ci(renovate): better regex#1481
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Improves Renovate’s regex-based custom managers to more precisely detect Python dependencies in shell scripts and Python sources.
Changes:
- Tightens
pip install/uv pip installdependency-name matching. - Adjusts the
required_packages = [...]extractor regex and simplifies its templates.
| "customType": "regex", | ||
| "managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"], | ||
| "matchStrings": ["pip install (?<depName>[\\w-]+)(?:\\s|$)"], | ||
| "matchStrings": ["pip install (?<depName>[A-Za-z][\\w-]*)(?:\\s|$)"], |
There was a problem hiding this comment.
The dependency-name pattern is too restrictive for valid Python distribution names (PEP 508), which can start with a digit and may include . (dot) as well as -/_. As written, Renovate will miss updates for packages like 3to2 or zope.interface. Consider changing depName to a PEP 508-aligned character class (e.g., starting with alnum and allowing [A-Za-z0-9._-]) rather than forcing a leading letter and excluding dots.
| "customType": "regex", | ||
| "managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"], | ||
| "matchStrings": ["uv pip install (?<depName>[\\w-]+)(?:\\s|$)"], | ||
| "matchStrings": ["uv pip install (?<depName>[A-Za-z][\\w-]*)(?:\\s|$)"], |
There was a problem hiding this comment.
Same issue as the pip install matcher: this will fail to recognize valid package names that start with digits or contain dots, causing Renovate to skip some dependencies. Align depName with Python distribution-name rules to avoid missed detections.
| "matchStrings": ["uv pip install (?<depName>[A-Za-z][\\w-]*)(?:\\s|$)"], | |
| "matchStrings": ["uv pip install (?<depName>[A-Za-z0-9._-]+)(?:\\s|$)"], |
| "matchStrings": ["required_packages = \\[[^\\]]*\"(?<depName>[^\"=]+)==(?<currentValue>[^\"]+)\""], | ||
| "datasourceTemplate": "pypi", | ||
| "currentValueTemplate": "latest" | ||
| "matchStrings": ["required_packages = \\[\\s*\"(?<depName>[^\"=\\n]+)==(?<currentValue>[^\"\\n]+)\""], |
There was a problem hiding this comment.
This new regex only matches when the first element in required_packages = [ is immediately the "name==version" string, and it no longer matches subsequent list entries or common multi-line list formatting. This looks like a regression from the previous [^\\]]* approach, and will cause Renovate to miss dependencies in typical lists. Consider matching any content inside the brackets up to each "dep==ver" occurrence, including newlines (e.g., using a [\s\S]*?-style construct) so every item in the list can be extracted.
| "matchStrings": ["required_packages = \\[\\s*\"(?<depName>[^\"=\\n]+)==(?<currentValue>[^\"\\n]+)\""], | |
| "matchStrings": ["required_packages\\s*=\\s*\\[[\\s\\S]*?\"(?<depName>[^\"=\\n]+)==(?<currentValue>[^\"\\n]+)\""], |
amilcarlucas
force-pushed
the
renovate_fixes
branch
from
f9766e6 to
a42700d
Compare
- Refactor `renovate.json` custom regex matchers to robustly support `brew install`, `uv pip`, `npm install`, and Python release dependency parsing - Convert several single-pass regex blocks to `matchStringsStrategy: "recursive"` for deep dependency extraction (e.g. array parsing) - Add `scripts/test_renovate.py` script to locally discover and validate regex behaviors against the workspace files - Update `INSTALL.md` and `SetupDeveloperPC.sh` to explicitly pin `uv` inline with the `python-tk` setups for Renovate visibility
amilcarlucas
force-pushed
the
renovate_fixes
branch
from
a42700d to
bdb3135
Compare
| "customType": "regex", | ||
| "managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"], | ||
| "managerFilePatterns": ["/\\.sh$", "/\\.bash$", "/\\.md$", "/\\.ya?ml$"], | ||
| "matchStrings": [ | ||
| "brew install (?<depName>python-tk)@(?<currentValue>[\\d\\.]+)" | ||
| "brew (?:list python-tk &>/dev/null \\|\\| brew )?install (?:uv(?:@[\\d\\.]+)? )?(?<depName>python-tk)(?:@(?<currentValue>[\\w\\.\"$]+))?" |
| { | ||
| "customType": "regex", | ||
| "managerFilePatterns": ["/\\.sh$/", "/\\.bash$/"], | ||
| "matchStrings": ["brew install (?<depName>uv)(?:\\s|$)"], | ||
| "datasourceTemplate": "github-releases", | ||
| "depNameTemplate": "astral-sh/uv", | ||
| "currentValueTemplate": "latest" | ||
| }, | ||
| { | ||
| "customType": "regex", | ||
| "managerFilePatterns": ["/\\.py$/"], | ||
| "managerFilePatterns": ["/\\.sh$", "/\\.bash$", "/\\.md$"], | ||
| "matchStrings": [ | ||
| "# dependencies = \\[\\s*(?:[^\\]]*\\n)*?#\\s*\"(?<depName>[^\"]+)==(?<currentValue>[\\d\\.]+)\"" | ||
| "brew install (?<depName>uv)(?:@(?<currentValue>[\\d\\.]+))?(?:\\s| python-tk|$)" |
| { | ||
| "customType": "regex", | ||
| "managerFilePatterns": ["/\\.bat$/"], | ||
| "managerFilePatterns": ["/\\.bat$", "/\\.md$", "/\\.ya?ml$"], |
| # Download the latest SLSA verifier (recommended: check https://github.com/slsa-framework/slsa-verifier/releases for the latest version) | ||
| # Replace <latest-version> with the latest release tag, e.g. v2.7.0 | ||
| curl -sSLO https://github.com/slsa-framework/slsa-verifier/releases/latest/download/slsa-verifier-linux-amd64 | ||
| # Replace <latest-version> with the latest release tag, e.g. v2.7.1 | ||
| curl -sSLO https://github.com/slsa-framework/slsa-verifier/releases/download/v2.7.1/slsa-verifier-linux-amd64 | ||
| chmod +x slsa-verifier-linux-amd64 |
☂️ Code Coverage
Overall Coverage
New FilesNo new covered files... Modified FilesNo covered modified files...
|
No description provided.