Add support for Dependabot PRs that update multiple dependencies #213
Comments
|
Thanks for raising this issue.
I've had this in the back of my mind since GitHub announced this capability
but haven't had time to dig into it.
I think the core change will be to move the text scraping to the
description and allow for multiple matches. I also think I'd want to change
the updater to keep an in-memory representation until all package updates
are processed vs. writing the file twice.
The hard part will be the scraping I think, but could be wrong.
Rambling a bit here, but I'll see if I can start looking into this by the
end of the week.
As always, I'm happy to review a PR if you'd like to take a crack at it!
…On Tue, Nov 14, 2023, 7:20 PM Christopher Beltran ***@***.***> wrote:
Occasionally Dependabot will open up a PR that attempts to update multiple
dependencies(In my experience I have only seen it attempt to update two
dependencies, not sure if it will ever attempt more):
[image: Screenshot 2023-11-14 at 5 13 57 PM]
<https://user-images.githubusercontent.com/34382621/282966158-7e872e24-77e0-4eec-94f6-0fae6b9d488a.png>
These PRs will cause the action to fail with an error: Unable to extract
entry from pull request title!
—
Reply to this email directly, view it on GitHub
<#213>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALF7BQFOUCIMOMBVDGSGODYEQDDTAVCNFSM6AAAAAA7LVBBLCVHI2DSMVQWIX3LMV43ASLTON2WKOZRHE4TGOBQGEYDCOA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
@ChristopherBeltran is that PR you mentioned public by chance? Just wanting to dig a bit more into what the format/structure of everything looks like |
|
@dangoslen It's not public unfortunately. But if there's anything specific I can pull from it that could be helpful I'd be happy to do so. |
|
@dangoslen you could enable a Dependabot group in this repo and then test it here? updates:
- package-ecosystem: github-actions
directory: /
groups:
github-actions:
patterns:
- "*"
update-types:
- minor
- patch |
|
I believe I have the changes needed for this in @ChristopherBeltran could you take a look? |
@dangoslen I think we're almost there. I see the entries are duplicated: One entry appears to be surrounded by a single ` while the second is surrounded by two `` |
|
I believe I corrected that in a follow-up PR #217. The first run did not remove the extra backticks, and the second one did - which makes the updates look like a duplicate. |
|
Great, I think we are good then 👍 |
Occasionally Dependabot will open up a PR that attempts to update multiple dependencies(In my experience I have only seen it attempt to update two dependencies, not sure if it will ever attempt more):
These PRs will cause the action to fail with an error:
Unable to extract entry from pull request title!The text was updated successfully, but these errors were encountered: