit that referenced this pull request Apr 25, 2022
@brrygrdn
Revert "Merge pull request #5002 from dependabot/jakecoffman/nuget-re…
4ed7b5b 
…po-from-private"

This reverts commit ae2a2a3, reversing
changes made to 8851caa.
@brrygrdn brrygrdn mentioned this pull request Apr 25, 2022
Closed
@jakecoffman jakecoffman mentioned this pull request Apr 29, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brrygrdn brrygrdn brrygrdn approved these changes

+1 more reviewer

@mctofu mctofu mctofu left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jakecoffman @mctofu @brrygrdn