Comments (9)
@lucemia I just released v1.44 which should fix that! https://github.com/dependabot/cli/releases/tag/v1.44.0
from cli.
For Python the credentials section should be like so:
credentials:
- type: python_index # underscore
index-url: [registry_url] # index-url, not registry
token: [token]
from cli.
Did you try specifying username
and password
instead of token
?
from cli.
Did you try specifying
username
andpassword
instead oftoken
?
yeah! I have tried that @deivid-rodriguez
from cli.
Ah yes, I think the token needs to be specified as username:password
, did you use that format?
from cli.
I encountered this problem as well. Despite setting the token in the format of "username:password", I continued to receive an error.
updater | 2023/12/18 01:11:14 ERROR Error processing pydantic (KeyError)
updater | 2023/12/18 01:11:14 ERROR key not found: "index-url"
Complete Log
➜ dependabot-core git:(fix-8533-dry-run-failed) ✗ dependabot update -f job.json
cli | 2023/12/18 01:11:06 Adding missing credentials-metadata into job definition
cli | 2023/12/18 01:11:06 using image ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:latest at sha256:51c2db9ad982aa81cde99979c5bb0f900de092cc37bf65d555c9663bfde053ec
cli | 2023/12/18 01:11:06 using image ghcr.io/dependabot/dependabot-updater-pip at sha256:6475120f5a2b1174029943b6bd16c2e6ead32b84f31abf6c931c9a9cf2f6091f
updater | Updating certificates in /etc/ssl/certs...
proxy | 2023/12/18 01:11:07 proxy starting, commit: 6cffd6fae1b2f713f2d837bc45fe916f855c821d
proxy | 2023/12/18 01:11:07 initializing metrics client: No address passed and autodetection from environment failed
proxy | 2023/12/18 01:11:07 Listening (:1080)
updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
updater | 1 added, 0 removed; done.
updater | Running hooks in /etc/ca-certificates/update.d...
updater | done.
updater | 2023/12/18 01:11:08 INFO Raven 3.1.2 configured not to capture errors: DSN not set
updater | 2023/12/18 01:11:08 INFO Starting job processing
proxy | 2023/12/18 01:11:09 [002] GET https://github.com:443/MYORG/MYREPO/info/refs?service=git-upload-pack
proxy | 2023/12/18 01:11:09 [002] * authenticating git server request (host: github.com)
proxy | 2023/12/18 01:11:10 [002] 200 https://github.com:443/MYORG/MYREPO/info/refs?service=git-upload-pack
proxy | 2023/12/18 01:11:10 [003] POST https://github.com:443/MYORG/MYREPO/git-upload-pack
proxy | 2023/12/18 01:11:10 [003] * authenticating git server request (host: github.com)
proxy | 2023/12/18 01:11:10 [003] 200 https://github.com:443/MYORG/MYREPO/git-upload-pack
proxy | 2023/12/18 01:11:10 [004] POST https://github.com:443/MYORG/MYREPO/git-upload-pack
proxy | 2023/12/18 01:11:10 [004] * authenticating git server request (host: github.com)
proxy | 2023/12/18 01:11:10 [004] 200 https://github.com:443/MYORG/MYREPO/git-upload-pack
updater | 2023/12/18 01:11:11 INFO Finished job processing
updater | 2023/12/18 01:11:12 INFO Raven 3.1.2 configured not to capture errors: DSN not set
updater | 2023/12/18 01:11:12 INFO Starting job processing
proxy | 2023/12/18 01:11:14 [005] POST http://host.docker.internal:57960/update_jobs/cli/update_dependency_list
cli | 2023/12/18 01:11:14 yaml: unmarshal errors: line 1: cannot unmarshal !!str `g8` into model.RequirementSource line 1: cannot unmarshal !!str `g8` into model.RequirementSource line 1: cannot unmarshal !!str `g8` into model.RequirementSource line 1: cannot unmarshal !!str `g8` into model.RequirementSource line 1: cannot unmarshal !!str `g8` into model.RequirementSource
{"data":{"dependencies":null,"dependency_files":null},"type":"update_dependency_list"}
proxy | 2023/12/18 01:11:14 [005] 200 http://host.docker.internal:57960/update_jobs/cli/update_dependency_list
proxy | 2023/12/18 01:11:14 [006] POST http://host.docker.internal:57960/update_jobs/cli/increment_metric
{"data":{"metric":"updater.started","tags":{"operation":"update_all_versions"}},"type":"increment_metric"}
proxy | 2023/12/18 01:11:14 [006] 200 http://host.docker.internal:57960/update_jobs/cli/increment_metric
updater | 2023/12/18 01:11:14 INFO Starting update job for MYORG/MYREPO
updater | 2023/12/18 01:11:14 INFO Checking all dependencies for version updates...
