Dependabot "update-type" not available in metadata retrieved for PR
simonschaufi opened this issue · comments
Hello, I have the same issue like this person: Dependabot "update-type" not available in metadata retrieved for PR using dependabot/fetch-metadata@v1
For example here: https://github.com/simonschaufi/php-libkml/actions/runs/8285139412/job/22672206081
Run dependabot/fetch-metadata@v1.6.0
with:
github-token: ***
skip-commit-verification: false
skip-verification: false
Parsing Dependabot metadata
Outputting metadata for 1 updated dependency
outputs.dependency-names: rector/rector
outputs.dependency-type: direct:development
outputs.update-type: null
outputs.directory: /
outputs.package-ecosystem: composer
outputs.target-branch: main
outputs.previous-version:
outputs.new-version:
outputs.compatibility-score: 0
outputs.maintainer-changes: false
outputs.dependency-group:
outputs.alert-state:
outputs.ghsa-id:
outputs.cvss: 0
As you can see, outputs.update-type
is always null
This is my workflow: https://github.com/simonschaufi/php-libkml/blob/main/.github/workflows/dependabot-auto-merge.yml
Is there some misconfiguration or is this really a bug?
Similar but not the same: #339. On that bug report it's about the v
prefix but in my case there is a simple version bump without the v prefix.
@Nishnha could you give me some information about this issue?
@simonschaufi
It seems that update-type
is generated from the version information in the commit message as shown below.
However, there are cases where the version information is not included in the commit message, in which case update-type
becomes null.
fetch-metadata/src/dependabot/update_metadata.ts
Lines 58 to 82 in 325b863
In the above example, the commit message was as follows.
Updates the requirements on [rector/rector](https://github.com/rectorphp/rector) to permit the latest version.
- [Release notes](https://github.com/rectorphp/rector/releases)
- [Commits](rectorphp/rector@1.0.2...1.0.3)
---
updated-dependencies:
- dependency-name: rector/rector
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
There are two possible solutions.
1, Get the version information from somewhere other than the commit message (such as the title of the PR).
2, Modify the commit message so that the version information is always included (probably needs to be modified in other repositories).
@Nishnha
I could not decide which option is better and would appreciate your opinion.
This also occurs in the latest v2 as well as v1.