Skip to content

fix: make checkout expected-commit bump less greedy #2008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
imjasonh merged 4 commits into from
Jun 16, 2025
Merged

fix: make checkout expected-commit bump less greedy #2008

imjasonh merged 4 commits into from
Jun 16, 2025

Conversation

@bentasker
Copy link
Contributor

@bentasker bentasker commented May 27, 2025
edited
Loading

Melange Pull Request Template

Prior to this commit, bumps updated expected-commit for any git checkout node who's tag attribute matched the regular expression \${{vars\..+}} (i.e. anything which used a variable).

This made the logic very greedy, clobbering values for unrelated checkouts (for example here)

We only want bumps to update those where tag matches either package.version or vars.mangled-package-version.

Currently we use the following vars in tag attributes:

ben@cosmos:~/Repos/os$ grep -h 'tag: ${' *.yaml | grep -v 'package\.version' | cut -d: -f2 | sort | uniq
 ${{vars.docker-machine-tag}}
 ${{vars.exporter-tag}}
 ${{vars.mangled-package-version}}

It also adds a check to ensure that expected-commit does not contain a variable (i.e. ${{) before overwriting it's value

debasishbsws
debasishbsws reviewed May 27, 2025
View reviewed changes
@bentasker bentasker marked this pull request as ready for review May 27, 2025 14:46
@powersj
Copy link

powersj commented Jun 12, 2025

@imjasonh @luhring - thoughts on this PR and who I should poke? This seems to keep coming up and more of our PRs would land if this were fixed up.

imjasonh
imjasonh reviewed Jun 16, 2025
View reviewed changes
@bentasker
docs: document that mangled-package-version will result in `git-che…
97f1399 
…ckout` blocks being bumped by `melange bump` calls

Signed-off-by: Ben Tasker <[email protected]>
@bentasker bentasker requested a review from imjasonh June 16, 2025 14:56
@imjasonh imjasonh merged commit c6e5c29 into chainguard-dev:main Jun 16, 2025
58 of 60 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Jun 23, 2025
Merged
@debasishbsws debasishbsws mentioned this pull request Jun 23, 2025
Closed
4 tasks
debasishbsws added a commit to wolfi-dev/os that referenced this pull request Jul 28, 2025
@debasishbsws
fix(update): rename underscore-package-version to `mangled-package-…
ca91450 
…version` for proper commit bumping

* Melange now only updates `expected-commit` in `git-checkout` when tags match either `${{package.version}}` or `${{vars.mangled-package-version}}` ([melange#2008](chainguard-dev/melange#2008))


Signed-off-by: Debasish Biswas <[email protected]>
debasishbsws added a commit to wolfi-dev/os that referenced this pull request Jul 28, 2025
@debasishbsws
fix(update): rename underscore-package-version to `mangled-package-…
d8941d8 
…version` for proper commit bumpin

* Melange now only updates `expected-commit` in `git-checkout` when tags match either `${{package.version}}` or `${{vars.mangled-package-version}}` ([melange#2008](chainguard-dev/melange#2008))
* Previously we used a custom var `underscore-package-version`, which is no longer recognized by the updater logic
* This change renames `underscore-package-version` to `mangled-package-version` so it integrates correctly with Melange's update mechanism and enables automatic commit updates 
* fix the commit SHA

Signed-off-by: Debasish Biswas <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@debasishbsws debasishbsws debasishbsws left review comments

@imjasonh imjasonh imjasonh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bentasker @powersj @imjasonh @debasishbsws