wemake-services / kira-dependencies Goto Github PK
View Code? Open in Web Editor NEW🐿 Kira's micro-bot to update project dependencies
Home Page: https://dependabot.com
License: MIT License
🐿 Kira's micro-bot to update project dependencies
Home Page: https://dependabot.com
License: MIT License
Looks like https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md#v01410-12-april-2021 broke kira. Got an error message of
/builds/kira-dependencies/vendor/ruby/2.6.0/cache/aws-partitions-1.444.0.gem
An error occurred while installing aws-partitions (1.444.0), and Bundler cannot
continue.
Make sure that `gem install aws-partitions -v '1.444.0' --source
'https://rubygems.org/'` succeeds before bundling.
In Gemfile:
dependabot-omnibus was resolved to 0.141.0, which depends on
dependabot-bundler was resolved to 0.141.0, which depends on
dependabot-common was resolved to 0.141.0, which depends on
aws-sdk-codecommit was resolved to 1.42.0, which depends on
aws-sdk-core was resolved to 3.113.1, which depends on
aws-partitions
TL;DR basically the same as in dependabot/dependabot-script#375
Is there a possibility to specify versions which should be ignored by dependabot? dependabot with .config/dependabot.yml
has ignored_updates
. I'm aware that config file is not supported by this script, but I'm wondering whether it's already provided but not documented.
PS If you can point me where it's being propagated to dependabot-core
I can try to do it myself, but don't expect good quality of my contributions though :-/
I am not sure how it works, because I have not tried it yet.
Hello,
dependabot says it can check for insecure deps.
is there anyway, we can do same here with kira?
we have a php/laravel application where we use old versions intentionally, it is making MRs for latest versions which could break application.
so i want to know, if there is any way to achieve what i want i.e. let bot create MRs only for security vulnerabilities.
thanks
We use kira-dependencies in self-hosted GitLab. It works well, but for one repository it yields a strange error:
�[0KRunning with gitlab-runner 13.10.0 (54944146)
�[0;m�[0K on infra-gitlab-runner-68856b776d-lx5qw 4SqrWnSc
�[0;m�[0K feature flags: FF_GITLAB_REGISTRY_HELPER_IMAGE:true
�[0;msection_start:1627837305:prepare_executor
�[0K�[0K�[36;1mPreparing the "kubernetes" executor�[0;m
�[0;m�[0KUsing Kubernetes namespace: gitlab-runners
�[0;m�[0KUsing Kubernetes executor with image dependabot/dependabot-core ...
�[0;msection_end:1627837305:prepare_executor
�[0Ksection_start:1627837305:prepare_script
�[0K�[0K�[36;1mPreparing environment�[0;m
�[0;mWaiting for pod gitlab-runners/runner-4sqrwnsc-project-292-concurrent-0slnzq to be running, status is Pending
Waiting for pod gitlab-runners/runner-4sqrwnsc-project-292-concurrent-0slnzq to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper svc-0]"
ContainersNotReady: "containers with unready status: [build helper svc-0]"
Running on runner-4sqrwnsc-project-292-concurrent-0slnzq via infra-gitlab-runner-68856b776d-lx5qw...
section_end:1627837318:prepare_script
�[0Ksection_start:1627837318:get_sources
�[0K�[0K�[36;1mGetting source from Git repository�[0;m
�[0;m�[32;1mFetching changes with git depth set to 50...�[0;m
Initialized empty Git repository in /builds/infra/Dependabots/kira-dependencies/.git/
�[32;1mCreated fresh repository.�[0;m
�[32;1mChecking out ff5302ea as master...�[0;m
�[32;1mSkipping Git submodules setup�[0;m
section_end:1627837318:get_sources
�[0Ksection_start:1627837318:restore_cache
�[0K�[0K�[36;1mRestoring cache�[0;m
�[0;m�[32;1mChecking cache for default...�[0;m
No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted.�[0;m
�[32;1mSuccessfully extracted cache�[0;m
section_end:1627837319:restore_cache
�[0Ksection_start:1627837319:step_script
�[0K�[0K�[36;1mExecuting "step_script" stage of the job script�[0;m
�[0;m�[32;1m$ bundle install -j $(nproc) --path vendor�[0;m
[DEPRECATED] The `--path` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set --local path 'vendor'`, and stop using this flag
Fetching gem metadata from https://rubygems.org/
Fetching gem metadata from https://rubygems.org/...........
