-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lock file maintenance PR didn't use lockfile from master #1655
Comments
Is it possible that the old branch was still there? |
Ah possibly, I don't remember deleting it (or more, I doubt I would have had time in the 30-60 seconds before the new PR opened), |
Presumably the lockfile update PR should always reset/delete any existing branch for lockfile refresh when creating a new PR? |
I may need to add a special rule for lock file PRs to avoid this edge case. You see, we deliberately don't keep updating/checking lock files for updates or we'd be running |
Or perhaps another way of handling this might be for Renovate to delete a branch whenever anyone closes a PR? eg if they close a normal dependency update PR since they don't want the update, it presumably makes sense to delete that too? |
@edmorley Renovate actually does delete branches indirectly, but it's at the end of every "run". It looks at the list of branches that should be there (disregarding schedules) and then looks at the list of ones that are there, and it deletes any delta. The problem is that the lock file maintenance one should be there every time. I will think of a logic that can be added to try to detect this stale/closed case. It's made harder because of rules like prCreation=not-pending, because that means that simply seeing a branch without a PR does not mean that it was closed! |
Ah very true! The intersection of features makes things interesting :-) |
I literally just read this 5 seconds before the person behind me saw the exact same behavior on their project. So yeah, I'm totally in favor of a change that helps avoid the confusing case of Renovate filing a new lockfile maintenance pull request because the branch wasn't manually cleaned up in time. |
I'll take another look at lock file maintenance as soon as possible to try to avoid the couple of annoying behaviours you've seen lately. |
I think the trick may be a special logic like this: If branch exists, but PR doesn't, we need to work out if that's because the PR was closed or the PR wasn't opened yet. Best way may be to check for a Closed PR that pointed to the sha of the branch - I think GitHub may expose that data. If so then delete and recreate. |
I'm possibly overlooking something that was mentioned before, but could the logic instead go something like: ie: it's not really the deleting the branch that we care about, it's having a rebased branch. And I don't think a lockfile PR should ever be opened from a not-rebased branch. |
We can't keep updating it non-stop, as otherwise we'll be churning bot cpu non-stop regenerating the But perhaps what we can do is keep rebasing it only while the PR is not open. If you set prCreation=not-pending this could result in it also churning a few times if you're unlucky, but eventually there should be an hour with no lock file updates where it will get pushed. |
I believe that would address the issue we're running into. A team updated the lockfile in
So, many of our teams set the I do feel it's probably important that a lockfile PR always be re-generated after a rebase to ensure there aren't discrepancies in the data of the lockfile. However, in reality, that should probably be caught as part of the project's CI tests. |
Because our teams use The goal, from our standpoint, is to avoid needing developers to press the |
It should be noted that I don't need the PR branch re-generated, just rebased. The lockfile should only be re-generated if we feel a rebase may introduce discrepancies in the lockfile. |
@edmorley do you feel there's a case for never accepting a non-rebased lockfile PR? |
Maybe it's time to rethink how this is being done.
Now what can happen after this?
Challenges with the above:
@destroyerofbuilds @edmorley can you give your feedback? |
Correct. On a related note, we have regularly scheduled releases of our applications (We don't release our application on every change). That's another reason why it's not valuable to update a lockfile multiple times between each regularly scheduled application release. Updating a dependency twice within our lockfile will be pointless since the first update will never be released into production.
I agree with the default behavior. I do not want the lockfile being re-generated for the sole purpose of getting updates.
Do branches and PRs have creation timestamps? Can those be used to determine if a PR was opened after the branch was created? |
Fixes so we skip lock file generation for lock file maintenance branches only if it *doesn’t* need rebasing. Helps #1655
I have fixed (6) above. If the branch needs rebasing according to usual rules (i.e. it's conflicted, or branch protection settings say it must be kept up-to-date, or |
If a lockFileMaintenance branch returns no updated lockfiles then we should delete it. Closes #1655
If a lockFileMaintenance branch returns no updated lockfiles then we should delete it. Closes #1655
🎉 This issue has been resolved in version 11.36.10 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Hi! Neither of the two projects where I have weekly Monday lockfile maintenance enabled got a PR opened today, and there isn't a branch created/pending. Did this perhaps regress something? |
@edmorley you're right, and sorry for that. Unfortunately the new pruning logic for "pointless" lock files was too aggressive and now fixed. |
That was fast! Many thanks :-) |
This is a:
I'm using:
Please describe the issue:
Hi :-)
Renovate opened a lockfile update PR (neutrinojs/neutrino#743) which failed because of a problem on our side.
To resolve that, I created a new PR (neutrinojs/neutrino#744) that (a) removed the stray 2nd
yarn.lock
, (b) refreshed the lockfile manually to save Renovate from having to do so. I merged that PR, which also had acloses #NNN
line in the commit message, causing the initial failing Renovate PR to be closed.One minute after I merged my PR, Renovate opened a second lockfile update PR (presumably since it was still in the scheduled time window for refreshing, which itself is fine):
neutrinojs/neutrino#745
The problem is that the new PR duplicate the changes I made in my PR - implying that it wasn't rebased on master, even though my PR was merged before it opened. GitHub doesn't show the PR as having conflicts since the changes are identical (so presumably git auto-resolves them).
The text was updated successfully, but these errors were encountered: