Docker update-type metadata is null when either tag (incoming or outgoing) is prefixed with a v

[svenjr]

Is there an existing issue for this?

• I have searched the existing issues

While it seems it could be related to #4893 , that seems to have been focused on the naming of the commit which was changed and pushed. That fixed that specific issue but this is something different

Package ecosystem

Docker

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

docker/[internal name]/Dockerfile

dependabot.yml content

version: 2
registries:
  docker-registry-ecr:
    type: docker-registry
    url: https://*****************.amazonaws.com/
    username: "${{secrets.AWS_DEPENDABOT_ACCESS_KEY_ID}}"
    password: "${{secrets.AWS_DEPENDABOT_ACCESS_SECRET}}"

updates:
- package-ecosystem: docker
  directory: "/docker/[internal name]"
  schedule:
    interval: daily
    time: "06:00"
  registries:
  - docker-registry-ecr
  reviewers:
  - "@FATMAP/mapping"
- package-ecosystem: docker
  directory: "/docker/[internal name]/debug"
  schedule:
    interval: daily
    time: "06:00"
  registries:
  - docker-registry-ecr
  reviewers:
  - "@FATMAP/mapping"
- package-ecosystem: docker
  directory: "/docker/pgbouncer"
  schedule:
    interval: daily
    time: "06:00"
  registries:
  - docker-registry-ecr
  reviewers:
  - "@FATMAP/mapping"
- package-ecosystem: docker
  directory: "/docker/tiler"
  schedule:
    interval: daily
    time: "06:00"
  registries:
  - docker-registry-ecr
  reviewers:
  - "@FATMAP/mapping"

Updated dependency

We have tried every variant of this and we have found (using internal docker builds) the following:

• v1.5.1 to v1.5.2 -> outputs.update-type: null
• v1.5.1 to 1.5.2 -> outputs.update-type: null
• 1.5.2 to v1.5.3 -> outputs.update-type: null
• 1.5.2 to 1.5.3 -> outputs.update-type: patch

While it is true that this sort of tag is not strictly semver compliant, I would expect Dependabot to be able to infer this sort of thing with a non-complex tag.

What you expected to see, versus what you actually saw

Using a GH action we have to auto-merge patch updates, I would expect the outputs.update-type field coming from dependabot/fetch-metadata@v1.3.6 to be patch but it is instead null.

outputs.update-type: null

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Unfortunately non of this is public so I cannot provide examples of the workflows or logs fully. But I can say that the section where we check metadata for the example of going from v1.5.1 to 1.5.2 looks like this:

Run dependabot/fetch-metadata@v1.3.6
  with:
    github-token: ***
    skip-commit-verification: false
Parsing Dependabot metadata
Outputting metadata for 1 updated dependency
  outputs.dependency-names: map-renderer-tiler
  outputs.dependency-type: direct:production
  outputs.update-type: null
  outputs.directory: /docker/tiler
  outputs.package-ecosystem: docker
  outputs.target-branch: main
  outputs.previous-version: 
  outputs.new-version: 
  outputs.compatibility-score: 0
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0

Smallest manifest that reproduces the issue

No response