-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(maven): Implicit grouping by versions defined via properties #4028
feat(maven): Implicit grouping by versions defined via properties #4028
Conversation
Minimal example: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to review the design approach and hopefully not change the datasource signature.
lib/config/definitions.js
Outdated
@@ -1650,6 +1650,7 @@ const options = [ | |||
default: { | |||
fileMatch: ['\\.pom\\.xml$', '(^|/)pom\\.xml$'], | |||
versionScheme: 'maven', | |||
groupByProps: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If users are to be able to configure this, we need to add it to definitions too
lib/datasource/maven/index.js
Outdated
@@ -11,8 +11,54 @@ module.exports = { | |||
getPkgReleases, | |||
}; | |||
|
|||
const cacheNamespace = 'datasource-maven'; | |||
|
|||
async function getPkgReleases({ lookupName, registryUrls, groupName, deps }) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain more about your design choice for groupName? I hadn't expected we need to pass groupName to the datasource. I would prefer if we could handle it using depName/lookupName and not add parameters like grouName/deps that are not shared with other datasources.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I needed some key to handle grouping, as well as other dependencies in this group. Setting the groupName
in extracting phase led to one PR per variable, instead of many PRs for each dependency. I found I can use this fields in datasource.
Actually I would like to implement the better design. At the extracting phase we can use extractAllPackageFiles
and handle cross-file props. It would be better to handle common props in updateDependency(content, upgrade)
, but I'm not sure I can use context there.
How about this?
Then let's work out the best way to implement this. For example:
If we use the highest available, then that will likely break the build in the PR. But if we use the lowest available, maybe the user doesn't know that a critical hotfix is available for one of the deps. Frankly they shouldn't be using a shared placeholder unless the deps are guaranteed to all have the same latest version, so the question is about what we should do when encountering this type of invalid configuration. I prefer the first approach because it increases the chance that they realise their mistake. But for simplistic reasons I don't mind if we use a "random" approach either, e.g. always using the first-defined dep as the lookupName. |
It's possible to drop all the deps except first in |
Just thought, its possible to make decision about which version to replace in |
UpdateDependency gets called once per “update” - there is no “updateAllDependencies” right now. Seems like a good idea if extractAllDependencies can filter it down to just one “update” per placeholder. Lets use a deterministic way to determine the “first” dependency to use as “lookupName” and put placeholder as “depName”. It needs to be deterministic (same inputs always results in the same first package) so we don’t “flip flop” between runs. |
In the ideal scenario we’d warn if not all the packages have the same update available, but for now I think let’s go with the simplest approach (de-duplicating at the extract stage). And let’s make this placeholder approach non-configurable. |
492b5ce
to
b46b861
Compare
@zharinov what's the current status of this? e.g. ready for review/merge? |
Also, once it's ready for review, can you update the description of this PR to describe what changes to logic it's making? |
@rarkins Yes, I think it's ready |
Has the example repo pull requests been updated to match latest ? |
Yep, just double-checked it |
2854a7d
to
b1f694e
Compare
"datasource": "maven", | ||
"depName": "org.example:quux", | ||
"fileReplacePosition": 698, | ||
"groupName": "quuxVersion", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First one
"datasource": "maven", | ||
"depName": "org.example:quux-test", | ||
"fileReplacePosition": 698, | ||
"groupName": "quuxVersion", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Second one
In example, it opened extra PR for security update, but I think that's not the bug, but feature. |
@zharinov yes we deliberately "break out" of any grouping if there's a security warning. Can we test against a non-security update? |
@rarkins Yes, take a look at https://github.com/zharinov/java-test/pull/14 |
🎉 This PR is included in version 18.27.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Closes #4024, Closes #4031
Add a
groupName
to extracted deps whenever a placeholder is used. This provides implicit grouping.