Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manage semver-like formats #124

Closed
Eomm opened this issue Dec 7, 2021 · 10 comments · Fixed by #125
Closed

Manage semver-like formats #124

Eomm opened this issue Dec 7, 2021 · 10 comments · Fixed by #125
Assignees
@Eomm

Comments

@Eomm
Copy link
Member

Eomm commented Dec 7, 2021

When the user set the target option and the dependabot's PR is like the following:

chore(deps): bump nearform/optic-release-automation-action from 2.2.0 to 2.3

(note the 2.3 version)

The semver check fails.

We should be more resilient and be able to merge this PR too.

Ref #121 (comment)
@Eomm Eomm self-assigned this Dec 7, 2021
@simoneb
Copy link
Collaborator

simoneb commented Dec 7, 2021

and it should also keep working with submodules. see #98

@nuragic
Copy link
Contributor

nuragic commented Dec 7, 2021

One approach is the one mentioned above by @Eomm; another approach would be to use the valid SemVer number, which is in this case 2.3.0... would be that possible? It seems that we have that information in the pull requests opened by dependabot, e.g.

Screenshot 2021-12-07 at 16 28 30

We're extracting the 2.3 from the title?

@simoneb
Copy link
Collaborator

simoneb commented Dec 7, 2021

We're extracting the 2.3 from the title?

yes. I think the approach is to use coerce / loose options from the semver library

@nuragic
Copy link
Contributor

nuragic commented Dec 7, 2021

What I'm saying is that IMHO the right thing to do would be to have the valid SemVer number even in the title, e.g.

chore(deps): bump actions/setup-node from 2.4.1 to 2.5.0
nearform-actions/optic-release-automation-action#15

@simoneb
Copy link
Collaborator

simoneb commented Dec 7, 2021

we can't, we're not creating those PRs, dependabot is

@nuragic
Copy link
Contributor

nuragic commented Dec 7, 2021

Yeah of course hehe I know but there's no way to fix that by changing some config here?

https://github.com/fastify/github-action-merge-dependabot/blob/main/.github/dependabot.yml

@simoneb
Copy link
Collaborator

simoneb commented Dec 7, 2021

no

@Eomm Eomm mentioned this issue Dec 7, 2021
Merged
@simoneb simoneb mentioned this issue Dec 8, 2021
Merged
@Eomm Eomm closed this as completed in #125 Dec 8, 2021
@simoneb
Copy link
Collaborator

simoneb commented Dec 8, 2021

@Eomm can you do a manual release of the action? We'll have to wait until next week before publishing this action using release automation, because the current version is not capable of auto updating if we create the non-semver tags

@Eomm
Copy link
Member Author

Eomm commented Dec 8, 2021

Yes, I have checked the main dist folder and it is all aligned.

Publishing...

@austins
Copy link

austins commented Mar 31, 2022

I'm having an issue where the action still merges a major release even if the target is set to minor.

For example, React v17.0.2 to v18.0.0 still gets merged.

    automerge:
        needs: analyze
        runs-on: ubuntu-latest
        permissions:
            pull-requests: write
            contents: write
        if: ${{ github.event_name == 'pull_request' }}
        steps:
            -   uses: fastify/github-action-merge-dependabot@v3
                with:
                    github-token: ${{ secrets.GITHUB_TOKEN }}
                    target: minor

Example PR: https://github.com/austins/smoothnanners-web/pull/17

@simoneb simoneb mentioned this issue Apr 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Eomm Eomm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: semver like titles fastify/github-action-merge-dependabot
4 participants
@simoneb @nuragic @austins @Eomm