dependabot / dependabot-script Goto Github PK
View Code? Open in Web Editor NEWA simple script that demonstrates how to use Dependabot Core
License: MIT License
A simple script that demonstrates how to use Dependabot Core
License: MIT License
Hi! I can't set DIRECTORY_PATH
correctly.
Currently my .gitlab-ci.yml
looks like this
.dependabot:
image: dependabot/dependabot-core
variables:
PACKAGE_MANAGER: $CI_JOB_NAME
before_script:
- bundle install -j $(nproc) --path vendor
script: bundle exec ruby ./generic-update-script.rb
cache:
paths:
- vendor/
only:
- schedules
npm_and_yarn:
extends: .dependabot
only:
variables:
- $PACKAGE_MANAGER_SET =~ /(\bnpm|yarn\b)/
- $DIRECTORY_PATH =~ /Frontend/
The error is that it still tries to get files from the root of the repo that I'm trying to update dependencies. So no variable cant is not applied here.
Why I did $DIRECTORY_PATH =~ /Frontend/
?
Because if I do
- DIRECTORY_PATH =~ /Frontend/
- jobs:npm_and_yarn:only variables invalid expression syntax
- $DIRECTORY_PATH = /Frontend/
- jobs:npm_and_yarn:only variables invalid expression syntax
- $DIRECTORY_PATH = Frontend
- jobs:npm_and_yarn:only variables invalid expression syntax
- $DIRECTORY_PATH = "Frontend"
- jobs:npm_and_yarn:only variables invalid expression syntax
- $DIRECTORY_PATH: "Frontend"
- gitlab just gives 500 error- DIRECTORY_PATH: "Frontend"
- gitlab just gives 500 errorI've tried a lot of things, none worked.
What is the correct way of setting DIRECTORY_PATH variable?
We have a private gitlab installation and I have configured the dependabot-script and schedules for some of the repos.
One of the repo has a .dependabot/config.yml
in the root and I was expecting that the dependabot-script
job will read the config.yml
but it did not.
How do I make it read my config.yml
?
Is it possible to specify default assignee for all pull-requests?
For example, we have a single person in a team who's responsibility is to review/merge PRs from dependabot.
Or generic-update-script
should be tweaked manually?
Is it possible to set commit message format?
We use commitezen
and conventional-changelog
.
We also have this regex /^(revert: )?(feat|fix|docs|refactor|chore)(\(.+\))?:.{1,50}refs #\d+/
as a push-rule.
For testing reasons I have closed one of the pull requests created by dependabot on Gitlab:
And then I executed another pipeline, and I expected that a comment similar to Github's version will be created. Like "Oh, I see that this dependency does not need to be updated, etc"
But, nothing happened. CI log:
$ bundle exec ruby ./generic-update-script.rb
Fetching bundler dependency files for wemake.services/kira-dependencies
Parsing dependencies information
- Updating dependabot-omnibus (from 0.105.6)… submitted
Done
Is it how it should be? Or is there a bug?
I suggest setting up some form of CI tests for this project so issues like the one in #319 get caught sooner, ideally before getting merged.
Dependabot core seems to be able to understand when a repo is using conventional commits, but it seems that Dependabot Script does not honor that. Is there some flag I can give it to force it to do so?
Two of the features from the web based version that I particularly like are the closing of PRs bumping from 1.2.3. to 1.2.4 when a 1.2.3 to 1.2.5 PR opens prior to the former being merged, as well as being able to whitelist specific dependencies (e.g. dev dependencies) to automerge when status checks pass.
How can I approximate these using Dependabot Script for deployments in GitHub Enterprise?
We have a Python project that uses boto3 and botocore. They're releasing a new version almost daily. Unfortunately for us they are next to each other in our requirementst.txt which means we have to deal with merge conflicts on a daily basis too.
If we don't, the merge requests (our private repo's are on GitLab) start to pile up.
Merging them automatically wouldn't solve it for us. One will get merged. The other can't, because of a conflict.
What is the recommended method to deal with situations like this? If it isn't possible to merge them, can we ignore patch releases for both packages and focus on minor releases only?
Currently trying the Azure DevOps setup and cannot get the generic-script to work. Seems to me that the error is thrown from updater.updated_dependency_files
. Every step until this is going fine, I just lack the PR step :)
Gemfile:
ruby "2.6.5"
source "https://rubygems.org"
gem "irb"
gem "dependabot-omnibus", "~> 0.113.28"
Stack-trace is as follows:
2020-02-18T11:43:58.5720467Z [command]/bin/bash --noprofile --norc /home/vsts/work/_temp/421cd65a-a7fe-4bc5-a2af-45c55218843f.sh
2020-02-18T11:44:02.8397880Z Found @testing-library/jest-dom @ 4.2.4...
