search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.65k stars 1k forks source link

Add option to force-disable conventional commits #8643

Open mvz opened 9 months ago

mvz commented 9 months ago

Is there an existing issue for this?

Feature description

In my projects, I prefer not to use conventional commits. However, in one repository some conventional commits were merged from a contributor. Now, dependabot started creating pull requests using the conventional commit format. I tried disabling this using the commit-message.prefix option, but setting that to an empty value was not accepted, and setting it to an empty string made dependabot start the commits with a lower-case letter.

Please consider adding an option to unambiguously choose not to use conventional commits.

xt0rted commented 9 months ago

This issue creeps in to my projects every few weeks. Sometimes it's due to a contributor using a commit prefix, other times there's no prefixes at all. It's also inconsistent with the prefix being lowercase build(deps): and other times it's upper case Build(deps):.

This is a recent example of it randomly turning on in a private repo that's had no activity outside of dependabot for 4-5 months now:

image

When I contacted support November 2022 this was the response I got:

I heard from our engineers and what Dependabot does is it will look at previous commits in the repository, eliminate any bot and merge commits, then determine if a certain percentage of the remaining are using a common format for Dependabot to use in the future.

Looking at the repository, most of the commits are bot and merge commits, so the sample size is pretty small. In March, there were three manual commits with a prefix of Update and one with a prefix of Fix. The Dependabot code to determine the prefix to use evaluated these as angular style commits so began using that format for the PR title as well.

If you would like to override this, you can add a commit message prefix to your dependabot.yml file.

I've tried adding that setting but as @mvz said this just results in a blank prefix and a lowercase first letter.

I'd love a setting so I can turn this off, it's very annoying how it randomly starts happening and you can't make it stop.

ChristianGalla commented 6 months ago

I have the opposite issue and want to switch to conventional commits.

Any automated detection could be wrong, so there should always be an option to enforce settings.

For example a new option updates.commit-message.type could be added, having the possible options "auto" (default), "angular", "eslint", "gitmoji" and "prefixed".

gp-jameskyburz commented 1 week ago

The auto detection of commit lint commits based on the last commit is missing some prefixes too.

https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/pull_request_creator/pr_name_prefixer.rb#L194

So if the last commit had something like ci|revert|docs|style|refactor|perf|test it wouldn't be picked up.