diff --git a/docs/automations/integrations/dependabot/approve-dependabot/README.md b/docs/automations/integrations/dependabot/approve-dependabot/README.md index e276efacb..532e86ce5 100644 --- a/docs/automations/integrations/dependabot/approve-dependabot/README.md +++ b/docs/automations/integrations/dependabot/approve-dependabot/README.md @@ -10,11 +10,6 @@ Auto-merge Dependabot PRs === "By Release Type" - !!! warning "Required gitStream Plugins" - This example requires you to install the [`extractDependabotVersionBump`](/filter-function-plugins/#extractdependabotversionbump) and [`compareSemver`](/filter-function-plugins/#comparesemver) plugins. - - [Learn more about gitStream plugins](/plugins/). - !!! info "Configuration Description" Conditions (all must be true): diff --git a/docs/downloads/automation-library/integrations/dependabot/approve_dependabot_minor.cm b/docs/downloads/automation-library/integrations/dependabot/approve_dependabot_minor.cm index 1ff3119ca..b51378fac 100644 --- a/docs/downloads/automation-library/integrations/dependabot/approve_dependabot_minor.cm +++ b/docs/downloads/automation-library/integrations/dependabot/approve_dependabot_minor.cm @@ -32,4 +32,4 @@ automations: comment: | Dependabot `patch` version bumps are approved and merged automatically. -bump: {{ pr.description | extractDependabotVersionBump | compareSemver }} +bump: {{ pr.description | checkDependabot | checkSemver }} diff --git a/docs/execution-model.md b/docs/execution-model.md index 2ab616d4c..64a606386 100644 --- a/docs/execution-model.md +++ b/docs/execution-model.md @@ -200,8 +200,6 @@ This allows developers to get AI feedback during the coding process before marki For example, you can have your normal automations that help developers with their PRs and a separate automation that automates Dependabot or Renovate version bumps. Both automations serve distinctly different purposes: the first helps your developers streamline their PRs, while the other reduces developers' toil by auto-approving version bumps. You will not want to unnecessarily trigger gitStream for Dependabot or Renovate, so you can configure the triggers to exclude the branch where Dependabot or Renovate PRs are created. -!!! warning "Required gitStream Plugins" - This example requires you to install the [`extractDependabotVersionBump`](/filter-function-plugins/#extractdependabotversionbump) and [`compareSemver`](/filter-function-plugins/#comparesemver) plugins. In your default automation file, you should exclude the branch where Dependabot or Renovate PRs are created: @@ -270,7 +268,7 @@ automations: comment: | Dependabot `patch` version bumps are approved and merged automatically. -bump: {{ pr.description | extractDependabotVersionBump | compareSemver }} +bump: {{ pr.description | checkDependabot | checkSemver }} ``` #### Assign code expert diff --git a/docs/filter-function-plugins.md b/docs/filter-function-plugins.md index 9c11beae3..e75d33fa2 100644 --- a/docs/filter-function-plugins.md +++ b/docs/filter-function-plugins.md @@ -12,9 +12,15 @@ JavaScript plugins that enable custom filter functions for gitStream. To learn h --8<-- "plugins/filters/compareMultiSemver/README.md" ---8<-- "plugins/filters/compareSemver/README.md" +## compareSemver +!!! note "compareSemver → checkSemver" ---8<-- "plugins/filters/extractDependabotVersionBump/README.md" + This plugin is now supported by a native filter function [`checkSemver`](/filter-functions/#checksemver). The native implementation provides better performance and doesn't require plugin installation. + +## extractDependabotVersionBump +!!! note "extractDependabotVersionBump → checkDependabot" + + This plugin is now supported by a native filter function [`checkDependabot`](/filter-functions/#checkdependabot). The native implementation provides better performance and doesn't require plugin installation. --8<-- "plugins/filters/extractRenovateVersionBump/README.md" diff --git a/docs/filter-functions.md b/docs/filter-functions.md index 8d776f490..f3a5bb6f8 100644 --- a/docs/filter-functions.md +++ b/docs/filter-functions.md @@ -45,6 +45,8 @@ The following functions are supported in addition to the built-in functions prov | [`allDocs`](#alldocs)
