gpt4 book ai didi

github - 如何将 Dependabot 与私有(private)包一起使用

转载 作者:行者123 更新时间:2023-12-03 23:02:12 26 4
gpt4 key购买 nike

我需要一些关于 的帮助依赖机器人 .我最近发现了这个惊人的包,但是我的一些存储库需要 的依赖项私有(private)包 ,由我创建并用于我的个人项目。 Dependabot 表示,对于任何使用私有(private)包的存储库,建议最好从它们的 进行配置。网站的仪表板 .
在我的 repo ,我已将 Dependabot 的配置移至 .github/dependabot.yml文件,来自之前位于的仪表板。在 见解 在 repo 的选项卡中,在 Dependact Graph 部分中,也抛出了关于找不到私有(private)包的错误。有没有人实现过类似的东西?我非常感谢您在这里的支持。

最佳答案

考虑到自 2020 年 12 月 2 日以来,现在有更多关于此的文档:

Dependabot: version updates from private GitHub repositories


Dependabot already updates your public dependencies, such as open source dependencies from a public GitHub repository, npm, Maven Central, or similar.

Now, you can also update dependencies from private GitHub repositories. This feature is available for most package managers supported by Dependabot version updates, except bundler, hex, and pip.

To get started, grant Dependabot access to some or all of your private repositories on your organization's security & analysis settings page:

https://github.com/organizations/YOUR-ORGANIZATION/settings/security_analysis.

Learn more about Dependabot version updates.



2021 年 3 月:

Dependabot private registry support public beta


Dependabot can now access dependencies from authenticated private registries, such as GitHub Packages, Azure Artifacts, and Artifactory. These private registries are similar to their public equivalents, but they require authentication and are only available to members of your team or company. With this release, Dependabot version updates can help keep inner source as up-to-date as open source.

To enable this feature, add a registries section to your dependabot.yml, reference your new registries in the relevant updates, and add any secrets to Dependabot's secret store.

This complements your ability to give Dependabot version updates access to private repositories, which is common for ecosystems like go modules and npm.



2021 年 12 月:

whenever this workflow runs on a PR that was issued by Dependabot - it fails as Dependabot PRs don't have the same secret access as other pull requests do.


(2021 年 11 月/2021 年 12 月)不应再出现这种情况:

GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets.

GitHub Actions workflows triggered by Dependabot will now be sent the Dependabot secrets.

This change will enable you to pull from private package registries in your CI using the same secrets you have configured for Dependabot to use and will improve how Actions and Dependabot work together.

Learn more about using Actions and Dependabot together.

关于github - 如何将 Dependabot 与私有(private)包一起使用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64926515/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com