Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot ignores "pull-request-branch-name.separator" option #4940

Open
bm-klara opened this issue Mar 31, 2022 · 4 comments
Open

Dependabot ignores "pull-request-branch-name.separator" option #4940

bm-klara opened this issue Mar 31, 2022 · 4 comments
Labels
F: configuration-file F: pull-requests Issues about Dependabot pull requests Stale T: bug 🐞 Something isn't working

Comments

@bm-klara
Copy link

Dependabot began to ignore pull-request-branch-name.separator option from YML settings.

Details:

  • Dependabot YML file in my repo was not touched last few months
  • newly created Pull Request has the wrong branch name separator
  • branch name separator option is configured according to the documentation
    Here is my .github/dependabot.yml file content:
version: 2
updates:
- package-ecosystem: bundler
  directory: "/"
  schedule:
    interval: daily
    time: "10:00"
    timezone: Europe/Berlin
  pull-request-branch-name:
    separator: "-"
  target-branch: dependency-updates

Newly created PR with unexpected branch name: (separated by /):
Screenshot 2022-03-31 at 12 53 15

Example of existing PR with expected branch name: (separated by -), created one week ago:
Screenshot 2022-03-31 at 12 51 12
@bm-klara bm-klara added the T: bug 🐞 Something isn't working label Mar 31, 2022
@qbiqing
Copy link

qbiqing commented May 5, 2022

Any update on this? Also encountered the same issue

@qbiqing qbiqing mentioned this issue May 5, 2022
Closed
@mctofu
Copy link
Contributor

mctofu commented Sep 6, 2022

👋 @bm-klara, the affected PR looks to have been created as part of a security update. Security updates will always target the default branch and your branch separator config only applies to the dependency-updates branch.

There's two options here:

  1. Disable security updates so all your update PRs will go through your regular version update flow.
  2. Customize the branch separator for security updates. You'll need to add an additional ecosystem config to your dependabot.yml which applies to the default branch (omit) but disables version updates.
version: 2
updates:
- package-ecosystem: bundler
  directory: "/"
  schedule:
    interval: daily
    time: "10:00"
    timezone: Europe/Berlin
  pull-request-branch-name:
    separator: "-"
  target-branch: dependency-updates
- package-ecosystem: bundler
  directory: "/"
  schedule:
    interval: daily
  pull-request-branch-name:
    separator: "-"
  # Disable version updates
  open-pull-requests-limit: 0

@jeffwidman jeffwidman mentioned this issue Sep 17, 2022
Open
@jeffwidman jeffwidman mentioned this issue Nov 24, 2022
Open
@jeffwidman jeffwidman added F: configuration-file F: pull-requests Issues about Dependabot pull requests labels Nov 24, 2022
@jeffwidman jeffwidman mentioned this issue Nov 24, 2022
Closed
@deivid-rodriguez deivid-rodriguez mentioned this issue Dec 28, 2022
Closed
1 task
@deivid-rodriguez
Copy link
Contributor

A similar case has been reported at #6366, although in that case, the target branch, directory and ecosytem want to be configured equally for both version and security updates. So no workaround for that case at the moment as far as I understand?

gsilvapt added a commit to surface-security/surface that referenced this issue Jan 11, 2023
@gsilvapt
Upgrade Django to 3.2.16
5481df1 
Replace #62 from @dependabot because security alerts do not respect
`pull-requests-branch-name.separator` option.

Ref: dependabot/dependabot-core#4940
@gsilvapt gsilvapt mentioned this issue Jan 11, 2023
Merged
@github-actions GitHub Actions
Copy link
Contributor

👋 This issue has been marked as stale because it has been open for 2 years with no activity. You can comment on the issue to hold stalebot off for a while, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions bot added the Stale label Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F: configuration-file F: pull-requests Issues about Dependabot pull requests Stale T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jeffwidman @mctofu @deivid-rodriguez @qbiqing @bm-klara