fix ungrouped PRs being created due to errors during grouped update (#…

…7829)

updater/lib/dependabot/dependency_snapshot.rb

@@ -69,10 +69,8 @@ def groups
       @dependency_group_engine.dependency_groups
     end
 
-    def calculate_ungrouped_dependencies(all_grouped_changes)
-      @ungrouped_dependencies = allowed_dependencies.select do |dep|
-        all_grouped_changes.none? { |change| change.name == dep.name }
-      end
+    def calculate_ungrouped_dependencies(dependencies_handled)
+      @ungrouped_dependencies = allowed_dependencies.reject { |dep| dependencies_handled.include?(dep.name) }
     end
 
     def ungrouped_dependencies

updater/lib/dependabot/updater/operations/group_update_all_versions.rb

@@ -34,7 +34,7 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
           @job = job
           @dependency_snapshot = dependency_snapshot
           @error_handler = error_handler
-          @all_grouped_changes = []
+          @dependencies_handled = Set.new
         end
 
         def perform
@@ -72,19 +72,25 @@ def run_grouped_dependency_updates
           Dependabot.logger.info("Found #{dependency_snapshot.groups.count} group(s).")
 
           dependency_snapshot.groups.each do |group|
+            # If this group does not use update-types, then consider all dependencies as grouped.
+            # This will prevent any failures from creating individual PRs erroneously.
+            @dependencies_handled += group.dependencies.map(&:name) unless group.rules&.key?("update-types")
+
             if pr_exists_for_dependency_group?(group)
               Dependabot.logger.info("Detected existing pull request for '#{group.name}'.")
               Dependabot.logger.info(
                 "Deferring creation of a new pull request. The existing pull request will update in a separate job."
               )
               # add the dependencies in the group so individual updates don't try to update them
-              @all_grouped_changes += group.dependencies
+              @dependencies_handled += group.dependencies.map(&:name)
               next
             end
 
             result = run_update_for(group)
-            @all_grouped_changes += result&.updated_dependencies || []
+            @dependencies_handled += result.updated_dependencies.map(&:name) if result
           end
+
+          @dependencies_handled
         end
 
         def pr_exists_for_dependency_group?(group)
@@ -102,7 +108,7 @@ def run_update_for(group)
         end
 
         def run_ungrouped_dependency_updates
-          dependency_snapshot.calculate_ungrouped_dependencies(@all_grouped_changes)
+          dependency_snapshot.calculate_ungrouped_dependencies(@dependencies_handled)
           return if dependency_snapshot.ungrouped_dependencies.empty?
 
           Dependabot::Updater::Operations::UpdateAllVersions.new(

updater/spec/dependabot/updater/operations/group_update_all_versions_spec.rb

@@ -463,6 +463,20 @@
 
       group_update_all.perform
     end
+
+    context "when the update fails and there are no semver rules" do
+      before do
+        allow_any_instance_of(Dependabot::Updater::Operations::CreateGroupUpdatePullRequest).
+          to receive(:perform).
+          and_return(nil)
+      end
+
+      it "does not try to create an individual PR" do
+        group_update_all.perform
+
+        expect(dependency_snapshot.ungrouped_dependencies).to be_empty
+      end
+    end
   end
 
   context "when the snapshot is updating several peer manifests", :vcr do

updater/spec/fixtures/job_definitions/bundler/version_updates/group_update_all_by_dependency_type.yaml

@@ -14,7 +14,7 @@ job:
   update-subdependencies: false
   ignore-conditions:
     - dependency-name: rubocop
-      version-requirement: < 1.54.2
+      version-requirement: "> 1.56.0"
   requirements-update-strategy:
   allowed-updates:
   - dependency-type: direct