search

dependabot / fetch-metadata

Extract information about the dependencies being updated by a Dependabot-generated PR.
MIT License
170 stars 61 forks source link

output directory set to target branch name #540

Open hashtagchris opened 1 month ago

hashtagchris commented 1 month ago

I think the output directory is set to /{branch-name} when target-branch is specified in dependabot.yml, a single npm dependency is updated, and that dependency is scoped (has two segments).

dependabot.yml with target branch name: https://github.com/npm/agent/blob/21c19874834fb00c7ab37268b385fb84deb2df04/.github/dependabot.yml

Example Dependabot PR branch names

The first PR updates just @npmcli/template-oss. The second updates multiple dependencies including @npmcli/template-oss.

PR branch name branch name segments outputs.directory
https://github.com/npm/agent/pull/110 dependabot/npm_and_yarn/main/npmcli/template-oss-4.23.0 5 /main
https://github.com/npm/statusboard/pull/877 dependabot/npm_and_yarn/main/dependency-updates-4de8b5bfcf 4 /

npm/agent output:

Run dependabot/fetch-metadata@v1
Parsing Dependabot metadata
Outputting metadata for 1 updated dependency
  outputs.dependency-names: @npmcli/template-oss
  outputs.dependency-type: direct:development
  outputs.update-type: version-update:semver-minor
  outputs.directory: /main
  outputs.package-ecosystem: npm_and_yarn
  outputs.target-branch: main
  outputs.previous-version: 4.22.0
  outputs.new-version: 4.23.0
  outputs.compatibility-score: 0
  outputs.maintainer-changes: false
  outputs.dependency-group: 
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0

npm/statusboard output:

Run dependabot/fetch-metadata@v1
Parsing Dependabot metadata
Outputting metadata for 3 updated dependencies
  outputs.dependency-names: @npmcli/template-oss, @octokit/rest, semver
  outputs.dependency-type: direct:production
  outputs.update-type: version-update:semver-minor
  outputs.directory: /
  outputs.package-ecosystem: npm_and_yarn
  outputs.target-branch: main
  outputs.previous-version: 
  outputs.new-version: 
  outputs.compatibility-score: 0
  outputs.maintainer-changes: false
  outputs.dependency-group: dependency-updates
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0
hashtagchris commented 1 month ago

Issue is still present in v2 release, and the main branch:

https://github.com/npm/agent/actions/runs/9976724284/job/27569631669

Run dependabot/fetch-metadata@main

Parsing Dependabot metadata
Outputting metadata for 1 updated dependency
  outputs.dependency-names: @npmcli/template-oss
  outputs.dependency-type: direct:development
  outputs.update-type: version-update:semver-minor
  outputs.directory: /main
  outputs.package-ecosystem: npm_and_yarn
  outputs.target-branch: main
  outputs.previous-version: 4.22.0
  outputs.new-version: 4.23.0
  outputs.compatibility-score: 0
  outputs.maintainer-changes: false
  outputs.dependency-group: 
  outputs.alert-state: 
  outputs.ghsa-id: 
  outputs.cvss: 0
jeffwidman commented 1 month ago

I'm sorry, I don't understand the issue as currently described.

What is your desired/expected behavior? And what is the current behavior?

hashtagchris commented 1 week ago

The PR head branch name is incorrectly parsed by branchNameToDirectoryName under some conditions.

Expected behavior

The directory output is set to / when the package.json is at the root of the repo.

Actual behavior

The directory output is set to /main. main being the target branch name. It is not a valid directory path for the repo.