search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.14k stars 2.23k forks source link

PackageRules exclusion not being applied for monorepo:angular #4160

Closed vicrep closed 3 years ago

vicrep commented 5 years ago

What Renovate type are you using? Renovate CLI, Renovate GitHub App, or Renovate Pro? GH App

Describe the bug

For a while (> 1yr), we've had a project which successfully fixed the max version of angular using the following config:

"packageRules": [
    {
      "extends": ["monorepo:angular", "monorepo:angularmaterial"],
      "packageNames": ["@angular/flex-layout", "rxjs"],
      "allowedVersions": "<6.0"
    },

Recently (since last week or so), renovate has been persistently opening PRs to update those specified dependencies to 8.x. Manually closing the PR causes it to almost immediately be reopened.

I've also tried augmenting the package rules to use this, just in case the monorepo preset had been changed, but to no avail:

"packageRules": [
    {
      "extends": ["monorepo:angular", "monorepo:angularmaterial"],
      "packageNames": ["@angular/flex-layout", "rxjs"],
      "allowedVersions": "<6.0",
      "packagePatterns": ["^@angular\\/(?:(?!cli).+)$"],
    },

Did you see anything helpful in debug logs? If you are using the Renovate App, log into https://renovatebot.com/dashboard and locate the correct job log for when the problem occurred (e.g. when the PR was created).

https://renovatebot.com/dashboard#github/dialoguemd/care-platform/82343401

But you should see something similar in basically every log for that project in past few days.

Note that I have exclusions in place for other packages (e.g. @angular/cli), and those seem to be working fine.

To Reproduce Steps to reproduce the behavior:

N/A

Expected behavior

Those specified deps should be ignored / not updated; like before :)

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

rarkins commented 5 years ago

@vicrep there was a change made to preset definitions that would have caused this. Sorry for the breakage, and will explain it below before giving a solution.

Previously we used to scrape each monorepo to build up a list of all packages within them, which meant the scrape list was often out of date, plus took a long time to complete. We changed to instead using sourceUrlPrefixes to group PRs based on the published source repo for each package, which works dynamically any time packages are added.

The reason this broke things for you is that previously your rule was effectively combining two presets' packageNames lists with your own packageNames list, which worked well. But now it's combining two presets' sourceUrls lists with your packageNames, which creates logic of "match these source URLs and match this package name", rather than "or match".

I recommend you change your rule to be this:

    {
      "sourceUrlPrefixes": ["https://github.com/angular/", "https://github.com/reactivex/rxjs"],
      "allowedVersions": "<6.0"
    },

I think the above should capture all the packages that matter to you. Does the rxjs package really "shadow" angular versioning though, or is it just coincidence that you want to hold it back to <6? If the package versioning isn't tightly linked to angular, it might make more sense to separate into a separate packageRule, even if the current version constraint happens to be the same.

vicrep commented 5 years ago

Hi @rarkins,

Sorry for late reply, I was on break the last few weeks.

Thanks for the in-depth explanation, I really appreciate it -- and the breakage now makes complete sense. I've done what you suggested, but that didn't seem to fix it. However, switching to having one extension per packageRules seems to have:

    {
      "extends": ["monorepo:angular"],
      "allowedVersions": "<6.0"
    },
    {
      "extends": ["monorepo:angularmaterial"],
      "allowedVersions": "<6.0"
    },

In terms of preventing future breakages, is there something I should subscribe to to keep track of them?

vicrep commented 5 years ago

actually, I spoke a little fast: what I did doesn't fix it either :/

Still running into same issue -- see https://renovatebot.com/dashboard#github/dialoguemd/care-platform/89413286 for an example

vicrep commented 5 years ago

Update:

      {
        "sourceUrlPrefixes": [
          "https://github.com/angular/angular"
        ],
        "allowedVersions": "<6.0",
        "recreateClosed": false
      },

Also doesn't work, and still recreates the PR even after closing.

Note that it works for "monorepo:angularmaterial" preset, this is specifically for the angular monorepo.

rarkins commented 5 years ago

@vicrep are you able to reproduce this in a public repo I can test against? Shouldn't need any lock files - just package.json files and a renovate.json

vicrep commented 5 years ago

I haven't tried, but I'll see if I can a repo up for you later this week :)

renovate-release commented 3 years ago

:tada: This issue has been resolved in version 23.83.5 :tada:

The release is available on:

Your semantic-release bot :package::rocket: