job.yaml and gradle support
sblatnick opened this issue · 5 comments
We are using this as a job.yaml to pass to dependabot/cli:
job:
package-manager: gradle
allowed-updates:
- update-type: all
source:
provider: github
repo: local/scan
directory: /
credentials:
- type: maven_repository
url: nexus.redacted.com/maven-central
username: redacted
password: redacted
We see this error about missing the pom.xml:
ERROR Error during file fetching; aborting: /pom.xml not found
Am I doing something wrong with the config? Can I get it to look for the build.gradle instead?
The input to the CLI looks correct, but the Gradle Updater doesn't look for pom.xml during file fetching: https://github.com/dependabot/dependabot-core/blob/a054d2af2817e230ebcd64c0df4ab0c89688d614/gradle/lib/dependabot/gradle/file_fetcher.rb#L17-L25
Try downloading the latest Gradle Updater image with this command and try it again?
docker pull ghcr.io/dependabot/dependabot-updater-gradle:latest
We use https://github.com/dependabot/cli/releases/download/${latest}/dependabot-${latest}-linux-amd64.tar.gz in our image that runs the commands. Doesn't that pull the latest updater by default? We updated that yesterday at 4AM ET, and I see you had a release 17 hours ago. Would that version be recent enough? Or did the latest include changes that would impact this?
Yes the CLI will pull the image if it's not present, but if one is with the same name already exists then it will use it. Wasn't sure of your setup so I thought that might be a possibility.
Otherwise I'm not sure how it could be happening. If you could post logs or make an example project that reproduces the issue, that would be helpful.
My apologies. While trying to reproduce the issue locally, I noticed I was using a different job.yaml than I thought. I've tried the correct config and it works now. The job.yaml I shared earlier wasn't accurate, as I was still erroneously passing "maven" instead of "gradle".
No problem, glad you got it sorted out!