Support for path based tag structure in github_actions module for monorepo structures.

[gopidesupavan]

What are you trying to accomplish?

Adding support to path based like tag structure for github_actions dependaboat module.

What: Adding support for path-based tag structures in the github_actions Dependabot module.

Why: Currently, Dependabot's github_actions module supports monorepo action bumps at the repository level. However, it does not work when a monorepo contains multiple actions, and the actions are tagged based on their paths.

At Apache Software Foundation, we are working on implementing organization-wide common actions in a single repository. For example, our current actions can be found here: https://github.com/apache/infrastructure-actions/. The plan is to structure tags based on action paths. This change will enable Dependabot to properly bump these actions, benefiting multiple projects that use them.

examples: We want tag action in this pattern restore/v1.0.0 so this can be referred in workflows apache/infrastructure-actions/stash/restore@restore/v1.0.0

Anything you want to highlight for special attention from reviewers?

The approach I've taken here is to name the dependency variable using the full action path whenever dealing with path-based tags.

Why is this necessary?
In the updater check flow, memorized filter results are used. This can lead to issues in repositories with path-based tags, as there's a chance of losing tag information when filtering eligible versions.

IMHO, we should treat path-based tags as an entirely new dependency section within the dependency set.

I could see one issue already created for this kind similar ask. #8451 it is trying to bump wrongly here.

I hope this can be solved.

How will you know you've accomplished your goal?

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• Ran the tests locally all are working fine
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• Yes i have added additional tests and existing tests are working fine , no changes to existing tests.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[gopidesupavan]

I did dry run, here is results. working as expected.

[dependabot-core-dev] ~ $ bin/dry-run.rb github_actions gopidesupavan/monorepo-actions
=> cloning into /home/dependabot/tmp/gopidesupavan/monorepo-actions
=> parsing dependency files
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
=> updating 3 dependencies: gopidesupavan/monorepo-actions/first/init@init/v1.0.0, gopidesupavan/monorepo-actions/first/run@run/v2.0.0, gopidesupavan/monorepo-actions/second/exec@exec/1.0.0

=== gopidesupavan/monorepo-actions/first/init@init/v1.0.0 (1.0.0)
 => checking for updates 1/3
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
 => latest available version is 2.0.0
 => latest allowed version is 2.0.0
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
 => requirements to unlock: own
 => requirements update strategy: 
 => bump gopidesupavan/monorepo-actions/first/init@init/v1.0.0 from 1.0.0 to 2.0.0

    ± .github/workflows/version-bumps.yml
    ~~~
    --- /tmp/original20250112-6734-joe678       2025-01-12 17:51:03.520807449 +0000
    +++ /tmp/updated20250112-6734-e37ab0        2025-01-12 17:51:03.520807449 +0000
    @@ -7,7 +7,7 @@
         runs-on: ubuntu-latest
         steps:
           - name: "init"
    -        uses: gopidesupavan/monorepo-actions/first/init@init/v1.0.0
    +        uses: gopidesupavan/monorepo-actions/first/init@init/v2.0.0
           - name: "run"
             uses: gopidesupavan/monorepo-actions/first/run@run/v2.0.0
             
    ~~~
    2 insertions (+), 2 deletions (-)

=== gopidesupavan/monorepo-actions/first/run@run/v2.0.0 (2.0.0)
 => checking for updates 2/3
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
 => latest available version is 3.0.0
 => latest allowed version is 3.0.0
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
 => requirements to unlock: own
 => requirements update strategy: 
 => bump gopidesupavan/monorepo-actions/first/run@run/v2.0.0 from 2.0.0 to 3.0.0

    ± .github/workflows/version-bumps.yml
    ~~~
    --- /tmp/original20250112-6734-eyq6j5       2025-01-12 17:51:05.469807343 +0000
    +++ /tmp/updated20250112-6734-xnciuc        2025-01-12 17:51:05.469807343 +0000
    @@ -9,7 +9,7 @@
           - name: "init"
             uses: gopidesupavan/monorepo-actions/first/init@init/v1.0.0
           - name: "run"
    -        uses: gopidesupavan/monorepo-actions/first/run@run/v2.0.0
    +        uses: gopidesupavan/monorepo-actions/first/run@run/v3.0.0
             
       bump-check2:
         runs-on: ubuntu-latest
    ~~~
    2 insertions (+), 2 deletions (-)

=== gopidesupavan/monorepo-actions/second/exec@exec/1.0.0 (1.0.0)
 => checking for updates 3/3
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
 => latest available version is 2.0.0
 => latest allowed version is 2.0.0
🌍 --> GET https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/gopidesupavan/monorepo-actions.git/info/refs?service=git-upload-pack
 => requirements to unlock: own
 => requirements update strategy: 
 => bump gopidesupavan/monorepo-actions/second/exec@exec/1.0.0 from 1.0.0 to 2.0.0

    ± .github/workflows/version-bumps.yml
    ~~~
    --- /tmp/original20250112-6734-kx0qa        2025-01-12 17:51:07.674807223 +0000
    +++ /tmp/updated20250112-6734-sg1rdj        2025-01-12 17:51:07.674807223 +0000
    @@ -15,5 +15,5 @@
         runs-on: ubuntu-latest
         steps:
           - name: "exec"
    -        uses: gopidesupavan/monorepo-actions/second/exec@exec/1.0.0
    +        uses: gopidesupavan/monorepo-actions/second/exec@exec/2.0.0
       
    ~~~
    2 insertions (+), 2 deletions (-)

[gopidesupavan]

cc: @potiuk @assignUser

[abdulapopoola]

Thanks @gopidesupavan , we'll try to see how we can get this in this week.

[potiuk]

Nice ! Will be super useful to keep all the Apache Software Foundation's actions to be kept in a single monorepo !

[randhircs]

@gopidesupavan
I approved it, however I see there is a conflict with the merge, could you resolve the conflict.

[gopidesupavan]

@randhircs Thanks for review, have rebased looks good now :)

[potiuk]

🎉 🙇‍♂️

[gopidesupavan]

Wooho thank you @randhircs 😄