Skip to content

fix: Fix registries deletion when adding new ecosystems to dependabot.yml #378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix: Fix registries deletion when adding new ecosystems to dependabot.yml #378

wants to merge 4 commits into from
+50 −3

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jul 8, 2025
edited
Loading

Problem

When evergreen adds new package ecosystems to an existing dependabot.yml file, it was incorrectly deleting any existing top-level registries: section. This happened because the make_dependabot_config() function unconditionally removed registries when no extra_dependabot_config was provided.

Example Issue

Given an existing dependabot.yml with registries:

version: 2
registries:
  gradle-artifactory:
    type: maven-repository
    url: https://acme.jfrog.io/artifactory/my-gradle-registry
    username: octocat
    password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"

When evergreen detected a new ecosystem (e.g., gradle) and added it, the registries: section was deleted, resulting in:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "weekly"

Solution

  1. Removed problematic code: Deleted the line dependabot_config.pop("registries", None) from make_dependabot_config() that was unconditionally removing registries when extra_dependabot_config was None.

  2. Fixed default data structure: Removed the empty registries: {} from the default data structure to avoid adding empty registries sections when not needed.

  3. Added regression test: Created test_build_dependabot_file_preserves_existing_registries to ensure existing registries are preserved when new ecosystems are added.

Result

Now existing registries configurations are properly preserved when evergreen adds new package ecosystems:

version: 2
registries:
  gradle-artifactory:
    type: maven-repository
    url: https://acme.jfrog.io/artifactory/my-gradle-registry
    username: octocat
    password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "weekly"

Testing

  • All existing tests continue to pass
  • Added comprehensive test coverage for the registry preservation scenario
  • Verified that empty registries sections are not added when not needed
  • Verified that existing registry configurations are preserved exactly

Fixes #377.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Copilot @zkoppert
Fix registries deletion bug and add regression test
f4a8eec 
Co-authored-by: zkoppert <6935431+zkoppert@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] Registries need to be maintained Fix registries deletion when adding new ecosystems to dependabot.yml Jul 8, 2025
@Copilot Copilot AI requested a review from zkoppert July 8, 2025 23:43
Copilot finished work on behalf of zkoppert July 8, 2025 23:43
@github-actions github-actions bot added the fix label Jul 8, 2025
@zkoppert zkoppert changed the title Fix registries deletion when adding new ecosystems to dependabot.yml fix: Fix registries deletion when adding new ecosystems to dependabot.yml Jul 8, 2025
@zkoppert
Copy link
Member

zkoppert commented Jul 8, 2025

@copilot can you fix the failing github actions. You may need to use the make lint target to find issues and fix them.

@Copilot @zkoppert
fix: Remove trailing whitespace from test file to fix linting issues
36c946d 
Co-authored-by: zkoppert <6935431+zkoppert@users.noreply.github.com>
@Copilot Copilot SWE Agent
Copy link
Contributor Author

Copilot AI commented Jul 8, 2025

@copilot can you fix the failing github actions. You may need to use the make lint target to find issues and fix them.

Fixed the linting issues by removing trailing whitespace from the test file. All linting checks now pass with make lint and all tests continue to pass. Fixed in commit 36c946d.

Copilot finished work on behalf of zkoppert July 8, 2025 23:56
@zkoppert zkoppert marked this pull request as ready for review July 15, 2025 05:46
@Copilot Copilot AI review requested due to automatic review settings July 15, 2025 05:46
@zkoppert zkoppert requested a review from a team as a code owner July 15, 2025 05:46
Copilot
Copilot AI reviewed Jul 15, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a bug where evergreen was incorrectly deleting existing registry configurations when adding new package ecosystems to an existing dependabot.yml file. The issue occurred because the make_dependabot_config() function unconditionally removed registries when no extra configuration was provided.

  • Removed the problematic code that was deleting registries when extra_dependabot_config was None
  • Fixed the default data structure to avoid adding empty registries sections
  • Added comprehensive test coverage for the registry preservation scenario

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
dependabot_file.py Removed the line causing registry deletion and empty registries from default structure
test_dependabot_file.py Added regression test to ensure existing registries are preserved when new ecosystems are added

test_dependabot_file.py
"""
)

expected_result = yaml.load(
Copy link
Preview

Copilot AI Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using yaml.load() without specifying a Loader is deprecated and potentially unsafe. Consider using yaml.safe_load() or yaml.load() with an explicit Loader parameter.

Copilot uses AI. Check for mistakes.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot can you fix this?

@jmeridth jmeridth mentioned this pull request Jul 16, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@zkoppert zkoppert Awaiting requested review from zkoppert

At least 1 approving review is required to merge this pull request.

Assignees

@zkoppert zkoppert

Copilot code review Copilot

Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Registries need to be maintained
2 participants
@Copilot @zkoppert
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy