Allow leading v on commit message versions (#338)

Previously, a leading `v` on the version in the commit message (eg, `Bumps org/repo from v1.3.0 to v1.3.2.`) did not populate the `previous-version` and `new-version`, so was also unable to calculate the proper `update-type`. This fixes that. Fix #244
2026-03-12 18:07:12 -04:00 · 2023-04-12 12:40:23 -06:00
parent 173b40efb8
commit 919f913865
4 changed files with 112 additions and 8 deletions
--- a/dist/index.js
+++ b/dist/index.js
@@ -10086,8 +10086,8 @@ const YAML = __importStar(__nccwpck_require__(4083));
 function parse(commitMessage, branchName, mainBranch, lookup, getScore) {
    var _a, _b, _c, _d, _e, _f, _g, _h;
    return __awaiter(this, void 0, void 0, function* () {
-        const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>\d[^ ]*) to (?<to>\d[^ ]*)\.$/m);
-        const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>\d[^ ]*) to \S*? ?(?<to>\d[^ ]*)$/m);
+        const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>v?\d[^ ]*) to (?<to>v?\d[^ ]*)\.$/m);
+        const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>v?\d[^ ]*) to \S*? ?(?<to>v?\d[^ ]*)$/m);
        const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m);
        const lookupFn = lookup !== null && lookup !== void 0 ? lookup : (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 }));
        const scoreFn = getScore !== null && getScore !== void 0 ? getScore : (() => Promise.resolve(0));
@@ -10116,8 +10116,8 @@ function calculateUpdateType(lastVersion, nextVersion) {
    if (!lastVersion || !nextVersion || lastVersion === nextVersion) {
        return '';
    }
-    const lastParts = lastVersion.split('.');
-    const nextParts = nextVersion.split('.');
+    const lastParts = lastVersion.replace('v', '').split('.');
+    const nextParts = nextVersion.replace('v', '').split('.');
    if (lastParts[0] !== nextParts[0]) {
        return 'version-update:semver-major';
    }
--- a/src/dependabot/update_metadata.test.ts
+++ b/src/dependabot/update_metadata.test.ts
@@ -119,6 +119,41 @@ test('it supports multiple dependencies within a single fragment', async () => {
  expect(updatedDependencies[1].cvss).toEqual(0)
 })

+test('it returns the updated dependency information when there is a leading v in the commit message versions', async () => {
+  const commitMessage =
+    'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from v4.0.1 to v4.2.2.\n' +
+    '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' +
+    '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' +
+    '- [Commits](rails/coffee-rails@v4.0.1...v4.2.2)\n' +
+    '\n' +
+    '---\n' +
+    'updated-dependencies:\n' +
+    '- dependency-name: coffee-rails\n' +
+    '  dependency-type: direct:production\n' +
+    '...\n' +
+    '\n' +
+    'Signed-off-by: dependabot[bot] <support@github.com>'
+
+  const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
+  const getScore = async () => Promise.resolve(43)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/coffee-rails', 'main', getAlert, getScore)
+
+  expect(updatedDependencies).toHaveLength(1)
+
+  expect(updatedDependencies[0].dependencyName).toEqual('coffee-rails')
+  expect(updatedDependencies[0].dependencyType).toEqual('direct:production')
+  expect(updatedDependencies[0].updateType).toEqual('version-update:semver-minor')
+  expect(updatedDependencies[0].directory).toEqual('/')
+  expect(updatedDependencies[0].packageEcosystem).toEqual('nuget')
+  expect(updatedDependencies[0].targetBranch).toEqual('main')
+  expect(updatedDependencies[0].prevVersion).toEqual('v4.0.1')
+  expect(updatedDependencies[0].newVersion).toEqual('v4.2.2')
+  expect(updatedDependencies[0].compatScore).toEqual(43)
+  expect(updatedDependencies[0].alertState).toEqual('DISMISSED')
+  expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB')
+  expect(updatedDependencies[0].cvss).toEqual(4.6)
+})
+
 test('it only returns information within the first fragment if there are multiple yaml documents', async () => {
  const commitMessage =
    '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' +
--- a/src/dependabot/update_metadata.ts
+++ b/src/dependabot/update_metadata.ts
@@ -27,8 +27,8 @@ export interface scoreLookup {
 }

