Skip to content
/ Dependabot-for-Azure-DevOps-at-Scale Public
forked from n3wt0n/Dependabot-for-Azure-DevOps-at-Scale

This project allows you to run GitHub Dependabot against Azure DevOps repositories at scale, via Azure Pipelines and Azure Functions

0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maxTeste/Dependabot-for-Azure-DevOps-at-Scale

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.github/workflows
.github/workflows
 
 
DependabotOrchestrator
DependabotOrchestrator
 
 
assets
assets
 
 
docker
docker
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Dependabot for Azure DevOps at Scale

This project allows you to run GitHub Dependabot to scan Azure DevOps repositories, via Azure Pipelines, thanks to Azure Functions.

Current Status: Development In Progress

Component Status Notes
Orchestrator Trigger 100%
Main Orchestrator 90%
ACI Orchestrator 90%
ACI - Creation 100% Currently pulling only from public registry
ACI - Check Status 0%
ACI - Event Handler 80% Missing: should report differently between success and failure
ACI - Deletion 100%
In-container event handler 50%
Container Image - Test image 100%
Container Image - Production Image 95% Huge size
Deployment Scripts 0%

How it works

[Description TBC]

Main Flow

[Description TBC]

ACI Orchestrator Flow

Prerequisites

  • PAT on Azure DevOps
  • PAT on GitHub
  • Service Principal in Azure to create ACI
  • Resource Group in Azure

Container

To support the flow above, a modified version of the Dependabot Script container is used.

It takes the original, and add the components needed to check the execution of the job and report back to the orchestrator.

Main Flow

The container image is hosted in Docker Hub and it's called dependabot-azuredevops-atscale

If you want to test it out manually:

docker pull n3wt0n/dependabot-azuredevops-atscale

docker run --rm \
  --env "PROJECT_PATH=organization/project/_git/repo-name" \
  --env "DIRECTORY_PATH=folder/containing/dependencies" \
  --env "BRANCH=branch_to_scan" \
  --env "AZURE_ACCESS_TOKEN=XXX_PAT_XXX" \
  --env "PULL_REQUEST_ASSIGNEE=username" \
  --env "GITHUB_ACCESS_TOKEN=xxx_PAT_xxx" \
  --env "PACKAGE_MANAGER=bundler" \
  n3wt0n/dependabot-azuredevops-atscale

Environment Variables

Variable Name Default Notes
DIRECTORY_PATH / Directory where the base dependency files are.
PACKAGE_MANAGER bundler Valid values: bundler, cargo, composer, dep, docker, elm, go_modules, gradle, hex, maven, npm_and_yarn, nuget, pip (includes pipenv), submodules, terraform
PROJECT_PATH N/A (Required) Path to repository. Format <organization>/<project>/_git/<repo-name>.
BRANCH N/A (Optional) Branch to fetch manifest from and open pull requests against.
PULL_REQUESTS_ASSIGNEE N/A (Optional) User to assign to the created pull request.
AZURE_ACCESS_TOKEN N/A (Required) Personal Access Token (PAT) with access to Azure DevOps, with permissions to read the repo content and create pull requests
GITHUB_ACCESS_TOKEN N/A (Optional) Personal Access Token (PAT) used just for Authentication purposes *

* without this token, you may receive errors of request throttling or blocked requests when checking against dependencies hosted on GitHub.

About

This project allows you to run GitHub Dependabot against Azure DevOps repositories at scale, via Azure Pipelines and Azure Functions

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 96.2%
  • Batchfile 2.0%
  • Shell 1.8%