tinglesoftware/dependabot-azure-devops

1.25.2 breaks devops PR creation

lucasfijen opened this issue ยท 2 comments

lucasfijen commented

Describe the bug
Hi, It seems like our pipeline broke as of the time of the last release of 1.25.2.
When adding the tag: dockerImageTag: 1.25.1 everything still works.

The pipeline seems to fail on the creation of a PR. which is also not created. This happens with the following error:


2024-01-22T15:06:13.1946711Z Status: Downloaded newer image for ghcr.io/tinglesoftware/dependabot-updater-pip:1.25
2024-01-22T15:06:15.4832710Z Using 'https://dev.azure.com:443/' as API endpoint
2024-01-22T15:06:15.4833325Z Working in REPONAMEHERE, 'default' branch under '/' directory
2024-01-22T15:06:15.4833739Z Cloning repository into /home/dependabot/dependabot-updater/tmp/REPOPATH
2024-01-22T15:06:16.9698034Z Found 1 dependency file(s) at commit COMMITID
2024-01-22T15:06:16.9703238Z  - /requirements.txt
2024-01-22T15:06:16.9706907Z Parsing dependencies information
2024-01-22T15:06:20.2375933Z Found 2 dependencies
2024-01-22T15:06:20.2376493Z  - detect-secrets (1.3.0)
2024-01-22T15:06:20.2376780Z  - pre-commit (3.6.0)
2024-01-22T15:06:20.2390597Z ๐ŸŒ --> GET https://dev.azure.com/DEVOPSNAME/_apis/connectionData
2024-01-22T15:06:20.3902878Z ๐ŸŒ <-- 200 https://dev.azure.com/DEVOPSNAME/_apis/connectionData
2024-01-22T15:06:20.3910970Z ๐ŸŒ --> GET https://dev.azure.com/DEVOPSNAME/TEAMNAME/_apis/git/repositories/ut_cicd_pipelines
2024-01-22T15:06:20.5110740Z ๐ŸŒ <-- 200 https://dev.azure.com/DEVOPSNAME/TEAMNAME/_apis/git/repositories/REPONAME
2024-01-22T15:06:20.5117061Z ๐ŸŒ --> GET https://dev.azure.com/DEVOPSNAME/TEAMNAME/_apis/git/repositories/REPONAME/pullrequests?api-version=6.0&searchCriteria.status=active&searchCriteria.creatorId=CREATORID&searchCriteria.targetRefName=refs/heads/main
2024-01-22T15:06:20.6709867Z ๐ŸŒ <-- 200 https://dev.azure.com/DEVOPSNAME/TEAMNAME/_apis/git/repositories/REPONAME/pullrequests?api-version=6.0&searchCriteria.status=active&searchCriteria.creatorId=CREATORID&searchCriteria.targetRefName=refs/heads/main
2024-01-22T15:06:20.6710455Z Checking if detect-secrets 1.3.0 needs updating
2024-01-22T15:06:20.6718855Z ๐ŸŒ --> GET https://pypi.org/simple/detect-secrets/
2024-01-22T15:06:20.7900546Z ๐ŸŒ <-- 200 https://pypi.org/simple/detect-secrets/
2024-01-22T15:06:20.8088613Z ๐ŸŒ --> GET https://pypi.org/simple/detect-secrets/
2024-01-22T15:06:20.9378454Z ๐ŸŒ <-- 200 https://pypi.org/simple/detect-secrets/
2024-01-22T15:06:20.9512852Z Requirements to unlock own
2024-01-22T15:06:20.9513096Z Requirements update strategy bump_versions
2024-01-22T15:06:20.9513498Z Updating detect-secrets from 1.3.0 to 1.4.0
2024-01-22T15:06:20.9529388Z Submitting detect-secrets pull request for creation.
2024-01-22T15:06:20.9529875Z /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/_types.rb:222:in `must': Passed `nil` into T.must (TypeError)
2024-01-22T15:06:20.9530388Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.241.0/lib/dependabot/pull_request_creator.rb:392:in `branch_namer'
2024-01-22T15:06:20.9530903Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-01-22T15:06:20.9531985Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-01-22T15:06:20.9532519Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/_methods.rb:272:in `block in _on_method_added'
2024-01-22T15:06:20.9533031Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.241.0/lib/dependabot/pull_request_creator.rb:305:in `azure_creator'
2024-01-22T15:06:20.9533538Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-01-22T15:06:20.9534038Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-01-22T15:06:20.9534566Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/_methods.rb:272:in `block in _on_method_added'
2024-01-22T15:06:20.9535084Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.241.0/lib/dependabot/pull_request_creator.rb:235:in `create'
2024-01-22T15:06:20.9535571Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-01-22T15:06:20.9536085Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-01-22T15:06:20.9536605Z 	from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11214/lib/types/private/methods/_methods.rb:272:in `block in _on_method_added'
2024-01-22T15:06:20.9536878Z 	from bin/update_script.rb:823:in `block in <main>'
2024-01-22T15:06:20.9537075Z 	from bin/update_script.rb:539:in `each'
2024-01-22T15:06:20.9537344Z 	from bin/update_script.rb:539:in `<main>'
2024-01-22T15:06:21.1507026Z ##[error]The process '/usr/bin/docker' failed with exit code 1
2024-01-22T15:06:21.1524854Z ##[section]Finishing: dependabot

To Reproduce
We have the following .azuredevops/dependabot.yml:

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: daily
      time: "06:00"
    open-pull-requests-limit: 10

and the following cicd_dependabot,yml

trigger: none # Disable CI trigger

schedules:
- cron: '0 2 * * *' # daily at 2am UTC
  always: true # run even when there are no code changes
  branches:
    include:
      - main
  batch: true
  displayName: Daily

pool:
  vmImage: 'ubuntu-latest' # requires macos or ubuntu (windows is not supported)

steps:
- task: AzureKeyVault@2
  inputs: (REMOVED SECRET ETC PART)
- task: dependabot@1
  inputs:
    azureDevOpsAccessToken: $(SECRETNAME)
    dockerImageTag: 1.25.1 #  This line fixes it for now, without it, it fails with version 1.25.2

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Extension (please complete the following information):

  • Host: Azure DevOps
  • Version 1.25.2.621

Server (please complete the following information):

  • Region: westeurope

Additional context
Add any other context about the problem here.

mburumaxwell commented

This is likely a regression brought by updating dependabot-[core|pip] from 0.239.0 to 0.241.0 in #931 and #938.

Can you check through the changes in dependabot-core at dependabot/dependabot-core@v0.239.0...v0.241.0
Maybe then you can find a fix?

mburumaxwell commented

I just realized that this is affecting all ecosystems. Thanks @lucasfijen for reporting it.
Rolled back in 552ebd9 and released in 1.25.3.

  • ๐Ÿ‘1