Fetching aws-eventstream 1.1.1
Fetching minitest 5.14.4
Fetching jmespath 1.4.0
Fetching concurrent-ruby 1.1.9
Fetching public_suffix 4.0.6
Fetching zeitwerk 2.4.2
Fetching ast 2.4.2
Fetching aws-partitions 1.471.0
Installing ast 2.4.2
Installing aws-eventstream 1.1.1
Installing aws-partitions 1.471.0
Installing zeitwerk 2.4.2
Installing jmespath 1.4.0
Using bundler 2.2.20
Installing minitest 5.14.4
Fetching citrus 3.0.2
Fetching commonmarker 0.22.0
Fetching http-accept 1.7.0
Fetching unf_ext 0.0.7.7
Installing public_suffix 4.0.6
Fetching mime-types-data 3.2021.0225
Installing concurrent-ruby 1.1.9
Installing http-accept 1.7.0
Installing citrus 3.0.2
Fetching netrc 0.11.0
Installing commonmarker 0.22.0 with native extensions
Installing mime-types-data 3.2021.0225
Fetching excon 0.82.0
Installing netrc 0.11.0
Fetching multi_xml 0.6.0
Installing unf_ext 0.0.7.7 with native extensions
Fetching unicode-display_width 1.7.0
Installing multi_xml 0.6.0
Fetching racc 1.5.2
Installing unicode-display_width 1.7.0
Installing excon 0.82.0
Fetching faraday-em_http 1.0.0
Fetching faraday-em_synchrony 1.0.0
Fetching faraday-excon 1.1.0
Installing faraday-em_http 1.0.0
Installing faraday-em_synchrony 1.0.0
Installing faraday-excon 1.1.0
Fetching faraday-net_http 1.0.1
Fetching faraday-net_http_persistent 1.1.0
Fetching multipart-post 2.1.1
Fetching ruby2_keywords 0.0.4
Installing racc 1.5.2 with native extensions
Fetching pandoc-ruby 2.1.4
Installing faraday-net_http_persistent 1.1.0
Installing faraday-net_http 1.0.1
Fetching parseconfig 1.0.8
Fetching aws-sigv4 1.2.3
Installing multipart-post 2.1.1
Installing ruby2_keywords 0.0.4
Fetching parser 3.0.1.1
Installing pandoc-ruby 2.1.4
Fetching addressable 2.7.0
Installing parseconfig 1.0.8
Installing aws-sigv4 1.2.3
Fetching toml-rb 2.0.1
Fetching mime-types 3.3.1
Fetching terminal-table 1.8.0
Installing toml-rb 2.0.1
Installing mime-types 3.3.1
Installing terminal-table 1.8.0
Fetching i18n 1.8.10
Installing addressable 2.7.0
Fetching tzinfo 2.0.4
Fetching faraday 1.4.3
Fetching aws-sdk-core 3.115.0
Installing i18n 1.8.10
Installing parser 3.0.1.1
Fetching httparty 0.18.1
Installing tzinfo 2.0.4
Installing faraday 1.4.3
Fetching activesupport 6.1.4
Installing httparty 0.18.1
Fetching nokogiri 1.11.7 (x86_64-linux)
Installing aws-sdk-core 3.115.0
Fetching sawyer 0.8.2
Fetching gitlab 4.17.0
Installing activesupport 6.1.4
Installing sawyer 0.8.2
Installing gitlab 4.17.0
Fetching octokit 4.21.0
Installing octokit 4.21.0
Fetching unf 0.1.4
Fetching aws-sdk-ecr 1.42.0
Fetching aws-sdk-codecommit 1.42.0
Installing nokogiri 1.11.7 (x86_64-linux)
Installing unf 0.1.4
Installing aws-sdk-ecr 1.42.0
Installing aws-sdk-codecommit 1.42.0
Fetching domain_name 0.5.20190701
Installing domain_name 0.5.20190701
Fetching http-cookie 1.0.4
Installing http-cookie 1.0.4
Fetching rest-client 2.1.0
Installing rest-client 2.1.0
Fetching docker_registry2 1.10.0
Installing docker_registry2 1.10.0
Fetching dependabot-common 0.156.1
Installing dependabot-common 0.156.1
Fetching dependabot-bundler 0.156.1
Fetching dependabot-github_actions 0.156.1
Fetching dependabot-cargo 0.156.1
Fetching dependabot-dep 0.156.1