2020-02-18T11:44:08.5986362Z considering upgrade to 5.1.1
2020-02-18T11:44:08.6511870Z /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:117:in `rescue in run_helper_subprocess': Dependabot::SharedHelpers::HelperSubprocessFailed
2020-02-18T11:44:08.6513206Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:85:in `run_helper_subprocess'
2020-02-18T11:44:08.6513766Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:151:in `run_npm_top_level_updater'
2020-02-18T11:44:08.6514341Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:139:in `block in run_npm_updater'
2020-02-18T11:44:08.6514818Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:143:in `with_git_configured'
2020-02-18T11:44:08.6515367Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:137:in `run_npm_updater'
2020-02-18T11:44:08.6515892Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:115:in `run_current_npm_update'
2020-02-18T11:44:08.6516408Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:35:in `block (2 levels) in updated_lockfile_content'
2020-02-18T11:44:08.6516954Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `chdir'
2020-02-18T11:44:08.6517457Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `block in updated_lockfile_content'
2020-02-18T11:44:08.6518236Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
2020-02-18T11:44:08.6518749Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `chdir'
2020-02-18T11:44:08.6519309Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
2020-02-18T11:44:08.6519715Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
2020-02-18T11:44:08.6520234Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
2020-02-18T11:44:08.6520718Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:30:in `updated_lockfile_content'
2020-02-18T11:44:08.6521287Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:187:in `updated_package_lock_content'
2020-02-18T11:44:08.6521759Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:120:in `package_lock_changed?'
2020-02-18T11:44:08.6522294Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:149:in `block in updated_lockfiles'
2020-02-18T11:44:08.6522750Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `each'
2020-02-18T11:44:08.6523258Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `updated_lockfiles'
2020-02-18T11:44:08.6523907Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
2020-02-18T11:44:08.6524288Z from ./update-script.rb:84:in `block in <main>'
2020-02-18T11:44:08.6524708Z from ./update-script.rb:47:in `each'
2020-02-18T11:44:08.6525064Z from ./update-script.rb:47:in `<main>'
2020-02-18T11:44:08.6525604Z /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/json/common.rb:156:in `parse': 767: unexpected token at '' (JSON::ParserError)
2020-02-18T11:44:08.6526344Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/json/common.rb:156:in `parse'
2020-02-18T11:44:08.6526824Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:109:in `run_helper_subprocess'
2020-02-18T11:44:08.6527386Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:151:in `run_npm_top_level_updater'
2020-02-18T11:44:08.6527913Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:139:in `block in run_npm_updater'
2020-02-18T11:44:08.6528418Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:143:in `with_git_configured'
2020-02-18T11:44:08.6528920Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:137:in `run_npm_updater'
2020-02-18T11:44:08.6530866Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:115:in `run_current_npm_update'
2020-02-18T11:44:08.6532487Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:35:in `block (2 levels) in updated_lockfile_content'
2020-02-18T11:44:08.6533066Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `chdir'
2020-02-18T11:44:08.6533708Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `block in updated_lockfile_content'
2020-02-18T11:44:08.6534315Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
2020-02-18T11:44:08.6534838Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `chdir'
2020-02-18T11:44:08.6536314Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
2020-02-18T11:44:08.6537774Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
2020-02-18T11:44:08.6538992Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
2020-02-18T11:44:08.6539572Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:30:in `updated_lockfile_content'
2020-02-18T11:44:08.6539935Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:187:in `updated_package_lock_content'
2020-02-18T11:44:08.6540571Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:120:in `package_lock_changed?'
2020-02-18T11:44:08.6540937Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:149:in `block in updated_lockfiles'
2020-02-18T11:44:08.6541259Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `each'
2020-02-18T11:44:08.6541652Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `updated_lockfiles'
2020-02-18T11:44:08.6541991Z from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
2020-02-18T11:44:08.6542269Z from ./update-script.rb:84:in `block in <main>'
2020-02-18T11:44:08.6542496Z from ./update-script.rb:47:in `each'
2020-02-18T11:44:08.6542703Z from ./update-script.rb:47:in `<main>'
2020-02-18T11:44:08.6723405Z ##[error]Bash exited with code '1'.
2020-02-18T11:44:08.6735238Z ##[section]Finishing: Update dependencies
Script:
require "dependabot/file_fetchers"
require "dependabot/file_parsers"
require "dependabot/update_checkers"
require "dependabot/file_updaters"
require "dependabot/pull_request_creator"
require "dependabot/omnibus"
package_manager = "npm_and_yarn"
repo = "MY_REPO"
credentials = [{
"type" => "git_source",
"host" => "dev.azure.com",
"username" => "",
"password" => ENV["AZURE_ACCESS_TOKEN"]
},{
"type" => "npm",
"url" => "https://pkgs.dev.azure.com/MY_ORG/_packaging/MY_FEED/npm/package.json",
"token" => ":#{ENV["AZURE_ACCESS_TOKEN"]}"
}]
source = Dependabot::Source.new(
provider: "azure",
repo: repo,
hostname: "dev.azure.com",
api_endpoint: "https://dev.azure.com/",
directory: "/",
branch: nil,
)
fetcher = Dependabot::FileFetchers.for_package_manager(package_manager).new(
source: source,
credentials: credentials,
)
files = fetcher.files
commit = fetcher.commit
parser = Dependabot::FileParsers.for_package_manager(package_manager).new(
dependency_files: files,
source: source,
credentials: credentials,
)
dependencies = parser.parse
dependencies.select(&:top_level?).each do |dep|
puts "Found #{dep.name} @ #{dep.version}..."
