search

littlerobots / version-catalog-update-plugin

Gradle plugin for updating a project version catalog
Apache License 2.0
565 stars 23 forks source link

Add ability to `@pin` only a major (or major+minor) part of a version #79

Closed PawelLipski closed 2 years ago

PawelLipski commented 2 years ago

As possible in e.g. Scala Steward: https://github.com/scala-steward-org/scala-steward/blob/main/docs/repo-specific-configuration.md:

The version information given in the patterns above can be in two formats:
1. just a `version` field that is treated as a prefix of the version
2. a structure consisting of any of the following fields:
   * `prefix`: is matched against the beginning of the version
   * `suffix`: is matched against the end of the version
   * `exact`: is matched against the whole version
   * `contains`: is matched against substrings in the version

version = "1.1."
version = { prefix = "1.1." }
version = { suffix = "jre8" }
version = { prefix = "1.1.", suffix = "jre8" }
version = { exact = "1.1.2.jre8" }
version = { contains = "feature" }

For example, given that slf4j 2.0.0 has just been published, it'd be pretty useful to pin at 1.*.* (although I'm not sure if any 1.*.* updates past the current 1.7.36 are ever going to come out, so I might as well just pin at 1.7.36).

hvisser commented 2 years ago

I'm kind of hesitant to make any assumptions on what a version number means. It can mean a semantic version, but there are many variations. Gradle itself has a whole system for ordering versions ... There's also nothing in the dependency version plugin that would still report the 1.x version if a 2.x version is out to complicate things further (it only reports the latest version), unless you also configure that plugin to reject 2.x versions (and then you are back to parsing versions again).

The snippet you included basically configures parsing rules for versions, which makes sense for an automated bot, is that something you'd want to use this plugin for too?

PawelLipski commented 2 years ago

There's also nothing in the dependency version plugin that would still report the 1.x version if a 2.x version is out

Whoops okay that's a showstopper ☹️ not insisting then!

which makes sense for an automated bot, is that something you'd want to use this plugin for too?

Yeah, I've basically wrapped this plugin into a CI cron, which checks for updates daily and opens PRs (just as Scala Steward or dependabot would do) ;D