Skip to content

ci(renovate): better regex#1481

Merged
amilcarlucas merged 1 commit into
masterfrom
renovate_fixes
May 5, 2026
Merged

ci(renovate): better regex#1481
amilcarlucas merged 1 commit into
masterfrom
renovate_fixes

Conversation

@amilcarlucas
Copy link
Copy Markdown
Collaborator

@amilcarlucas amilcarlucas commented Apr 9, 2026

No description provided.

Copilot AI review requested due to automatic review settings April 9, 2026 22:55
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Improves Renovate’s regex-based custom managers to more precisely detect Python dependencies in shell scripts and Python sources.

Changes:

  • Tightens pip install / uv pip install dependency-name matching.
  • Adjusts the required_packages = [...] extractor regex and simplifies its templates.

Comment thread renovate.json Outdated
"customType": "regex",
"managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"],
"matchStrings": ["pip install (?<depName>[\\w-]+)(?:\\s|$)"],
"matchStrings": ["pip install (?<depName>[A-Za-z][\\w-]*)(?:\\s|$)"],
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dependency-name pattern is too restrictive for valid Python distribution names (PEP 508), which can start with a digit and may include . (dot) as well as -/_. As written, Renovate will miss updates for packages like 3to2 or zope.interface. Consider changing depName to a PEP 508-aligned character class (e.g., starting with alnum and allowing [A-Za-z0-9._-]) rather than forcing a leading letter and excluding dots.

Copilot uses AI. Check for mistakes.
Comment thread renovate.json Outdated
"customType": "regex",
"managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"],
"matchStrings": ["uv pip install (?<depName>[\\w-]+)(?:\\s|$)"],
"matchStrings": ["uv pip install (?<depName>[A-Za-z][\\w-]*)(?:\\s|$)"],
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as the pip install matcher: this will fail to recognize valid package names that start with digits or contain dots, causing Renovate to skip some dependencies. Align depName with Python distribution-name rules to avoid missed detections.

Suggested change
"matchStrings": ["uv pip install (?<depName>[A-Za-z][\\w-]*)(?:\\s|$)"],
"matchStrings": ["uv pip install (?<depName>[A-Za-z0-9._-]+)(?:\\s|$)"],

Copilot uses AI. Check for mistakes.
Comment thread renovate.json Outdated
"matchStrings": ["required_packages = \\[[^\\]]*\"(?<depName>[^\"=]+)==(?<currentValue>[^\"]+)\""],
"datasourceTemplate": "pypi",
"currentValueTemplate": "latest"
"matchStrings": ["required_packages = \\[\\s*\"(?<depName>[^\"=\\n]+)==(?<currentValue>[^\"\\n]+)\""],
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new regex only matches when the first element in required_packages = [ is immediately the "name==version" string, and it no longer matches subsequent list entries or common multi-line list formatting. This looks like a regression from the previous [^\\]]* approach, and will cause Renovate to miss dependencies in typical lists. Consider matching any content inside the brackets up to each "dep==ver" occurrence, including newlines (e.g., using a [\s\S]*?-style construct) so every item in the list can be extracted.

Suggested change
"matchStrings": ["required_packages = \\[\\s*\"(?<depName>[^\"=\\n]+)==(?<currentValue>[^\"\\n]+)\""],
"matchStrings": ["required_packages\\s*=\\s*\\[[\\s\\S]*?\"(?<depName>[^\"=\\n]+)==(?<currentValue>[^\"\\n]+)\""],

Copilot uses AI. Check for mistakes.
@amilcarlucas
ci(renovate): improve custom regex managers and add validation script
bdb3135 
- Refactor `renovate.json` custom regex matchers to robustly support `brew install`, `uv pip`, `npm install`, and Python release dependency parsing
- Convert several single-pass regex blocks to `matchStringsStrategy: "recursive"` for deep dependency extraction (e.g. array parsing)
- Add `scripts/test_renovate.py` script to locally discover and validate regex behaviors against the workspace files
- Update `INSTALL.md` and `SetupDeveloperPC.sh` to explicitly pin `uv` inline with the `python-tk` setups for Renovate visibility
@amilcarlucas amilcarlucas requested a review from Copilot May 5, 2026 21:59
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

Comment thread renovate.json
Comment on lines 70 to +73
"customType": "regex",
"managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"],
"managerFilePatterns": ["/\\.sh$", "/\\.bash$", "/\\.md$", "/\\.ya?ml$"],
"matchStrings": [
"brew install (?<depName>python-tk)@(?<currentValue>[\\d\\.]+)"
"brew (?:list python-tk &>/dev/null \\|\\| brew )?install (?:uv(?:@[\\d\\.]+)? )?(?<depName>python-tk)(?:@(?<currentValue>[\\w\\.\"$]+))?"
Comment thread renovate.json
Comment on lines 78 to +82
{
"customType": "regex",
"managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"],
"matchStrings": ["brew install (?<depName>uv)(?:\\s|$)"],
"datasourceTemplate": "github-releases",
"depNameTemplate": "astral-sh/uv",
"currentValueTemplate": "latest"
},
{
"customType": "regex",
"managerFilePatterns": ["/\\.py$/"],
"managerFilePatterns": ["/\\.sh$", "/\\.bash$", "/\\.md$"],
"matchStrings": [
"# dependencies = \\[\\s*(?:[^\\]]*\\n)*?#\\s*\"(?<depName>[^\"]+)==(?<currentValue>[\\d\\.]+)\""
"brew install (?<depName>uv)(?:@(?<currentValue>[\\d\\.]+))?(?:\\s| python-tk|$)"
Comment thread renovate.json
{
"customType": "regex",
"managerFilePatterns": ["/\\.bat$/"],
"managerFilePatterns": ["/\\.bat$", "/\\.md$", "/\\.ya?ml$"],
Comment thread INSTALL.md
Comment on lines 220 to 223
# Download the latest SLSA verifier (recommended: check https://github.com/slsa-framework/slsa-verifier/releases for the latest version)
# Replace <latest-version> with the latest release tag, e.g. v2.7.0
curl -sSLO https://github.com/slsa-framework/slsa-verifier/releases/latest/download/slsa-verifier-linux-amd64
# Replace <latest-version> with the latest release tag, e.g. v2.7.1
curl -sSLO https://github.com/slsa-framework/slsa-verifier/releases/download/v2.7.1/slsa-verifier-linux-amd64
chmod +x slsa-verifier-linux-amd64
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 5, 2026
edited
Loading

☂️ Code Coverage

current status: ✅

Overall Coverage

Statements Covered Coverage Threshold Status
12578 11859 94% 89% 🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: bdb3135 by action🐍

@amilcarlucas amilcarlucas merged commit 052dc15 into master May 5, 2026
33 of 35 checks passed
@amilcarlucas amilcarlucas deleted the renovate_fixes branch May 5, 2026 22:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@amilcarlucas