checker = Dependabot::UpdateCheckers.for_package_manager(package_manager).new(
dependency: dep,
dependency_files: files,
credentials: credentials,
)
if checker.up_to_date?
puts " already using latest version"
next
end
requirements_to_unlock =
if !checker.requirements_unlocked_or_can_be?
if checker.can_update?(requirements_to_unlock: :none) then :none
else :update_not_possible
end
elsif checker.can_update?(requirements_to_unlock: :own) then :own
elsif checker.can_update?(requirements_to_unlock: :all) then :all
else :update_not_possible
end
next if requirements_to_unlock == :update_not_possible
updated_deps = checker.updated_dependencies(
requirements_to_unlock: requirements_to_unlock
)
puts " considering upgrade to #{checker.latest_version}"
updater = Dependabot::FileUpdaters.for_package_manager(package_manager).new(
dependencies: updated_deps,
dependency_files: files,
credentials: credentials,
)
updated_files = updater.updated_dependency_files
pr_creator = Dependabot::PullRequestCreator.new(
source: source,
base_commit: commit,
dependencies: updated_deps,
files: updated_files,
credentials: credentials,
label_language: true,
author_details: {
email: "dependabot@MY_DOMAIN",
name: "dependabot"
},
)
pull_request = pr_creator.create
if pull_request&.status == 201
content = JSON[pull_request.body]
puts " PR ##{content["pullRequestId"]} submitted"
else
puts " PR already exists or an error has occurred"
end
next unless pull_request
end
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "citrus":
In Gemfile:
dependabot-omnibus (>= 0.86.18, <= 0.86.20) was resolved to 0.86.18, which depends on
dependabot-core (= 0.86.18) was resolved to 0.86.18, which depends on
toml-rb (~> 1.1, >= 1.1.2) was resolved to 1.1.2, which depends on
citrus (> 3.0, ~> 3.0)
Could not find gem 'citrus (> 3.0, ~> 3.0)', which is required by gem 'toml-rb (~> 1.1, >= 1.1.2)', in any of the sources.
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Hello, it would be nice if the update script could automatically guess the PACKAGE_MANAGER environment variable if not provided, e.g. by checking if build.gradle
or Gemfile
file is present.
It could also automatically traverse the directory structure and guess package manager of particular projects. In other words, automatic support for monorepos.
Maybe this or similar code is already present in the dependabot-core?
I'm not able to provide any code in Ruby, but would be possible in Java.
Hello,
I successfully run the generic script to update maven dependencies, but I would like to run it for only one dependency. There for I used update-script.rb. But updated_deps = checker.updated_dependencies(requirements_to_unlock: :own)
always returns empty array and with my investigation the script is able to retrieve the latest version which is different from current version in the pom.xml.
I see that
when :own
preferred_version_resolvable_with_unlock?
always returns false which makes updated_deps = checker.updated_dependencies(requirements_to_unlock: :own)
return an empty list and thus no updates are done.
I use multi-module maven project with shared properties. Is this the not supported?
Hello,
i am using the latest master version of dependabot-script with the example gitlab-ci config. It requests the docker container dependabot/dependabot-core which uses ruby 2.5 but the gemfile requires a newer version
https://github.com/dependabot/dependabot-core/blob/master/Dockerfile#L56
Error message in gitlab ci:
Your Ruby version is 2.5.3, but your Gemfile specified 2.6.1
Hi! Thank you for the great tool!
I could something miss but I've not found any info about successfully configuring 'dependabot-script
' for GitLab CI + projects based on Poetry (python).
I've followed this guide but there no luck for me both for 'PACKAGE_MANAGER_SET=pip':
$ bundle exec ruby ./generic-update-script.rb
/builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:395:in 'rescue in default_branch_for_repo': Dependabot::RepoNotFound (Dependabot::RepoNotFound)
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:391:in 'default_branch_for_repo'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:61:in 'commit'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:308:in '_full_specification_for'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:125:in '_fetch_repo_contents'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:110:in 'repo_contents'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:77:in 'fetch_file_if_present'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/file_fetcher.rb:119:in 'pipfile'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/file_fetcher.rb:65:in 'pipenv_files'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/file_fetcher.rb:42:in 'fetch_files'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:55:in 'files'
from ./generic-update-script.rb:115:in '<main>'
/builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/response/raise_error.rb:16:in 'on_complete': GET https://api.github.com/repos/product/mspy-lister: 404 - Not Found // See: https://developer.github.com/v3/repos/#get (Octokit::NotFound)
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/response.rb:9:in 'block in call'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/response.rb:61:in 'on_complete'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/response.rb:8:in 'call'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/middleware/follow_redirects.rb:73:in 'perform_with_redirection'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/middleware/follow_redirects.rb:61:in 'call'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/request/retry.rb:130:in 'call'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/rack_builder.rb:143:in 'build_response'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/connection.rb:387:in 'run_request'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/faraday-0.17.0/lib/faraday/connection.rb:138:in 'get'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/sawyer-0.8.2/lib/sawyer/agent.rb:94:in 'call'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/connection.rb:156:in 'request'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/connection.rb:19:in 'get'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/client/repositories.rb:29:in 'repository'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/clients/github_with_retries.rb:95:in 'public_send'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/clients/github_with_retries.rb:95:in 'block in method_missing'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/clients/github_with_retries.rb:115:in 'retry_connection_failures'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/clients/github_with_retries.rb:92:in 'method_missing'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/clients/github_with_retries.rb:66:in 'fetch_default_branch'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:393:in 'default_branch_for_repo'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:61:in 'commit'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:308:in '_full_specification_for'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:125:in '_fetch_repo_contents'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:110:in 'repo_contents'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:77:in 'fetch_file_if_present'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/file_fetcher.rb:119:in 'pipfile'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/file_fetcher.rb:65:in 'pipenv_files'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/file_fetcher.rb:42:in 'fetch_files'
from /builds/zSsuxM4a/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers/base.rb:55:in 'files'
from ./generic-update-script.rb:115:in '<main>'
... also as for 'PACKAGE_MANAGER_SET=poetry'
$ bundle exec ruby ./generic-update-script.rb
/builds/v5w4qxLp/0/alexandre.fedossov/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/file_fetchers.rb:11:in 'for_package_manager': Unsupported package_manager poetry (RuntimeError)
Can someone point me to the right path of investigation?
