CGA1123 / dependabot-lein-runner

Run Dependabot for Clojure (lein)
https://github.com/dependabot/dependabot-core/pull/2769
MIT License
7 stars 2 forks source link

functions in project.clj #23

Open etolbakov opened 3 years ago

etolbakov commented 3 years ago

Hello @CGA1123 Christian, Thank you very much for the project! It's really useful action!

I have the following issue: My "project.clj" has a function inside which causes the failure. Here are the logs that Run CGA1123/dependabot-lein-runner@main step produces

Fetching lein dependency files for etolbakov/dependant-bot-check-for-clojure
/home/app/dependabot-core/common/lib/dependabot/shared_helpers.rb:133:in `rescue in run_helper_subprocess': Dependabot::SharedHelpers::HelperSubprocessFailed
    from /home/app/dependabot-core/common/lib/dependabot/shared_helpers.rb:87:in `run_helper_subprocess'
    from /home/app/dependabot-core/lein/lib/dependabot/lein/file_fetcher.rb:34:in `generate_pom'
    from /home/app/dependabot-core/lein/lib/dependabot/lein/file_fetcher.rb:30:in `pom'
    from /home/app/dependabot-core/lein/lib/dependabot/lein/file_fetcher.rb:22:in `fetch_files'
    from /home/app/dependabot-core/common/lib/dependabot/file_fetchers/base.rb:64:in `files'
    from ./update.rb:52:in `<main>'
/usr/lib/ruby/2.6.0/json/common.rb:156:in `parse': 767: unexpected token at '' (JSON::ParserError)
    from /usr/lib/ruby/2.6.0/json/common.rb:156:in `parse'
    from /home/app/dependabot-core/common/lib/dependabot/shared_helpers.rb:123:in `run_helper_subprocess'
    from /home/app/dependabot-core/lein/lib/dependabot/lein/file_fetcher.rb:34:in `generate_pom'
    from /home/app/dependabot-core/lein/lib/dependabot/lein/file_fetcher.rb:30:in `pom'
    from /home/app/dependabot-core/lein/lib/dependabot/lein/file_fetcher.rb:22:in `fetch_files'
    from /home/app/dependabot-core/common/lib/dependabot/file_fetchers/base.rb:64:in `files'
    from ./update.rb:52:in `<main>'

The project.clj looks like:

(def test-pr-repo-version              "7.1.0")

(defn ver [] (-> "./resources/dependant-bot-check-for-clojure.version" slurp .trim))

(defproject dependant-bot-check-for-clojure #=(ver)
  :description "FIXME: write description"
  :url "http://example.com/FIXME"
  :license {:name "EPL-2.0 OR GPL-2.0-or-later WITH Classpath-exception-2.0"
            :url "https://www.eclipse.org/legal/epl-2.0/"}
  :scm {:name "git" :url "https://github.com/etolbakov/dependant-bot-check-for-clojure.git"}

  :repositories [["test-pr-repo" {:url "https://maven.pkg.github.com/etolbakov/test-pr-repo"
                                  :username :env/GH_PACKAGES_USR
                                  :password :env/GH_PACKAGES_PSW}]]

  :dependencies [[org.clojure/clojure "1.10.3"]
                 [metosin/jsonista                   "0.3.0"]
                 [org.clojure/data.csv               "1.0.0"]
                 [uk.co.hyde-housing/test-pr-repo    ~test-pr-repo-version]
                 [http-kit                           "2.5.3"]
                 ]
  :repl-options {:init-ns dependant-bot-check-for-clojure.core}
  :global-vars {*warn-on-reflection* true}
  :jvm-opts ["-server"])

I have a file dependant-bot-check-for-clojure.version that simply holds 0.1.0-SNAPSHOT "test-pr-repo" and "dependant-bot-check-for-clojure " are private repos in my account.

Please let me know if anything else is needed, happy to help with the fix as well.

Eugene

CGA1123 commented 2 years ago

Hey, sorry for the late reply.

This looks like there is likely an error being thrown when parsing the project.clj in clojure, causing the ruby side of things the blow-up as the output is not in the expected JSON format.

dependabot-lein shells out to a clojure program to parse dependencies, implemented here: https://github.com/CGA1123/dependabot-core/blob/leiningen/lein/helpers/src/helpers/core.clj

Will try to debug the given project.clj and see whether there is anything that can be updated to support it.

etolbakov commented 2 years ago

Thanks Christian for narrowing down the problem, I will also try to take a look

Regards, Eugene

CGA1123 commented 2 years ago

I've tested this out now, and can get the project.clj working correctly, assuming that the path ./resources/dependant-bot-check-for-clojure.version is resolvable.

