Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot opens multiple grouped and ungrouped PRs for the same updates #7830

Closed
carogalvin opened this issue Aug 17, 2023 · 3 comments
Closed

Dependabot opens multiple grouped and ungrouped PRs for the same updates #7830

carogalvin opened this issue Aug 17, 2023 · 3 comments
Assignees
@jakecoffman
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR

Comments

@carogalvin
Copy link
Contributor

carogalvin commented Aug 17, 2023
edited
Loading

We're seeing customer reports of duplicate grouped and ungrouped PRs being opened for the same updates.

One dependabot.yaml example:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    target-branch: "main"
    versioning-strategy: increase
    open-pull-requests-limit: 30
    schedule:
      interval: "daily"
      time: "08:30"
      timezone: "America/New_York"
    groups:
      storybook:
        patterns:
          - "storybook"
          - "@storybook/*"
          - "@etchteam/storybook*"
      nxAndFriends:
        patterns:
          - "nx"
          - "@nx/*"
          - "@jscutlery/semver"
          - "semantic-release"
          - "cz-conventional-changelog"
          - "ngx-deploy-npm"

Here's a screenshot of the duplicate PRs they saw:

Image

In this case I would expect the storybook* dependencies to only show up in the storybook group.

After some investigation, we discovered the problem:

npm is throwing an error and so then gets treated as "not updated" and it attempts to make an individual PR for it. So we need to account for the dependency SHOULD have been updated in the group but failed to. This code
@carogalvin carogalvin mentioned this issue Aug 17, 2023
Closed
@jakecoffman jakecoffman added the F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR label Aug 17, 2023
@jakecoffman jakecoffman mentioned this issue Aug 21, 2023
Merged
@jonathan-innis
Copy link

We are seeing the same thing happen with our go package grouping. We have excluded a pattern in our grouping but we are still getting a PR opened for both the grouped dependencies and single dependencies:

  1. chore(deps): bump the go-deps group with 2 updates aws/karpenter-provider-aws#4469
  2. chore(deps): bump github.com/aws/karpenter-core from 0.30.0-rc.0.0.20230816121541-da2c2f5594a3 to 0.100.101-test aws/karpenter-provider-aws#4468

@jonathan-innis jonathan-innis mentioned this issue Aug 21, 2023
Closed
@jakecoffman
Copy link
Member

I just deployed #7829 which should fix the issue for projects NOT using semver grouping (update-types).

@jakecoffman
Copy link
Member

I just deployed #7867 which fixes the problems with errors during semver grouping. So with that we shouldn't be seeing any unexpected individual PRs.

If you are still having problems related to this please open a new issue, thanks!

@jakecoffman jakecoffman self-assigned this Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jakecoffman jakecoffman

Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jakecoffman @carogalvin @jonathan-innis