Thank you!
Bumping dependencies for Poetry project (pip manager set) fails with following stack trace:
pyenv: version `3.7.4' is not installed (set by /builds/devops/dependabot/tmp/dependabot_20191120-12-xii99d/.python-version)
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/update_checker/poetry_version_resolver.rb:319:in `run_poetry_command'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/update_checker/poetry_version_resolver.rb:85:in `block (2 levels) in fetch_latest_resolvable_version_string'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/shared_helpers.rb:141:in `with_git_configured'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/update_checker/poetry_version_resolver.rb:73:in `block in fetch_latest_resolvable_version_string'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/shared_helpers.rb:37:in `chdir'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
/usr/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/update_checker/poetry_version_resolver.rb:72:in `fetch_latest_resolvable_version_string'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/update_checker/poetry_version_resolver.rb:42:in `latest_resolvable_version'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-python-0.113.15/lib/dependabot/python/update_checker.rb:43:in `latest_resolvable_version'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/update_checkers/base.rb:70:in `preferred_resolvable_version'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/update_checkers/base.rb:233:in `preferred_version_resolvable_with_unlock?'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/update_checkers/base.rb:225:in `numeric_version_can_update?'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/update_checkers/base.rb:175:in `version_can_update?'
/builds/devops/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.15/lib/dependabot/update_checkers/base.rb:38:in `can_update?'
./generic-update-script.rb:152:in `block in <main>'
./generic-update-script.rb:130:in `each'
./generic-update-script.rb:130:in `<main>'
Hi,
I would like to know if it's possible to only use local registry / repository without accessing github.com?
I was able to configure local maven repository using generic-update-script but it keeps using api.github.com for external dependencies like spring.
I see the benefits but I would like to be internet independent because I am running on an GHE.
Thx
As you can see in #403 and dependabot/dependabot-core#399 (comment) people are asking for config.yml
in this script
Hi... I have a question...
How can I force a merge request rebase on gitlab?
Gitlab has a very cool (and helpful) feature called "Merge commit with semi-linear history":
In practice, in order for a MR to be merged, it must be first contain all commits of the target branch (via rebase or merge).
This guarantees that the CI run for the MR source branch is going to lead to a green build also when merged in the target branch.
The problem is that dependabot-script generates dozens of dependency upgrade MRs (which is fine), and each merge requires a full rebase of all other MRs. The question is whether dependabot-script can somehow rebase those, or react to triggers on merge, so that its open MRs are rebased automatically.
Is something like that feasible?
Is it possible to define custom labels and colors?
The only solution google suggests is to write @dependabot use these labels
but this obviously does not work with dependabot-script
Hi, @greysteil! I am trying to integrate this project to my existing workflow inside Gitlab.
It works great, but still makes me a little bit uncomfortable.
Because I have to keep generic-update-script.rb
, Gemfile
, etc inside my project.
I also have to update gems inside this Gemfile
as well.
What do I suggest?
Dockerfile
inside this project with all dependenciesimage: dependabot/gitlab:latest
inside your own .gitlab-ci.yml
script: ./generic-update-script.rb
inside your update jobsLooks like a big improvement to me.
I can help you with Dockerfile
part and new docs, but I am not able to setup dockerhub integration for you. That's where I need help fro your side.
Cheers!
Default dependabot-script
configuration does not work.
Here's the error I am facing:
Running with gitlab-runner 11.10.0-rc2 (10efa505)
on docker-auto-scale fa6cab46
Using Docker executor with image dependabot/dependabot-core ...
Pulling docker image dependabot/dependabot-core ...
Using docker image sha256:cdfeba49bbbc71f65eaf61dc6aa7af0c404c8f866999bd5fb4d767711b5746c3 for dependabot/dependabot-core ...
Running on runner-fa6cab46-project-11947325-concurrent-0 via runner-fa6cab46-srm-1555756783-44a2c874...
