Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

output directory set to target branch name #540

Open
hashtagchris opened this issue Jul 17, 2024 · 3 comments
Open

output directory set to target branch name #540

hashtagchris opened this issue Jul 17, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@hashtagchris
Copy link

I think the output directory is set to /{branch-name} when target-branch is specified in dependabot.yml, a single npm dependency is updated, and that dependency is scoped (has two segments).

dependabot.yml with target branch name: https://github.com/npm/agent/blob/21c19874834fb00c7ab37268b385fb84deb2df04/.github/dependabot.yml

Example Dependabot PR branch names

The first PR updates just @npmcli/template-oss. The second updates multiple dependencies including @npmcli/template-oss.

PR branch name branch name segments outputs.directory
npm/agent#110 dependabot/npm_and_yarn/main/npmcli/template-oss-4.23.0 5 /main
npm/statusboard#877 dependabot/npm_and_yarn/main/dependency-updates-4de8b5bfcf 4 /

npm/agent output:

Run dependabot/fetch-metadata@v1
Parsing Dependabot metadata
Outputting metadata for 1 updated dependency
  outputs.dependency-names: @npmcli/template-oss
  outputs.dependency-type: direct:development
  outputs.update-type: version-update:semver-minor
  outputs.directory: /main
  outputs.package-ecosystem: npm_and_yarn
  outputs.target-branch: main
  outputs.previous-version: 4.22.0
  outputs.new-version: 4.23.0
  outputs.compatibility-score: 0
  outputs.maintainer-changes: false
  outputs.dependency-group: 
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0

npm/statusboard output:

Run dependabot/fetch-metadata@v1
Parsing Dependabot metadata
Outputting metadata for 3 updated dependencies
  outputs.dependency-names: @npmcli/template-oss, @octokit/rest, semver
  outputs.dependency-type: direct:production
  outputs.update-type: version-update:semver-minor
  outputs.directory: /
  outputs.package-ecosystem: npm_and_yarn
  outputs.target-branch: main
  outputs.previous-version: 
  outputs.new-version: 
  outputs.compatibility-score: 0
  outputs.maintainer-changes: false
  outputs.dependency-group: dependency-updates
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0
@hashtagchris
Copy link
Author

Issue is still present in v2 release, and the main branch:

https://github.com/npm/agent/actions/runs/9976724284/job/27569631669

Run dependabot/fetch-metadata@main
  
Parsing Dependabot metadata
Outputting metadata for 1 updated dependency
  outputs.dependency-names: @npmcli/template-oss
  outputs.dependency-type: direct:development
  outputs.update-type: version-update:semver-minor
  outputs.directory: /main
  outputs.package-ecosystem: npm_and_yarn
  outputs.target-branch: main
  outputs.previous-version: 4.22.0
  outputs.new-version: 4.23.0
  outputs.compatibility-score: 0
  outputs.maintainer-changes: false
  outputs.dependency-group: 
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0

hashtagchris added a commit to npm/template-oss that referenced this issue Jul 17, 2024
<!-- What / Why -->
<!-- Describe the request in detail. What it does and why it's being
changed. -->

`steps.metadata.outputs.directory` is set to `/main`, not `/`, when
`package.json` is at the root of the repository. I suspect adding
`target-branch` to `dependabot.yml` (#330) added a `main` segment to
Dependabot PR branch names, which changed the value of
`steps.metadata.outputs.directory`.

By fixing this issue, we shouldn't need to routinely use stafftools to
fix up template-oss Dependabot PRs. 🤞🏼

I couldn't quickly find a `bump @npmcli/template-oss` Dependabot PR for
a workspace to inspect `steps.metadata.outputs.directory` and fix
workspaces support. If that's important, we may want to either enable
Dependabot for `npm/cli` or create a separate `template-oss-test` repo.
It's not clear if Dependabot will create a PR for
`workspace/test-workspace` upon our next release.

### Example Dependabot PR branch names

The first PR updates just `@npmcli/template-oss`. The second updates
multiple dependencies including `@npmcli/template-oss`.

PR | branch name | segments | steps.metadata.outputs.directory
-|-|-|-
npm/agent#110 |
`dependabot/npm_and_yarn/main/npmcli/template-oss-4.23.0` | 5 | `/main`
npm/statusboard#877 |
`dependabot/npm_and_yarn/main/dependency-updates-4de8b5bfcf` | 4 | `/`

## References
<!-- Examples:
  Related to #0
  Depends on #0
  Blocked by #0
  Fixes #0
  Closes #0
-->

Failed "Post Dependabot" run:
https://github.com/npm/agent/actions/runs/9963674341/job/27530225303

Fix manually tested here:
npm/agent@ef85b08


[branchNameToDirectoryName](https://github.com/dependabot/fetch-metadata/blob/ffa2dc8ffecf17d26f6a81b83f9ef5edd33ba93a/src/dependabot/update_metadata.ts#L31)

Bug report: dependabot/fetch-metadata#540
@jeffwidman
Copy link
Member

I'm sorry, I don't understand the issue as currently described.

What is your desired/expected behavior? And what is the current behavior?

@hashtagchris
Copy link
Author

hashtagchris commented Sep 4, 2024

The PR head branch name is incorrectly parsed by branchNameToDirectoryName under some conditions.

Expected behavior

The directory output is set to / when the package.json is at the root of the repo.

Actual behavior

The directory output is set to /main. main being the target branch name. It is not a valid directory path for the repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants