Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NuGet] ignore semver-major doesn't appear to work #11398

Open
1 task done
eerhardt opened this issue Jan 24, 2025 · 4 comments
Open
1 task done

[NuGet] ignore semver-major doesn't appear to work #11398

eerhardt opened this issue Jan 24, 2025 · 4 comments
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet T: bug 🐞 Something isn't working

Comments

@eerhardt
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Nuget

Package manager version

No response

Language version

.NET 9

Manifest location and content before the Dependabot update

https://github.com/dotnet/aspire/blob/0ca981a95feccfc4cec15ebee6bd06bd7c792fe2/eng/Versions.props#L76-L104

dependabot.yml content

https://github.com/dotnet/aspire/blob/0ca981a95feccfc4cec15ebee6bd06bd7c792fe2/.github/dependabot.yml#L1-L87

version: 2
registries:
  public-nuget:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json
updates:
  - package-ecosystem: nuget
    directory: "/"
    registries:
      - public-nuget
    schedule:
      day: monday
      interval: weekly
      time: "07:00"
      timezone: "America/Los_Angeles"
    open-pull-requests-limit: 15
    ignore:
      # handled by Darc/Maestro flows
      - dependency-name: "Microsoft.DotNet.Arcade.Sdk"
      - dependency-name: "Microsoft.DotNet.Helix.Sdk"
      - dependency-name: "Microsoft.DotNet.SharedFramework.Sdk"
      - dependency-name: "Microsoft.Build.NoTargets"
      # Pinned versions that should not be updated
      - dependency-name: "Microsoft.CodeAnalysis.CSharp"
      # NetPlatform dependencies shouldn't update across major versions
      - dependency-name: "Microsoft.AspNetCore.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "Microsoft.EntityFrameworkCore.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "Microsoft.Extensions.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "System.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "Npgsql.*"
        update-types: ["version-update:semver-major"]
    groups:
      Azure:
        patterns:
          - "Azure.*"
          - "Microsoft.Azure.*"
          - "Microsoft.Extensions.Azure"
      AspNetCoreHealthChecks:
        patterns:
          - "AspNetCore.HealthChecks.*"
      FluentUi:
        patterns:
          - "Microsoft.FluentUI.*"
      OpenTelemetry:
        patterns:
          - "OpenTelemetry.*"
      Orleans:
        patterns:
          - "Microsoft.Orleans*"
      NetPlatform:
        patterns:
          - "Microsoft.AspNetCore.*"
          - "Microsoft.EntityFrameworkCore.*"
          - "Microsoft.Extensions.*"
          - "System.*"
        update-types:
          - 'minor'
          - 'patch'
      Npgsql:
        patterns:
          - "Npgsql.*"
        update-types:
          - 'minor'
          - 'patch'
      MicrosoftDotNet:
        patterns:
          - "Microsoft.DotNet.*"
      Grpc:
        patterns:
          - "Grpc.*"
      Polly:
        patterns:
          - "Polly.*"
    labels:
      - "area-codeflow"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: daily
    open-pull-requests-limit: 5
    labels:
      - area-engineering-systems

Updated dependency

dependabot made dotnet/aspire#7226 with the first commit dotnet/aspire@780a358

What you expected to see, versus what you actually saw

Since I'm saying to ignore semver-major on on Microsoft.Extensions.* and System.* dependencies, I expect that those dependencies won't get lifted from v8.0 to v9.0

However, dependabot is updating these dependencies across major versions in this PR.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Image

https://github.com/dotnet/aspire/actions/runs/12937683800/job/36086133337

Smallest manifest that reproduces the issue

No response
@eerhardt eerhardt added the T: bug 🐞 Something isn't working label Jan 24, 2025
@github-actions github-actions bot added L: dart:pub Dart packages via pub L: dotnet:nuget NuGet packages via nuget or dotnet L: github:actions GitHub Actions labels Jan 24, 2025
@eerhardt
Copy link
Author

@brettfo - am I doing something wrong in the dependabot yml config? Is this supposed to work:

    ignore:
      # NetPlatform dependencies shouldn't update across major versions
      - dependency-name: "Microsoft.AspNetCore.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "Microsoft.EntityFrameworkCore.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "Microsoft.Extensions.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "System.*"
        update-types: ["version-update:semver-major"]
      - dependency-name: "Npgsql.*"
        update-types: ["version-update:semver-major"]

@brettfo
Copy link
Contributor

brettfo commented Jan 24, 2025

@eerhardt That scenario should work because the common code handles the ignore section; that's not NuGet specific, but something is obviously going wrong. I'll dig in a bit.

@brettfo brettfo removed L: github:actions GitHub Actions L: dart:pub Dart packages via pub labels Jan 24, 2025
@brettfo
Copy link
Contributor

brettfo commented Jan 24, 2025

@abdulapopoola and/or @jakecoffman Could I get some help routing this? The dependabot.yml file was updated in this PR and shortly after that this update job was run, but examining the job JSON file shows an empty ignore-conditions property where I would have expected it to have several values.

@abdulapopoola abdulapopoola moved this to Planned in Dependabot Jan 24, 2025
@bricelam
Copy link

Possibly related to #4075 (same issue but for ignored versions)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet T: bug 🐞 Something isn't working
Projects
Dependabot
Status: Planned
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brettfo @bricelam @eerhardt