Checks the list includes only images | [`files`](./context-variables.md#files) | - | Bool | | [`allImages`](#allimages)
Checks the list includes only images | [`files`](./context-variables.md#files) | - | Bool | | [`allTests`](#alltests)
Checks the list includes only tests | [`files`](./context-variables.md#files) | - | Bool | +| [`checkDependabot`](#checkdependabot)
Extract version bump information from Dependabot PRs description | String - PR description | - | [String] | +| [`checkSemver`](#checksemver)
Compare two software version numbers and determine the type of version change | [String] - Array with [to, from] versions | `lexicographical`, `zeroExtend` | String | | [`codeExperts`](#codeexperts)
Get list of contributors based on expert reviewer model results | [`repo`](./context-variables.md#repo) | `gt`, `lt` | [String] | | [`decode`](#decode)
Decode Base64 encoded string into an object | String (Base64 encoded) | - | Object | | [`encode`](#encode)
Encode data into Base64 encoded string | Object | - | String (Base64 encoded) | @@ -379,6 +381,93 @@ To identify as test the file must include the word `test` or `spec` in its name {{ files | allTests }} ``` + +#### `checkDependabot` + +Extract version bump information from Dependabot PRs description. This filter parses Dependabot PR descriptions to identify version changes and returns an array containing the "to" and "from" versions. + +
+ +| Argument | Usage | Type | Description | +| -------- | ------ | ------ | ------------------------------------------------------------------- | +| - | Input | String | The PR description from a Dependabot pull request | +| - | Output | [String] | Array with [to, from] versions, or null if no version info found | + +
+ +Examples: + +Check if a Dependabot PR is a minor version bump and auto-approve: + +```yaml+jinja +automations: + auto_approve_dependabot_minor: + if: + - {{ pr.description | checkDependabot | checkSemver == 'minor' }} + - {{ branch.name | includes(term="dependabot") }} + - {{ branch.author | includes(term="dependabot") }} + run: + - action: approve@v1 + - action: add-comment@v1 + args: + comment: | + Dependabot minor version bump approved automatically. +``` + +Auto-merge patch updates: + +```yaml+jinja +automations: + auto_merge_dependabot_patch: + if: + - {{ pr.description | checkDependabot | checkSemver == 'patch' }} + - {{ branch.name | includes(term="dependabot") }} + run: + - action: approve@v1 + - action: merge@v1 +``` + +#### `checkSemver` + +Compare two software version numbers and determine the type of version change. This filter takes an array of two version strings and returns the type of change between them. + +
+ +| Argument | Usage | Type | Description | +| -------- | ------ | ------ | ------------------------------------------------------------------- | +| - | Input | [String] | Array with [to, from] versions in semver format | +| `lexicographical` | Input (optional) | Boolean | Compare lexicographically instead of naturally (default: false) | +| `zeroExtend` | Input (optional) | Boolean | Pad shorter version with zeros (default: true) | +| - | Output | String | Returns 'major', 'minor', 'patch', 'downgrade', 'equal', or 'error' | + +
