Is there a way of calculating (new-version - previous-version) ?
gabfelp opened this issue · comments
First of all, thanks for the tool! It's really useful for filtering dependabot stuff
Now to my question:
As a context, I want to execute a specific step in my workflow only if the new version (from dependency) is exactly 1 patch ahead of previous-version (from dependency).
e.g.:
- v2.35.2 -> v2.35.3 ✅
- v2.35.0 -> v2.35.9 ❌
- v2.35.2 -> v2.36.0 ❌
Is there a simple way of getting this info or do I need to do string manipulation?
I'm asking because I don't know if steps.dependabot-metadata.outputs.update-type
is util in this context.
Thanks!
(By the way, if I can suggest something, it would be nice to have the "question" type in the issues!)
There isn't a simple way to get this info, so today you'd have to perform string manipulation.
update-type
is the classification of the update:
fetch-metadata/src/dependabot/output.ts
Lines 10 to 13 in 173b40e
Search for update-types
in this doc for more details: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
I understand the rationale of reducing risk by guarding against jumping multiple releases, but the whole idea of semver is to categorize that risk by using patch
... so that a library maintainer can push multiple patch releases and they should still all be non-breaking.
So I don't see us building this out, as most users will find using gating on update-type = ["version-update:semver-patch"]
sufficient.