feat: use dependabot/fetch-metadata action #276
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@guilhermelimak is this ready to be reviewed? |
simoneb
reviewed
Sep 20, 2022
yep, just finishing up a couple of details but should be good for a review |
guilhermelimak
changed the title
guilhermelimak
changed the title
simoneb
reviewed
Sep 20, 2022
simoneb
reviewed
Sep 20, 2022
guilhermelimak
added a commit
to nearform/fastify-auth0-verify
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
guilhermelimak
added a commit
to nearform/sql
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
guilhermelimak
added a commit
to nearform/the-fastify-workshop
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
guilhermelimak
added a commit
to nearform/fast-jwt
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
This was referenced Sep 22, 2022
simoneb
pushed a commit
to nearform/sql
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
simoneb
pushed a commit
to nearform/fastify-auth0-verify
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
simoneb
pushed a commit
to nearform/the-fastify-workshop
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
simoneb
pushed a commit
to nearform/fast-jwt
that referenced
this pull request
Sep 22, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
guilhermelimak
added a commit
to nearform/github-snooze-chrome-extension
that referenced
this pull request
Sep 23, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after github-action-merge-dependabot is merged.
simoneb
pushed a commit
to nearform/github-snooze-chrome-extension
that referenced
this pull request
Sep 23, 2022
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after github-action-merge-dependabot is merged.
simoneb
approved these changes
Oct 3, 2022
|
regenerate the dist folder to solve the conflicts please |
This was referenced Oct 3, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since the changes on this PR are quite big it would be nice to have a little more testing before making it public, so I'll open PRs pinning this branch in the following repositories to test it for some time before before rolling out to everyone else:
The changes on those repos should be reverted after this PR is merged.
This PR turns this action into a composite action which uses Dependabot's own fetch-metadata action to retrieve the updated dependencies names and the semver update type from a PR.
This was done manually before and besides being error-prone and missing some edge cases any update on dependabot's PR/branch naming would break this action.
After doing so I was able to remove all the parsing related code and simplify it a lot.
It's still missing a couple of details (where I left
TODO:comments) and taking better care of non-semver updates, but it should be good enough for a review.Closes #203, closes #274