[Grouped Updates] Cleaner management of the update dependency list #7414
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR moves the management of the overall Dependency list into the
GroupDependencyFileBatch
class and repositions it as aDependencyGroupChangeBatch
.This affords us an interface where we just pass in each
DependencyChange
and the right thing happens internally to theDependencyGroupChangeBatch
for both the files and dependency list without the actual group updater worrying about the details.De-duplication
I've had a walk through the implications of us updating a Dependency twice in a single group, this has the potential to happen more for transitive dependencies if we do something like:
dep_a
anddep_b
both depend ondep_x
dep_a
which unlocks updatingdep_x
to the highest version currently permitted bydep_b
dep_b
which now unlocks updatingdep_x
to a newer versionThis means we would have two
Dependency
objects fordep_x
with would have the following attributes:dep_x
, version: 1.4, previous_version: 1.3dep_x
, version: 1.5, previous_version: 1.4If we were to de-duplicate this, we would need to replace these two
Dependency
objects with a new one which has the following values:dep_x
, version: 1.5, previous_version: 1.3This is pretty non-trivial as the
Dependency
class mutates some of it's input arguments so we cannot instantiate replacement from the two objects and be confident it is correct, nor can we just merge theprevious_version
of (1) into (2) as we might not correctly capture the metadata for the entire leap from v1.3 to v1.4.Ultimately, I've decided to leave this alone but give us some debug affordance so we can investigate the dependency list and learn more about these cases if and when they happen in future.
Potential Improvements
Rather than mutating data and risking creating unforeseen corner cases, this is mostly a presentation concern when it comes to us creating the Pull Request body.
Overall, this is likely to be an edge case and if in the worst case we show two bumps for a library in the PR body with a changelog from 1.3 to 1.4, and then from 1.4 to 1.5 the information presented is still complete end-to-end and represents what happened within the update accurately.
If we do decide to deduplicate as a presentation concern, we will not need to mutate the dependency data but we can use it to render a single aggregate entry as a follow-up which feels less risky.
I haven't explored this as part of this PR as: