ahmadnassri
commented
4 years ago I think ... this should be working, maybe something missed in the parsing .. since the -stuff is valid semver...
will test and verify
Open ttshivers opened 4 years ago
ahmadnassri
commented
4 years ago I think ... this should be working, maybe something missed in the parsing .. since the -stuff is valid semver...
will test and verify
ahmadnassri
commented
4 years ago so, the interesting thing here, the tag syntax used by node, is actually a valid semver string according to the semver spec...
and since it's parsed as a whole, it's valid semver, and actuall translates to a preminor change, NOT a minor.
sounds like something the Node team need to consider in their decision of docker tagging.
ahmadnassri
commented
4 years ago I opened an issue in the official node repo: https://github.com/nodejs/docker-node/issues/1369
ttshivers
commented
4 years ago I do see the point about the tags actually being a valid semver but not in the way it's intended. Is there any way to get more information from dependabot? If so, it might be possible to parse the version differently if the dependency is an official docker image.
ahmadnassri
commented
4 years ago I wish there was a better way to get info from dependabot (like an API!)
the current mechanism this action uses is actually not great: it parses the pull request title and attempts to figure out what the package is, what version it's updated from / to ...
sometimes dependabot doesn't even use the same title format ... (see #31)
it's ... not fun.
Parsing the version from the dependabot docker image tags would be useful, but it does seem like it would require more work. One nice observation is that many of the official images have a tag scheme like:
https://github.com/docker-library/official-images#tags-and-aliases
I think it would be reasonable to fail parsing if no obvious version could be detected.
Here is an example PR: https://github.com/synclounge/syncloungeserver/pull/63