Fix parser for libraries #224

kachick · 2022-06-29T17:11:52Z

Fixes #223

I have faced same issue.

In my case, most PRs have missing information except "github-actions" ecosystem.
Missing versions makes "outputs.update-type: null". It makes unexpected behavior of auto-merge.

fetch-metadata/README.md

Line 134 in a7c13a8

    
           if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}

Filled: kachick/ruby-ulid#195 => https://github.com/kachick/ruby-ulid/runs/6909618923?check_suite_focus=true#step:2:18
Missing: kachick/ruby-ulid#199 => https://github.com/kachick/ruby-ulid/runs/7083025063?check_suite_focus=true#step:2:18

They have different PR title.

Following code sounds apply different commit message and title for library and applications.

https://github.com/dependabot/dependabot-core/blob/7444344c03b86112b4801eec92b0909e05dbfe33/common/lib/dependabot/pull_request_creator/message_builder.rb#L71-L110
https://github.com/dependabot/dependabot-core/blob/7444344c03b86112b4801eec92b0909e05dbfe33/common/lib/dependabot/pull_request_creator/message_builder.rb#L126-L130
https://github.com/dependabot/dependabot-core/blob/7444344c03b86112b4801eec92b0909e05dbfe33/common/lib/dependabot/pull_request_creator/message_builder.rb#L181-L216

However current parser targets only for application messages, it looks a cause to me.

Commit message is different between application and library. Current parser targets only for application pattern. This commit will cover libraries. https://github.com/dependabot/dependabot-core/blob/7444344c03b86112b4801eec92b0909e05dbfe33/common/lib/dependabot/pull_request_creator/message_builder.rb#L71-L110 https://github.com/dependabot/dependabot-core/blob/7444344c03b86112b4801eec92b0909e05dbfe33/common/lib/dependabot/pull_request_creator/message_builder.rb#L126-L130 https://github.com/dependabot/dependabot-core/blob/7444344c03b86112b4801eec92b0909e05dbfe33/common/lib/dependabot/pull_request_creator/message_builder.rb#L181-L216

kachick · 2022-10-05T01:36:22Z

Compared results

Before

  outputs.dependency-names: test-unit
  outputs.dependency-type: direct:development
  outputs.update-type: null
  outputs.directory: /
  outputs.package-ecosystem: bundler
  outputs.target-branch: main
  outputs.previous-version: 
  outputs.new-version: 
  outputs.compatibility-score: 0
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0

After this PR

  outputs.dependency-names: test-unit
  outputs.dependency-type: direct:development
  outputs.update-type: version-update:semver-patch
  outputs.directory: /
  outputs.package-ecosystem: bundler
  outputs.target-branch: main
  outputs.previous-version: 3.5.3
  outputs.new-version: 3.5.5
  
  outputs.compatibility-score: 0
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0

See dependabot/fetch-metadata#224 for further detail

Nishnha · 2023-01-21T01:19:21Z

Hi @kachick thanks for opening this PR!

I think this is off to a good start and I started the CI run 😄

The indentation on this multiline string is a bit weird here

fetch-metadata/src/main.test.ts

Lines 136 to 148 in cf0e979

    
             const mockCommitMessage = `Update rubocop requirement from ~> 1.30.1 to ~> 1.31.0 
        
           Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version. 
        
           - [Release notes](https://github.com/rubocop/rubocop/releases) 
        
           - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) 
        
           - [Commits](rubocop/rubocop@v1.30.1...v1.31.0) 
        
           --- 
        
           updated-dependencies: 
        
           - dependency-name: rubocop 
        
             dependency-type: direct:development 
        
           ... 
        
