Update update-dependencies.yml

[networkfusion]

Description

Fix for some samples not having up-to-date nugets

Motivation and Context

Also check nfproj as they might not have solutions.

How Has This Been Tested?

Screenshots

Types of changes

• Improvement (non-breaking change that improves a sample)
• Bug fix (fixes an issue with a current sample)
• New Sample (adds a new sample)
• Config and build (change in the configuration and build system, has no impact on code or features)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

Summary by CodeRabbit

• Chores
  • Expanded dependency update automation to include additional project types, improving coverage of NuGet updates across the codebase.
  • Existing exclusions, working directory, and configuration remain unchanged.
  • No runtime or user-facing behavior changes; only CI coverage is broadened.

[coderabbitai]

Walkthrough

The update-dependencies GitHub Actions workflow now scans both .sln and .nfproj files by expanding the solutionsToCheck glob from '.sln' to '.sln, *.nfproj'. All other workflow inputs and behavior remain unchanged.

Changes

Cohort / File(s)	Summary of Changes
Workflow update .github/workflows/update-dependencies.yml	Expanded solutionsToCheck glob from '.sln' to '.sln, *.nfproj' to include .nfproj files in NuGet dependency update scanning; no other inputs or control flow modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Update update-dependencies.yml" is concise and directly reflects the primary change in this PR, which modifies the update-dependencies workflow file. It names the specific file changed so a reviewer scanning history can immediately understand the scope of the change. Although it does not describe the exact behavioral change (adding .nfproj to the solutionsToCheck glob), it remains fully related to the changeset and is not vague or off-topic.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch networkfusion-update-nfproj-nugets

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/update-dependencies.yml (3)

22-22: Confirm delimiter handling for multiple globs in solutionsToCheck.

nanodu documents solutionsToCheck as “string path(s)” but doesn’t specify a delimiter; exclusionList is explicitly comma‑separated. Comma with a space may pass a leading space to the 2nd token if the reusable workflow splits on comma. Safer options:

• Minimal: drop the space after the comma.
• Robust: use a multiline scalar so consumers can split on newlines.

Apply one of the diffs:

-      solutionsToCheck: '*.sln, *.nfproj'
+      solutionsToCheck: '*.sln,*.nfproj'

or

-      solutionsToCheck: '*.sln, *.nfproj'
+      solutionsToCheck: |
+        *.sln
+        *.nfproj

Reference on inputs: solutionsToCheck (“string path(s)”) and exclusionList (“Comma separated list”). (github.com)

---

10-11: Cron comment doesn’t match the schedule.

Comment says 00:00 UTC, cron is 03:00 UTC. Align the comment:

-  # At 00:00 UTC every Friday.
+  # At 03:00 UTC every Friday.

---

19-19: Pin the reusable workflow to a tag or full commit SHA.

Using @main is mutable and risks supply‑chain drift. Prefer a release tag or (best) a full commit SHA. (docs.github.com)

-    uses: nanoframework/nf-tools/.github/workflows/update-dependencies.yml@main
+    uses: nanoframework/nf-tools/.github/workflows/update-dependencies.yml@<commit-sha> # or a trusted tag

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 32a73fa and b20186b.

📒 Files selected for processing (1)

• .github/workflows/update-dependencies.yml (1 hunks)

🔇 Additional comments (2)

.github/workflows/update-dependencies.yml (2)

23-23: Verify exclusion names match what the action expects.

Docs say exclusionList is a comma‑separated list of solution names; if the workflow now also scans .nfproj files, confirm the upstream logic applies exclusions to project files too, or adjust values to match how the reusable workflow filters. (github.com)

---

25-25: Ensure NuGet config path and casing are correct.

Repo search returned no matches for NuGet.config or Nuget.config — confirm the exact filename (casing) and whether the path is resolved from the repo root or from workingDirectory, then update .github/workflows/update-dependencies.yml (line 25: nugetConfig: Nuget.config) to the exact path/casing.