-
Notifications
You must be signed in to change notification settings - Fork 919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support version-update:ignore-{patch,minor,major}
in docker ecosystem
#6115
Support version-update:ignore-{patch,minor,major}
in docker ecosystem
#6115
Conversation
version-update:ignore-{patch,minor,major}
in docker ecosystemversion-update:ignore-{patch,minor,major}
in docker ecosystem
e26dcb7
to
962fe80
Compare
962fe80
to
1994cc1
Compare
Ok, so this is the explanation. Currently ignore conditions require semver-compatible and rubygems-compatible versions. And some Docker versions are not. My solution may be a bit heavy-handed. It involves extracting a base Not sure what you'll think about it, but it's the approach I liked best from what I tried. Let me know! |
1994cc1
to
4adcf80
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is an okay approach, but I can see how it could be considered heavy-handed.
I see this more as preventative maintenance since ecosystems could always extend their semver-compatible version ranges and introduce a bug similar to this Docker ignored version ranges one.
I do have one question around how Docker might handle a version string that does not contain an underscore, but outside of that this LGTM.
We could pin the major and minor versions, but may not work dependabot/dependabot-core#6115. Instead, because there is no patch version, dependabot should actually never make a PR for these Dockerfile. Thus we can ignore them entirely.
286cfdb
to
dfca4ac
Compare
e6fd8ad
to
2a66ca0
Compare
To keep it package manager agnostic.
The ecosystem will need to implement `Version.correct?` and `Version#to_semver` that will ensure a semver shape that plays nice with ignore conditions.
Currently only the numeric part of tags is instantiated as a version. Make that more clear by feeding version specs "real life" versions.
2a66ca0
to
abd11c4
Compare
Hi @deivid-rodriguez , could you tell me, when this PR will be released for all users? |
We're planning to do public gem releases soon, but I can't tell you a specific date. |
Does this apply to users of the Dependabot app in GitHub? I'm seeing on another thread that some users are getting the PRs that they expect, but I'm not seeing that on my test app. Is that because the change hasn't shipped or because there's something wrong with my setup? |
Nope, that only applies to people using dependabot as a library. This PR is already deployed to the Github service. If you're getting something unexpected, feel free to report a new issue! |
I think CI will fail since this required a few changes, but I think the idea is solid. Will explain in more detail later.
Fixes #5758.
Fixes #1971.