How to add a label if the update is within the constraints of a package definition file?

[Flo0807]

How are you running Renovate?

A Mend.io-hosted app

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

No response

Please tell us more about your question or problem

Hey!

I use Renovate to keep dependencies of an Elixir library up to date.

For new releases of the library, I use a feature of GitHub to automatically generate release notes.

The release notes include a "Dependency Updates" section. This section contains all Pull Request that are labeled with dependency. The labels are added by Renovate.

I also have a ignore-for-release label I can put on Pull Requests that should be hidden from the release notes.

My question is, how can I add this ignore-for-release label to Renovate Pull Requests where the dependency update is within the constraints of a package definition file (in my case mix.exs).

I want to exclude these updates because they do not affect users of the library because the lock file itself is not shipped.

For example, if the mix.exs contains the following dependencies:

# mix.exs
defp deps do
  [
    {:dep_a, "~> 3.0"}, # equal to >= 3.0.0 and < 4.0.0
    {:dep_b, "~> 3.5.0"}, # equal to >= 3.5.0 and < 3.6.0
    ...
  ]
end

(Explanation of the ~> requirement: https://hexdocs.pm/elixir/1.18.2/Version.html#module-requirements)

and Renovate creates the following updates

dep_a: 3.5.0 (currently used) -> 3.6.0 (new version)
dep_b: 3.5.0 (currently used) -> 3.6.0 (new version)

The Pull Request of dep_a should be labeled with ignore-for-release because it doesn't update the mix.exs as the update is within the constraints of the mix.exs file.

In contrast, the Pull Request of the dep_b update updates the mix.exs to this, as we need to update the constraints to use the new version:

# mix.exs
defp deps do
  [
    {:dep_a, "~> 3.0"}, # equal to >= 3.0.0 and < 4.0.0
    {:dep_b, "~> 3.6.0"}, # equal to >= 3.6.0 and < 3.7.0
    ...
  ]
end

As we've updated the dep_b dependency in the mix.exs file, this Pull Request should not be labeled with ignore-for-release because the update has to be part of the upcoming release notes as it impacts users of the library.

Note that the definition of dep_a did not change in the mix.exs file.

FYI: Currently, I use the update-lockfile strategy for Mix updates

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:best-practices",
    ...
  ],
  "packageRules": [
    ...,
    {
      "matchManagers": [
        "mix"
      ],
      "rangeStrategy": "update-lockfile"
    }
  ],
  "labels": [
    "dependencies",
    "{{categories}}"
  ]
}

How can I create a packageRule that adds the ignore-for-release label accordingly?

Logs (if relevant)

No response

[rarkins]

What would you expect if a branch contained both types of updates (within constraints, and outside constraints)?

[Flo0807]

I guess I would expect the label to be added. My project also contains a demo application. So I've configured Renovate to add a demo label when an update matches the demo/** path. I'd also expect the demo label to be added if the pull request contains multiple updates, both within demo directory and outside demo directory.

But it doesn't matter, as I have to handle such cases manually anyway.

Usually, I don't have many Renovate pull requests that contain multiple dependency updates.

[rarkins]

In that case it's probably possible to achieve this with an advanced matchJsonata query but I haven't tried it

[Flo0807]

All right. Can you give me any hints or direction on how to approach this? I'd appreciate it.

[rarkins]

It's a low level way to query the full data about updates. The docs are at https://docs.renovatebot.com/configuration-options/#matchjsonata but you'll need to do some experimenting