Initialized empty Git repository in /builds/wemake.services/kira-dependencies/.git/
Fetching changes...
Created fresh repository.
From https://gitlab.com/wemake.services/kira-dependencies
* [new branch] master -> origin/master
Checking out a6fe9539 as master...
Skipping Git submodules setup
Checking cache for default...
FATAL: file does not exist
Failed to extract cache
$ bundle install -j $(nproc) --path vendor
Your Ruby version is 2.6.2, but your Gemfile specified 2.6.1
ERROR: Job failed: exit code 1
I am using this exact version: 05c8c34
My workaround is to change ruby
version in Gemfile
to ruby "2.6.2"
.
I get this note when I run the script
$ bundle exec ruby ./generic-update-script.rb
NOTE: Inheriting Faraday::Error::ClientError is deprecated; use Faraday::ClientError instead. It will be removed in or after version 1.0
Faraday::Error::ClientError.inherited called from /builds/*****/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/middleware/follow_redirects.rb:14.
Fetching npm_and_yarn dependency files for *****
Parsing dependencies information
Hello there 😄 I am currently developing dependabot-core locally and I use the development docker container to run it. I would like to run dependabot-script against my local development version to test it with a private repository. Does anybody have any idea what is a potential way to do it?
Hey, kudos for the great work.
Quick question, in the dependabot hosted version (https://app.dependabot.com) I'm able to select PR's on "Only security updates" is it possible to do the same here?
Cheers
There is already an example for GitLab CI, but there is not one for Azure DevOps. The script and core do seem to support Azure, but there is no documentation or examples on how to actually set it up.
It would be good to document Azure DevOps usage.
we have integrated dependabot-script in our jenkins pipeline(running inside docker) the current dependabot-omnibus running on it is v0.117.3, however for the last couple of eslint updates we are noticing our pipeline is breaking on this error(pic attached), any help would be really appreciated :)
Stack Trace here:
[2019-12-05T16:11:50.290Z] /usr/local/lib/ruby/2.6.0/time.rb:372:in _parse' [2019-12-05T16:11:50.290Z] /usr/local/lib/ruby/2.6.0/time.rb:372:in parse' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-npm_and_yarn-0.113.26/lib/dependabot/npm_and_yarn/metadata_finder.rb:67:in block in previous_releasers' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-npm_and_yarn-0.113.26/lib/dependabot/npm_and_yarn/metadata_finder.rb:67:in reject' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-npm_and_yarn-0.113.26/lib/dependabot/npm_and_yarn/metadata_finder.rb:67:in previous_releasers' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-npm_and_yarn-0.113.26/lib/dependabot/npm_and_yarn/metadata_finder.rb:28:in maintainer_changes' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator/message_builder.rb:527:in maintainer_changes' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator/message_builder.rb:427:in maintainer_changes_cascade' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator/message_builder.rb:315:in metadata_cascades_for_dep' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator/message_builder.rb:291:in metadata_cascades' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator/message_builder.rb:47:in pr_message' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator.rb:103:in github_creator' [2019-12-05T16:11:50.290Z] /usr/local/bundle/gems/dependabot-common-0.113.26/lib/dependabot/pull_request_creator.rb:73:in create' [2019-12-05T16:11:50.290Z] /app/update.rb:153:in block in <main>' [2019-12-05T16:11:50.290Z] /app/update.rb:98:in each'
I'm using this script with a privately hosted GitLab instance. I've created a Dependabot user and given it access to the repositories it's monitoring.
With the above in mind, it would be really nice if Dependabot could submit a MR/PR directly rather than forking the repo first. Is that possible?
I'm facing error with some environments (but not all).
