Support version-update:ignore-{patch,minor,major} in docker ecosystem
#6115
Conversation
deivid-rodriguez
changed the title
version-update:ignore-{patch,minor,major} in docker ecosystemversion-update:ignore-{patch,minor,major} in docker ecosystem
deivid-rodriguez
force-pushed
the
deivid-rodriguez/docker-version-update-ignores
branch
from
e26dcb7
to
962fe80
Compare
deivid-rodriguez
force-pushed
the
deivid-rodriguez/docker-version-update-ignores
branch
from
962fe80
to
1994cc1
Compare
|
Ok, so this is the explanation. Currently ignore conditions require semver-compatible and rubygems-compatible versions. And some Docker versions are not. My solution may be a bit heavy-handed. It involves extracting a base Not sure what you'll think about it, but it's the approach I liked best from what I tried. Let me know! |
deivid-rodriguez
force-pushed
the
deivid-rodriguez/docker-version-update-ignores
branch
from
1994cc1
to
4adcf80
Compare
There was a problem hiding this comment.
I think this is an okay approach, but I can see how it could be considered heavy-handed.
I see this more as preventative maintenance since ecosystems could always extend their semver-compatible version ranges and introduce a bug similar to this Docker ignored version ranges one.
I do have one question around how Docker might handle a version string that does not contain an underscore, but outside of that this LGTM.
We could pin the major and minor versions, but may not work dependabot/dependabot-core#6115. Instead, because there is no patch version, dependabot should actually never make a PR for these Dockerfile. Thus we can ignore them entirely.
deivid-rodriguez
force-pushed
the
deivid-rodriguez/docker-version-update-ignores
branch
4 times, most recently
from
286cfdb
to
dfca4ac
Compare
deivid-rodriguez
force-pushed
the
deivid-rodriguez/docker-version-update-ignores
branch
2 times, most recently
from
e6fd8ad
to
2a66ca0
Compare
To keep it package manager agnostic.
The ecosystem will need to implement `Version.correct?` and `Version#to_semver` that will ensure a semver shape that plays nice with ignore conditions.
Currently only the numeric part of tags is instantiated as a version. Make that more clear by feeding version specs "real life" versions.
deivid-rodriguez
force-pushed
the
deivid-rodriguez/docker-version-update-ignores
branch
from
2a66ca0
to
abd11c4
Compare
deivid-rodriguez
deleted the
deivid-rodriguez/docker-version-update-ignores
branch
|
Hi @deivid-rodriguez , could you tell me, when this PR will be released for all users? |
|
We're planning to do public gem releases soon, but I can't tell you a specific date. |
Does this apply to users of the Dependabot app in GitHub? I'm seeing on another thread that some users are getting the PRs that they expect, but I'm not seeing that on my test app. Is that because the change hasn't shipped or because there's something wrong with my setup? |
|
Nope, that only applies to people using dependabot as a library. This PR is already deployed to the Github service. If you're getting something unexpected, feel free to report a new issue! |
I think CI will fail since this required a few changes, but I think the idea is solid. Will explain in more detail later.
Fixes #5758.
Fixes #1971.