search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.7k stars 1.02k forks source link

.NET project path resolution fails when `$(MSBuildThisFileDirectory)` is used in a `<ProjectReference>` #10306

Open rdipardo opened 3 months ago

rdipardo commented 3 months ago

Is there an existing issue for this?

Package ecosystem

nuget

Package manager version

ghcr.io/dependabot/dependabot-updater-nuget:65e4d27bfa9606e9e17db230f46e4d7c6a92d206

Language version

net8.0

Manifest location and content before the Dependabot update

/src/Hello.World/Hello.World.csproj 

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Library</OutputType>
    <TargetFrameworks>net48;net481;net8.0</TargetFrameworks>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Figgle" Version="0.4.3" />
  </ItemGroup>

</Project>

[source]

/test/Hello.World.Tests/Hello.World.Tests.csproj

(consumes Hello.World.csproj)

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>

    <IsPackable>false</IsPackable>
    <IsTestProject>true</IsTestProject>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="coverlet.collector" Version="6.0.0" />
    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
    <PackageReference Include="xunit" Version="2.5.3" />
    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3" />
  </ItemGroup>

  <ItemGroup>
    <ProjectReference Include="$(MSBuildThisFileDirectory)..\..\src\Hello.World\Hello.World.csproj"/>
  </ItemGroup>

  <ItemGroup>
    <Using Include="Xunit" />
    <Using Include="Hello.World" />
  </ItemGroup>

</Project>

[source]

Outdated ### Repo 1 [`/test/Memory/Memory.csproj`](https://github.com/npp-dotnet/Npp.DotNet.Plugin/blob/9c7990ee582e288121502856554d11d5eb4492f1/test/Memory/Memory.csproj) [`/examples/minimal/Npp.DotNet.Plugin.Demo.csproj`](https://github.com/npp-dotnet/Npp.DotNet.Plugin/blob/9c7990ee582e288121502856554d11d5eb4492f1/examples/minimal/Npp.DotNet.Plugin.Demo.csproj) ### Repo 2 [`/src/Fornax.Seo/Fornax.Seo.fsproj`](https://github.com/rdipardo/Fornax.Seo/blob/eee9263cb56dafcb647a7db6b502c2c947f8c296/src/Fornax.Seo/Fornax.Seo.fsproj) [`/example/Fornax.Seo.Example/Fornax.Seo.Example.fsproj`](https://github.com/rdipardo/Fornax.Seo/blob/eee9263cb56dafcb647a7db6b502c2c947f8c296/example/Fornax.Seo.Example/Fornax.Seo.Example.fsproj) [`/test/Fornax.Seo.Tests/Fornax.Seo.Tests.fsproj`](https://github.com/rdipardo/Fornax.Seo/blob/eee9263cb56dafcb647a7db6b502c2c947f8c296/test/Fornax.Seo.Tests/Fornax.Seo.Tests.fsproj)

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "nuget"
    directories:
      - "/src/Hello.World"
      - "/test/Hello.World.Tests"
    schedule:
      interval: "daily"
    groups:
      nuget-packages:
        patterns:
          - "*"
Outdated ### Repo 1 https://github.com/npp-dotnet/Npp.DotNet.Plugin/blob/main/.github/dependabot.yml ### Repo 2 https://github.com/rdipardo/Fornax.Seo/blob/main/.github/dependabot.yml

Updated dependency

multiple

What you expected to see, versus what you actually saw

Expected a green-lit update check to appear in the Actions log.

Instead see a red-lit failed job with the following error summary:

[...]
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+--------------------+
|       Errors       |
+--------------------+
| update_files_error |
+--------------------+
[...]
Outdated I expected PRs to be opened with updated package manifests showing the build result of the CI workflows triggered by the `pull_request` event. Instead the container aborts the update and logs a failed build under the __Actions__ tab with a title like "nuget in *etc.* - Update #861824051". The failed jobs have their own workflow group ("Dependabot Updates"), but there's no link to a YAML config that I can find. It's been happening on schedule since about 07-22-2024 in two .NET repos, both public, one using the [multi-directory key](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories), and the other monitoring directories individually (i.e. no multi-directory key). It looks like the older per-directory config is still working, sometimes, i.e., compare the log of the successful job "Bump NUnit3TestAdapter *etc.*" with the 3 failed jobs from the same day: (*Note: all updates are against the "next" branch, but the active `dependabot.yml` is currently on [the main branch](https://github.com/rdipardo/Fornax.Seo/blob/edc3e23287962ed18f72d27e458eedbc5bbd3ef3/.github/dependabot.yml)*).

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

3. Run Dependabot (log) 

2024-08-21T23:10:37.6186690Z ##[group]Run github/dependabot-action@main
2024-08-21T23:10:37.6187258Z env:
2024-08-21T23:10:37.6187752Z   DEPENDABOT_DISABLE_CLEANUP: 1
2024-08-21T23:10:37.6188389Z   DEPENDABOT_ENABLE_CONNECTIVITY_CHECK: 0
2024-08-21T23:10:37.6189232Z   GITHUB_TOKEN: ***
2024-08-21T23:10:37.6189934Z   GITHUB_DEPENDABOT_JOB_TOKEN: ***
2024-08-21T23:10:37.6190638Z   GITHUB_DEPENDABOT_CRED_TOKEN: ***
2024-08-21T23:10:37.6191151Z ##[endgroup]
2024-08-21T23:10:37.8496667Z 🤖 ~ starting update ~
2024-08-21T23:10:37.8529230Z Fetching job details
2024-08-21T23:10:38.3808251Z ##[group]Pulling updater images
2024-08-21T23:10:38.3857823Z Pulling image ghcr.io/dependabot/dependabot-updater-nuget:65e4d27bfa9606e9e17db230f46e4d7c6a92d206...
2024-08-21T23:11:07.4235235Z Pulled image ghcr.io/dependabot/dependabot-updater-nuget:65e4d27bfa9606e9e17db230f46e4d7c6a92d206
2024-08-21T23:11:07.4246834Z Pulling image ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20240820230105@sha256:469464e23959efa9834eff32e38a88bb1dec0e6fec6dd42b7a0ead63705e25bc...
2024-08-21T23:11:08.6876389Z Pulled image ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20240820230105@sha256:469464e23959efa9834eff32e38a88bb1dec0e6fec6dd42b7a0ead63705e25bc
2024-08-21T23:11:08.6879436Z ##[endgroup]
2024-08-21T23:11:08.6880014Z Starting update process
2024-08-21T23:11:08.9820727Z Created proxy container: 5326fbc8f25159e11204930dd44e38a8ac1c616a44e2768c831adb5f6174b130
2024-08-21T23:11:09.4580119Z Created container: 6196e0eda2a99f6946607ac49d72d585f830a8549a3741ad7f108c59f745c99c
2024-08-21T23:11:09.4664688Z   proxy | 2024/08/21 23:11:09 proxy starting, commit: a63bd741650ceddfa5f4c6f7b3caa5de976adf4a
2024-08-21T23:11:09.4672219Z   proxy | 2024/08/21 23:11:09 Listening (:1080)
2024-08-21T23:11:10.0043176Z updater | Updating certificates in /etc/ssl/certs...
2024-08-21T23:11:12.0033236Z updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
2024-08-21T23:11:12.2421210Z updater | 1 added, 0 removed; done.
2024-08-21T23:11:12.2422446Z Running hooks in /etc/ca-certificates/update.d...
2024-08-21T23:11:12.2720470Z updater | done.
2024-08-21T23:11:15.5620139Z updater | 2024/08/21 23:11:15 INFO <job_872466478> Starting job processing
2024-08-21T23:11:15.5631141Z 2024/08/21 23:11:15 INFO <job_872466478> Job definition: {"job":{"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"commit-message-options":{"prefix":null,"prefix-development":null,"include-scope":null},"credentials-metadata":[{"type":"git_source","host":"github.com"}],"debug":null,"dependencies":["coverlet.collector","Microsoft.NET.Test.Sdk","xunit","xunit.runner.visualstudio"],"dependency-groups":[{"name":"nuget-packages","rules":{"patterns":["*"]}}],"dependency-group-to-refresh":"nuget-packages","existing-pull-requests":[],"existing-group-pull-requests":[{"dependency-group-name":"nuget-packages","dependencies":[{"dependency-name":"coverlet.collector","dependency-version":"6.0.2","directory":"/test/Hello.World.Tests"},{"dependency-name":"Microsoft.NET.Test.Sdk","dependency-version":"17.11.0","directory":"/test/Hello.World.Tests"},{"dependency-name":"xunit","dependency-version":"2.9.0","directory":"/test/Hello.World.Tests"},{"dependency-name":"xunit.runner.visualstudio","dependency-version":"2.8.2","directory":"/test/Hello.World.Tests"}]}],"experiments":{"record-ecosystem-versions":true,"record-update-job-unknown-error":true,"proxy-cached":true,"move-job-token":true,"dependency-change-validation":true},"ignore-conditions":[],"lockfile-only":false,"max-updater-run-time":2700,"package-manager":"nuget","proxy-log-response-body-on-auth-failure":true,"requirements-update-strategy":null,"reject-external-code":false,"security-advisories":[],"security-updates-only":false,"source":{"provider":"github","repo":"npp-dotnet/dependabot-update-test-multi-dir","branch":null,"api-endpoint":"https://api.github.com/","hostname":"github.com","directories":["/test/Hello.World.Tests"]},"updating-a-pull-request":true,"update-subdependencies":false,"vendor-dependencies":false,"repo-private":false}}
2024-08-21T23:11:16.6058981Z   proxy | 2024/08/21 23:11:16 [002] GET https://github.com:443/npp-dotnet/dependabot-update-test-multi-dir/info/refs?service=git-upload-pack
2024-08-21T23:11:16.6061366Z   proxy | 2024/08/21 23:11:16 [002] * authenticating git server request (host: github.com)
2024-08-21T23:11:16.8487664Z   proxy | 2024/08/21 23:11:16 [002] 200 https://github.com:443/npp-dotnet/dependabot-update-test-multi-dir/info/refs?service=git-upload-pack
2024-08-21T23:11:16.8791896Z   proxy | 2024/08/21 23:11:16 [004] POST https://github.com:443/npp-dotnet/dependabot-update-test-multi-dir/git-upload-pack
2024-08-21T23:11:16.8793096Z 2024/08/21 23:11:16 [004] * authenticating git server request (host: github.com)
2024-08-21T23:11:16.9751852Z   proxy | 2024/08/21 23:11:16 [004] 200 https://github.com:443/npp-dotnet/dependabot-update-test-multi-dir/git-upload-pack
2024-08-21T23:11:17.0056611Z   proxy | 2024/08/21 23:11:17 [006] POST https://github.com:443/npp-dotnet/dependabot-update-test-multi-dir/git-upload-pack
2024-08-21T23:11:17.0058285Z 2024/08/21 23:11:17 [006] * authenticating git server request (host: github.com)
2024-08-21T23:11:17.1248184Z   proxy | 2024/08/21 23:11:17 [006] 200 https://github.com:443/npp-dotnet/dependabot-update-test-multi-dir/git-upload-pack
2024-08-21T23:11:17.3858598Z updater | 2024/08/21 23:11:17 INFO <job_872466478> Base commit SHA: 26af8b009cb308f35a20168059369a4ce89d8ce3
2024-08-21T23:11:17.3872494Z updater | 2024/08/21 23:11:17 INFO <job_872466478> Finished job processing
2024-08-21T23:11:19.8558635Z updater | 2024/08/21 23:11:19 INFO <job_872466478> Starting job processing
2024-08-21T23:11:19.9116332Z updater | running NuGet discovery:
2024-08-21T23:11:19.9118910Z /opt/nuget/NuGetUpdater/NuGetUpdater.Cli discover --repo-root /home/dependabot/dependabot-updater/repo --workspace /test/Hello.World.Tests --output /tmp/.dependabot/discovery.1.json --verbose
2024-08-21T23:11:20.7629944Z updater | 2024/08/21 23:11:20 ERROR <job_872466478> Temporarily removing `global.json` from `/home/dependabot/dependabot-updater/repo`.
2024-08-21T23:11:20.7632026Z Restoring `global.json` to `/home/dependabot/dependabot-updater/repo`.
2024-08-21T23:11:20.7633911Z Discovering build files in workspace [/home/dependabot/dependabot-updater/repo/test/Hello.World.Tests].
2024-08-21T23:11:20.7635711Z   No dotnet-tools.json file found.
2024-08-21T23:11:20.7636510Z   Discovered [../../global.json] file.
2024-08-21T23:11:20.7637511Z   Discovering projects beneath [test/Hello.World.Tests].
2024-08-21T23:11:20.7638375Z   No packages.config file found.
2024-08-21T23:11:20.7639592Z Unhandled exception: System.ArgumentException: ".." can be only added at the beginning of the pattern.
2024-08-21T23:11:20.7641599Z    at Microsoft.Extensions.FileSystemGlobbing.Internal.Patterns.PatternBuilder.Build(String pattern)
2024-08-21T23:11:20.7643397Z    at Microsoft.Extensions.FileSystemGlobbing.Matcher.AddInclude(String pattern)
2024-08-21T23:11:20.7645889Z    at NuGetUpdater.Core.MSBuildHelper.GetProjectPathsFromProject(String projFilePath)+MoveNext() in /opt/nuget/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs:line 120
2024-08-21T23:11:20.7648158Z    at System.Linq.Enumerable.SelectEnumerableIterator`2.ToArray()
2024-08-21T23:11:20.7649281Z    at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
2024-08-21T23:11:20.7650308Z    at System.Linq.OrderedEnumerable`1.ToArray()
2024-08-21T23:11:20.7651556Z    at System.Collections.Immutable.ImmutableArray.CreateRange[T](IEnumerable`1 items)
2024-08-21T23:11:20.7675883Z    at NuGetUpdater.Core.Discover.SdkProjectDiscovery.DiscoverAsync(String repoRootPath, String workspacePath, String projectPath, Logger logger) in /opt/nuget/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs:line 60
2024-08-21T23:11:20.7680056Z    at NuGetUpdater.Core.Discover.DiscoveryWorker.RunForProjectPathsAsync(String repoRootPath, String workspacePath, IEnumerable`1 projectPaths) in /opt/nuget/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs:line 281
2024-08-21T23:11:20.7684307Z    at NuGetUpdater.Core.Discover.DiscoveryWorker.RunForDirectoryAsnyc(String repoRootPath, String workspacePath) in /opt/nuget/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs:line 149
2024-08-21T23:11:20.7687895Z    at NuGetUpdater.Core.Discover.DiscoveryWorker.RunAsync(String repoRootPath, String workspacePath, String outputPath) in /opt/nuget/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs:line 69
2024-08-21T23:11:20.7691118Z    at NuGetUpdater.Cli.Commands.DiscoverCommand.<>c.<<GetCommand>b__4_0>d.MoveNext() in /opt/nuget/lib/NuGetUpdater/NuGetUpdater.Cli/Commands/DiscoverCommand.cs:line 30
2024-08-21T23:11:20.7693285Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7694706Z    at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext context)
2024-08-21T23:11:20.7696667Z    at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
2024-08-21T23:11:20.7698373Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7700097Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
2024-08-21T23:11:20.7701907Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7703305Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
2024-08-21T23:11:20.7704991Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7706632Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
2024-08-21T23:11:20.7709106Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7710704Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
2024-08-21T23:11:20.7712611Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7714071Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
2024-08-21T23:11:20.7716071Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7717713Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
2024-08-21T23:11:20.7719683Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7721238Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
2024-08-21T23:11:20.7722800Z --- End of stack trace from previous location ---
2024-08-21T23:11:20.7724345Z    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()
2024-08-21T23:11:20.7726557Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/common/lib/dependabot/shared_helpers.rb:458:in `run_shell_command'
2024-08-21T23:11:20.7729522Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7733179Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7736778Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7739840Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/nuget/lib/dependabot/nuget/native_helpers.rb:108:in `block in run_nuget_discover_tool'
