Do not update to a tool's latest version if it is a pre-release

The 'latest' flag for this library should only support normal semantic versions, which means X.Y.Z. However, right now it will pull whatever the latest release is from GitHub, which might be a pre-release version or contain build metadata.

In the UpdateVersions script, all we do is check that the version is valid according to the versions library:

setup-purescript/src/Setup/UpdateVersions.purs

Lines 87 to 95 in beee57d

    
           Right tagStr -> do 
        
             let tag = fromMaybe tagStr (String.stripPrefix (String.Pattern "v") tagStr) 
        
             case Version.parseVersion tag of 
        
               Left e -> 
        
                 throwError $ error $ fold 
        
                   [ "Failed to decode tag from GitHub response: ", parseErrorMessage e ] 
        
               Right v -> 
        
                 pure v

In this check we should additionally ensure that the version doesn't contain any pre-release ~~or build identifiers~~. The versions library includes that information in its type, so this should be possible:

https://github.com/hdgarrood/purescript-versions/blob/5da24cc63a1fa9a3d09156afa49ad49b3c0fff84/src/Data/Version.purs#L54-L56

This will prevent users from inadvertently updating to an alpha or pre-release version that they almost certainly don't want. They can still point to that version by specifying the version manually.

Is this just checking that both List Identifiers are empty?

I believe so -- the versions library may have helpers for this as well.

I think the function we want is isPreRelease: https://github.com/hdgarrood/purescript-versions/blob/v5.0.1/src/Data/Version.purs#L173-L173. That is, we should be checking that the first list (the prerelease identifiers, the part after a -) is empty, but technically we should be ignoring the second. The build metadata (stuff which follows a +) doesn't indicate that it's not a proper version, it's just a place you can store something like a hash or a date if you want to do that. It's unlikely to make much a difference though, since barely anyone uses build metadata anyway.

If we can do the right thing (only check pre-release), then we should! Thanks for pointing that out. I've edited the original issue description to only focus on pre-release information, and not on build metadata.

I'd like to give this a stab. Assign me to the issue @thomashoneyman.

I'm only able to assign to repo members, but please feel free to take it!

I'm only able to assign to repo members

That's a first for me.
Anyway, I'll hopefully fix it!

Well, I don’t know what I was doing wrong before, but I tried assigning to you again and this time your name did show up in the list. Assigned!

I have a question. What should I do when the latest release is a pre-release one? I know I'm supposed to find the latest release that's not a pre-release. How can I do that? Also, there is an edge case if the library only has pre-releases. What should we do in that case?

We already have the latest versions for each of the tools included in this repo, so I would say if there’s not a prerelease version then we can fall back to that.

And because we know what tools are supported we don’t have to worry about tools with only prerelease versions. That case won’t happen.

That makes sense. Are there any plans to change that versioning model? And if we control the latest versions, is there really any need for this check, or is it just in case?

Oh wait, it checks if the latest version in the GitHub repo is a prerelease, not the local version. Anyway, PR coming up soon.

	Right tagStr -> do
	let tag = fromMaybe tagStr (String.stripPrefix (String.Pattern "v") tagStr)
	case Version.parseVersion tag of
	Left e ->
	throwError $ error $ fold
	[ "Failed to decode tag from GitHub response: ", parseErrorMessage e ]

	Right v ->
	pure v