New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: use dependabot/fetch-metadata action #276
feat: use dependabot/fetch-metadata action #276
Conversation
@guilhermelimak is this ready to be reviewed? |
yep, just finishing up a couple of details but should be good for a review |
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after testing is complete.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after github-action-merge-dependabot is merged.
For the github-action-merge-dependabot's [newest version](fastify/github-action-merge-dependabot#276) we have updated how the dependabot PR metadata is retrieved. Before that it used some custom logic to parse the PR title and branch name but now we use dependabot's fetch-metadata action which does all the heavy lifting for us. Since that was quite a big change we're deploying a prerelease version for a small amount of projects to do before fully releasing it. This should be replaced back to the original after github-action-merge-dependabot is merged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Let's merge this, do a new release and then we go back to the repos we temporarily updated and revert to use the released version of the action
regenerate the dist folder to solve the conflicts please |
Since the changes on this PR are quite big it would be nice to have a little more testing before making it public, so I'll open PRs pinning this branch in the following repositories to test it for some time before before rolling out to everyone else:
The changes on those repos should be reverted after this PR is merged.
This PR turns this action into a composite action which uses Dependabot's own fetch-metadata action to retrieve the updated dependencies names and the semver update type from a PR.
This was done manually before and besides being error-prone and missing some edge cases any update on dependabot's PR/branch naming would break this action.
After doing so I was able to remove all the parsing related code and simplify it a lot.
It's still missing a couple of details (where I left
TODO:
comments) and taking better care of non-semver updates, but it should be good enough for a review.Closes #203, closes #274