Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot abandoning PRs from same build service user even when unrelated to dependabot updates #1475

Open
1 task done
eli-gc opened this issue Nov 19, 2024 · 3 comments

Comments

@eli-gc
Copy link

eli-gc commented Nov 19, 2024

Describe the bug
We use the same user account to make PRs between the dependabot pipeline and another automated pipeline. Dependabot will treat the PRs generated by the other pipeline as unnecessary and abandon them. Fortunately it doesn't seem to abandon PRs by other users. We do have abandonUnwantedPullRequests: true and when it works it is awesome. It seems that maybe the PR abandon scope is tied to user account.
Seems possibly related to #471 but we don't use monorepo. We only have 1 update section.
Categorization

To Reproduce
Steps to reproduce the behavior:

  1. Create a pipeline that also creates PRs using the same user account that dependabot uses to create PRs.
  2. Run the first pipeline, then run dependabot. Will see that dependabot abandons the PRs from the first run.

Expected behavior
Dependabot shouldn't abandon unrelated PRs.

Logs and screenshots
The PR destination branch already has spring-cloud-azure-dependencies at 5.16.0 so then it abandons the PR even though it doesn't change that dependency. Although this PR does have changes to the build.gradle.

Update for com.azure.spring:spring-cloud-azure-dependencies 5.16.0 is no longer required.
Abandoning PR #62695 (Report code coverage using Jacoco plugin) as it is no longer needed.

Extension (please complete the following information):

  • Host: Azure devops
  • Version 3.81
@rhyskoedijk
Copy link
Contributor

@eli-gc can you share your pipeline configuration?
If you are using dependabot@1, this is a known issue; You might be able to work around it by adding useUpdateScriptvNext: true to the task inputs.

@eli-gc
Copy link
Author

eli-gc commented Nov 19, 2024

Ah ok, yes I am using v1. Haven't had a chance to convert this one to v2. Is there an issue already for it? Sorry if I missed it. I'll try the useUpdateScriptvNext, but I should probably just migrate to v2.

@rhyskoedijk
Copy link
Contributor

rhyskoedijk commented Nov 20, 2024

I don't believe there is an issue logged for it, but this is an issue I've also encountered back when I was using V1.
I'm currently busy with getting V2 fully functional and have mostly given up patching bugs out of V1 sorry. If you are interested in trying to fix this yourself, the relevant code is here:

https://github.com/tinglesoftware/dependabot-azure-devops/blob/0e5bed9fe8f768aae05b380423702c938bda642c/updater/bin/update_script.rb#L937C1-L969C10

To fix, it would probably need some kind of condition in there to exclude PRs that don't look like Dependabot PR, e.g.

if (title does not match the typical dependabot "Bump X from Y to Z" format)
   keep = true # assume this PR is unrelated to dependabot, created by a different service
end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants