Dependabot, Multi-repo, AzureDevOps

[CodeMalasartes]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

AzureDevOps

Package manager version

Terraform

Language version

Terraform

Manifest location and content before the Dependabot update

I’m using Dependabot to manage Terraform dependencies in my Azure DevOps pipeline, but I’m encountering the "Requirements to unlock update_not_possible" message for all my Terraform providers. Despite trying various configurations, Dependabot does not generate pull requests to update the dependencies.

dependabot.yml content

version: 2 updates:

• package-ecosystem: "terraform" directory: "/" schedule: interval: "weekly" ignore:
  • dependency-name: "some-unwanted-dependency" allow:
  • dependency-name: "akeyless-community/akeyless"
  • dependency-name: "azure/azapi"
  • dependency-name: "hashicorp/azurerm"
  • dependency-name: "hashicorp/tls"
  • dependency-name: "tchupp/env"

    - dependency-name: "truth::azure::hugoboss/TerraformModule/_git/hb_az_ministry_of_truth"

    commit-message: prefix: "terraform" labels:

  • "dependencies" open-pull-requests-limit: 5 reviewers:
  • "reviewer-github-username" versioning-strategy: "increase-if-necessary" insecure-external-code-execution: "allow" rebase-strategy: "auto" log-level: "debug"

Updated dependency

Found 7 dependency file(s) at commit d98b4bc2a4b172fd84a6770c6d6cd5e36dd7ac32

• /data.tf
• /inputs.tf
• /locals.tf
• /main.tf
• /outputs.tf
• /providers.tf
• /secret.tf Parsing dependencies information

  [debug]Agent environment resources - Disk: / Available 20340.00 MB out of 74244.00 MB, Memory: Used 771.00 MB out of 6921.00 MB, CPU: Usage 15.81%

  Found 6 dependencies

• akeyless-community/akeyless ()
• azure/azapi ()
• hashicorp/azurerm ()
• hashicorp/tls ()
• tchupp/env ()
• truth::azure::hugoboss/TerraformModule/_git/hb_az_ministry_of_truth::stable/v2 () 🌍 --> GET https://dev.azure.com/hugoboss/_apis/connectionData 🌍 <-- 200 https://dev.azure.com/hugoboss/_apis/connectionData 🌍 --> GET https://dev.azure.com/hugoboss/TerraformModule/_apis/git/repositories/hb_az_virtual_machine 🌍 <-- 200 https://dev.azure.com/hugoboss/TerraformModule/_apis/git/repositories/hb_az_virtual_machine 🌍 --> GET https://dev.azure.com/hugoboss/TerraformModule/_apis/git/repositories/hb_az_virtual_machine/pullrequests?api-version=7.1&searchCriteria.status=active&searchCriteria.creatorId=5205a1c5-6569-4b1f-a34f-27da7cadf742&searchCriteria.targetRefName=refs/heads/main 🌍 <-- 200 https://dev.azure.com/hugoboss/TerraformModule/_apis/git/repositories/hb_az_virtual_machine/pullrequests?api-version=7.1&searchCriteria.status=active&searchCriteria.creatorId=5205a1c5-6569-4b1f-a34f-27da7cadf742&searchCriteria.targetRefName=refs/heads/main Checking if akeyless-community/akeyless needs updating 🌍 --> GET https://registry.terraform.io/.well-known/terraform.json 🌍 <-- 200 https://registry.terraform.io/.well-known/terraform.json 🌍 --> GET https://registry.terraform.io/v1/providers/akeyless-community/akeyless/versions 🌍 <-- 200 https://registry.terraform.io/v1/providers/akeyless-community/akeyless/versions Requirements to unlock update_not_possible Requirements update strategy # Checking if azure/azapi needs updating

What you expected to see, versus what you actually saw

I was expecting a creation of a Pull Request for the updates of the dependencies

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[rhyskoedijk]

Hey @CodeMalasartes, looking at your log output, you're using the Dependabot Azure DevOps Extension. There are some known issues with the version of the update script you are using and it is possible that this issue is caused by the Azure DevOps implementation, not dependabot-core itself. Are you able to see if any of the below helps fix your issue:

1. Use the newer "vNext" update script in the DevOps extension; This is based on newer updater code from dependabot-core's updater project and should be more accurate when compared to the update script shown in your logs. You can enable the vNext script by ticking the "Use latest update script (vNext)" checkbox under "Advanced" in the task options, or using useUpdateScriptvNext: true if using YML pipelines.

2. Add dependency-type: all to your allowed dependencies in dependabot.yml. e.g.

   allow:
     - dependency-name: "akeyless-community/akeyless"
       dependency-type: all
     - dependency-name: "azure/azapi"
       dependency-type: all
     - dependency-name: "hashicorp/azurerm"
       dependency-type: all
     - dependency-name: "hashicorp/tls"
       dependency-type: all
     - dependency-name: "tchupp/env"
       dependency-type: all

   This shouldn't be required as "all" is the default based on official examples, but it is possible the Azure DevOps extension is not defaulting this to "all" so explicitly setting might help.

3. When using Terrform, the versioning-strategy option is not supported. I'm not sure if this would be causing any issues