2024-08-21T23:11:20.7742444Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/nuget/lib/dependabot/nuget/nuget_config_credential_helpers.rb:70:in `patch_nuget_config_for_action'
2024-08-21T23:11:20.7745717Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7749829Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7753358Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7756063Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/nuget/lib/dependabot/nuget/native_helpers.rb:107:in `run_nuget_discover_tool'
2024-08-21T23:11:20.7759246Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7762799Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7766460Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7769125Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/nuget/lib/dependabot/nuget/file_parser.rb:37:in `parse'
2024-08-21T23:11:20.7772060Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7775365Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7778731Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7782008Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/dependency_snapshot.rb:219:in `parse_files!'
2024-08-21T23:11:20.7784877Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7788355Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7791857Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7794780Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/dependency_snapshot.rb:179:in `block in initialize'
2024-08-21T23:11:20.7797217Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/dependency_snapshot.rb:177:in `each'
2024-08-21T23:11:20.7799489Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/dependency_snapshot.rb:177:in `initialize'
2024-08-21T23:11:20.7802274Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7805767Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7809300Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7812667Z updater | 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/dependency_snapshot.rb:36:in `new'
2024-08-21T23:11:20.7815464Z updater | 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/dependency_snapshot.rb:36:in `create_from_job_definition'
2024-08-21T23:11:20.7818700Z updater | 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024-08-21T23:11:20.7822421Z updater | 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024-08-21T23:11:20.7826008Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024-08-21T23:11:20.7829189Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:22:in `block in perform_job'
2024-08-21T23:11:20.7832262Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `block in in_span'
2024-08-21T23:11:20.7835438Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `block in with_span'
2024-08-21T23:11:20.7838524Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/context.rb:87:in `with_value'
2024-08-21T23:11:20.7841618Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `with_span'
2024-08-21T23:11:20.7844618Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `in_span'
2024-08-21T23:11:20.7847725Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:18:in `perform_job'
2024-08-21T23:11:20.7849984Z 2024/08/21 23:11:20 ERROR <job_872466478> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in `run'
2024-08-21T23:11:20.7851504Z 2024/08/21 23:11:20 ERROR <job_872466478> bin/update_files.rb:46:in `<main>'
2024-08-21T23:11:20.8791024Z   proxy | 2024/08/21 23:11:20 [008] POST /update_jobs/872466478/record_update_job_unknown_error
2024-08-21T23:11:21.1449288Z   proxy | 2024/08/21 23:11:21 [008] 204 /update_jobs/872466478/record_update_job_unknown_error
2024-08-21T23:11:21.1550754Z   proxy | 2024/08/21 23:11:21 [010] POST /update_jobs/872466478/record_update_job_error
2024-08-21T23:11:21.2594205Z   proxy | 2024/08/21 23:11:21 [010] 204 /update_jobs/872466478/record_update_job_error
2024-08-21T23:11:21.2710610Z   proxy | 2024/08/21 23:11:21 [012] POST /update_jobs/872466478/record_update_job_unknown_error
2024-08-21T23:11:21.4030764Z   proxy | 2024/08/21 23:11:21 [012] 204 /update_jobs/872466478/record_update_job_unknown_error
2024-08-21T23:11:21.4513656Z   proxy | 2024/08/21 23:11:21 [014] PATCH /update_jobs/872466478/mark_as_processed
2024-08-21T23:11:21.5853096Z   proxy | 2024/08/21 23:11:21 [014] 204 /update_jobs/872466478/mark_as_processed
2024-08-21T23:11:21.5859998Z updater | 2024/08/21 23:11:21 INFO <job_872466478> Finished job processing
2024-08-21T23:11:21.5875634Z updater | 2024/08/21 23:11:21 INFO Results:
2024-08-21T23:11:21.5876941Z Dependabot encountered '1' error(s) during execution, please check the logs for more details.
2024-08-21T23:11:21.5877905Z +--------------------+
2024-08-21T23:11:21.5878287Z |       Errors       |
2024-08-21T23:11:21.5878728Z +--------------------+
2024-08-21T23:11:21.5879126Z | update_files_error |
2024-08-21T23:11:21.5879565Z +--------------------+
2024-08-21T23:11:21.7590122Z Failure running container 6196e0eda2a99f6946607ac49d72d585f830a8549a3741ad7f108c59f745c99c
2024-08-21T23:11:21.7655315Z Cleaned up container 6196e0eda2a99f6946607ac49d72d585f830a8549a3741ad7f108c59f745c99c
2024-08-21T23:11:21.7755142Z   proxy | 2024/08/21 23:11:21 0/7 calls cached (0%)
2024-08-21T23:11:21.7756258Z   proxy | 2024/08/21 23:11:21 Posting metrics to remote API endpoint
2024-08-21T23:11:22.8150554Z ##[error]Dependabot encountered an error performing the update

Error: The updater encountered one or more errors.

For more information see: https://github.com/npp-dotnet/dependabot-update-test-multi-dir/network/updates/872466478 (write access to the repository is required to view the log)
2024-08-21T23:11:22.8159377Z 🤖 ~ finished: error reported to Dependabot ~

Complete logs: https://github.com/npp-dotnet/dependabot-update-test-multi-dir/actions/runs/10498841353/job/29084527439#step:3:1

Outdated ### Repo 1 https://github.com/npp-dotnet/Npp.DotNet.Plugin/actions/runs/10145989896/job/28053007647#step:3:1 The issue here seems to be the location of `global.json` in a parent directory; the [root exception message](https://github.com/npp-dotnet/Npp.DotNet.Plugin/actions/runs/10145989896/job/28053007647#step:3:50) is: `Unhandled exception: System.ArgumentException: ".." can be only added at the beginning of the pattern.` ### Repo 2 https://github.com/rdipardo/Fornax.Seo/actions/runs/10139219949/job/28032161119#step:3:1 https://github.com/rdipardo/Fornax.Seo/actions/runs/10139216173/job/28032151106#step:3:1 https://github.com/rdipardo/Fornax.Seo/actions/runs/10139096478/job/28031838994#step:3:1 No idea what the logs are indicating here, but it seems the updater is trying to update the tools packages in `/.config/dotnet-tools.json`, instead of the .NET project files (???) --- *Note: logs from 07-22 and earlier were deleted by me, thinking it was a spam PR from some kind of malicious bot*

