We use dependabot-azure-devops by tinglesoftare to track updates of our dependencies and create pull requests automatically.
The azure devops pipeline is rather straigh forward:
trigger:- masterpool: vmImage: ubuntu-lateststeps:- task: dependabot@1 displayName: 'Dependabot with default parameters'
And we have this dependabot.yml stored in .azuredevops\dependabot.yml
# To get started with Dependabot version updates, you'll need to specify which# package ecosystems to update and where the package manifests are located.# Please see the documentation for all configuration options:# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-fileversion: 2registries: {feedname}: type: nuget-feed url: https://pkgs.dev.azure.com/{confidential}/_packaging/{feedname}/nuget/v3/index.json token: PAT:${{ PatInternalFeed }}updates: - package-ecosystem: "nuget" directories: - "/" # Location of package manifests registries: - {feedname} schedule: interval: "weekly" time: "02:00" open-pull-requests-limit: 10 commit-message: prefix: "dependabot" prefix-development: "dependabot" include: "scope-and-version" separator: "-" groups: shared: patterns: - "*"
My understanding of the dependabot-groups documentation is that currently all updates should be grouped together, regardless of the semantic version. Unfortunately, this configuration leads to multiple pull requests for each patch-version dependency. Am I missing something, which needs to configured differently for dependabot on azure devops? Also the commit-message part of the configuration does not seem to have any effect on the created PRs.