Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when updating NuGet packages from Public and Private Feed #9069

Closed
1 task done
FrankRua opened this issue Feb 16, 2024 · 9 comments
Closed
1 task done

Error when updating NuGet packages from Public and Private Feed #9069

FrankRua opened this issue Feb 16, 2024 · 9 comments
Labels
T: bug 🐞 Something isn't working

Comments

@FrankRua
Copy link

FrankRua commented Feb 16, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

NuGet

Package manager version

No response

Language version

C# (.NET 6)

Manifest location and content before the Dependabot update

Manifest files would be kept respectively in the csproj files that contain them,

dependabot.yml content

version: 2
registries:
  internal-packages-nuget-github:
    type: nuget-feed
    url: https://nuget.pkg.github.com/REDACTED/index.json
    username: REDACTED
    password: REDACTED
  nuget:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json
updates:
  - package-ecosystem: nuget
    directory: "/"
    registries:
      - internal-packages-nuget-github
      - nuget
    schedule:
      interval: daily
      time: "06:00"
      timezone: America/New_York
    groups:
       private-repo-dependencies:
          patterns:
            - "*"
    open-pull-requests-limit: 10
    labels:
      - "nuget"
      - "dependencies"
    assignees:
      - "REDACTED/REDACTED"

Updated dependency

No response

What you expected to see, versus what you actually saw

What I expect: Dependabot to raise a PR with the correct depdendcies updates for both public and private feeds.
What is happening: Only a few packages are being updated and we are getting errors on the rest. Example for a public package:

updater | 2024/02/16 11:43:42 ERROR <job_787880721> Error processing Microsoft.Extensions.Caching.Abstractions (Dependabot::DependabotError)
updater | 2024/02/16 11:43:42 ERROR <job_787880721> FileUpdater failed
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:69:in `run'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation_2_7.rb:59:in `bind_call'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation_2_7.rb:59:in `block in create_validator_method_fast0'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:42:in `create_from'
  proxy | 2024/02/16 11:43:42 [722] 200 https://sentry.io:443/api/1451818/envelope/
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation.rb:169:in `bind_call'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation.rb:169:in `validate_call_skip_block_type'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation.rb:111:in `block in create_validator_slow_skip_block_type'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:114:in `create_change_for'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:72:in `block in compile_all_dependency_changes_for'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:38:in `each'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:38:in `compile_all_dependency_changes_for'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:110:in `dependency_change'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:93:in `perform'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in `run'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:43:in `perform_job'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:36:in `run'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> bin/update_files.rb:24:in `<main>'

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@FrankRua FrankRua added the T: bug 🐞 Something isn't working label Feb 16, 2024
@brettfo
Copy link
Contributor

brettfo commented Feb 22, 2024

Could you post the whole log? There's likely something interesting before the failure listed.

@HavenDV
Copy link

HavenDV commented Feb 26, 2024

I'm using a similar configuration and have been experiencing this issue for all my repos for the last 2 months or so
In this case, the PR message correctly describes all the necessary updates, but the PR body itself does not contain this

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "nuget" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
    groups:
      all:
        patterns:
          - "*"

Examples:

@FrankRua
Copy link
Author

FrankRua commented Feb 26, 2024
edited
Loading

Could you post the whole log? There's likely something interesting before the failure listed.

Of course! I have attached it here (since it's massive)
redacted-log.txt
and redacted any information that is personal. @brettfo

@FrankRua
Copy link
Author

I'm using a similar configuration and have been experiencing this issue for all my repos for the last 2 months or so In this case, the PR message correctly describes all the necessary updates, but the PR body itself does not contain this

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "nuget" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
    groups:
      all:
        patterns:
          - "*"

Examples:

Yes, this is a very accurate description of the problem.

@brettfo
Copy link
Contributor

brettfo commented Feb 27, 2024

@FrankRua some of the log info was truncated too much. Could you grab some chunks for me from your log?

Specifically line 5749 and the next 100 lines or so. I need to see the whole line (file paths can be redacted) that starts with:

/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update ...

Similarly line 5826 and the next chunk.

I'm looking for the --dependency, --new-version, and --previous-version arguments and if the --transitive flag is passed.

@FrankRua
Copy link
Author

@brettfo Yes! I have attached it in one text file here, you can see they are separated in sections with:

***********************************
LINES: 5749 - 5885
***********************************

And


***********************************
LINES :5826 - 5922
***********************************

redacted-log-specific.txt

Let me know if you need anything else 😄.

@brettfo
Copy link
Contributor

brettfo commented Feb 28, 2024

@FrankRua I wasn't able to figure anything out from the bigger log segments. Are you able to share the full unredacted log with me privately via email? Maybe something from that will stick out to me. Anything I receive will only be seen by me and deleted as soon as I'm done. If this is something you're able to do, my direct email is [email protected]

@FrankRua
Copy link
Author

FrankRua commented Mar 1, 2024

@brettfo I have gotten the ok for SecOps to send them to you, I will send them over to you in a few minutes.

@brettfo
Copy link
Contributor

brettfo commented Mar 13, 2024

I've been working with @FrankRua via email and this appears to now be solved.

@brettfo brettfo closed this as completed Mar 13, 2024
@GerryWilko GerryWilko mentioned this issue Sep 4, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brettfo @HavenDV @FrankRua