Comments (6)
Update-Type
The update-type
is pretty strict forward to what we need.
It contains version-update:semver-major
, version-update:semver-minor
, version-update:semver-patch
and <empty string>
.
<empty string>
is exist only when the version
is not exist on those package. For example, commit hash
update.
Dependency-Type
It also allow us to specify which dependency-type
should be automerge. For example, direct
, indirect
, all
, production
and development
.
We may allow the use-case like automerge direct:production
in minor
, but direct:development
in major
.
from github-action-merge-dependabot.
After investigating this issue for a while I think we got a couple of options:
1- Get the fetch-metadata
action output and use it on github-action-merge-dependabot
action.
This would be the ideal solution I think, but after searching for a while I wasn't able to find a way to use the output of a workflow as input for our action while having it as some sort of explicit dependency. The only way would be to access something like steps.<step-name>.outputs.dependency
, which would depend on the user creating a workflow with a predetermined name (which could be configurable on our side) for it's fetch-metadata
step.
If we aren't able to use it on our action we could just instruct the users to create a workflow that runs the fetch-metadata
action before this one and pass it's outputs as inputs but this is not ideal since it is a bit error prone and wouldn't be very intuitive. It would also be a breaking change since all users would have to change their workflows.
One other thing I noticed is the fetch-metadata
action could maybe be used to replace github-action-merge-dependabot
entirely (I'm not sure deprecating our action is desirable tho), it has some examples on it's readme like so: https://github.com/dependabot/fetch-metadata#enabling-auto-merge. I'm not entirely sure it would have 100% feature parity however so maybe it isn't a good fit.
2- Improve the logic we have on our code right now. I've looked at dependabot's code and got all the combinations for pull request titles it can create, we could write tests for each one of them and that should solve the issue, at least until dependabot changes something on their side.
I think this would be the ideal approach if we can't find a good way to integrate fetch-metadata
into our action. No breaking changes for the users and relatively straightforward.
3- Try to copy the fetch-metadata
parse method to our action.
I don't think that's interesting since it has it's own dependencies and we would still need to keep it updated manually and also adapt it to work with our code so I think we would be better off just improving our current logic instead
cc @simoneb
from github-action-merge-dependabot.
Thanks for the summary:
- this could work if we turned our action into a composite action, which should be fairly simple. see how the optic release automation action is done
- compelling but too many changes to do and has some limitations, such as having to provide a PAT. we don't want that, so I'd exclude this option
- yeah this would work but I'd really keep it as the last resort, we don't want to copy code. on the other hand, we could (if no other options are viable) ask them to expose that method.
I'd go with 1. if for any reason that's not an option, fallback to 3
from github-action-merge-dependabot.
I'll take a better look at the optic release action. That's probably the best way to do it.
About 2, I don't think I get the limitations/need for a token. Maybe I wasn't very clear but we would basically keep everything the same and just change the parsing code a bit to accommodate more PR titles so I don't think that would change anything for the users.
from github-action-merge-dependabot.
ah yeah sorry, I had interpreted 2. as switching over to that action. 2 is also an option, overall changing our code to support all possible PR titles shouldn't be that difficult
from github-action-merge-dependabot.
🎉 This issue has been resolved in version 3.4.0 🎉
The release is available on:
Your optic bot 📦🚀
from github-action-merge-dependabot.
Related Issues (20)
- Different targets for `development` and `production` dependencies HOT 3
- Release pending!
- Major version update is auto-merged with target set to minor HOT 16
- "Fetch metadata" step is skipped for "pull_request_target"
- Release pending!
- Clarify meaning of "target" option HOT 1
- Receiving 'Warning: Semver bump '' is invalid!' message HOT 3
- Fail with meaningful error in case an unsupported trigger is used HOT 1
- remove semver as dep HOT 1
- deprecation warning in test/log.test.js HOT 1
- use nearform-actions HOT 1
- remove gitdiff-parser as dependency HOT 1
- use esbuild instead of ncc
- Feature: Allow defining targets per pattern or group
- replace husky with @fastify/pre-commit
- use taprc and show coverage report HOT 1
- Suppress warning in CI/CD pipeline HOT 1
- remove @actions/github HOT 1
- Output does not seem to appear HOT 2
- Frequently see error "Pull request is in unstable status" (but all validation checks pass) HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from github-action-merge-dependabot.