Parsing version for Docker PRs

[ttshivers]

Parsing the version from the dependabot docker image tags would be useful, but it does seem like it would require more work. One nice observation is that many of the official images have a tag scheme like:

SEMVER-stuff

https://github.com/docker-library/official-images#tags-and-aliases

I think it would be reasonable to fail parsing if no obvious version could be detected.

Here is an example PR: https://github.com/synclounge/syncloungeserver/pull/63

[ahmadnassri]

I think ... this should be working, maybe something missed in the parsing .. since the -stuff is valid semver...

will test and verify

[ahmadnassri]

so, the interesting thing here, the tag syntax used by node, is actually a valid semver string according to the semver spec...

and since it's parsed as a whole, it's valid semver, and actuall translates to a preminor change, NOT a minor.

sounds like something the Node team need to consider in their decision of docker tagging.

[ahmadnassri]

I opened an issue in the official node repo: https://github.com/nodejs/docker-node/issues/1369

[ttshivers]

I do see the point about the tags actually being a valid semver but not in the way it's intended. Is there any way to get more information from dependabot? If so, it might be possible to parse the version differently if the dependency is an official docker image.

[ahmadnassri]

I wish there was a better way to get info from dependabot (like an API!)

the current mechanism this action uses is actually not great: it parses the pull request title and attempts to figure out what the package is, what version it's updated from / to ...

sometimes dependabot doesn't even use the same title format ... (see #31)

it's ... not fun.