feat(outdated): support monorepo tag nameing convention#1504
Conversation
|
@microsoft-github-policy-service agree company="EnBW" |
When a tag_pattern contains {name}, specialize matching to the target package name so monorepo tags for other packages don't skew outdated results. Also harden parse_tag_version for patterns without {version}.
Co-authored-by: Cursor <cursoragent@cursor.com>
Sync the shipped command guide with the new outdated behavior, add integration coverage for marketplace monorepo tag inference, and align automatic outdated tag patterns with the documented double-dash convention. Addresses shepherd panel follow-ups for PR microsoft#1504. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
59a885f to
acf9306
Compare
APM Review Panel:
|
| Persona | B | R | N | Takeaway |
|---|---|---|---|---|
| Python Architect | 0 | 0 | 0 | Clean extraction of monorepo tag logic into tag_pattern module; fallback diagnostics and docs/tests are folded. |
| CLI Logging Expert | 0 | 0 | 0 | No user-facing output regressions; fallback inference now has debug breadcrumbs. |
| DevX UX Expert | 0 | 0 | 0 | Monorepo tag support is well-motivated; the shipped command guide and docs are now in sync. |
| Supply Chain Security Expert | 0 | 0 | 0 | No security-relevant surface touched; tag inference remains informational. |
| OSS Growth Hacker | 0 | 0 | 0 | Monorepo tag support removes an adoption blocker and is now visible in reference docs. |
| Doc Writer | 0 | 0 | 0 | Outdated and marketplace docs now accurately describe patterned-tag detection. |
| Test Coverage Expert | 0 | 0 | 0 | Unit coverage is thorough; integration coverage now exercises marketplace outdated monorepo tag inference. |
B = blocking-severity findings, R = recommended, N = nits.
Counts are signal strength, not gates. The maintainer ships.
Reservations carried from strategic-alignment
- PR changes CLI behavior for
apm outdatedname/version/tag support -- addressed by folded docs inpackages/apm-guide/.apm/skills/apm-usage/commands.mdand public reference docs. - Ensure required CI checks run green on the merge commit -- local validation is green; GitHub Actions workflows are awaiting maintainer approval to run on the fork.
Folded in this run
- (panel) Synced apm-guide command docs for
apm outdatedandapm marketplace outdated-- resolved inacf9306d. - (panel) Added marketplace outdated integration coverage for
{name}_v{version}monorepo tags -- resolved inacf9306d. - (panel) Aligned default outdated tag detection with documented
{name}--v{version}layout -- resolved inacf9306d. - (panel) Added fallback inference diagnostics and clarified public docs -- resolved in
acf9306d.
Copilot signals reviewed
- Copilot review
4372079457-- NOT-LEGIT: bot reported it could not review any files and provided no actionable inline finding.
Regression-trap evidence (mutation-break gate)
tests/integration/marketplace/test_outdated_integration.py::TestOutdatedVersionRanges::test_name_underscore_tags_are_inferred_end_to_end-- deleted_collect(inferred)fallback; test FAILED as expected; guard restored.
Lint contract
uv run --extra dev ruff check src/ tests/ and
uv run --extra dev ruff format --check src/ tests/ both passed after rebase onto origin/main.
CI
Local targeted tests passed: 85 passed. GitHub check rollup currently reports license/cla success; CI, Merge Gate, CodeQL, Deploy Docs, Spec conformance, and NOTICE Drift Check are action_required because the fork workflow runs need maintainer approval.
Mergeability status
Captured from gh pr view 1504 --json mergeable,mergeStateStatus,statusCheckRollup after the last push of this run.
| PR | head SHA | CEO stance | iters | folds | defers | Copilot rounds | CI | mergeable | mergeStateStatus | notes |
|---|---|---|---|---|---|---|---|---|---|---|
| #1504 | acf9306 |
ship_now | 1 | 4 | 0 | 1 | red | MERGEABLE | BLOCKED | awaiting workflow approval |
Recommendation
Advisory panel recommends ship after maintainer approval runs the pending workflows and the protected checks report green.
This panel is advisory. It does not block merge. Re-apply the panel-review label after addressing feedback to re-run.
…ching PR microsoft#1504 added monorepo tag support ({name}_v{version}), but _package_basename() only considered repo_url. For virtual subdirectory packages (e.g. path: packages/agent-dev-workflow), the repo basename (smo-architektur.ai) did not match the tag prefix (agent-dev-workflow), causing apm outdated to report unknown. This fix derives the basename from virtual_path for subdirectory packages, aligning with the same logic already used in revision_pins.py. Resolves the unknown status seen for monorepo virtual deps.