Smallest manifest that reproduces the issue

<Project Sdk="Microsoft.NET.Sdk">
<!-- [snip] -->

  <ItemGroup>
    <ProjectReference Include="$(MSBuildThisFileDirectory)..\Some.Project.csproj"/>
  </ItemGroup>

<!-- [snip] -->
</Project>
brettfo commented 3 months ago

Note for future me: after a quick look it appears that the issue is the job starting in a subdirectory (examples/minimal in this case) and the temporary juggling of the global.json file two directories up is causing an issue.

rdipardo commented 3 months ago

Some minimal examples trying to isolate the cause. Hopefully someone will fork 'em and test out any conditions I overlooked (e.g., they don't have *.sln files or any Directory.Build.props like the full-sized repos do).

Multiple projects in nested directories, multi-directory updates, relative path to global.json from each project dir is ../..

https://github.com/npp-dotnet/dependabot-update-test-multi-dir/actions

Single project in a flat source tree, single path updates

https://github.com/npp-dotnet/dependabot-update-test/actions

Both have "Dependabot on Actions runners" enabled as per the default.

Both currently updating with no issue ¯\(ツ)

Update

The originally reported "Repo 2" has straightened itself out:

https://github.com/rdipardo/Fornax.Seo/actions

This leads me to suspect the problem was always with project references. No issues after adding some more ignore ignore keys to dependabot.yml to avoid circular dependencies

"Repo 1" still has problems:

https://github.com/npp-dotnet/Npp.DotNet.Plugin/actions

brettfo commented 2 months ago

The exception is coming from the function GetProjectPathsFromProject which makes me think there might be an issue with the following section:

...
<ProjectReference Include="$(MSBuildThisFileDirectory)../../lib/Npp.DotNet.Plugin.csproj">
...

That's perfectly valid MSBuild, but the dependency analyzer might be choking on that. I'll explore a bit.

rdipardo commented 2 months ago

The exception is coming from the function GetProjectPathsFromProject which makes me think there might be an issue with the following section:

...
<ProjectReference Include="$(MSBuildThisFileDirectory)../../lib/Npp.DotNet.Plugin.csproj">
...

Bingo: https://github.com/npp-dotnet/dependabot-update-test-multi-dir/actions/runs/10498841353/job/29084527439

rdipardo commented 2 months ago

The exception is coming from the function GetProjectPathsFromProject ...

Bingo ...

Precisely here, by the looks of it:

https://github.com/dependabot/dependabot-core/blob/0edf2e59fefe6d47b9d04d8666a93d15018e4f24/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs#L119-L120

Minimal reproduction

// Issue10306.fsx
#r "nuget:Microsoft.Extensions.FileSystemGlobbing,8.0.0"

open Microsoft.Extensions.FileSystemGlobbing

let matcher = Matcher()

[| @"..\..\Project1.csproj"
   @$"{__SOURCE_DIRECTORY__}\..\..\Project2.csproj" |]
|> Array.iter
    (fun path ->
        let normalizedUnixPath = path.Replace("\\", "/")
        printfn $"Adding path: \"{normalizedUnixPath}\""
        matcher.AddInclude(normalizedUnixPath) |> ignore
        printfn "O.K.")
$ dotnet fsi /langversion:latest Issue10306.fsx
Adding path: "../../Project1.csproj"
O.K.
Adding path: "C:/Users/Rob/dev/../../Project2.csproj"
System.ArgumentException: ".." can be only added at the beginning of the pattern.
   at Microsoft.Extensions.FileSystemGlobbing.Internal.Patterns.PatternBuilder.Build(String pattern)
   at Microsoft.Extensions.FileSystemGlobbing.Matcher.AddInclude(String pattern)
   at FSI_0002.staticInitialization@() in C:\Users\Rob\dev\Issue10306.fsx:line 15
   at <StartupCode$FSI_0002>.$FSI_0002.main@()
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor)
   at System.Reflection.MethodBaseInvoker.InvokeWithNoArgs(Object obj, BindingFlags invokeAttr)
Stopped due to error
brettfo commented 1 month ago

I'm currently working on some changes to actually invoke MSBuild to do the full file detection, which should fix this issue. It's a larger work item, so I don't have an ETA but the work is underway.