Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependabot is trying to update from 0.0.27 to 0.2.31 after version scheme change #88

Closed
lucasrangit opened this issue Jun 2, 2022 · 9 comments
Closed

dependabot is trying to update from 0.0.27 to 0.2.31 after version scheme change #88

lucasrangit opened this issue Jun 2, 2022 · 9 comments

Comments

@lucasrangit
Copy link
Contributor

Take a look at berlin-hack-and-tell/bhnt.c-base.org#320 and you'll see @dependabot tying to merge the update from 0.0.27 to 0.2.31.

It is confused by the version scheme change.

Since you cannot remove "old" version, I suggest changing the version scheme again. Since you want to match URLchecker, then you should use major.minor versions only. e.g. 0.0.27 becomes 0.27.

That will fix the issue since 0.27 > 0.2.31 > 0.0.27.
@lucasrangit lucasrangit mentioned this issue Jun 2, 2022
Closed
@vsoch
Copy link
Collaborator

vsoch commented Jun 2, 2022

Can you not just ignore the suggested update?

@lucasrangit
Copy link
Contributor Author

lucasrangit commented Jun 2, 2022
edited
Loading

Yeah we can ignore it. I also think there's a way to configure the @dependabot to ignore some versions with .github/dependabot.yml so I don't have to disable auto-update completely.

- version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "urlchecker-action"
        # Ignore old version scheme
        versions: ["0.2.x", "0.1.x"]

I am reporting this because you made the change to make our lives easier 😉

image

@vsoch
Copy link
Collaborator

vsoch commented Jun 2, 2022

Yeah! I'm really sorry. Hmm - if there is a way to check (and update) where the action is being used (and make sure the older versions aren't being used) we could potentially delete the old releases.

@vsoch
Copy link
Collaborator

vsoch commented Jun 2, 2022

Oh my that's quite a few! https://github.com/urlstechie/urlchecker-action/network/dependents

@lucasrangit
Copy link
Contributor Author

Yeah I was just about to post that "Used by" link. Pretty handy.

@vsoch
Copy link
Collaborator

vsoch commented Jun 2, 2022

Okay I got through... one page! There were about 3-4 repos that used a pinned (to be deprecated version). I'm worried if dependabot is opening up PRs that more might switch to an older version so maybe it would be best to delete them before that happens and then hope to catch all the repos that use it.

@vsoch vsoch mentioned this issue Jun 2, 2022
Open
@vsoch
Copy link
Collaborator

vsoch commented Jun 2, 2022

okay this should be addressed! Hopefully I didn't miss too many and people won't be angry with me. Thanks for bringing this to my attention! #89

@vsoch vsoch closed this as completed Jun 2, 2022
@lucasrangit
Copy link
Contributor Author

Thanks! I think this is the right solution as long as it's clear what is wrong when it breaks.

Often whoever set this up is gone or has forgotten how it was set up in the first place so getting back up and running quickly is all that matters.

@vsoch
Copy link
Collaborator

vsoch commented Jun 2, 2022

I totally agree! It would get worse as time went on. And I’ve definitely learned my lesson and am not going to violate semver in the future!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lucasrangit @vsoch