dependabot
Wildcard doesn't work
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
Docker
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
https://github.com/opentracing-contrib/nginx-opentracing/blob/master/.github/dependabot.yml
Updated dependency
No response
What you expected to see, versus what you actually saw
Dependabot says this in the logs:
updater | 2024/06/26 23:45:12 INFO Results:
updater | +------------------------------------------+
updater | | Changes to Dependabot Pull Requests |
updater | +---------+--------------------------------+
updater | | created | ubuntu ( from 22.04 to 24.04 ) |
updater | | created | php ( from 7-fpm to 8-fpm ) |
updater | | created | ubuntu ( from 18.04 to 24.04 ) |
updater | | created | ubuntu ( from 18.04 to 24.04 ) |
updater | | created | ubuntu ( from 18.04 to 24.04 ) |
updater | | created | ubuntu ( from 17.10 to 24.04 ) |
updater | | created | ubuntu ( from 17.10 to 24.04 ) |
updater | | created | ubuntu ( from 22.04 to 24.04 ) |
updater | | created | python ( from 3.10 to 3.12 ) |
updater | +---------+--------------------------------+
but it only opened:
- one PR for ubuntu with only one file changed https://github.com/opentracing-contrib/nginx-opentracing/pull/631
- one PR for php https://github.com/opentracing-contrib/nginx-opentracing/pull/632 (this seems correct)
- one PR for python https://github.com/opentracing-contrib/nginx-opentracing/pull/633 (this seems correct)
I expected a PR for ubuntu with changes to all the Dockerfiles
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
I triggered dependabot again after merging 631 and it opened one for the next ubuntu on the list https://github.com/opentracing-contrib/nginx-opentracing/pull/634 but then decided to supersede it with one in another folder https://github.com/opentracing-contrib/nginx-opentracing/pull/635
I'm seeing something similar with this config:
version: 2
updates:
- package-ecosystem: "terraform"
directories:
- "*"
schedule:
interval: "monthly"
This is running on a Terraform project having multiple envs in multiple directories, with manifest files like this:
lab/providers.tf
acc/providers.tf
prd/providers.tf
It only creates a PR for one of the dirs/files.
From the conversation in https://github.com/dependabot/dependabot-core/issues/2178 it seemed like using the grouping settings would force dependabot to open a PR with all the changes across multiple directories.
But this doesn't seem to be working either.
I have a grouping of go.opentelemetry.io/otel dependencies and dependabot opened just one PR for a single directory instead of two.
I'm seeing something similar with this config:
version: 2 updates: - package-ecosystem: "terraform" directories: - "*" schedule: interval: "monthly"This is running on a Terraform project having multiple envs in multiple directories, with manifest files like this:
lab/providers.tf acc/providers.tf prd/providers.tfIt only creates a PR for one of the dirs/files.
i ran this same config, and then created seperate lines for individual directories thinking this was the issue but i get the same behaviour in both scenarios
EDIT
i was able to make this work with the following groups config:
groups:
minor-and-patch:
update-types:
- "patch"
- "minor"
however not keen on the PR name that gets opened but it gets the job done:
Bump the minor-and-patch group across 8 directories with 1 update #6
for me i would love a grouping that bases on the directory with updates so 1 PR per folder
This should be fixed now.
Our service wasn't taking the directory of the dependency into account yet, so it would create the first PR for ubuntu in one directory, but then see the next one was also ubuntu and would skip it thinking it was already created by the previous PR.
@jakecoffman seems like we're going in the wrong direction, I have two different PRs updating the same thing now
- https://github.com/opentracing-contrib/nginx-opentracing/pull/660
- https://github.com/opentracing-contrib/nginx-opentracing/pull/661
The first one doesn't say "in /tests" but it's the same file.
Looks like the error is in dependabot-core this time, from the job logs:
+------------------------------------------------------------------------------------------------------------------------------------+
| Changes to Dependabot Pull Requests |
+---------+--------------------------------------------------------------------------------------------------------------------------+
| created | grpcio ( from 1.65.1 to 1.65.2 ), grpcio ( from 1.65.1 to 1.65.2 ), grpcio ( from 1.65.1 to 1.65.2 ), grpcio-health-c... |
| created | protobuf ( from 5.27.2 to 5.27.3 ) |
| created | protobuf ( from 5.27.2 to 5.27.3 ) |
+---------+--------------------------------------------------------------------------------------------------------------------------+
I'll get this fixed!
I was able to reproduce the behavior and tracked down the reason why. I opened a new issue to track that fix: https://github.com/dependabot/dependabot-core/issues/10340