Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix version comments after quoted strings #8127

Merged
merged 3 commits into from Oct 16, 2023
Merged

Fix version comments after quoted strings #8127

merged 3 commits into from Oct 16, 2023

Conversation

kurtmckee
Copy link
Contributor

@kurtmckee kurtmckee commented Oct 2, 2023
edited

When YAML strings are quoted, Dependabot fails to update trailing version comments. For example, Dependabot will update the SHA but not the "v2.1.0" comment below:

- uses: "actions/checkout@01aecccf739ca6ff86c0539fbc67a7a5007bbc81" # v2.1.0

This PR fixes the bug in the associated regex.

In addition, this PR removes a test case using a short SHA ("01aecc") that is no longer updated (a problem that the test suite doesn't notice) and isn't supported by GitHub Actions anymore.

It also updates a short-SHA-based test case ("01aecc#v2.1.0") to use a full-length SHA so that it is more likely to catch bugs that might be introduced.

Fixes #8125

@kurtmckee kurtmckee requested a review from a team as a code owner October 2, 2023 16:18
@github-actions github-actions bot added the L: github:actions GitHub Actions label Oct 2, 2023
deivid-rodriguez
deivid-rodriguez approved these changes Oct 3, 2023
View reviewed changes
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, nice catch!

@kurtmckee kurtmckee mentioned this pull request Oct 3, 2023
Closed
@deivid-rodriguez deivid-rodriguez force-pushed the fix-version-comments-after-quoted-strings-issue-8125 branch from 0843ecf to a440355 Compare October 16, 2023 18:13
@kurtmckee
Copy link
Contributor Author

My commit verification settings are causing the commits to be flagged as "Unverified". This won't be an issue if this is squash-merged, but if not then I can rebase on main to ensure the branch is up-to-date and has valid GPG signatures.

Let me know if that would be helpful, depending on how PRs are merged. 👍

@deivid-rodriguez
Copy link
Contributor

I was planning to use standard Merge, so feel free to rebase, thanks! 🙏

@kurtmckee kurtmckee force-pushed the fix-version-comments-after-quoted-strings-issue-8125 branch from a440355 to 787ba87 Compare October 16, 2023 19:04
@kurtmckee
Copy link
Contributor Author

Thanks for your patience! I've rebased on main and force-pushed. I'll monitor the test suite runs, but please let me know if this needs any additional work!

@kurtmckee
Copy link
Contributor Author

Test suite has passed. 🥳

@deivid-rodriguez
Copy link
Contributor

@kurtmckee I just deployed this, would you be able to confirm it's now working properly?

@kurtmckee
Copy link
Contributor Author

kurtmckee commented Oct 16, 2023
edited

I don't know how to check that except to wait for Dependabot's scheduled checks on a given repo.

Is there a way to trigger Dependabot against a specific repository? If not, I can set up a situation where this gets tested against a test repo.

Edit: Just realized I can create a test repo with out-of-date action versions and then enable Dependabot. I'll test this out and respond back!

@deivid-rodriguez
Copy link
Contributor

That works!

Also, if you go to "Insights > Dependency Graph > Dependabot" of an existing repo with dependabot enabled, you should be able to manually check for updates.

Also, on an existing PR where this bug was triggered, commenting @dependabot recreate should retry using the new code.

@kurtmckee
Copy link
Contributor Author

This appears to be working! 🥳

image

@deivid-rodriguez
Copy link
Contributor

Awesome! Can you rebase one last time? We require up to date PRs for merging and one other PR sneaked into main while you were testing this 😅

@kurtmckee kurtmckee force-pushed the fix-version-comments-after-quoted-strings-issue-8125 branch from 787ba87 to 9a01d01 Compare October 16, 2023 20:59
@kurtmckee
Copy link
Contributor Author

No worries at all. Thanks for sharing how to manually check for updates!

@deivid-rodriguez deivid-rodriguez merged commit 92d8f7d into dependabot:main Oct 16, 2023
80 checks passed
@deivid-rodriguez
Copy link
Contributor

Thanks so much for the fix!

@kurtmckee kurtmckee deleted the fix-version-comments-after-quoted-strings-issue-8125 branch October 16, 2023 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deivid-rodriguez deivid-rodriguez deivid-rodriguez approved these changes

Assignees
No one assigned
Labels
L: github:actions GitHub Actions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

YAML string quotes prevent version comment updates
2 participants
@kurtmckee @deivid-rodriguez