…directory deps
- Document that {name} in patterned tags is derived from virtual_path
basename for virtual subdirectory packages (e.g. packages/my-pkg).
- Add example row showing monorepo virtual dep in sample output.
- Add concrete apm.yml example with path: for monorepo deps.
Follow-up to microsoft#1504 and microsoft#1893.
…directory deps
- Document that {name} in patterned tags is derived from virtual_path
basename for virtual subdirectory packages (e.g. packages/my-pkg).
- Add example row showing monorepo virtual dep in sample output.
- Add concrete apm.yml example with path: for monorepo deps.
Follow-up to microsoft#1504 and microsoft#1893.
…ching (#1893) * fix(outdated): use virtual-path basename for monorepo tag pattern matching PR #1504 added monorepo tag support ({name}_v{version}), but _package_basename() only considered repo_url. For virtual subdirectory packages (e.g. path: packages/agent-dev-workflow), the repo basename (smo-architektur.ai) did not match the tag prefix (agent-dev-workflow), causing apm outdated to report unknown. This fix derives the basename from virtual_path for subdirectory packages, aligning with the same logic already used in revision_pins.py. Resolves the unknown status seen for monorepo virtual deps. * fix(outdated): avoid MagicMock truthiness in _package_basename Existing unit tests build deps with bare MagicMock() and never set is_virtual. MagicMock returns a new (truthy) MagicMock for unknown attributes, so the new virtual-path branch fires and returns a MagicMock as package_name. That flows into re.compile and raises TypeError. Change `if dep.is_virtual` to `if dep.is_virtual is True` so only real LockedDependency instances with is_virtual=True enter the branch. * fix(outdated): address review-panel feedback for PR #1893 - Revert 'is True' identity guard; fix test helpers to set is_virtual=False. - Delegate virtual-subdir basename extraction to revision_pins._package_name to avoid silent divergence between outdated and update. - Pass already-built dep_ref into _package_basename to avoid double-allocation. - Add parametrized unit tests for trailing-slash / nested virtual_path variants. - Add CHANGELOG entry under [Unreleased] > Fixed. * fix(outdated): fold review feedback for PR 1893 Restore the release changelog entries that the branch had dropped, move the new outdated fix note back under Unreleased, and promote the revision-pin package-name helper before reusing it from outdated.py. Addresses apm-review-panel follow-ups for PR #1893. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Sergio Sisternes <sergio_sisternes@epam.com> Co-authored-by: danielmeppiel <danielmeppiel@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Daniel Meppiel <51440732+danielmeppiel@users.noreply.github.com>
…directory deps (#1895) * docs(outdated): clarify monorepo tag pattern matching for virtual subdirectory deps - Document that {name} in patterned tags is derived from virtual_path basename for virtual subdirectory packages (e.g. packages/my-pkg). - Add example row showing monorepo virtual dep in sample output. - Add concrete apm.yml example with path: for monorepo deps. Follow-up to #1504 and #1893. * docs(outdated): address review-panel feedback for PR #1895 - Widen Current column in sample output so monorepo tag names fit. - Fix outdated dependency count in sample output (7, not 2). - Add #### Monorepo subdirectory packages heading before YAML example. - Add note that apm.lock.yaml stores resolved_commit SHA, not the tag, as the integrity anchor. - Mention path validation / traversal-rejection in the virtual_path prose. * docs(outdated): fold panel feedback -- remove impl-detail parenthetical, fix heading level Remove security implementation detail from patterned-tag bullet: the path-validation note belongs in internals docs, not a usage reference bullet. All six active panelists flagged the same sentence. Fix heading level inconsistency: the new Monorepo subdirectory section used h4 (####) while the adjacent Status values section uses h3 (###). Both are subsections of Examples; align to h3. Also trim redundant parenthetical from the subsection intro sentence: tag derivation is already explained in the Description section above. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Sergio Sisternes <sergio_sisternes@epam.com> Co-authored-by: danielmeppiel <danielmeppiel@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
What
apm outdated and apm marketplace outdated now understand monorepo-style git tags like my-package_v1.0.1, not only v1.0.0.
Why
Repos that tag per package often use package_v1.0.0. Before this change, APM treated those refs as branch names, so outdated showed unknown instead of a real Latest / Status.
Idea is when you have a monorepo with multiple apm's
Note
We use _v (e.g. api-governance_v1.0.2), not @, because @ is already used for marketplace installs (apm install pkg@my-marketplace). If any other prefered standard is wanted, this can be changed.