dependabot-script
dependabot-script copied to clipboard
dependabot
Private Repo for maven
Hi, I've alreadt checked that the issue of using private maven repository is solved as stated in:
- https://github.com/dependabot/dependabot-core/issues/505
- https://github.com/dependabot/dependabot-core/issues/503
Since I'm in a situation where all java artifacts are proxied by a nexus private installation, how can I setup the reference to my nexus? I know i could set the repo in my pom, but I rather prefer to set them in settings and then profile and i'm not sure dependabot will resolve them.
I was wondering if it could be solved adding an item to credential array in generic-update-script.rb
Thanks.
Hey @anonymez, I'm by no way familiar with dependabot, but we are trying to get a private repo to work too. I'd definitely give it a shot just adding the credentials there. The credential array is used throught the whole process so that should do the job.
Hey @yeikel, sorry for the late reply. I digged into the code and figured how to do it, but I sadly can't really remember, also I don'ht have access to the project anymore.
I remember it is something to put into the rails config which is then used by dependabot-core .. But that is for the self hosted version. If you look for the github version there are config options in the web UI where you can set it.
If you are using dependabot with gitlab I can suggest you to use https://gitlab.com/dependabot-gitlab/dependabot. Under https://gitlab.com/dependabot-gitlab/dependabot/-/blob/master/doc/environment.md#private-registry-credentials it is explained how to use private repositories.
If you need more information please detail your use case and I can see if I can find my old configurations. Cheers.