+ +Examples: + +Compare version arrays directly: + +```yaml+jinja +{{ ["1.2.3", "1.2.1"] | checkSemver }} # Returns "patch" +``` + +Use with Dependabot to classify version bumps: + +```yaml+jinja +bump_type: {{ pr.description | checkDependabot | checkSemver }} + +automations: + handle_major_bump: + if: + - {{ bump_type == 'major' }} + run: + - action: add-label@v1 + args: + label: "major-version-bump" + - action: request-changes@v1 + args: + comment: "Major version bumps require manual review" +``` + #### `codeExperts` When requesting a review for a pull request, it's important to select a reviewer who has a deep understanding of the relevant code area, the domain problem, and the framework being used. This ensures that the reviewer can provide specific and informed feedback, rather than general comments that may not take into account the context in which the issue was solved. @@ -416,7 +505,7 @@ automations: ``` !!! tip "Limit git history for code experts" - + Use the [`config.git_history_since`](./cm-file.md#configgit_history_since) configuration to limit the git history analysis to commits after a specific date. This is useful for team transitions or when you want to focus on recent contributors only. #### `decode` diff --git a/plugins/filters/compareSemver/reference.md b/plugins/filters/compareSemver/reference.md index a82844123..9e94af052 100644 --- a/plugins/filters/compareSemver/reference.md +++ b/plugins/filters/compareSemver/reference.md @@ -2,7 +2,7 @@ ## compareSemver Compares two software version numbers (e.g., "1.2.1" or "1.2b") and determines the type of version change. -The first version to be compared, and the second are passed as argument 1 and 2 or as array of 2 items. +The first version to be compared, and the second are passed as argument 1 and 2 or as array of 2 items. When V1 > V2 the it means and upgrade. **Returns**: string - It returns a string of either: @@ -11,8 +11,8 @@ When V1 > V2 the it means and upgrade. 'patch' if the patch version is incremented. 'downgrade' if the second version is lower than the first. 'equal' if both versions are equal. -'error' if the comparison is abnormal or cannot be determined. -**License**: MIT +'error' if the comparison is abnormal or cannot be determined. +**License**: MIT | Param | Type | Default | Description | | --- | --- | --- | --- | @@ -20,7 +20,7 @@ When V1 > V2 the it means and upgrade. | [lexicographical] | boolean | false | compares each part of the version strings lexicographically instead of naturally; this allows suffixes such as "b" or "dev" but will cause "1.10" to be considered smaller than "1.2". | | [zeroExtend] | boolean | true | changes the result if one version string has less parts than the other. In this case the shorter string will be padded with "zero" parts instead of being considered smaller. | -**Example** +**Example** ```js -{{ ["1.2.1", "1.2.3"] | compareSemver == "patch" }} +{{ ["1.2.3", "1.2.1"] | compareSemver == "patch" }} ``` diff --git a/plugins/filters/extractDependabotVersionBump/LICENSE b/plugins/filters/extractDependabotVersionBump/LICENSE deleted file mode 100644 index 4118ae88b..000000000 --- a/plugins/filters/extractDependabotVersionBump/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2023 LinearB - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file diff --git a/plugins/filters/extractDependabotVersionBump/README.md b/plugins/filters/extractDependabotVersionBump/README.md deleted file mode 100644 index 9b1eb7d0d..000000000 --- a/plugins/filters/extractDependabotVersionBump/README.md +++ /dev/null @@ -1,22 +0,0 @@ ---8<-- "plugins/filters/extractDependabotVersionBump/reference.md" - -??? note "Plugin Code: extractDependabotVersionBump" - ```javascript - --8<-- "plugins/filters/extractDependabotVersionBump/index.js" - ``` -
- - -
- - -??? example "gitStream CM Example: extractDependabotVersionBump" - ```yaml+jinja - --8<-- "plugins/filters/extractDependabotVersionBump/extract_dependabot_version_bump.cm" - ``` -
- - -