Fetching dependabot-elm 0.156.1
Fetching dependabot-composer 0.156.1
Fetching dependabot-docker 0.156.1
Fetching dependabot-git_submodules 0.156.1
Installing dependabot-git_submodules 0.156.1
Installing dependabot-elm 0.156.1
Installing dependabot-docker 0.156.1
Installing dependabot-cargo 0.156.1
Installing dependabot-dep 0.156.1
Installing dependabot-github_actions 0.156.1
Installing dependabot-composer 0.156.1
Installing dependabot-bundler 0.156.1
Fetching dependabot-go_modules 0.156.1
Fetching dependabot-maven 0.156.1
Fetching dependabot-hex 0.156.1
Fetching dependabot-npm_and_yarn 0.156.1
Fetching dependabot-nuget 0.156.1
Fetching dependabot-python 0.156.1
Fetching dependabot-terraform 0.156.1
Installing dependabot-go_modules 0.156.1
Installing dependabot-maven 0.156.1
Installing dependabot-hex 0.156.1
Installing dependabot-nuget 0.156.1
Installing dependabot-terraform 0.156.1
Installing dependabot-python 0.156.1
Fetching dependabot-gradle 0.156.1
Installing dependabot-npm_and_yarn 0.156.1
Installing dependabot-gradle 0.156.1
Fetching dependabot-omnibus 0.156.1
Installing dependabot-omnibus 0.156.1
Bundle complete! 1 Gemfile dependency, 69 gems now installed.
Bundled gems are installed into `./vendor`
Post-install message from httparty:
When you HTTParty, you must party hard!
�[32;1m$ bundle exec ruby ./update.rb�[0;m
warning: parser/current is loading parser/ruby27, which recognizes
warning: 2.7.3-compliant syntax, but you are running 2.7.1.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
/builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/gitlab-4.17.0/lib/gitlab/paginated_response.rb:24:in `method_missing': undefined method `default_branch' for #<Gitlab::PaginatedResponse:0x000055a3fac7e040> (NoMethodError)
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/clients/gitlab_with_retries.rb:51:in `fetch_default_branch'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:443:in `default_branch_for_repo'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:71:in `commit'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:360:in `_full_specification_for'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:175:in `_fetch_repo_contents'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:160:in `repo_contents'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:103:in `fetch_file_if_present'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-bundler-0.156.1/lib/dependabot/bundler/file_fetcher.rb:64:in `gemfile'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-bundler-0.156.1/lib/dependabot/bundler/file_fetcher.rb:30:in `fetch_files'
from /builds/infra/Dependabots/kira-dependencies/vendor/ruby/2.7.0/gems/dependabot-common-0.156.1/lib/dependabot/file_fetchers/base.rb:65:in `files'
from ./update.rb:94:in `<main>'
Fetching bundler dependency files for
section_end:1627837334:step_script
�[0Ksection_start:1627837334:cleanup_file_variables
�[0K�[0K�[36;1mCleaning up file based variables�[0;m
�[0;msection_end:1627837334:cleanup_file_variables
�[0K�[31;1mERROR: Job failed: command terminated with exit code 1
�[0;m
I try to run it on kira-dependencies repository to bump dependabot version.