/usr/lib/ruby/2.5.0/openssl/buffering.rb:325:in `syswrite': Broken pipe (Errno::EPIPE)
from /usr/lib/ruby/2.5.0/openssl/buffering.rb:325:in `do_write'
from /usr/lib/ruby/2.5.0/openssl/buffering.rb:344:in `block in write'
from /usr/lib/ruby/2.5.0/openssl/buffering.rb:343:in `each'
from /usr/lib/ruby/2.5.0/openssl/buffering.rb:343:in `inject'
from /usr/lib/ruby/2.5.0/openssl/buffering.rb:343:in `write'
from /usr/lib/ruby/2.5.0/net/protocol.rb:233:in `write0'
from /usr/lib/ruby/2.5.0/net/protocol.rb:207:in `block in write'
from /usr/lib/ruby/2.5.0/net/protocol.rb:224:in `writing'
from /usr/lib/ruby/2.5.0/net/protocol.rb:206:in `write'
from /usr/lib/ruby/2.5.0/net/http/generic_request.rb:188:in `send_request_with_body'
from /usr/lib/ruby/2.5.0/net/http/generic_request.rb:121:in `exec'
from /usr/lib/ruby/2.5.0/net/http.rb:1492:in `block in transport_request'
from /usr/lib/ruby/2.5.0/net/http.rb:1491:in `catch'
from /usr/lib/ruby/2.5.0/net/http.rb:1491:in `transport_request'
from /usr/lib/ruby/2.5.0/net/http.rb:1464:in `request'
from /usr/lib/ruby/2.5.0/net/http.rb:1457:in `block in request'
from /usr/lib/ruby/2.5.0/net/http.rb:910:in `start'
from /usr/lib/ruby/2.5.0/net/http.rb:1455:in `request'
from /.../vendor/ruby/2.5.0/gems/httparty-0.16.2/lib/httparty/request.rb:143:in `perform'
from /.../vendor/ruby/2.5.0/gems/httparty-0.16.2/lib/httparty.rb:563:in `perform_request'
from /.../vendor/ruby/2.5.0/gems/httparty-0.16.2/lib/httparty.rb:505:in `post'
from /.../vendor/ruby/2.5.0/gems/gitlab-4.5.0/lib/gitlab/request.rb:44:in `block (2 levels) in <class:Request>'
from /.../vendor/ruby/2.5.0/gems/gitlab-4.5.0/lib/gitlab/client/commits.rb:143:in `create_commit'
from /.../vendor/ruby/2.5.0/bundler/gems/dependabot-core-cc95449efb78/lib/dependabot/pull_request_creator/gitlab.rb:101:in `create_commit'
from /.../vendor/ruby/2.5.0/bundler/gems/dependabot-core-cc95449efb78/lib/dependabot/pull_request_creator/gitlab.rb:36:in `create'
from /.../vendor/ruby/2.5.0/bundler/gems/dependabot-core-cc95449efb78/lib/dependabot/pull_request_creator.rb:54:in `create'
from ./generic-update-script.rb:160:in `block in <main>'
from ./generic-update-script.rb:110:in `each'
from ./generic-update-script.rb:110:in `<main>'
Any idea where to start?
I have been using dependabot-script with Azure Devops, but I notice that, in the pull_request_creator.rb
file we do not provide a reviewers
param to azure_creator
method.
Similarly I notice that in the content
object of create_pull_request
method of the azure client, we do not pass any reviewers option.
I see a reviewers
option in the documentation for azure devops' pull request create method: https://docs.microsoft.com/en-us/rest/api/azure/devops/git/pull%20requests/create?view=azure-devops-rest-5.1
Is there a reason, why this was not added? or are there plans to add this feature ?
Thanks in advance!
From issues in depedabot-core I read that aws ecr hosted docker dependencies are supported. However I'm not sure how to provide credentials for ecr if used with dependabot-script.
Is this even possible? Can you provide documentation on this?
I've been trying to get the script to use the "develop" branch to check and make merge requests to. and not "master". I have tried to use the .dependabot/config.yaml file, but this does not seem to work for some reason.
Is this a bug? intended? am i doing something wrong?
I am trying to use the script for a GitLab repository. Thereby, a GitLab Access Token is specified.
The above setting leads to following output:
/builds/<user_name>/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/response/raise_error.rb:16:in `on_complete': GET https://api.github.com/repos/fabric8io/fabric8-maven-plugin/contents/doc: 403 - API rate limit exceeded for <ip>. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) // See: https://developer.github.com/v3/#rate-limiting (Octokit::TooManyRequests)
I thought that dependabot fetches the dependency information (in case of maven) from maven central. So why does it hit GitHub API limit?
Is it possible to configure the directory where Dependabot downloads the files to? It would be also great if this working directory were configurable via an environment variable.
👋 Currently only direct/top-level dependencies are kept up to date by this script. It would be great if it would be possible to enable also updating subdependencies of a project.
Related ticket on dependabot/feedback: dependabot/feedback#669.
I'd like to run the script against repos in our internal GHE, but I have no experience with setting up ruby. Our CI/CD environment is based on Docker images, so the best case scenario would be to have a docker image that contains dependabot core and the script and I can configure it using env vars. Unfortunately due to my lack of ruby skills I can't figure out how to bake this... 😢
So I'm trying to debug dependabot issues on one of our projects. @greysteil recommended me to first try to make this script run, but seems it doesn't run. Do you have some pointers to figure out why?
ruby update-script.rb
warning: parser/current is loading parser/ruby26, which recognizes
warning: 2.6.2-compliant syntax, but you are running 2.6.1.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
Traceback (most recent call last):
1: from update-script.rb:91:in `<main>'
/usr/share/rvm/gems/ruby-2.6.1/gems/dependabot-common-0.98.71/lib/dependabot/update_checkers/base.rb:22:in `up_to_date?': undefined method `appears_in_lockfile?' for nil:NilClass (NoMethodError)
Hi,
I've alreadt checked that the issue of using private maven repository is solved as stated in:
Since I'm in a situation where all java artifacts are proxied by a nexus private installation, how can I setup the reference to my nexus?
I know i could set the repo in my pom, but I rather prefer to set them in settings and then profile and i'm not sure dependabot will resolve them.
I was wondering if it could be solved adding an item to credential array in generic-update-script.rb
Thanks.
Running with gitlab-runner 12.3.0 (a8a019e0)
on gitlab702.zzz.ru iNrxm2Lv
Using Docker executor with image dependabot/dependabot-core ...
