tinglesoftware/dependabot-azure-devops

[go] Checking for dependencies fails in 1.21.0

rickardgranberg opened this issue · 4 comments

rickardgranberg commented

Describe the bug
The 1.21.0 release introduces a regression(?) in the Go module checking for files including the new Go 1.21 'toolchain' directive in go.mod, like:

toolchain go1.21.1

This worked fine in 1.20.3.

To Reproduce
Run dependabot with the above directive in go.mod

Expected behavior

Screenshots
The error message:

Found 2 dependency file(s) at commit <redacted>
 - /go.mod
 - /go.sum
Parsing dependencies information
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:109:in `handle_parser_error': go: errors parsing go.mod: (Dependabot::DependencyFileNotParseable)
/go.mod:5: unknown directive: toolchain
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:95:in `block in manifest'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:56:in `block in in_a_temporary_directory'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:56:in `chdir'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:56:in `in_a_temporary_directory'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:87:in `manifest'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:82:in `local_replacements'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:61:in `block in required_packages'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:56:in `block in in_a_temporary_directory'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:56:in `chdir'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:56:in `in_a_temporary_directory'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:57:in `required_packages'
	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-go_modules-0.232.0/lib/dependabot/go_modules/file_parser.rb:19:in `parse'
	from bin/update_script.rb:547:in `<main>'

Extension (please complete the following information):

  • Host: Azure DevOps
  • Version 1.21.0.566 (Latest)
mburumaxwell commented

I am not aware of any go-specific changes between 1.20.3 and 1.21.0. However, the diff for the two tags (1.20.3...1.21.0) indicates that dependabot changed from
0.227.0 to 0.232.0. You can check the diff dependabot/dependabot-core@v0.227.0...v0.232.0
It could very well have been a go related change there.

Also, your error is in the file parsing stage which means you can actually use the dry-run.rb script to troubleshoot the issue.

I have zero experience with go nor do we have go repositories so we can't help as much here.

rickardgranberg commented

The problems was indeed introduced in one of those version (a defaulting of toolchain to 1.20.8 which does not support the toolchain directive).
This PR will most likely fix the problem: dependabot/dependabot-core#8044 but it's not yet in a release.

rickardgranberg commented

A workaround meanwhile is to add this to the task inputs:

extraEnvironmentVariables: GOTOOLCHAIN=local

mburumaxwell commented

Seems to be resolved.