- -[Download Source Code](https://github.com/linear-b/gitstream/tree/main/plugins/filters/extractDependabotVersionBump) diff --git a/plugins/filters/extractDependabotVersionBump/extract_dependabot_version_bump.cm b/plugins/filters/extractDependabotVersionBump/extract_dependabot_version_bump.cm deleted file mode 100644 index b1265ff31..000000000 --- a/plugins/filters/extractDependabotVersionBump/extract_dependabot_version_bump.cm +++ /dev/null @@ -1,36 +0,0 @@ -manifest: - version: 1.0 - -automations: - bump_minor: - on: - - pr_created - - commit - if: - - {{ bump == 'minor' }} - - {{ branch.name | includes(term="dependabot") }} - - {{ branch.author | includes(term="dependabot") }} - run: - - action: approve@v1 - - action: add-comment@v1 - args: - comment: | - Dependabot `minor` version bumps are approved automatically. - - bump_patch: - on: - - pr_created - - commit - if: - - {{ bump == 'patch' }} - - {{ branch.name | includes(term="dependabot") }} - - {{ branch.author | includes(term="dependabot") }} - run: - - action: approve@v1 - - action: merge@v1 - - action: add-comment@v1 - args: - comment: | - Dependabot `patch` version bumps are approved and merged automatically. - -bump: {{ pr.description | extractDependabotVersionBump | compareSemver }} diff --git a/plugins/filters/extractDependabotVersionBump/index.js b/plugins/filters/extractDependabotVersionBump/index.js deleted file mode 100644 index 1556bfeaf..000000000 --- a/plugins/filters/extractDependabotVersionBump/index.js +++ /dev/null @@ -1,36 +0,0 @@ -/** - * @module extractDependabotVersionBump - * @description Extract version bump information from Dependabot PRs description. - * Handles both "Bumps" and "Updates" patterns. - * @param {string} description - the PR description - * @returns {string[]} An array with [to, from] versions, or null if no version info found - * @example {{ pr.description | extractDependabotVersionBump | compareSemver }} - * @license MIT -**/ - - -module.exports = (desc) => { - if (desc && desc !== '""' && desc !== "''" ) { - // Match both "Bumps" and "Updates" patterns with version numbers - // The regex captures version numbers that follow "from" and "to" keywords - let parsedDesc = desc; - try { - parsedDesc = JSON.parse(desc); - } catch (e) { - // If parsing fails, use the description as is - } - const regex = /(Bumps|Updates).*?from ([\d\.]+[A-Za-zαß]*) to ([\d\.]+[A-Za-zαß]*)/; - const matches = regex.exec(parsedDesc); - if (matches && matches.length == 4) { - var [_, action, from, to] = matches; - // Remove trailing dot on the "to" version if present - if (to && to.length > 0 && to[to.length - 1] === ".") { - to = to.slice(0, -1); - } - // Return [to, from] format to be compatible with compareSemver - return [to, from]; - } - } - - return null; -} diff --git a/plugins/filters/extractDependabotVersionBump/reference.md b/plugins/filters/extractDependabotVersionBump/reference.md deleted file mode 100644 index 0a7921fe8..000000000 --- a/plugins/filters/extractDependabotVersionBump/reference.md +++ /dev/null @@ -1,16 +0,0 @@ - - -## extractDependabotVersionBump -Extract version bump information from Dependabot PRs description - -**Returns**: Array.<string> - V1 (to) and V2 (from) -**License**: MIT - -| Param | Type | Description | -| --- | --- | --- | -| description | string | the PR description | - -**Example** -```js -{{ pr.description | extractDependabotVersionBump | compareSemver }} -``` diff --git a/plugins/filters/extractDependabotVersionBump/test.js b/plugins/filters/extractDependabotVersionBump/test.js deleted file mode 100644 index 4da602975..000000000 --- a/plugins/filters/extractDependabotVersionBump/test.js +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Test file for extractDependabotVersionBump - */ - -const extractDependabotVersionBump = require('./index.js'); - -// Test cases -const testCases = [ - { - name: "Updates format", - input: "Bumps the npm_and_yarn group with 1 update in the / directory: [axios](https://github.com/axios/axios).\n\nUpdates `axios` from 0.2.2 to 0.30.0", - expected: ["0.30.0", "0.2.2"] - }, - { - name: "Bumps format", - input: "Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 5.1.2 to 7.0.0.", - expected: ["7.0.0", "5.1.2"] - }, - { - name: "Bumps format with escaped quotes and HTML", - input: "Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 6.0.1 to 6.0.2.
\\n