 export async function parse (commitMessage: string, branchName: string, mainBranch: string, lookup?: alertLookup, getScore?: scoreLookup): Promise<Array<updatedDependency>> {
-  const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>\d[^ ]*) to (?<to>\d[^ ]*)\.$/m)
-  const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>\d[^ ]*) to \S*? ?(?<to>\d[^ ]*)$/m)
+  const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>v?\d[^ ]*) to (?<to>v?\d[^ ]*)\.$/m)
+  const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>v?\d[^ ]*) to \S*? ?(?<to>v?\d[^ ]*)$/m)
  const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m)
  const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 }))
  const scoreFn = getScore ?? (() => Promise.resolve(0))
@@ -72,8 +72,8 @@ export function calculateUpdateType (lastVersion: string, nextVersion: string) {
    return ''
  }

-  const lastParts = lastVersion.split('.')
-  const nextParts = nextVersion.split('.')
+  const lastParts = lastVersion.replace('v', '').split('.')
+  const nextParts = nextVersion.replace('v', '').split('.')

  if (lastParts[0] !== nextParts[0]) {
    return 'version-update:semver-major'
--- a/src/main.test.ts
+++ b/src/main.test.ts
@@ -132,6 +132,75 @@ test('it sets the updated dependency as an output for subsequent actions when gi
  expect(core.setOutput).toBeCalledWith('cvss', 0)
 })

+test('it sets the updated dependency as an output for subsequent actions when there is a leading v in the commit message version', async () => {
+  const mockCommitMessage =
+    'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from v4.0.1 to v4.2.2.\n' +
+    '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' +
+    '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' +
+    '- [Commits](rails/coffee-rails@v4.0.1...v4.2.2)\n' +
+    '\n' +
+    '---\n' +
+    'updated-dependencies:\n' +
+    '- dependency-name: coffee-rails\n' +
+    '  dependency-type: direct:production\n' +
+    '...\n' +
+    '\n' +
+    'Signed-off-by: dependabot[bot] <support@github.com>'
+  const mockAlert = { alertState: 'FIXED', ghsaId: 'GSHA', cvss: 3.4 }
+
+  jest.spyOn(core, 'getInput').mockImplementation(jest.fn((name) => { return name === 'github-token' ? 'mock-token' : '' }))
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })
+  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
+    () => Promise.resolve(mockCommitMessage)
+  ))
+  jest.spyOn(dependabotCommits, 'getAlert').mockImplementation(jest.fn(
+    () => Promise.resolve(mockAlert)
+  ))
+  jest.spyOn(dependabotCommits, 'getCompatibility').mockImplementation(jest.fn(
+    () => Promise.resolve(34)
+  ))
+  jest.spyOn(core, 'setOutput').mockImplementation(jest.fn())
+
+  await run()
+
+  expect(core.startGroup).toHaveBeenCalledWith(
+    expect.stringContaining('Outputting metadata for 1 updated dependency')
+  )
+
+  expect(core.setOutput).toHaveBeenCalledWith(
+    'updated-dependencies-json',
+    [
+      {
+        dependencyName: 'coffee-rails',
+        dependencyType: 'direct:production',
+        updateType: 'version-update:semver-minor',
+        directory: '/',
+        packageEcosystem: 'nuget',
+        targetBranch: 'main',
+        prevVersion: 'v4.0.1',
+        newVersion: 'v4.2.2',
+        compatScore: 0,
+        alertState: '',
+        ghsaId: '',
+        cvss: 0
+      }
+    ]
+  )
+
+  expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails')
+  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production')
+  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor')
+  expect(core.setOutput).toBeCalledWith('directory', '/')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget')
+  expect(core.setOutput).toBeCalledWith('target-branch', 'main')
+  expect(core.setOutput).toBeCalledWith('previous-version', 'v4.0.1')
+  expect(core.setOutput).toBeCalledWith('new-version', 'v4.2.2')
+  expect(core.setOutput).toBeCalledWith('compatibility-score', 0)
+  expect(core.setOutput).toBeCalledWith('alert-state', '')
+  expect(core.setOutput).toBeCalledWith('ghsa-id', '')
+  expect(core.setOutput).toBeCalledWith('cvss', 0)
+})
+
 test('it sets the updated dependency as an output for subsequent actions when given a commit message for library', async () => {
  const mockCommitMessage =
    'Update rubocop requirement from ~> 1.30.1 to ~> 1.31.0\n' +