feat(maven): Implicit grouping by versions defined via properties #4028
Conversation
|
Minimal example: |
lib/config/definitions.js
Outdated
| @@ -1650,6 +1650,7 @@ const options = [ | |||
| default: { | |||
| fileMatch: ['\\.pom\\.xml$', '(^|/)pom\\.xml$'], | |||
| versionScheme: 'maven', | |||
| groupByProps: true, | |||
There was a problem hiding this comment.
If users are to be able to configure this, we need to add it to definitions too
lib/datasource/maven/index.js
Outdated
| @@ -11,8 +11,54 @@ module.exports = { | |||
| getPkgReleases, | |||
| }; | |||
|
|
|||
| const cacheNamespace = 'datasource-maven'; | |||
|
|
|||
| async function getPkgReleases({ lookupName, registryUrls, groupName, deps }) { | |||
There was a problem hiding this comment.
Can you explain more about your design choice for groupName? I hadn't expected we need to pass groupName to the datasource. I would prefer if we could handle it using depName/lookupName and not add parameters like grouName/deps that are not shared with other datasources.
There was a problem hiding this comment.
I needed some key to handle grouping, as well as other dependencies in this group. Setting the groupName in extracting phase led to one PR per variable, instead of many PRs for each dependency. I found I can use this fields in datasource.
Actually I would like to implement the better design. At the extracting phase we can use extractAllPackageFiles and handle cross-file props. It would be better to handle common props in updateDependency(content, upgrade), but I'm not sure I can use context there.
|
How about this?
Then let's work out the best way to implement this. For example:
If we use the highest available, then that will likely break the build in the PR. But if we use the lowest available, maybe the user doesn't know that a critical hotfix is available for one of the deps. Frankly they shouldn't be using a shared placeholder unless the deps are guaranteed to all have the same latest version, so the question is about what we should do when encountering this type of invalid configuration. I prefer the first approach because it increases the chance that they realise their mistake. But for simplistic reasons I don't mind if we use a "random" approach either, e.g. always using the first-defined dep as the lookupName. |
|
It's possible to drop all the deps except first in |
|
Just thought, its possible to make decision about which version to replace in |
|
UpdateDependency gets called once per “update” - there is no “updateAllDependencies” right now. Seems like a good idea if extractAllDependencies can filter it down to just one “update” per placeholder. Lets use a deterministic way to determine the “first” dependency to use as “lookupName” and put placeholder as “depName”. It needs to be deterministic (same inputs always results in the same first package) so we don’t “flip flop” between runs. |
|
In the ideal scenario we’d warn if not all the packages have the same update available, but for now I think let’s go with the simplest approach (de-duplicating at the extract stage). And let’s make this placeholder approach non-configurable. |
zharinov
force-pushed
the
feat/group-by-maven-props
branch
4 times, most recently
from
492b5ce
to
b46b861
Compare
|
@zharinov what's the current status of this? e.g. ready for review/merge? |
|
Also, once it's ready for review, can you update the description of this PR to describe what changes to logic it's making? |
|
@rarkins Yes, I think it's ready |
|
Has the example repo pull requests been updated to match latest ? |
|
Yep, just double-checked it |
zharinov
force-pushed
the
feat/group-by-maven-props
branch
from
2854a7d
to
b1f694e
Compare
| "datasource": "maven", | ||
| "depName": "org.example:quux", | ||
| "fileReplacePosition": 698, | ||
| "groupName": "quuxVersion", |
| "datasource": "maven", | ||
| "depName": "org.example:quux-test", | ||
| "fileReplacePosition": 698, | ||
| "groupName": "quuxVersion", |
|
In example, it opened extra PR for security update, but I think that's not the bug, but feature. |
|
@zharinov yes we deliberately "break out" of any grouping if there's a security warning. Can we test against a non-security update? |
|
@rarkins Yes, take a look at https://github.com/zharinov/java-test/pull/14 |
|
🎉 This PR is included in version 18.27.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Closes #4024, Closes #4031
Add a
groupNameto extracted deps whenever a placeholder is used. This provides implicit grouping.