Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grouped package update being assigned to multiple Dependabot groups #7939

Closed
1 task done
edmorley opened this issue Aug 31, 2023 · 1 comment
Closed
1 task done

Grouped package update being assigned to multiple Dependabot groups #7939

edmorley opened this issue Aug 31, 2023 · 1 comment
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR T: bug 🐞 Something isn't working

Comments

@edmorley
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Cargo

Package manager version

1.72

Language version

1.72

Manifest location and content before the Dependabot update

https://github.com/heroku/languages-github-actions/blob/e3c1fe2066215a6b20ace90150474351a885a716/Cargo.toml
https://github.com/heroku/languages-github-actions/blob/e3c1fe2066215a6b20ace90150474351a885a716/Cargo.lock

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "monthly"
  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "monthly"
    groups:
      libcnb:
        patterns:
          - "libcnb*"
          - "libherokubuildpack"
      rust-dependencies:
        update-types:
          - "minor"
          - "patch"

Updated dependency

See: heroku/languages-github-actions#137

What you expected to see, versus what you actually saw

The Dependabot docs for the new grouped updates feature say:

Dependabot creates groups in the order they appear in your dependabot.yml file. If a dependency update could belong to more than one group, it is only assigned to the first group it matches with.

However, we're seeing the libcnb-data and libcnb-package packages being assigned to both the libcnb and rust-dependencies groups, even though they should be only seen in the libcnb group PR.

libcnb group (correct):
heroku/languages-github-actions#120

rust-dependencies group (not correct, the libcnb packages shouldn't be in here):
heroku/languages-github-actions#137

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@edmorley edmorley added the T: bug 🐞 Something isn't working label Aug 31, 2023
This was referenced Aug 31, 2023
Closed
Closed
@jakecoffman jakecoffman added the F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR label Aug 31, 2023
@edmorley edmorley mentioned this issue Sep 1, 2023
Closed
@jurre
Copy link
Member

jurre commented Sep 6, 2023

@edmorley I think this is the same issue as what's described here? #7915

Let's keep track of things over there!

PS: Appreciate all your feedback 🙇

@jurre jurre closed this as completed Sep 6, 2023
@edmorley edmorley mentioned this issue Sep 12, 2023
Closed
@edmorley edmorley mentioned this issue Oct 6, 2023
Merged
@jakecoffman jakecoffman mentioned this issue Oct 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@edmorley @jurre @jakecoffman