Update dependencies in nuspec file using Renovate

11/25/2024

Gérald Barré

.NET

While nuspec files are less common than they once were, they are still useful in certain scenarios. For example, Meziantou.DotNet.CodingStandard uses a nuspec file to create a package that supports all TFMs. Renovate is a tool that keeps your dependencies up-to-date. It supports many package managers, including NuGet, and is more configurable than Dependabot. It also integrates well with major platforms such as GitHub, GitLab, and Azure DevOps. This post explains how to configure Renovate to update dependencies in a nuspec file.

A nuspec file is an XML file that contains metadata about the package. It can also contain dependencies. Here's an example of a nuspec file:

XML

<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
  <metadata>
    <id>Meziantou.DotNet.CodingStandard</id>
    <dependencies>
      <dependency id="Meziantou.Analyzer" version="2.0.147" />
    </dependencies>
  </metadata>
  ...
</package>

While Renovate supports lots of package managers, it doesn't support nuspec files out of the box. You can upvote this discussion to mark your interest. However, you can use a regex to instruct Renovate how to update the dependencies in the nuspec file. The regex can match the <dependency> element. Let's edit the renovate.json file to add a new regex:

JSON

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base"
  ],
  "customManagers": [
    {
      "customType": "regex",
      "datasourceTemplate": "nuget",
      "fileMatch": ["\\.nuspec$"],
      "matchStrings": [
        "<dependency\\s+id=\"(?<depName>.*?)\"\\s+version=\"(?<currentValue>.*?)\"\\s*\\/>"
      ]
    }
  ]
}

Depending on the base configuration, you may need to enable the regex manager. You can do this by setting the enabledManagers element (documentation):

JSON

  "enabledManagers": [
    "nuget",
    "docker",
    "custom.regex"
  ]

Note that the regex is specific to the nuspec file format. It captures the id and version attributes of the dependency element. A regex is not an actual XML parser, so it's not perfect. However, it should work in most cases. Also, the attribute order is important. If the version attribute is before the id attribute, the regex won't work.

If you enabled the dashboard in Renovate, you can validate that the regex is correctly used:

#Additional resources

Do you have a question or a suggestion about this post? Contact me!

Follow me:

Enjoy this blog?

💖 Sponsor on GitHub