Question posted in 
I currently have an existing yml in a specific folder for CI build. Every time a PR (change) is checked in, we will trigger the CI build.
Now, how do I add or combine the yml for dependabot, considering that in the dependabot we have trigger set to none versus in the CI, we have trigger set to a specific branch ? Ideally, we only want to run the dependabot scan only one time a week. Is it achievable with the v2 dependabot ? Thank you.
azure-pipelines.yml
# ASP.NET Core
# Build and test ASP.NET Core projects targeting .NET Core.
# Add steps that run tests, create a NuGet package, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/dotnet-core
---
variables:
- name: buildConfiguration
value: Release
- name: agentPool
"${{ if or(eq(variables['Build.SourceBranchName'], 'dev'), eq(variables['Build.SourceBranchName'], 'main'), eq(variables['Build.SourceBranchName'], 'dev-ttcdbtst')) }}":
value: "TTC Servers"
"${{ else }}":
value: Azure Pipelines
- name: rootPath
value: "./../../../"
- name: projectPath
value: "./../"
- name: unitTestPath
value: "./../../Api.Test"
- name: workingDirectory
value: "src/Api/Build"
trigger:
- main
- dev
- feature/*
jobs:
- job: null
displayName: Build and Publish Artifacts
pool:
name: $(agentPool)
vmImage: ubuntu-latest
steps:
- checkout: self
fetchDepth: 0
- task: UseDotNet@2
displayName: 'Install .NET 8 SDK'
inputs:
packageType: 'sdk'
version: '8.x'
- task: Bash@3
displayName: 'Check what account is running'
inputs:
targetType: 'inline'
script: 'whoami'
workingDirectory: $(workingDirectory)
- task: Bash@3
displayName: 'Install Cake.Tool'
inputs:
targetType: 'inline'
script: 'dotnet tool install --global Cake.Tool | echo "Already installed"'
workingDirectory: $(workingDirectory)
- task: Bash@3
displayName: 'Execute dotnet cake command'
inputs:
targetType: 'inline'
script: 'dotnet cake --rootPath=$(rootPath) --projectPath=$(projectPath) --unitTestPath=$(unitTestPath)'
workingDirectory: $(workingDirectory)
- task: PublishBuildArtifacts@1
displayName: 'Publish Build Artifacts'
inputs:
PathtoPublish: 'artifacts'
ArtifactName: 'Artifact'
publishLocation: 'Container'
dependabot-pipelines.yml
#inputs options: https://github.com/tinglesoftware/dependabot-azure-devops/blob/main/extension/README.md
trigger: none
stages:
- stage: CheckDependencies
displayName: Check Dependencies
jobs:
- job: Dependabot
displayName: Run Dependabot
pool:
vmImage: ubuntu-latest
steps:
- task: dependabot@2
displayName: Run Dependabot
inputs:
setAutoComplete: true
dependabot.yml
version: 2
updates:
- package-ecosystem: 'nuget'
directory: '/'
target-branch: 'dev'
open-pull-requests-limit: 15
ignore:
- dependency-name: 'Microsoft.Extensions.Caching.SqlServer'
registries:
- azure_artifacts
schedule:
interval: weekly
# Check for npm updates on every Sundays
day: "sunday"
time: "09:00"
timezone: "America/Los_Angeles"
# Labels on pull requests for security and version updates
labels:
- "npm dependencies"
registries:
azure_artifacts:
type: "nuget-feed"
url: "https://xxx.pkgs.visualstudio.com/0497dd12-e7ca-49f7-999e-7f22d25e38c8/_packaging/TTCWebFeed/nuget/v3/index.json"
token: "PAT:<PAT>"
2
Answers
Thanks @Alvin for pointing me to the right direction. However, the scheduler in his yml file is somehow not recognized by Azure, even though the file is validated with no issue. I had to modify it a bit, not sure what is wrong.
Here is my modified yml:
You may create a new pipeline referencing the
dependabot-pipelines.ymldefinition that uses the Scheduled triggers. Make sure thedependabot-pipelines.ymldefinition file exists in the expected branch.Here is a sample YAML pipeline with weekly trigger upon new source code changes in
devbranch, since the last successful scheduled run.