Prefer precise version numbers in action pin algorithm (#7260)

Copilot · web-flow · commit f0db98b90ca1 · 2025-12-22T07:28:42.000-08:00
diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml
diff --git a/pkg/cli/semver.go b/pkg/cli/semver.go
@@ -56,6 +56,19 @@ func parseVersion(v string) *semanticVersion {
 	return ver
 }
 
+// isPreciseVersion returns true if this version has explicit minor and patch components
+// For example, "v6.0.0" is precise, but "v6" is not
+func (v *semanticVersion) isPreciseVersion() bool {
+	// Check if raw version has at least two dots (major.minor.patch format)
+	// or at least one dot for major.minor format
+	// "v6" -> not precise
+	// "v6.0" -> somewhat precise (has minor)
+	// "v6.0.0" -> precise (has minor and patch)
+	versionPart := strings.TrimPrefix(v.raw, "v")
+	dotCount := strings.Count(versionPart, ".")
+	return dotCount >= 2 // Require at least major.minor.patch
+}
+
 // isNewer returns true if this version is newer than the other
 func (v *semanticVersion) isNewer(other *semanticVersion) bool {
 	if v.major != other.major {
diff --git a/pkg/cli/semver_precise_test.go b/pkg/cli/semver_precise_test.go
@@ -0,0 +1,101 @@
+package cli
+
+import (
+	"testing"
+)
+
+func TestIsPreciseVersion(t *testing.T) {
+	tests := []struct {
+		name     string
+		version  string
+		expected bool
+	}{
+		{
+			name:     "major only - not precise",
+			version:  "v6",
+			expected: false,
+		},
+		{
+			name:     "major.minor - not precise",
+			version:  "v6.0",
+			expected: false,
+		},
+		{
+			name:     "major.minor.patch - precise",
+			version:  "v6.0.0",
+			expected: true,
+		},
+		{
+			name:     "major.minor.patch non-zero - precise",
+			version:  "v6.0.1",
+			expected: true,
+		},
+		{
+			name:     "full version - precise",
+			version:  "v6.1.2",
+			expected: true,
+		},
+		{
+			name:     "without v prefix - precise",
+			version:  "6.0.0",
+			expected: true,
+		},
+		{
+			name:     "single digit major - not precise",
+			version:  "v1",
+			expected: false,
+		},
+		{
+			name:     "three component version - precise",
+			version:  "v1.2.3",
+			expected: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			v := parseVersion(tt.version)
+			if v == nil {
+				t.Fatalf("Failed to parse version: %s", tt.version)
+			}
+
+			result := v.isPreciseVersion()
+			if result != tt.expected {
+				t.Errorf("isPreciseVersion() for %q = %v, want %v", tt.version, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestPreciseVersionPreference(t *testing.T) {
+	// Test that when comparing equal versions, precise versions are preferred
+	v6 := parseVersion("v6")
+	v600 := parseVersion("v6.0.0")
+
+	if v6 == nil || v600 == nil {
+		t.Fatal("Failed to parse versions")
+	}
+
+	// They should parse to the same major.minor.patch
+	if v6.major != v600.major || v6.minor != v600.minor || v6.patch != v600.patch {
+		t.Errorf("v6 and v6.0.0 should parse to same major.minor.patch, got v6=%+v, v600=%+v", v6, v600)
+	}
+
+	// v6.0.0 should be precise, v6 should not
+	if !v600.isPreciseVersion() {
+		t.Error("v6.0.0 should be precise")
+	}
+
+	if v6.isPreciseVersion() {
+		t.Error("v6 should not be precise")
+	}
+
+	// Neither should be considered "newer" than the other
+	if v6.isNewer(v600) {
+		t.Error("v6 should not be newer than v6.0.0")
+	}
+
+	if v600.isNewer(v6) {
+		t.Error("v6.0.0 should not be newer than v6")
+	}
+}
diff --git a/pkg/cli/update_actions.go b/pkg/cli/update_actions.go
@@ -211,6 +211,15 @@ func getLatestActionRelease(repo, currentVersion string, allowMajor, verbose boo
 		if latestCompatibleVersion == nil || releaseVer.isNewer(latestCompatibleVersion) {
 			latestCompatible = release
 			latestCompatibleVersion = releaseVer
+		} else if !releaseVer.isNewer(latestCompatibleVersion) && 
+			releaseVer.major == latestCompatibleVersion.major &&
+			releaseVer.minor == latestCompatibleVersion.minor &&
+			releaseVer.patch == latestCompatibleVersion.patch {
+			// If versions are equal, prefer the more precise one (e.g., "v6.0.0" over "v6")
+			if releaseVer.isPreciseVersion() && !latestCompatibleVersion.isPreciseVersion() {
+				latestCompatible = release
+				latestCompatibleVersion = releaseVer
+			}
 		}
 	}
 
@@ -301,6 +310,15 @@ func getLatestActionReleaseViaGit(repo, currentVersion string, allowMajor, verbo
 		if latestCompatibleVersion == nil || releaseVer.isNewer(latestCompatibleVersion) {
 			latestCompatible = release
 			latestCompatibleVersion = releaseVer
+		} else if !releaseVer.isNewer(latestCompatibleVersion) && 
+			releaseVer.major == latestCompatibleVersion.major &&
+			releaseVer.minor == latestCompatibleVersion.minor &&
+			releaseVer.patch == latestCompatibleVersion.patch {
+			// If versions are equal, prefer the more precise one (e.g., "v6.0.0" over "v6")
+			if releaseVer.isPreciseVersion() && !latestCompatibleVersion.isPreciseVersion() {
+				latestCompatible = release
+				latestCompatibleVersion = releaseVer
+			}
 		}
 	}
 