updater | 2023/12/18 01:11:14 INFO Checking if pydantic 1.10.13 needs updating
proxy | 2023/12/18 01:11:14 [007] POST http://host.docker.internal:57960/update_jobs/cli/record_update_job_error
{"data":{"error-type":"unknown_error","error-details":null},"type":"record_update_job_error"}
proxy | 2023/12/18 01:11:14 [007] 200 http://host.docker.internal:57960/update_jobs/cli/record_update_job_error
updater | 2023/12/18 01:11:14 ERROR Error processing pydantic (KeyError)
updater | 2023/12/18 01:11:14 ERROR key not found: "index-url"
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/authed_url_builder.rb:9:in `fetch'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/authed_url_builder.rb:9:in `authed_url'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:156:in `block in config_variable_index_urls'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:156:in `map'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:156:in `config_variable_index_urls'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:23:in `index_urls'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:218:in `index_urls'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:146:in `available_versions'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:53:in `fetch_latest_version'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:34:in `latest_version'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker.rb:243:in `fetch_latest_version'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/python/lib/dependabot/python/update_checker.rb:33:in `latest_version'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:177:in `all_versions_ignored?'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:80:in `check_and_create_pull_request'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:60:in `check_and_create_pr_with_error_handling'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:35:in `block in perform'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:35:in `each'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:35:in `perform'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:64:in `run'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:39:in `perform_job'
updater | 2023/12/18 01:11:14 ERROR /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:53:in `run'
updater | 2023/12/18 01:11:14 ERROR bin/update_files.rb:24:in `<main>'
from cli.
Thanks, I can confirm that this issue has been resolved with version 1.44.0.
from cli.
@lucemia do you mind if I ask if you use pipenv
? And if you do, how do you specify the token needed to authenticate against your private repository? We pass it via an env var into our Pipfile
, but in that case the CLI is unable to authenticate against it, even when passing the token in the job definition. Similarly, unless we hardcode the token, the github dependabot is creating invalid Pipfile.lock
files for us: dependabot/dependabot-core#7936
Thanks!
from cli.
No, I didn't use pipenv.
My scenario is pretty straightforward.
I ran the command:
dependabot update -f job.json
Here's how my job.json is set up:
# job.yaml
job:
package-manager: pip
allowed-updates:
- update-type: all
source:
provider: github
repo: [ORG/REPO]
directory: /
branch: main
credentials:
- type: python_index
index-url: PRIVATE_PYPI
token: _json_key_base64:[PRIVATE_KEY]
- type: git_source
host: github.com
username: x-access-token
password: [GITHUB_TOKEN]
It started working after PR https://github.com/dependabot/cli/pull/215/files was merged!
from cli.
Related Issues (20)
- Provide a `dependabot new-ecosystem` command
- [Question] Error during file fetching; aborting: Failed to open TCP connection HOT 4
- v1.46.0 failing on ERROR key not found: "password" HOT 5
- v1.46.1 failing with updater failure HOT 3
- change the build-from-source instructions
- failed to update deps from auth failures results in failed build in javascript HOT 4
- job.yaml and gradle support HOT 5
- Always pull, even if image available locally HOT 3
- Creating Pull Request for Bitbucket Cloud HOT 1
- Feature request: use config from dependabot.yml HOT 1
- Error resolving private repository for Go using git
- Slow scanning taking over an hour
- Any way to skip private registries?
- Discrepancies in cli vs GitHub Actions
- Feature request: Run updates locally HOT 2
- Verify container image signatures using cosign HOT 2
- air-gapped containers
- [Question] Is it possible to use this without Docker?
- [Question]: logs from containers?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.