search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.73k stars 1.02k forks source link

When Unrelated Group PR Exists, All Dependencies Skipped for Group #10492

Open kahagerman opened 2 months ago

kahagerman commented 2 months ago

Is there an existing issue for this?

Package ecosystem

pnpm (applies to all)

Package manager version

pnpm=8.9.2

Language version

node=20

Manifest location and content before the Dependabot update

N/A

dependabot.yml content

version: 2
updates:
  - directory: /web
    commit-message:
      prefix: Web
    package-ecosystem: npm
    open-pull-requests-limit: 3
    schedule:
      interval: weekly
      day: monday
      time: '05:00'
      timezone: America/Toronto
    versioning-strategy: increase-if-necessary
    allow:
      - dependency-type: all
    groups:
      major:
        update-types: [major]
      minor:
        update-types: [minor, patch]

Updated dependency

N/A

What you expected to see, versus what you actually saw

Expected Behaviour

When running dependabot via

Each dependency to be checked for updates, and a new PR to be opened for any groups that don't already have a PR.

Actual Behaviour

After detecting an existing pull request:

Detected existing pull request for 'minor'.

And starting to work on the first group:

Starting update group for 'major'

Every dependency gets skipped with the same message:

Skipping <dependency> as it has already been handled by a previous group

And the run skips checking for any updates.

What's particularly interesting is that at this point the first group is being processed, there is no "previous group" yet.

It seems that, when an existing PR is detected, every dependency gets marked as "already processed" somehow.

This causes a "clean" run (where no PRs exist), to behave differently from a "subsequent" run (once one or more PRs have been opened); it is very confusing when dependabot runs successfully but new dependency versions are not detected.

Native package manager behavior

N/A

Images of the diff or a link to the PR, issue, or logs

full run logs

Smallest manifest that reproduces the issue

version: 2
updates:
  - directory: /web
    package-ecosystem: npm
    groups:
      major:
        update-types: [major]
      minor:
        update-types: [minor, patch]

All that's needed is to have an open group PR, and a secondary group for which we would expect a new PR to be opened.

charliemidtlyng commented 2 months ago

We have the same issue - when I close all open PRs and rerun it usually work.