dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.75k stars 1.03k forks source link

Changelog no longer appearing in PR #10178

Open chris-smith-zocdoc opened 4 months ago

chris-smith-zocdoc commented 4 months ago

Is there an existing issue for this?

Package ecosystem

nuget

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

Dependabot used to include the commits/changelog when available, but I think this stopped working ~ 5 days ago (according to this github search https://github.com/search?q=dependabot+label%3A.NET+changelog&type=pullrequests&s=created&o=desc )

Heres an example from a random repo

Worked on Jun 28th https://github.com/bervProject/SimplePasswordManagerService/pull/1374

Broken on July 5th https://github.com/bervProject/SimplePasswordManagerService/pull/1376

The timeline matches with this PR which looks related https://github.com/dependabot/dependabot-core/pull/10025

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

brettfo commented 4 months ago

Thank you for filing the issue, it does appear to be caused by the PR you linked.

I'll start investigating and working on a fix now.

brettfo commented 4 months ago

I should have this working in #10217. PR is currently set to draft while I explore other scenarios.

abdulapopoola commented 4 months ago

@chris-smith-zocdoc this is now shipped, please let us know if it recurs

chris-smith-zocdoc commented 4 months ago

Thanks @abdulapopoola @brettfo I'm seeing this working again for many cases, but there appears to be some packages where it remains broken and previously worked.

Amazon.CDK.Lib is affected.

You can see the last time "commits" appeared in a depenedabot pr for this package was 18 days ago

https://github.com/search?q=Amazon.CDK.Lib+author%3Adependabot%5Bbot%5D+commits&type=pullrequests&s=created&o=desc

Looking at the nuspec for this package, it is very minimal. I think the particular line that is interesting here is the repository

<repository type="git" url="https://github.com/aws/aws-cdk.git" />

It has a .git suffix and is lacking the commit attribute. Successful packages I've looked at include the commit and don't end in .git

abdulapopoola commented 4 months ago

Tagging @brettfo

brettfo commented 4 months ago

@chris-smith-zocdoc Do you have a log from a recent run that didn't contain commits? I just pulled the latest version of the dependabot-updater-nuget:latest image and ran a job and it's generating the 3 <details><summary> entries in the PR body: "Release notes", "Changelog", and "Commits". I'm guessing the PRs from your query are from before I reverted the change that includes the commit info (and that was a straight revert on the file, not a fix.)

Araxeus commented 3 months ago

Dependabot opened a pull request on my repo and forgot to include changelogs (or even any info on what dependencies changed)

https://github.com/Araxeus/vendorfiles/pull/86

EDIT: I opened a new issue #10435

brettfo commented 3 months ago

Dependabot opened a pull request on my repo and forgot to include changelogs (or even any info on what dependencies changed)

Araxeus/vendorfiles#86

@Araxeus Can you open a new issue with these details? The PR you linked is for an NPM dependency and the changes I've been making have only been in the NuGet updater.