dependabot · deivid-rodriguez · Nov 27, 2023 · Apr 20, 2023 · Apr 20, 2023 · Nov 10, 2023
@@ -4,4 +4,10 @@ tar xzvf ./*.tar.gz >/dev/null 2>&1
 sudo mv dependabot /usr/local/bin
 rm ./*.tar.gz
 
+# The image comes loaded with 8.0 preview SDK, but we need a stable 7.0 runtime for running tests
+sudo wget https://dot.net/v1/dotnet-install.sh
+sudo chmod +x dotnet-install.sh
+sudo ./dotnet-install.sh -c 7.0 --runtime dotnet --install-dir /usr/local/dotnet/current
+sudo rm ./dotnet-install.sh
+
 echo "export LOCAL_GITHUB_ACCESS_TOKEN=$GITHUB_TOKEN" >> ~/.bashrc
@@ -49,6 +49,7 @@ jobs:
           - { path: npm_and_yarn, name: yarn-berry, ecosystem: npm }
           - { path: npm_and_yarn, name: yarn-berry-workspaces, ecosystem: npm }
           - { path: nuget, name: nuget, ecosystem: nuget }
+          - { path: nuget, name: nuget-resolvability, ecosystem: nuget }
           - { path: pub, name: pub, ecosystem: pub }
           - { path: python, name: pip, ecosystem: pip }
           - { path: python, name: pipenv, ecosystem: pip }
@@ -198,6 +199,12 @@ jobs:
               - 'common/**'
               - 'updater/**'
               - 'nuget/**'
+            'nuget-resolvability':
+              - .github/workflows/smoke.yml
+              - .dockerignore
+              - Dockerfile.updater-core
+              - 'common/**'
+              - 'updater/**'
             pip:
               - .github/workflows/smoke.yml
               - .dockerignore

@@ -0,0 +1,3 @@
+[submodule "nuget/helpers/lib/NuGet.Client"]
+	path = nuget/helpers/lib/NuGet.Client
+	url = https://github.com/NuGet/NuGet.Client
@@ -4,5 +4,6 @@
   },
   "jest.pathToJest": "${workspaceFolder}/npm_and_yarn/helpers/node_modules/.bin/jest",
   "jest.pathToConfig": "${workspaceFolder}/npm_and_yarn/helpers/jest.config.js",
-  "sorbet.enabled": true
+  "sorbet.enabled": true,
+  "dotnet.defaultSolution": "nuget/helpers/lib/NuGetUpdater/NuGetUpdater.sln"
 }
@@ -524,9 +524,6 @@ the following:
   company's offering then we DO NOT give you permission to use Dependabot-Core
   to do so.
 
-All contributions to Dependabot Core implicitly transfer the IP of that contribution to
-GitHub, Inc. where it will be licensed the same way as above.
-
 ## History
 
 Dependabot and Dependabot-Core started life as [Bump](https://github.com/gocardless/bump) and

@@ -207,6 +207,7 @@ docker run --rm -ti \
   -v "$(pwd)/nuget/.rubocop.yml:$CODE_DIR/nuget/.rubocop.yml" \
   -v "$(pwd)/nuget/Gemfile:$CODE_DIR/nuget/Gemfile" \
   -v "$(pwd)/nuget/dependabot-nuget.gemspec:$CODE_DIR/nuget/dependabot-nuget.gemspec" \
+  -v "$(pwd)/nuget/helpers:$CODE_DIR/nuget/helpers" \
   -v "$(pwd)/nuget/lib:$CODE_DIR/nuget/lib" \
   -v "$(pwd)/nuget/script:$CODE_DIR/nuget/script" \
   -v "$(pwd)/nuget/spec:$CODE_DIR/nuget/spec" \

@@ -1,6 +1,36 @@
 FROM ghcr.io/dependabot/dependabot-updater-core
 
+USER root
+
+ENV DEPENDABOT_NATIVE_HELPERS_PATH="/opt"
+
+# Install .NET SDK dependencies
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+  libicu-dev=70.1-2 \
+  && rm -rf /var/lib/apt/lists/*
+
+# Install .NET SDK
+ARG DOTNET_SDK_VERSION=7.0.305
+ARG DOTNET_SDK_INSTALL_URL=https://dot.net/v1/dotnet-install.sh
+ENV DOTNET_INSTALL_DIR=/usr/local/dotnet/current
+ENV DOTNET_NOLOGO=true
+ENV DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true
+ENV NUGET_SCRATCH=/opt/nuget/helpers/tmp
+
+RUN cd /tmp \
+  && curl --location --output dotnet-install.sh "${DOTNET_SDK_INSTALL_URL}" \
+  && chmod +x dotnet-install.sh \
+  && mkdir -p "${DOTNET_INSTALL_DIR}" \
+  && ./dotnet-install.sh --version "${DOTNET_SDK_VERSION}" --install-dir "${DOTNET_INSTALL_DIR}" \
+  && rm dotnet-install.sh
+
+ENV PATH="${PATH}:${DOTNET_INSTALL_DIR}"
+RUN dotnet --list-sdks
+
 USER dependabot
+COPY --chown=dependabot:dependabot nuget/helpers /opt/nuget/helpers
+RUN bash /opt/nuget/helpers/build
 
 COPY --chown=dependabot:dependabot nuget $DEPENDABOT_HOME/nuget
 COPY --chown=dependabot:dependabot common $DEPENDABOT_HOME/common

@@ -27,6 +27,7 @@ Gem::Specification.new do |spec|
   spec.files        = Dir["lib/**/*"]
 
   spec.add_dependency "dependabot-common", Dependabot::VERSION
+  spec.add_dependency "rubyzip", ">= 2.3.2", "< 3.0"
 
   common_gemspec.development_dependencies.each do |dep|
     spec.add_development_dependency dep.name, *dep.requirement.as_list

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
+  exit 1
+fi
+
+helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+
+if [ ! -f "$helpers_dir/lib/NuGet.Client/NuGet.sln" ]; then
+  echo "NuGet.sln not found; please run 'git submodule update --init --recursive' and try again"
+  exit 1
+fi
+
+install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/nuget"
+mkdir -p "$install_dir"
+
+cp -r \
+  "$helpers_dir/lib" \
+  "$install_dir"
+
+os="$(uname -s | tr '[:upper:]' '[:lower:]')"
+arch=$(dpkg --print-architecture)
+if [ "$arch" = "amd64" ]; then
+  arch="x64"
+fi
+
+echo "building NuGetUpdater tool"
+cd "$install_dir/lib/NuGetUpdater/NuGetUpdater.Cli"
+dotnet publish \
+    --configuration Release \
+    --output "$install_dir/NuGetUpdater" \
+    --framework net7.0 \
+    --runtime "$os-$arch"
+dotnet clean
+
+echo "verifying NuGetUpdater tool"
+"$install_dir/NuGetUpdater/NuGetUpdater.Cli" --version