Giter Site home page Giter Site logo

Comments (6)

climba03003 avatar climba03003 commented on June 1, 2024

Update-Type

The update-type is pretty strict forward to what we need.
It contains version-update:semver-major, version-update:semver-minor, version-update:semver-patch and <empty string>.

<empty string> is exist only when the version is not exist on those package. For example, commit hash update.

Dependency-Type

It also allow us to specify which dependency-type should be automerge. For example, direct, indirect, all, production and development.

We may allow the use-case like automerge direct:production in minor, but direct:development in major.

from github-action-merge-dependabot.

guilhermelimak avatar guilhermelimak commented on June 1, 2024

After investigating this issue for a while I think we got a couple of options:

1- Get the fetch-metadata action output and use it on github-action-merge-dependabot action.
This would be the ideal solution I think, but after searching for a while I wasn't able to find a way to use the output of a workflow as input for our action while having it as some sort of explicit dependency. The only way would be to access something like steps.<step-name>.outputs.dependency, which would depend on the user creating a workflow with a predetermined name (which could be configurable on our side) for it's fetch-metadata step.
If we aren't able to use it on our action we could just instruct the users to create a workflow that runs the fetch-metadata action before this one and pass it's outputs as inputs but this is not ideal since it is a bit error prone and wouldn't be very intuitive. It would also be a breaking change since all users would have to change their workflows.

One other thing I noticed is the fetch-metadata action could maybe be used to replace github-action-merge-dependabot entirely (I'm not sure deprecating our action is desirable tho), it has some examples on it's readme like so: https://github.com/dependabot/fetch-metadata#enabling-auto-merge. I'm not entirely sure it would have 100% feature parity however so maybe it isn't a good fit.

2- Improve the logic we have on our code right now. I've looked at dependabot's code and got all the combinations for pull request titles it can create, we could write tests for each one of them and that should solve the issue, at least until dependabot changes something on their side.
I think this would be the ideal approach if we can't find a good way to integrate fetch-metadata into our action. No breaking changes for the users and relatively straightforward.

3- Try to copy the fetch-metadata parse method to our action.
I don't think that's interesting since it has it's own dependencies and we would still need to keep it updated manually and also adapt it to work with our code so I think we would be better off just improving our current logic instead

cc @simoneb

from github-action-merge-dependabot.

simoneb avatar simoneb commented on June 1, 2024

Thanks for the summary:

  1. this could work if we turned our action into a composite action, which should be fairly simple. see how the optic release automation action is done
  2. compelling but too many changes to do and has some limitations, such as having to provide a PAT. we don't want that, so I'd exclude this option
  3. yeah this would work but I'd really keep it as the last resort, we don't want to copy code. on the other hand, we could (if no other options are viable) ask them to expose that method.

I'd go with 1. if for any reason that's not an option, fallback to 3

from github-action-merge-dependabot.

guilhermelimak avatar guilhermelimak commented on June 1, 2024

I'll take a better look at the optic release action. That's probably the best way to do it.

About 2, I don't think I get the limitations/need for a token. Maybe I wasn't very clear but we would basically keep everything the same and just change the parsing code a bit to accommodate more PR titles so I don't think that would change anything for the users.

from github-action-merge-dependabot.

simoneb avatar simoneb commented on June 1, 2024

ah yeah sorry, I had interpreted 2. as switching over to that action. 2 is also an option, overall changing our code to support all possible PR titles shouldn't be that difficult

from github-action-merge-dependabot.

github-actions avatar github-actions commented on June 1, 2024

🎉 This issue has been resolved in version 3.4.0 🎉

The release is available on:

Your optic bot 📦🚀

from github-action-merge-dependabot.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.