S⚠️ ◾ Automated Package Update#817
Conversation
This script updates NuGet package versions in the Directory.Packages.props file by querying the latest available versions and updating the Version attributes accordingly, while respecting the PreserveMajor attribute and pre-release version detection.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Changed the trigger for package updates to a scheduled cron job.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Initial plan * Gate PR creation on changes detection flag Co-authored-by: neilr81 <49037171+neilr81@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: neilr81 <49037171+neilr81@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Removed GitHub CLI installation step from workflow.
Removed the 'powershell' label from the automated package update PR.
PR Metrics✔ Thanks for keeping your pull request small.
Metrics computed by PR Metrics. Add it to your Azure DevOps and GitHub PRs! |
github-actions
Bot
changed the title
There was a problem hiding this comment.
Pull request overview
Adds GitHub-native automation to update centrally-managed NuGet package versions and open an “Automated Package Update” PR, along with a small MSTest version bump in central package management.
Changes:
- Bump MSTest packages in
Directory.Packages.props(and normalize XML formatting as a side effect). - Add a scheduled GitHub Actions workflow to run the update script, commit changes, and open a PR.
- Add a PowerShell script to query latest package versions and update
Directory.Packages.propsforItemGroups labeledAutoUpdate.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Directory.Packages.props | Updates MSTest versions and applies XML formatting changes produced by the updater. |
| .github/workflows/package-update.yml | Introduces a scheduled (and currently PR-triggered) workflow to run the update script and open a PR. |
| .github/scripts/Update-NuGetPackageVersions.ps1 | Adds the implementation that searches package feeds and rewrites versions in Directory.Packages.props. |
| on: | ||
| schedule: | ||
| - cron: "0 6 * * 1" | ||
| pull_request: | ||
| branches: [ "main" ] |
There was a problem hiding this comment.
The workflow runs on pull_request but the job unconditionally creates a new branch, pushes, and opens a PR. That means any PR targeting main (including the automation PR itself) will attempt to create another PR, which can lead to PR spam/loops and unexpected pushes from PR validation runs. Consider removing the pull_request trigger or gating the commit/PR steps with if: github.event_name == 'schedule' (or moving PR-creation into a separate scheduled-only job).
| - name: Open PR with gh | ||
| if: steps.commit.outputs.has-changes == 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.CREATE_PULLREQUEST }} |
There was a problem hiding this comment.
This uses a custom secret (secrets.CREATE_PULLREQUEST) as GH_TOKEN. If that secret isn't configured, the workflow will fail; and it’s unnecessary here because the workflow already grants contents: write and pull-requests: write, so the built-in secrets.GITHUB_TOKEN (or ${{ github.token }}) should be sufficient for gh pr create in most cases.
| # Prefer NuGet-GitHub.Config (used on GitHub runners) when present, otherwise fall back to NuGet.config | ||
| $nugetGithubConfigPath = Join-Path $SourcesDirectory "NuGet-GitHub.Config" | ||
| $nugetConfigPath = Join-Path $SourcesDirectory "NuGet.config" | ||
| $configSourceFlag = "" | ||
| if (Test-Path $nugetGithubConfigPath) { | ||
| $configSourceFlag = "--configfile `"$nugetGithubConfigPath`"" | ||
| if ($EnableVerboseLogging) { | ||
| Write-Host " [VERBOSE] Using NuGet-GitHub.Config from: $nugetGithubConfigPath" | ||
| } | ||
| } | ||
| elseif (Test-Path $nugetConfigPath) { | ||
| $configSourceFlag = "--configfile `"$nugetConfigPath`"" | ||
| if ($EnableVerboseLogging) { | ||
| Write-Host " [VERBOSE] Using NuGet.config from: $nugetConfigPath" | ||
| } | ||
| } | ||
| else { | ||
| Write-Warning "NuGet-GitHub.Config or NuGet.config not found at: $SourcesDirectory - search may not find required feeds" | ||
| } |
There was a problem hiding this comment.
The repo contains NuGet.Config (capital C), but the script falls back to NuGet.config. On case-sensitive filesystems this won’t be found, causing package searches to run without the intended feeds. Update the fallback path/message to use the correct filename casing (NuGet.Config).
This PR was created automatically by the workflow run 21805864536.