Getting Error in CI
$ bundle exec ruby ./update.rb
Fetching composer dependency files for yo/tasklog
Parsing dependencies information
- Updating laravel-notification-channels/telegram (from 0.0.6)…/builds/yo/dependabot/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:54:in `validate': Server responded with code 403, message: 403 Forbidden. Request URI: https://gitlab.com/api/v4/projects/yo%2Ftasklog/repository/branches (Gitlab::Error::Forbidden)
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/client/branches.rb:81:in `create_branch'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/clients/gitlab_with_retries.rb:67:in `public_send'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/clients/gitlab_with_retries.rb:67:in `block in method_missing'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/clients/gitlab_with_retries.rb:82:in `retry_connection_failures'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/clients/gitlab_with_retries.rb:64:in `method_missing'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/pull_request_creator/gitlab.rb:87:in `create_branch'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/pull_request_creator/gitlab.rb:40:in `create'
from /builds/yo/dependabot/vendor/ruby/2.6.0/gems/dependabot-common-0.113.16/lib/dependabot/pull_request_creator.rb:73:in `create'
from ./update.rb:165:in `block in <main>'
from ./update.rb:92:in `each'
from ./update.rb:92:in `<main>'
Here is the Example: https://gitlab.com/yo/dependabot/-/jobs/336074178
Hi guys, I'm running into an issue when setting auto-merge (DEPENDABOT_GITLAB_AUTO_MERGE
) to true. Here is an example of what I see in the runner when running:
Parsing dependencies information
- Updating gatsby (from 2.11.3)… submitted
- Updating gatsby-image (from 2.2.4)… submitted
set to be accepted
- Updating gatsby-link (from 2.2.0)… submitted
set to be accepted
- Updating gatsby-plugin-manifest (from 2.2.0)… submitted
set to be accepted
- Updating gatsby-plugin-react-helmet (from 3.1.0)… submitted
set to be accepted
- Updating gatsby-plugin-sass (from 2.1.0)… submitted
set to be accepted
- Updating gatsby-plugin-sharp (from 2.2.1)… submitted
set to be accepted
- Updating gatsby-plugin-typescript (from 2.1.0)… submitted
set to be accepted
- Updating gatsby-plugin-typography (from 2.3.0)… submitted
set to be accepted
- Updating gatsby-source-filesystem (from 2.1.1)… submitted
set to be accepted
- Updating gatsby-transformer-sharp (from 2.2.0)… submitted
set to be accepted
- Updating react (from 16.8.6)… submitted
set to be accepted
- Updating react-bootstrap (from 1.0.0-beta.9)…/builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:54:in `validate': Server responded with code 405, message: 405 Method Not Allowed. Request URI: https://gitlab.com/api/v4/projects/slewsystems%2Fpublic%2Dwebsite/merge_requests/300/merge (Gitlab::Error::MethodNotAllowed)
from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/client/merge_requests.rb:121:in `accept_merge_request'
from ./update.rb:176:in `block in <main>'
from ./update.rb:89:in `each'
from ./update.rb:89:in `<main>'
submitted
ERROR: Job failed: exit code 1
You'll notice the last package ends up failing with a Gitlab::Error::MethodNotAllowed
error. I believe this is due to the fact that that MR has merge conflicts that prevent it from being auto-merged. This seems to happen when other dependabot MRs are opened and then merged before others. Merge conflicts occur in the package.json and yarn.lock files.
In short here is the sequence of events that I think cause this issue:
I'm not exactly sure what the solution is here sadly. I haven't done much research but maybe #82 might come into play here to help? I think in the very least the script should handle this error gracefully and continue to open MRs for the rest of dependencies. Maybe at the end we loop back to any error'd out MRs and rebase them and try again?
"jest": "^25.5.4"
PACKAGE_MANAGER_SET = npm
I'm not familiar with dependabot and I couldn't find anything about how to handle allowed updates for kira-dependencies. It is important for me that there are no merge requests for major releases as they may require code changes due to breaking changes.
Hello
is there any way to update only main dependencies but not dev dependencies?
often dev packages are being updated continously and i am afraid of bumping their versions as they may break things.
ex: gulp, webpack related packages in package.json
thanks.