Pulling docker image dependabot/dependabot-core ...
Using docker image sha256:a0c6498168b3333203010d869fb24d885344422a8e80ae71a55bf694aa6d26e9 for dependabot/dependabot-core ...
Running on runner-iNrxm2Lv-project-23-concurrent-0 via 2852ec717367...
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/zzz/dependabot/.git/
From https://gitlab.zzz.ru/zzz/dependabot
b7784a7..96ea85f master -> origin/master
Checking out 96ea85f1 as master...
Removing .bundle/
Removing vendor/
Skipping Git submodules setup
Checking cache for default...
No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted.
Successfully extracted cache
$ bundle install -j $(nproc) --path vendor
Your Ruby version is 2.6.5, but your Gemfile specified 2.6.2
ERROR: Job failed: exit code 1
Since the refactor of Dependabot Core the setup instructions in the README are out-of-date. They should be updated to make use of the new build scripts.
Hi All,
We are attempting to run dependabot against an Azure DevOps GIT repository to no avail. Any assistance would be greatly appreciated.
Assuming the proper information is:
https://dev.azure.com/ourOrganization/ProjectName/_git/package-name
Steps are as follows:
docker pull dependabot/dependabot-core
docker run -v "c:/projects/2019/depbot/dependabot-script:/home/dependabot/dependabot-script" -w /home/dependabot/dependabot-script dependabot/dependabot-core bundle install -j 3 --path vendor
docker run -v "c:/projects/2019/depbot/dependabot-script:/home/dependabot/dependabot-script" -w /home/dependabot/dependabot-script -e PACKAGE_MANAGER=npm_and_yarn -e PROJECT_PATH=ProjectName/_git/package-name -e AZURE_ACCESS_TOKEN=ADO_PAT -e AZURE_HOSTNAME=dev.azure.com/ourOrganization dependabot/dependabot-core bundle exec ruby ./generic-update-script.rb
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "citrus":
In Gemfile:
dependabot-omnibus (>= 0.86.18, <= 0.86.22) was resolved to 0.86.18, which depends on
dependabot-core (= 0.86.18) was resolved to 0.86.18, which depends on
toml-rb (~> 1.1, >= 1.1.2) was resolved to 1.1.2, which depends on
citrus (> 3.0, ~> 3.0)
Could not find gem 'citrus (> 3.0, ~> 3.0)', which is required by gem 'toml-rb (~> 1.1, >= 1.1.2)', in any of the sources.
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
I try using dependabot-core on my python project in gitlab on demand.
My .gitlab-ci.yaml:
image: python:3.6
...
checks:dependabot:
image: dependabot/dependabot-core
variables:
PACKAGE_MANAGER: "pip"
before_script:
- bundle install -j $(nproc) --path vendor
script: bundle exec ruby ./generic-update-script.rb
cache:
paths:
- vendor/
only:
- schedules
I add schedule config like on screenshot
Log of job:
Running with gitlab-ci-multi-runner 9.5.1 (96b34cc)
on example-python-project [gitlab-ci-runner-4] (66f6e160)
Using Docker executor with image dependabot/dependabot-core ...
Using docker image sha256:f21c27b19825abb017667311022bdb37ce98755a8ef39ea6784295bc1e57792f for predefined container...
Pulling docker image dependabot/dependabot-core ...
Using docker image dependabot/dependabot-core ID=sha256:7063dfbd3d5bce196107a274a87228451a052a2158858feb4593e6c1940308a8 for build container...
Running on runner-66f6e160-project-35-concurrent-2 via gitlab-ci-runner-4...
Fetching changes...
Removing .bundle/
HEAD is now at 2d4ac36 Add dependabot
From https://gitlab.example.net/backend/example-python-project
2d4ac36..a4a3d9b branch -> origin/branch
Checking out a4a3d9ba as branch...
Skipping Git submodules setup
Checking cache for default...
Successfully extracted cache
$ bundle install -j $(nproc) --path vendor
Could not locate Gemfile
Any ideas?
Apologies if this should go into Dependabot Core, let me know if I should reopen there.
Using Dependabot for Hex via Dependabot Script in GitHub Enterprise is mostly working okay. At this point, it is able to pull down mix.exs
files, update them with Hex package updates, GitHub package updates, and make all the appropriate PRs. Wonderful! But what I can't seem to get working is dependencies of the form:
{:my_repo, git: "git@my_enterprise_url/my_repo.git", tag: "0.1"}
Is there something special I have to do for dependencies of this form?
I am trying to setup dependabot on premise server for private gitlab repo. But it is throwing this error
`Faraday::Error::ClientError.inherited called from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/middleware/follow_redirects.rb:14.
