dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Label Configuration Ignored

Open AceCoderLaura opened this issue 1 year ago • 3 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Package ecosystem

nuget

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "nuget" # See documentation for possible values
    directory: "/" # Location of package manifests
    labels:
      - "enhancement"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "Syncfusion*"
      
  - package-ecosystem: "github-actions" # See documentation for possible values
    directory: "/" # Location of package manifests
    labels:
      - "enhancement"
    schedule:
      interval: "daily"
      
  - package-ecosystem: "gitsubmodule" # See documentation for possible values
    directory: "/" # Location of package manifests
    labels:
      - "enhancement"
      - "submodule"
    schedule:
      interval: "daily"

Updated dependency

Azure.Identity from 1.3.0 to 1.10.2

What you expected to see, versus what you actually saw

Expected the "enhancement" label to be added as per the configuration but instead it added one random label ("version-dependency") that is used for something else entirely in our workflow and created a new ".NET" label which I keep having to delete.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

image

Smallest manifest that reproduces the issue

No response

AceCoderLaura avatar Oct 19 '23 05:10 AceCoderLaura

This issue is still plaguing my repository. It ignores my label config, adds tags I don't want and uses tags that shouldn't be used, which interferes with my workflow.

AceCoderLaura avatar Jan 10 '24 05:01 AceCoderLaura

We are also occasionally hitting this too:

  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    commit-message:
      prefix: "(NPM)"
    labels:
      - "patch"
      - "dependencies"

Results in the following labels being added:

  • dependencies
  • minor
  • patch

This appears to be sporadic, and usually when Dependabot has closed a different PR due to a new version and started a new one.

LiamMacP avatar Jan 15 '24 08:01 LiamMacP

Same here, it uses default labels ignoring the ones from the config.

version: 2
updates:
- package-ecosystem: maven
  directory: "/"
  schedule:
    interval: daily
    time: "10:00"
    timezone: Europe/Moscow
  reviewers:
    - "Haarolean"
  labels:
    - "scope/backend"
    - "type/dependencies"

Got a maven update PR with a "dependencies" and "java" labels. Every time this happens I have to relabel and delete the labels.

Haarolean avatar Feb 11 '24 10:02 Haarolean