           Signed-off-by: dependabot[bot] <support@github.com>`

Maybe we can treat each line as a separate string and join with + like in

fetch-metadata/src/main.test.ts

Lines 66 to 79 in cf0e979

    
           const mockCommitMessage = 
        
             'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.\n' + 
        
             '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' + 
        
             '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' + 
        
             '- [Commits](rails/coffee-rails@v4.0.1...v4.2.2)\n' + 
        
             '\n' + 
        
             '---\n' + 
        
             'updated-dependencies:\n' + 
        
             '- dependency-name: coffee-rails\n' + 
        
             '  dependency-type: direct:production\n' + 
        
             '  update-type: version-update:semver-minor\n' + 
        
             '...\n' + 
        
             '\n' + 
        
             'Signed-off-by: dependabot[bot] <support@github.com>'

What do you think?

#224 (comment)

kachick · 2023-01-22T12:21:13Z

@Nishnha

Thanks for your reviewing! I have updated this PR as 0a3f183. To keep same coding style with existing test cases.

Nishnha

This looks great! Thank you for being so patient

Nishnha · 2023-01-24T00:17:21Z

Released in https://github.com/dependabot/fetch-metadata/releases/tag/v1.3.6

kachick · 2023-01-24T00:21:10Z

Thank you!

kachick requested a review from a team as a code owner June 29, 2022 17:11

kachick added 2 commits June 30, 2022 10:00

Fit parser for libraries

e4063e4

npm run build

f45919f

kachick mentioned this pull request Jul 6, 2022

2022-05-29 - dependabot の auto-merge 用に、PAT(Personal Access Token) 無しの GITHUB_TOKEN だけで GitHub Actions の CI 完了待ち出来るようなのを作ってみた kachick/times_kachick#163

Closed

kachick added a commit to kachick/eqq that referenced this pull request Oct 3, 2022

Ensure behavior of dependabot/fetch-metadata#224

b5405a9

kachick added a commit to kachick/elm-dependency-submission that referenced this pull request Oct 5, 2022

Ensure behavior of dependabot/fetch-metadata#224

4d05a95

Merge branch 'main' into fix-get-info-for-library

cf0e979

kachick added a commit to kachick/ruby-ulid that referenced this pull request Jan 18, 2023

Workaround to handle dependabot PRs with forked action

2f93400

See dependabot/fetch-metadata#224 for further detail

kachick added a commit to kachick/ruby-gem-template that referenced this pull request Jan 18, 2023

Workaround to handle dependabot PRs with forked action

580bc40

See dependabot/fetch-metadata#224 for further detail

kachick added a commit to kachick/irb-power_assert that referenced this pull request Jan 18, 2023

Workaround to handle dependabot PRs with forked action

7679713

See dependabot/fetch-metadata#224 for further detail

kachick added a commit to kachick/rspec-matchers-power_assert_matchers that referenced this pull request Jan 18, 2023

Workaround to handle dependabot PRs with forked action

c23b0b8

See dependabot/fetch-metadata#224 for further detail

Adjust indent style with existing code

0a3f183

#224 (comment)

Nishnha approved these changes Jan 24, 2023

View reviewed changes

Nishnha merged commit 2b4e168 into dependabot:main Jan 24, 2023

Nishnha mentioned this pull request Jan 24, 2023

v1.3.6 Release Notes #306

Merged

kachick deleted the fix-get-info-for-library branch January 24, 2023 00:21

sync-by-unito bot mentioned this pull request Feb 11, 2023

build(deps): Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6 mangrovedao/mangrove-core#197

Merged

kachick mentioned this pull request May 23, 2023

Fix library parser to trim trailing LF #380

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix parser for libraries #224

Fix parser for libraries #224

kachick commented Jun 29, 2022 •

edited

Loading

kachick commented Oct 5, 2022

Nishnha commented Jan 21, 2023

kachick commented Jan 22, 2023

Nishnha left a comment

Nishnha commented Jan 24, 2023

kachick commented Jan 24, 2023

Fix parser for libraries #224

Fix parser for libraries #224

Conversation

kachick commented Jun 29, 2022 • edited Loading

kachick commented Oct 5, 2022

Compared results

Nishnha commented Jan 21, 2023

kachick commented Jan 22, 2023

Nishnha left a comment

Choose a reason for hiding this comment

Nishnha commented Jan 24, 2023

kachick commented Jan 24, 2023

kachick commented Jun 29, 2022 •

edited

Loading