S⚠️ ◾ Automated Package Update#822
Conversation
This script updates NuGet package versions in the Directory.Packages.props file by querying the latest available versions and updating the Version attributes accordingly, while respecting the PreserveMajor attribute and pre-release version detection.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Changed the trigger for package updates to a scheduled cron job.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Initial plan * Gate PR creation on changes detection flag Co-authored-by: neilr81 <49037171+neilr81@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: neilr81 <49037171+neilr81@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Removed GitHub CLI installation step from workflow.
Removed the 'powershell' label from the automated package update PR.
PR Metrics✔ Thanks for keeping your pull request small.
Metrics computed by PR Metrics. Add it to your Azure DevOps and GitHub PRs! |
github-actions
Bot
changed the title
There was a problem hiding this comment.
Pull request overview
Adds GitHub Actions automation to keep centrally-managed NuGet package versions up to date, plus updates MSTest package versions as part of the automated run.
Changes:
- Updates MSTest package versions in
Directory.Packages.props. - Adds a scheduled GitHub Actions workflow to run an update script and open a PR.
- Introduces a PowerShell script to query latest package versions and update
Directory.Packages.propsforAutoUpdategroups.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| Directory.Packages.props | Updates MSTest versions (and includes formatting/encoding churn from automated save). |
| .github/workflows/package-update.yml | Adds scheduled automation to run the updater script and open a PR. |
| .github/scripts/Update-NuGetPackageVersions.ps1 | Implements the package-version update logic using dotnet package search and XML editing. |
| $searchCmd = "dotnet package search `"$PackageId`" --exact-match --format json $prereleaseFlag $configSourceFlag" | ||
|
|
||
| if ($EnableVerboseLogging) { | ||
| Write-Host " [VERBOSE] Executing: $searchCmd" | ||
| } |
There was a problem hiding this comment.
Avoid Invoke-Expression for running dotnet; it makes command construction brittle and can enable injection if the package id ever contains unexpected characters. Prefer invoking dotnet directly with an argument array (e.g., & dotnet package search ...) and capture stdout/stderr explicitly.
| if ($firstVersionObject.Version -eq $secondVersionObject.Version) { | ||
| if (-not $firstVersionObject.Suffix) { return $First } | ||
| if (-not $secondVersionObject.Suffix) { return $Second } | ||
| if ($firstVersionObject.Suffix -lt $secondVersionObject.Suffix) { return $Second } | ||
| return $First |
There was a problem hiding this comment.
Pre-release comparison uses lexicographic string ordering for the suffix (e.g., -rc.2 may compare greater than -rc.10), which can select the wrong “latest” version when base versions match. Consider parsing NuGet versions with System.Management.Automation.SemanticVersion (PowerShell 7) or NuGet.Versioning to compare prerelease identifiers numerically/semver-correctly.
| if ($updateCount -gt 0) { | ||
| Write-Host "##[section]Saving $updateCount package updates to $propsFile" | ||
| $xml.Save($propsFile) | ||
| Write-Host "Successfully updated $updateCount packages" |
There was a problem hiding this comment.
Saving via XmlDocument.Save() appears to normalize formatting/encoding (e.g., BOM + self-closing tag spacing), producing large diffs unrelated to version changes. Consider updating only the Version attribute text in-place or saving with preserved encoding/formatting to minimize churn in automated PRs.
| Write-Host ("Searching for package: {0} {1}" -f $PackageId, ($MajorVersion ? ('(major version {0}.*)' -f $MajorVersion) : '')) | ||
|
|
||
| $output = Invoke-Expression $searchCmd 2>&1 | Out-String | ||
|
|
There was a problem hiding this comment.
dotnet package search --format json is parsed with ConvertFrom-Json, but the command output is captured with 2>&1, which can mix non-JSON stderr (warnings/progress) into stdout and break JSON parsing even when the command succeeds. Consider capturing stdout only for JSON parsing and handling stderr separately.
| on: | ||
| schedule: | ||
| - cron: "0 6 * * 1" | ||
| pull_request: | ||
| branches: [ "main" ] |
There was a problem hiding this comment.
The workflow is configured to run on every pull_request targeting main, which can cause unnecessary runs (and potentially extra automated PRs) whenever any PR is opened/updated. Consider removing the pull_request trigger and using workflow_dispatch (manual) alongside schedule so updates are only generated intentionally.
| # Prefer NuGet-GitHub.Config (used on GitHub runners) when present, otherwise fall back to NuGet.config | ||
| $nugetGithubConfigPath = Join-Path $SourcesDirectory "NuGet-GitHub.Config" | ||
| $nugetConfigPath = Join-Path $SourcesDirectory "NuGet.config" | ||
| $configSourceFlag = "" | ||
| if (Test-Path $nugetGithubConfigPath) { |
There was a problem hiding this comment.
The script falls back to NuGet.config, but the repo config file is NuGet.Config (case-sensitive on non-Windows). Use the correct filename (or probe both casings) so local/Linux runs and container builds reliably pick up the intended feeds.
This PR was created automatically by the workflow run 21805918907.