\\nRelease notes
\\n

Sourced from serialize-javascript's releases.


\\n

\\n

v6.0.2


\\n
\\n

https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2


\\n

\\n

\\n

\\nCommits
\\n
\\n

\\n

\\n
\\n
\\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serialize-javascript&package-manager=npm_and_yarn&previous-version=6.0.1&new-version=6.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
\\n
\\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
\\n
\\n[//]: # (dependabot-automerge-start)
\\n[//]: # (dependabot-automerge-end)
\\n
\\n---
\\n
\\n

\\nDependabot commands and options
\\n

\\n
\\nYou can trigger Dependabot actions by commenting on this PR:
\\n- `@dependabot rebase` will rebase this PR
\\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
\\n- `@dependabot merge` will merge this PR after your CI passes on it
\\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
\\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
\\n- `@dependabot reopen` will reopen this PR if it is closed
\\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
\\n- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
\\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
\\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
\\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
\\n
\\n
\\n
\"", - expected: ["6.0.2", "6.0.1"] - } -]; - -// Run the tests -let passed = 0; -let failed = 0; - -console.log('Running tests for extractDependabotVersionBump\n'); - -testCases.forEach(test => { - const result = extractDependabotVersionBump(test.input); - const success = JSON.stringify(result) === JSON.stringify(test.expected); - - if (success) { - console.log(`✅ PASS: ${test.name}`); - passed++; - } else { - console.log(`❌ FAIL: ${test.name}`); - console.log(` Expected: ${JSON.stringify(test.expected)}`); - console.log(` Actual: ${JSON.stringify(result)}`); - failed++; - } -}); - -console.log(`\nTest Summary: ${passed} passed, ${failed} failed`); - -if (failed > 0) { - process.exit(1); -} else { - console.log('All tests passed successfully!'); -} diff --git a/plugins/filters/extractSnykVersionBump/extract_snyk_version_bump.cm b/plugins/filters/extractSnykVersionBump/extract_snyk_version_bump.cm index 0e7edc542..f7d3438e7 100644 --- a/plugins/filters/extractSnykVersionBump/extract_snyk_version_bump.cm +++ b/plugins/filters/extractSnykVersionBump/extract_snyk_version_bump.cm @@ -27,4 +27,4 @@ automations: comment: | Snyk `patch` version bumps are approved and merged automatically. -bump: {{ pr.description | extractSnykVersionBump | compareSemver }} +bump: {{ pr.description | extractSnykVersionBump | checkSemver }} diff --git a/plugins/filters/extractSnykVersionBump/index.js b/plugins/filters/extractSnykVersionBump/index.js index 7643f20e4..1ddaebfc8 100644 --- a/plugins/filters/extractSnykVersionBump/index.js +++ b/plugins/filters/extractSnykVersionBump/index.js @@ -3,14 +3,14 @@ * @description Extract version bump information from Snyk PRs description * @param {string} description - the PR description * @returns {string[]} V1 (to) and V2 (from) - * @example {{ pr.description | extractSnykVersionBump | compareSemver }} + * @example {{ pr.description | extractSnykVersionBump | checkSemver }} * @license MIT **/ module.exports = (desc) => { - if (desc && desc !== '""' && desc !== "''" ) { + if (desc && desc !== '""' && desc !== "''" ) { const matches = /Upgrade.*from ([\d\.]+[A-Za-zαß]*) to ([\d\.]+[A-Za-zαß]*)/.exec(desc); if (matches && matches.length == 3) { var [_, from, to] = matches; diff --git a/plugins/filters/extractSnykVersionBump/reference.md b/plugins/filters/extractSnykVersionBump/reference.md index 0261c2a72..e96be7afc 100644 --- a/plugins/filters/extractSnykVersionBump/reference.md +++ b/plugins/filters/extractSnykVersionBump/reference.md @@ -3,14 +3,14 @@ ## extractSnykVersionBump Extract version bump information from Snyk PRs description -**Returns**: Array.<string> - V1 (to) and V2 (from) -**License**: MIT +**Returns**: Array.<string> - V1 (to) and V2 (from) +**License**: MIT | Param | Type | Description | | --- | --- | --- | | description | string | the PR description | -**Example** +**Example** ```js -{{ pr.description | extractSnykVersionBump | compareSemver }} +{{ pr.description | extractSnykVersionBump | checkSemver }} ```