S⚠️ ◾ Automated Package Update#823
Conversation
This script updates NuGet package versions in the Directory.Packages.props file by querying the latest available versions and updating the Version attributes accordingly, while respecting the PreserveMajor attribute and pre-release version detection.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Changed the trigger for package updates to a scheduled cron job.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Initial plan * Gate PR creation on changes detection flag Co-authored-by: neilr81 <49037171+neilr81@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: neilr81 <49037171+neilr81@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Removed GitHub CLI installation step from workflow.
Removed the 'powershell' label from the automated package update PR.
PR Metrics✔ Thanks for keeping your pull request small.
Metrics computed by PR Metrics. Add it to your Azure DevOps and GitHub PRs! |
github-actions
Bot
changed the title
There was a problem hiding this comment.
Pull request overview
Adds GitHub-based automation to update centrally-managed NuGet package versions and open a PR with the changes.
Changes:
- Bumps MSTest package versions in
Directory.Packages.props(and normalizes XML formatting as a side effect of the updater). - Adds a GitHub Actions workflow to run a package-update script and open a PR.
- Adds a PowerShell script to search for latest NuGet versions and update
Directory.Packages.propsforItemGroups labeledAutoUpdate.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| Directory.Packages.props | Updates MSTest versions and applies formatter-normalized XML output from the updater. |
| .github/workflows/package-update.yml | New scheduled workflow intended to run the updater and auto-create a PR. |
| .github/scripts/Update-NuGetPackageVersions.ps1 | New updater script to locate and apply latest package versions in central package management file. |
| # Prefer NuGet-GitHub.Config (used on GitHub runners) when present, otherwise fall back to NuGet.config | ||
| $nugetGithubConfigPath = Join-Path $SourcesDirectory "NuGet-GitHub.Config" | ||
| $nugetConfigPath = Join-Path $SourcesDirectory "NuGet.config" | ||
| $configSourceFlag = "" |
There was a problem hiding this comment.
The script falls back to NuGet.config, but the repo root file is named NuGet.Config (capital C). On case-sensitive file systems this fallback will never be found, which can break package lookups when NuGet-GitHub.Config isn’t present. Update the fallback filename and related log/warning text to use the correct casing.
| Write-Host ("Searching for package: {0} {1}" -f $PackageId, ($MajorVersion ? ('(major version {0}.*)' -f $MajorVersion) : '')) | ||
|
|
There was a problem hiding this comment.
This uses the PowerShell ternary operator (?:), which requires PowerShell 7+. If this script is intended to be usable in Windows PowerShell 5.1 (common in some Azure Pipelines tasks), it will fail to parse. Either add a #Requires -Version 7.0 (or equivalent) at the top, or rewrite this expression without the ternary operator.
| Write-Host ("Searching for package: {0} {1}" -f $PackageId, ($MajorVersion ? ('(major version {0}.*)' -f $MajorVersion) : '')) | |
| $majorVersionMessage = '' | |
| if ($MajorVersion) { | |
| $majorVersionMessage = '(major version {0}.*)' -f $MajorVersion | |
| } | |
| Write-Host ("Searching for package: {0} {1}" -f $PackageId, $majorVersionMessage) | |
| Write-Host ("Searching for package: {0} {1}" -f $PackageId, ($MajorVersion ? ('(major version {0}.*)' -f $MajorVersion) : '')) | ||
|
|
||
| $output = Invoke-Expression $searchCmd 2>&1 | Out-String | ||
|
|
There was a problem hiding this comment.
Building a command string and running it with Invoke-Expression makes the execution harder to reason about and can become an injection vector if the package id or other inputs ever contain unexpected characters. Prefer invoking dotnet directly with an argument array/call operator and passing --configfile as a normal argument (no string evaluation).
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
There was a problem hiding this comment.
This workflow both (1) triggers on pull_request to main and (2) creates/pushes a new branch and opens a PR. That combination can cause PR-recursion (the PR it creates will itself trigger the workflow) and also runs write-capable automation in a PR context. Remove the pull_request trigger and prefer schedule + workflow_dispatch (or otherwise add an explicit guard so it never runs on PR events / never runs on branches created by this workflow).
| pull_request: | |
| branches: [ "main" ] | |
| workflow_dispatch: |
This PR was created automatically by the workflow run 21805933224.