Update dependencies in nuspec file using Renovate

 
 
  • Gérald Barré

While nuspec files are not as common as they used to be, they are still used in some projects when you have special needs. For instance, Meziantou.DotNet.CodingStandard uses a nuspec file to create a package that supports all TFMs. Renovate is a tool to keep your dependencies up-to-date. It supports many package managers, including NuGet. It's more configurable than Dependabot and provides good integrations with the main platforms such as GitHub, GitLab, and Azure DevOps. In this post, I describe how you can use Renovate to update dependencies in a nuspec file.

A nuspec file is an XML file that contains metadata about the package. It can also contain dependencies. Here's an example of a nuspec file:

XML
<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
  <metadata>
    <id>Meziantou.DotNet.CodingStandard</id>
    <dependencies>
      <dependency id="Meziantou.Analyzer" version="2.0.147" />
    </dependencies>
  </metadata>
  ...
</package>

While Renovate supports lots of package managers, it doesn't support nuspec files out of the box. You can upvote this discussion to mark your interest. However, you can use a regex to instruct Renovate how to update the dependencies in the nuspec file. The regex can match the <dependency> element. Let's edit the renovate.json file to add a new regex:

JSON
{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base"
  ],
  "customManagers": [
    {
      "customType": "regex",
      "datasourceTemplate": "nuget",
      "fileMatch": ["\\.nuspec$"],
      "matchStrings": [
        "<dependency\\s+id=\"(?<depName>.*?)\"\\s+version=\"(?<currentValue>.*?)\"\\s*\\/>"
      ]
    }
  ]
}

Depending on the base configuration, you may need to enable the regex manager. You can do this by setting the enabledManagers element (documentation):

JSON
  "enabledManagers": [
    "nuget",
    "docker",
    "custom.regex"
  ]

Note that the regex is specific to the nuspec file format. It captures the id and version attributes of the dependency element. A regex is not an actual XML parser, so it's not perfect. However, it should work in most cases. Also, the attribute order is important. If the version attribute is before the id attribute, the regex won't work.

If you enabled the dashboard in Renovate, you can validate that the regex is correctly used:

#Additional resources

Do you have a question or a suggestion about this post? Contact me!

Follow me:
Enjoy this blog?Buy Me A Coffee💖 Sponsor on GitHub