DEPENDABOT_GITLAB_APPROVE_MERGE
and DEPENDABOT_GITLAB_AUTO_MERGE
do not work anymore after #171. They use the now undefined variable g
:
Line 215 in 207a506
Lines 222 to 227 in 207a506
Further, Gitlab requires that you re-apply the auto-merge setting after updating a MR. Currently, the code will not do this, as pull_request
is not set in the rebase case.
Hello,
Lately I am seeing my jobs taking lot of time, upon noticing...i see that a package whose version not updated (after a PR is made already with latest version), it is still over-writing that existing MR.
lets say, my package.json has 50 deps and 20 deps have updates and MRs were created for them already.
everyday i run gitlab CI for it and everyday it is updating all those 20 MRs eventhough they are already created.
is there any way to stop it?
thanks
Many thanks for this script 👍 !
I have a lerna monorepo and the MRs do not always include updates for the package.json
files. The dependencies seems to be tracked correctly and the package-lock.json
files are always updated.
For example:
Here only one package.json
got updated, although both packages have exactly the same version. The other was not updated.
For other dependencies I get only updates on the package-lock.json
only.
For some other dependency everything got updated correctly.
Any ideas? Should I report this upstream?
Is there any option to run multiple projects in single CI
Any play around in DEPENDABOT_PROJECT_PATH
First off, Dependabot for Gitlab is awesome! However over time it seems it does not auto-close existing PRs that are no longer applicable. See example below:
I would expect older PRs to upgrade the dependency to be closed as new ones are made. I believe this is the behavior of Dependabot for GitHub. I am not sure if this repo is the one that manages that behavior however.
I am using latest kira-dependencies on a onpremise gitlab 15.1.
The npm_and_yarn job fails due to timeout when it update an existing merge request.
When I look in gitlab access log, there is
168.119.xxx.xxx - - [11/Aug/2022:06:43:21 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:21 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:21 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:22 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:22 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:22 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:22 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:22 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
168.119.xxx.xxx - - [11/Aug/2022:06:43:22 +0000] "GET /api/v4/projects/myCompany%2FmyProject/merge_requests?state=opened&search=%22Bump%20babylonjs%22&in=title&with_merge_status_recheck=true HTTP/1.1" 200 3457 "" "Gitlab Ruby Gem 4.19.0" 6.93
Thus, I think that there should be an issue with the break condition at https://github.com/wemake-services/kira-dependencies/blob/master/update.rb#L175
Hello,
when i use composer check, it is throwing error like below
Parsing dependencies information
- Updating laravel/framework (from 5.7.21)…/builds/lorvent/kira-dependencies/vendor/ruby/2.6.0/gems/octokit-4.14.0/lib/octokit/response/raise_error.rb:16:in `on_complete': GET https://api.github.com/repos/laravel/framework/contents/: 403 - API rate limit exceeded for xxx.xxx.xxx.xxx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) // See: https://developer.github.com/v3/#rate-limiting (Octokit::TooManyRequests)
from /builds/lorvent/kira-dependencies/vendor/ruby/2.6.0/gems/faraday-0.15.4/lib/faraday/response.rb:9:in `block in call'
from /builds/lorvent/kira-dependencies/vendor/ruby/2.6.0/gems/faraday-0.15.4/lib/faraday/response.rb:61:in `on_complete'
from /builds/lorvent/kira-dependencies/vendor/ruby/2.6.0/gems/faraday-0.15.4/lib/faraday/response.rb:8:in `call'
...
any help is appreciated.
I am unsure on how to authenticate with the Docker Registry.
$ bundle install -j $(nproc) --path vendor
[DEPRECATED] The `--path` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set --local path 'vendor'`, and stop using this flag
Your Ruby version is 2.7.5, but your Gemfile specified 2.7.1
I think the version of ruby should be pinned (and upgraded) to avoid this kind issue.
I'm not familiar with Ruby and won't be able to fix it in the next days, will see if I can do it next year if it's not fixed before.
PS: if it can help, one of my coworker has already fixed a similar issue: 72b9df8
Hello.
dependabot can read from private mvn repo (we use artifactory).
