Giters

chdsbd / kodiak

🔮 A bot to automatically update and merge GitHub PRs

Home Page:https://kodiakhq.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Major version upgrade was merged for a repository configured for minor and patch upgrades

darora opened this issue · comments

commented

Great product-been working flawlessy for us for a few months now. However, earlier today, a couple of major version bumps were merged even though our (private) repository is configured for minor and patch version auto-merges only. Any ideas what might've happened here?

Full configuration in use:

version = 1

[update]
autoupdate_label = "dependencies"

[approve]
auto_approve_usernames = ["dependabot"]

[merge.automerge_dependencies]
versions = ["minor", "patch"]

[merge]
automerge_label = "pr/automerge"
delete_branch_on_merge = true
method = "rebase"
notify_on_conflict = false
blacklist_title_regex = ".*(aws-sdk|sentry).*"

Example PR that was merged:

Author:     dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Fri Mar 25 12:53:20 2022 +0000
Commit:     kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
CommitDate: Fri Mar 25 13:00:01 2022 +0000

chore(deps): bump serialize-error from 8.1.0 to 9.1.1 in [elided]

Bumps [serialize-error](https://github.com/sindresorhus/serialize-error) from 8.1.0 to 9.1.1.
- [Release notes](https://github.com/sindresorhus/serialize-error/releases)
- [Commits](https://github.com/sindresorhus/serialize-error/compare/v8.1.0...v9.1.1)

---
updated-dependencies:
- dependency-name: serialize-error
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
commented

Hey @darora, thanks for reporting this issue.

I did some testing and Kodiak and it seems like Kodiak considers that PR to be a major version change.

from kodiak.dependencies import dep_version_from_title
dep_version_from_title('chore(deps): bump serialize-error from 8.1.0 to 9.1.1 in [elided]')
# 'major'

Is it possible someone added the automerge label?

commented

I tried your configuration in a test repository, using my name instead of dependabot and wasn't able to get Kodiak to merge the pull request.

Are you able to replicate the issue?

commented

Ahh I think this is a misunderstanding on my part; I expected automerge_label and automerge_dependencies.versions to be conjunctive, rather than disjunctive. Thanks for the prompt response!