dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard
verified publisher icon dependabot

Empty/incomplete commit message

Open mistic100 opened this issue 1 year ago • 12 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Package ecosystem

yarn

Package manager version

1

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/mistic100/Photo-Sphere-Viewer/blob/main/package.json

dependabot.yml content

version: 2
updates:
  - package-ecosystem: npm
    directory: '/'
    schedule:
      interval: daily
    assignees:
      - mistic100
    ignore:
      - dependency-name: '*'
        update-types: ['version-update:semver-patch']
      - dependency-name: '@typescript-eslint/*'
        update-types: ['version-update:semver-minor']
      - dependency-name: 'marked'
        update-types: ['version-update:semver-major']
    commit-message:
      prefix: 'chore'
      include: 'scope'
  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly
    assignees:
      - mistic100
    commit-message:
      prefix: 'chore'
      include: 'scope'

Updated dependency

No response

What you expected to see, versus what you actually saw

Recent update commits message are empty, only containing ---, see examples bellow. On the other hand the PR title is complete.

I didn't made any recent changes in the configuration.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

  • https://github.com/mistic100/Photo-Sphere-Viewer/pull/1310
  • https://github.com/mistic100/Photo-Sphere-Viewer/pull/1309
  • https://github.com/mistic100/Photo-Sphere-Viewer/pull/1312
  • https://github.com/mistic100/Photo-Sphere-Viewer/pull/1311

Smallest manifest that reproduces the issue

No response

mistic100 avatar May 20 '24 18:05 mistic100

One more example: https://github.com/codehaus-plexus/plexus-xml/pull/34/commits

slawekjaranowski avatar May 20 '24 21:05 slawekjaranowski

Another example (fixed manually to make it pass gitlint), with an original commit message of:

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

.github/dependabot.yml:

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: daily
    commit-message:
      prefix: "build(deps)"

l0b0 avatar May 20 '24 21:05 l0b0

This is happening for me too with Python dependencies.

federicobond avatar May 21 '24 02:05 federicobond

Here's another example: https://github.com/remarkablemark/setup-codeclimate/pull/329/commits

Screen Shot 2024-05-20 at 11 59 02 PM

remarkablemark avatar May 21 '24 03:05 remarkablemark

💸 🔥

fredrikaverpil avatar May 21 '24 06:05 fredrikaverpil

This appears to be affecting all package managers - I'm seeing it for GitHub Actions, npm packages and NuGet packages.

martincostello avatar May 21 '24 06:05 martincostello

Happens in bundler too 🥲.

Uaitt avatar May 21 '24 09:05 Uaitt

We have same issue on multiple private repos (maven)

mjanzs avatar May 21 '24 12:05 mjanzs

A little before and after example:

before

build(deps): Update atsdk requirement
Updates the requirements on [atsdk](https://github.com/atsign-foundation/at_python) to permit the latest version.

Updates `atsdk` to 0.2.14
- [Release notes](https://github.com/atsign-foundation/at_python/releases)
- [Commits](https://github.com/atsign-foundation/at_python/compare/v0.2.13...v0.2.14)

---
updated-dependencies:
- dependency-name: atsdk
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>

After

---
updated-dependencies:
- dependency-name: atsdk
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>

So it's not just missing the summary line (and failing Semantic PR checks), but there's a whole bunch of other content that's missing. Everything before --- is missing and --- becomes the commit summary :/

Those are for pip, but I'm seeing this across all package managers.

cpswan avatar May 21 '24 12:05 cpswan

In case this is helpful in tracking down when this went live:

Last good dependabot commit message I've seen was 2024-05-20T17:36:14Z and first bad commit was 2024-05-20T18:36:23Z - so looks like a dependabot release some time between 17:36 and 18:36 for the repos I've got visibility over.

dhensby avatar May 21 '24 12:05 dhensby

Same issue with the ecosystems nuget, gitmodules, github-actions & devcontainers

samtrion avatar May 21 '24 19:05 samtrion

Same issue with the ecosystems npm, pip

zhu0629 avatar May 22 '24 01:05 zhu0629

Yeah, I noticed this. I also observed that when doing the squash merge via the gh CLI, it is not Dependabot, and it produced the title ---. Initially, I thought I might have forgotten to update the default PR title settings for that repository. However, now that Dependabot is writing commits with this title, could it be related to the API as well?

dipakparmar avatar May 22 '24 04:05 dipakparmar

It's been affecting our workflows as well for the last 2 days, GitHub actions and Rust crates:

  • https://github.com/wrpc/wrpc/pull/79
  • https://github.com/wasmCloud/wasmCloud/pull/2163

rvolosatovs avatar May 22 '24 07:05 rvolosatovs

We are seeing this in our repo when dependabot PRs were squash merged

image

leethree avatar May 22 '24 08:05 leethree

just for completeness: it also happens on gitsubmodule ecosystem. Example: https://github.com/OpenImageDebugger/OpenImageDebugger/pull/339/commits

brunoalr avatar May 22 '24 15:05 brunoalr

Same here even with package-ecosystem: "github-actions". The custom commit-message is completely ignored

matteovivona avatar May 22 '24 15:05 matteovivona

Any estimate when this is going to be fixed?

gastaldi avatar May 22 '24 16:05 gastaldi

I just squash-merged a commit about 5 minutes ago with @dependabot squash and merge and it looks like the commit message was fixed!

image

This one was for the github actions ecosystem.

I also confirmed one for the python ecosystem, specifically Poetry:

image

Looks like a fix got deployed very recently.

phillipuniverse avatar May 23 '24 03:05 phillipuniverse

the fix for this issue has been deployed

According to GitHub Support 🎉

johanneswuerbach avatar May 23 '24 05:05 johanneswuerbach

This appears to be fixed for new PRs, but current broken PRs are still broken, even if you do @dependbot recreate or @dependabot squash and merge.

Pyker avatar May 23 '24 11:05 Pyker

This appears to be fixed for new PRs, but current broken PRs are still broken, even if you do @dependbot recreate or @dependabot squash and merge.

Ya, you have to life with that or manually fix the git commits/history.

samtrion avatar May 23 '24 12:05 samtrion

With hundreds, if not thousands, of Dependbot PRs open with invalid ---'s in the messages, wouldn't it be at least a little better to fix @dependabot recreate to fix these?

TheRealWaldo avatar May 24 '24 21:05 TheRealWaldo