dry-run: generate ignored versions from "update-types"

[thepwagner]

Continuing #3512 and #3525 , this migrates Dependabot::Config::UpdateConfig::IgnoreCondition to Dependabot::Config::IgnoreCondition, and amends the #ignored_versions() function to support dynamically ignored version ranges, as specified by #2219 (comment) .

This iteration supports the functionality via the dry-run.rb script, 🎉 . Dependabot doesn't yet recognize the syntax, but it will parse a .github/dependabot.yaml configuration file:

updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "monthly"
    ignore:
      - dependency-name: "lodash"
        update-types: ["version-update:semver-major"]

Related

• [Feature request] Opt out minor and patch versions #2219 (comment)

[feelepxyz]

Ops thanks for flagging!

…

On Wed, 21 Apr 2021 at 17:41, Pete Wagner ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In common/lib/dependabot/config/ignore_condition.rb <#3513 (comment)> : > + private + + def versions_by_type(dep) + case @update_types.first # FIXME: flatmap + when :ignore_patch_versions + [ignore_version(dep.version, 4)] + when :ignore_minor_versions + [ignore_version(dep.version, 3)] + when :ignore_major_versions + [ignore_version(dep.version, 2)] + else + [] + end + end + + def ignore_version(version, precision) That link 404s for our external friends :/ I think the equivalent "a" for pre-release is on L46, I'll include pre-release considerations in the test suite. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#3513 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAE5RPOUNQSGJLB5WBHCBDTJ3545ANCNFSM43GCOA3A> .

[thepwagner]

I marked RFR as this is code complete and roughly what I was going for.

As noted, the way conditions are aggregated needs some attention:

• What if there are multiple matches with identical update-types:?
• What if there are multiple matches with different update-types:?
• What if there are update-types: and versions:?

This definitely isn't shippable, but is a worthy iteration.

[thepwagner]

Concern: as I as alluding to in https://github.com/dependabot/dependabot-core/pull/3536/files#r617772124 , this isn't going to behave when multiple conditions match the target dependency...

[feelepxyz]

Not sure I follow, do we have a test case for this that will fail currently?

I was looking at moving the dependency name checking into the IgnoreCondition class but would mean returning an empty ignored_versions if the dependency name doesn't match the ic.dependency_name which seems confusing to me but unsure if I'm missing something else?

[feelepxyz]

this isn't going to behave when multiple conditions match the target dependency

Is this case tested here?: https://github.com/dependabot/dependabot-core/pull/3513/files#diff-1bee1e376554d0d150b3a22f7b1ca87ac8d9de442cebf942c2f0e3f7fcc50c04R56

[feelepxyz]

Nice test helpers 👍

[feelepxyz]

This is looking good! Tests are real clear and easy to follow 💯

I've been testing this on dry-runs and it's working well 🎉 Should we ship this and start incorporating in updater? Not sure if it's worth refactoring the wildcard matching as I see it possibly being more confusing having the dependency name filtering done in the individual IgnoreCondition but might have missed some edge-case that's not working.

[feelepxyz]

• What if there are multiple matches with identical update-types:?
• What if there are multiple matches with different update-types:?
• What if there are update-types: and versions:?

Tried to add some tests around this. Added a uniq on the generated version requirements but seems to work? 🤔

[feelepxyz]

I've been testing a bunch of dry-runs with different ignore setups and looking good so far! 🚢