/usr/lib/ruby/2.6.0/net/protocol.rb:44:in connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError) from /usr/lib/ruby/2.6.0/net/protocol.rb:44:in
ssl_socket_connect'
from /usr/lib/ruby/2.6.0/net/http.rb:996:in connect' from /usr/lib/ruby/2.6.0/net/http.rb:930:in
do_start'
from /usr/lib/ruby/2.6.0/net/http.rb:919:in start' from /usr/lib/ruby/2.6.0/net/http.rb:1470:in
request'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/httparty-0.17.1/lib/httparty/request.rb:145:in perform' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/httparty-0.17.1/lib/httparty.rb:594:in
perform_request'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/httparty-0.17.1/lib/httparty.rb:508:in get' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:46:in
block (2 levels) in class:Request'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/client/projects.rb:49:in project' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/clients/gitlab_with_retries.rb:67:in
public_send'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/clients/gitlab_with_retries.rb:67:in block in method_missing' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/clients/gitlab_with_retries.rb:82:in
retry_connection_failures'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/clients/gitlab_with_retries.rb:64:in method_missing' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/clients/gitlab_with_retries.rb:51:in
fetch_default_branch'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/file_fetchers/base.rb:395:in default_branch_for_repo' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/file_fetchers/base.rb:61:in
commit'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/file_fetchers/base.rb:310:in _full_specification_for' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/file_fetchers/base.rb:320:in
_fetch_file_content'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/file_fetchers/base.rb:90:in fetch_file_from_host' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-maven-0.113.28/lib/dependabot/maven/file_fetcher.rb:32:in
pom'
from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-maven-0.113.28/lib/dependabot/maven/file_fetcher.rb:25:in fetch_files' from /home/dependabot/dependabot-script/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/file_fetchers/base.rb:55:in
files'
from ./generic-update-script.rb:115:in <main>'
Is there any way I can add ssl certificate to octokit client( I don't know ruby) .
I am using docker.
I am running dependabot-script against https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-stream-dependencies . The problem I am running into is that this repository began being versioned like this:
1.0.2
1.0.1
Then transitioned to being versioned like this:
Chelsea.RELEASE
Brooklyn.RELEASE
Consequently, the dependabot-script ends up thinking that I should update from Fishtown.SR2 (released March 2019) to 1.0.3 (released September 2016) which is incorrect.
I was wondering if there was any current or planned way to pass a list of ignored versions to dependabot-script so we could clean up this confusion manually.
I'd like to host my own bot on Oracle Cloud and I don't know which is the best way to set it up.
Is there a way to create a service that runs continuously and check dependencies every day, or should I setup my script like the one provided and run it every day (like an AWS Lambda)?
I have a push-rule that enforces consistent branch names across the project.
And dependabot
fails to update any dependencies because of that:
- Updating dependabot-omnibus (from 0.105.6)…/builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.10.0/lib/gitlab/request.rb:67:in `validate': Server responded with code 400, message: Branch name does not follow the pattern '^(issue-\d+)|(master)$'. Request URI: https://gitlab.com/api/v4/projects/wemake%2Eservices%2Fkira%2Ddependencies/repository/branches (Gitlab::Error::BadRequest)
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.10.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.10.0/lib/gitlab/client/branches.rb:81:in `create_branch'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/clients/gitlab_with_retries.rb:67:in `public_send'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/clients/gitlab_with_retries.rb:67:in `block in method_missing'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/clients/gitlab_with_retries.rb:83:in `retry_connection_failures'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/clients/gitlab_with_retries.rb:64:in `method_missing'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/pull_request_creator/gitlab.rb:87:in `create_branch'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/pull_request_creator/gitlab.rb:40:in `create'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.105.6/lib/dependabot/pull_request_creator.rb:59:in `create'
from ./generic-update-script.rb:143:in `block in <main>'
from ./generic-update-script.rb:92:in `each'
from ./generic-update-script.rb:92:in `<main>'
I am just using default config from dependabot-script
, no changes from my side.
How can this be solved?
Hi!
So, with the (incorrect, unreviewed) changes in the PRs I just opened, I run the script. It sucessfully created 17 PRs, and then it failed with:
Traceback (most recent call last):
7: from bin/dependabot:10:in `<main>'
6: from bin/dependabot:10:in `load'
5: from /home/deivid/Code/nipanipa/bin/dependabot-script/gitlab-update-script.rb:74:in `<top (required)>'
4: from /home/deivid/Code/nipanipa/bin/dependabot-script/gitlab-update-script.rb:74:in `each'
3: from /home/deivid/Code/nipanipa/bin/dependabot-script/gitlab-update-script.rb:97:in `block in <top (required)>'
2: from /home/deivid/Code/nipanipa/.bundle/ruby/2.5.0/bundler/gems/dependabot-core-211620be1cc9/lib/dependabot/file_updaters/ruby/bundler.rb:30:in `updated_dependency_files'
1: from /home/deivid/Code/nipanipa/.bundle/ruby/2.5.0/bundler/gems/dependabot-core-211620be1cc9/lib/dependabot/file_updaters/ruby/bundler.rb:101:in `updated_lockfile_content'
/home/deivid/Code/nipanipa/.bundle/ruby/2.5.0/bundler/gems/dependabot-core-211620be1cc9/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb:48:in `updated_lockfile_content': Expected content to change! (RuntimeError)
Not sure if it's due to the problems you detected in the PRs, with the way I'm running the script, or with a real bug somewhere? 🤷♂️
Reporting just in case it's helpful.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.