Current working theory is that the working directory when invoking the update script is not the root of the repository, causing the slurp of ./resources/dependant-bot-check-for-clojure.version to fail and raise with something like:

Exception in thread "main" java.lang.Exception: Error loading java.io.BufferedReader@6aef4eb8
    at leiningen.core.project$read_raw$fn__1702.invoke(project.clj:1101)
    at leiningen.core.project$read_raw.invokeStatic(project.clj:1095)
    at leiningen.core.project$read_raw.invoke(project.clj:1091)
    at helpers.core$generate_pom.invokeStatic(core.clj:33)
    at helpers.core$generate_pom.invoke(core.clj:32)
    at helpers.core$_main.invokeStatic(core.clj:43)
    at helpers.core$_main.doInvoke(core.clj:37)
    at clojure.lang.RestFn.invoke(RestFn.java:397)
    at clojure.lang.AFn.applyToHelper(AFn.java:152)
    at clojure.lang.RestFn.applyTo(RestFn.java:132)
    at helpers.core.main(Unknown Source)
Caused by: Syntax error reading source at (5:52).
    at clojure.lang.Compiler.load(Compiler.java:7642)
    at clojure.lang.Compiler.load(Compiler.java:7582)
    at clojure.core$load_reader.invokeStatic(core.clj:4087)
    at clojure.core$load_reader.invoke(core.clj:4082)
    at leiningen.core.project$read_raw$fn__1702.invoke(project.clj:1098)
    ... 10 more
Caused by: java.io.FileNotFoundException: ./resources/dependant-bot-check-for-clojure.version (No such file or directory)
    at java.io.FileInputStream.open0(Native Method)
    at java.io.FileInputStream.open(FileInputStream.java:195)
    at java.io.FileInputStream.<init>(FileInputStream.java:138)
    at clojure.java.io$fn__11466.invokeStatic(io.clj:229)
    at clojure.java.io$fn__11466.invoke(io.clj:229)
    at clojure.java.io$fn__11379$G__11372__11386.invoke(io.clj:69)
    at clojure.java.io$fn__11478.invokeStatic(io.clj:258)
    at clojure.java.io$fn__11478.invoke(io.clj:254)
    at clojure.java.io$fn__11379$G__11372__11386.invoke(io.clj:69)
    at clojure.java.io$fn__11440.invokeStatic(io.clj:165)
    at clojure.java.io$fn__11440.invoke(io.clj:165)
    at clojure.java.io$fn__11392$G__11368__11399.invoke(io.clj:69)
    at clojure.java.io$reader.invokeStatic(io.clj:102)
    at clojure.java.io$reader.doInvoke(io.clj:86)
    at clojure.lang.RestFn.invoke(RestFn.java:410)
    at clojure.lang.AFn.applyToHelper(AFn.java:154)
    at clojure.lang.RestFn.applyTo(RestFn.java:132)
    at clojure.core$apply.invokeStatic(core.clj:667)
    at clojure.core$slurp.invokeStatic(core.clj:6942)
    at clojure.core$slurp.doInvoke(core.clj:6942)
    at clojure.lang.RestFn.invoke(RestFn.java:410)
    at leiningen.core.project$ver.invokeStatic(Unknown Source)
    at leiningen.core.project$ver.invoke(Unknown Source)
    at clojure.lang.AFn.applyToHelper(AFn.java:152)
    at clojure.lang.AFn.applyTo(AFn.java:144)
    at clojure.lang.Var.applyTo(Var.java:705)
    at clojure.lang.LispReader$EvalReader.invoke(LispReader.java:1327)
    at clojure.lang.LispReader$DispatchReader.invoke(LispReader.java:853)
    at clojure.lang.LispReader.read(LispReader.java:285)
    at clojure.lang.LispReader.readDelimitedList(LispReader.java:1398)
    at clojure.lang.LispReader$ListReader.invoke(LispReader.java:1243)
    at clojure.lang.LispReader.read(LispReader.java:285)
    at clojure.lang.LispReader.read(LispReader.java:216)
    at clojure.lang.Compiler.load(Compiler.java:7630)
    ... 14 more

@etolbakov could you confirm this is the issue? Maybe by attempting to run the action with an updated definition of ver like this:

(defn ver [] "0.1.0-SNAPSHOT")
etolbakov commented 2 years ago

Thanks for checking it Christian @CGA1123 , sorry, I should have done the check (defn ver [] "0.1.0-SNAPSHOT") initially. Yes, it works perfectly. However, if you use slurp function things start failing (I also tried to put a file in the root of the project but it didn't help. I've opened my dependant-bot-check-for-clojure repo just in case.