We try configure by DEPENDABOT_EXTRA_CREDENTIALS parameter
like
[{"type":"mvn","username":"xxxx","password":"xxxxxx","registry":"xxxxxxx"}]
and
[{"type":"mvn","token":"xxxxx","registry":"xxxx"}]
But without results
Error in console
dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker/version_finder.rb:62:in versions': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): https://xxxx.xxx.xxxx/artifactory/xxxxxxx-release (Dependabot::PrivateSourceAuthenticationFailure) from /home/gitlab-runner/builds/xxxxxx/0/xxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker/version_finder.rb:27:in
latest_version_details'
from /home/gitlab-runner/builds/xxxxxx/0/xxxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker.rb:105:in latest_version_details' from /home/gitlab-runner/builds/xxxxx/0/xxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker.rb:15:in
latest_version'
from /home/gitlab-runner/builds/xxxxxx/0/xxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-common-0.108.25/lib/dependabot/update_checkers/base.rb:198:in numeric_version_up_to_date?' from /home/gitlab-runner/builds/xxxx/0/x/dependxxxxencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker.rb:89:in
numeric_version_up_to_date?'
from /home/gitlab-runner/builds/xxxxx/0/x/dependxxxencies-bot/vendor/ruby/2.6.0/gems/dependabot-common-0.108.25/lib/dependabot/update_checkers/base.rb:155:in version_up_to_date?' from /home/gitlab-runner/builds/xxxx/0/xxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-common-0.108.25/lib/dependabot/update_checkers/base.rb:27:in
up_to_date?'
from ./update.rb:102:in block in <main>' from ./update.rb:91:in
each'
from ./update.rb:91:in `
Token and login/password worked (testing by curl)
Can we use kira for resolve dependency with private maven repo (artifactory)?
There seems to have been a regression introduced in #133 after upgrading the gitlab gem. Since that PR has been merged I've been having my kira-dependencies CI jobs fail in gitlab with the following issue:
/builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:54:in `validate': Server responded with code 400, message: assignee_ids is invalid. Request URI: https://gitlab.com/api/v4/projects/slewsystems%2Fpi67%2Fpi67%2Dwebserver/merge_requests (Gitlab::Error::BadRequest)
127 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
128 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.12.0/lib/gitlab/client/merge_requests.rb:89:in `create_merge_request'
129 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/clients/gitlab_with_retries.rb:67:in `public_send'
130 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/clients/gitlab_with_retries.rb:67:in `block in method_missing'
131 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/clients/gitlab_with_retries.rb:82:in `retry_connection_failures'
132 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/clients/gitlab_with_retries.rb:64:in `method_missing'
133 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/pull_request_creator/gitlab.rb:136:in `create_merge_request'
134 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/pull_request_creator/gitlab.rb:45:in `create'
135 from /builds/slewsystems/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.114.1/lib/dependabot/pull_request_creator.rb:74:in `create'
136 from ./update.rb:165:in `block in <main>'
137 from ./update.rb:92:in `each'
138 from ./update.rb:92:in `<main>'
The Gitlab gem was changed from version 4.9 to 4.12.
I am using the following env vars:
DEPENDABOT_GITLAB_AUTO_MERGE=true
DEPENDABOT_PROJECT_PATH=slewsystems/pi67/pi67-webserver
PACKAGE_MANAGER_SET=npm
KIRA_GITHUB_PERSONAL_TOKEN=...
(omitting)KIRA_GITLAB_PERSONAL_TOKEN=...
(omitting)Version 4.17.0 of octokit was yanked from rubygems so all new installs fail with the following error:
Your bundle is locked to octokit (4.17.0), but that version could not be found in any of the sources listed in your Gemfile. If you haven't changed sources, that means the author of octokit (4.17.0) has removed it. You'll need to update your bundle to a version other than octokit (4.17.0) that hasn't been removed in order to install.
See octokit release tag: https://github.com/octokit/octokit.rb/releases/tag/v4.17.0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.