-
Notifications
You must be signed in to change notification settings - Fork 920
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore version range syntax should be clarified in docs #2644
Comments
You specified the |
@jurre thanks, I'll give that a try and report back. |
@jurre I've made the changes and forced another check (https://github.com/atc0005/go-ci/network/updates), but no changes to the existing PR. I also issued a recreate command, but same scenario. Is this a case where I have to refuse the PR, make the change myself and wait for the next upstream image release to confirm that the next PR has the intended behavior? |
Yeah I think so, we can't change the version proposed in a PR once it's opened, although you may not have to wait for the next release, you may get a PR if you trigger a new update via the link you shared. Would you try closing the existing PR and triggering a new run? |
Thanks for the feedback. I gave that a try, but it doesn't appear that the config file changes have been picked up/honored. Here are the log messages from a forced recheck:
|
Not trying to be pushy, but I wanted to confirm that the behavior is still present (in case recent comments to this issue were unclear). This PR replaces Go 1.14.10 with 1.15.4 instead of 1.14.11. |
I'm not sure whether this was fixed separately, or whether the changes I made yesterday resolved the issue, but here are my changes: diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 6025eac..ebcce88 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -71,8 +71,11 @@ updates:
# Ignore updates from series associated with "stable" container.
#
# Note: The version specified here should always be one ahead of the
- # version used by the "oldstable" container.
- versions: ["1.15"]
+ # version used by the "oldstable" container. (GH-100)
+ # versions: ["1.15"]
+ versions:
+ - ">= 1.15"
+ - "< 1.14"
assignees:
- "atc0005"
labels: This resulted in atc0005/go-ci#158 being created as intended: Go 1.14.12 to 1.14.13 instead of a jump from 1.14.x to 1.15.x. I saw that change come through and borrowed the syntax for my own config file. It seems to have resolved the problem. |
Hi @atc0005, happy to see you solved it! It seems like we're falling back on the |
Thanks. So perhaps this isn't a bug in Dependabot, but a documentation omission? |
I'm going to close as it seems this got figured out. The docs bit I'm unclear about, if you think they need improvement feel free to submit a PR (GitHub docs all have an edit button). |
Hi Jeff, I was referring to this comment by @jurre:
The syntax that your team expected to work did not and the syntax needed wasn't documented in a way that was clear (at least to me). For example, the https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore coverage notes:
Not knowing the Bundler syntax (or YAML all that well), it doesn't appear that the documentation covers this syntax to ignore unwanted updates for anything but the 1.14 series: ignore:
versions:
- ">= 1.15"
- "< 1.14"
That's fair, but while the problem was solved for me by updating the syntax of the config block, I wasn't given the impression that the fix would be viable long-term. Evidently I was wrong as the syntax continues to work even now. |
Thanks, I'm going to re-open this, as your explanation makes a lot of sense so I do think there's some action we could take here. I'm not sure if it's a docs fix, or if the supported syntax should be made "more docker-like", as I haven't really dug into this, but something can certainly be improved... |
In my opinion, all that's needed here is to update |
Please add the ability to support complex docker tags. Ex. python:3.10-alpine3.18. Suggest adding a regex option. |
Package manager/ecosystem
Docker
Manifest contents prior to update
https://github.com/atc0005/go-ci/pull/97/files/f9369a5e301acae0734bf29d1c4325a010738426#diff-79766e84403986272abd7f1d1582772c90f8d915cf006ce554728cfcf889ad92
Updated dependency
Current:
golang:1.14.9
Offered via PR:
golang:1.15.3
What you expected to see, versus what you actually saw
Actual:
golang:1.14.9
golang:1.15.3
Expected
golang:1.14.9
golang:1.14.10
Images of the diff or a link to the PR, issue or logs
Pull Request: https://github.com/atc0005/go-ci/pull/97/files
Config file: https://github.com/atc0005/go-ci/blob/039d93973ad7c9f5983557ab144b2baa1988fe59/.github/dependabot.yml#L61-L85
The text was updated successfully, but these errors were encountered: