search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.69k stars 1.01k forks source link

Got `unknown_error` when update new version for poetry #10468

Open anhquan075 opened 2 months ago

anhquan075 commented 2 months ago

Is there an existing issue for this?

Package ecosystem

pip

Package manager version

24.0

Language version

Python 3.11

Manifest location and content before the Dependabot update

[tool.poetry]
name = "test"
version = "0.1.0"
description = "test Repo"
readme = "README.md"
include = ["VERSION", "README.md"]

[tool.poetry.dependencies]
python = ">=3.11,<3.13"
fastapi = "^0.109.0"
uvicorn = "^0.25.0"
sqlalchemy = {extras = ["asyncio"], version = "^2.0.30"}
alembic = "^1.13.1"
pydantic-settings = "^2.1.0"
sentry-sdk = "^2.8.0"
aiokafka = "^0.10.0"
redis = "^5.0.1"
celery = "^5.3.6"
pgvector = "^0.2.4"
asyncpg = "^0.29.0"
greenlet = "^3.0.3"
sentence-transformers = "^2.2.2"
certifi = "^2024.07.04"
pandas = "^2.1.4"
click = "^8.1.7"
rich = "^13.7.0"
asgi-correlation-id = "^4.3.0"
structlog = "^24.1.0"
boto3 = "^1.34.29"
torch = [
    { version = "^2.2.0", source = "pypi", platform = "darwin" },
    { version = "^2.2.0+cpu", source = "pytorch-cpu", platform = "linux" },
]
faiss-cpu = "^1.7.4"
simsimd = "=3.7.7"
coredis = "^4.16.0"
pydantic-core = "^2.16.3"
openai = "^1.14.1"
langchain-openai = "^0.1.8"
pyinstrument = "^4.6.2"
pillow = "^10.3.0"
langchain-core = "^0.2.9"
langchain = "^0.2.5"
ddtrace = "^2.8.0"
more-itertools = "^10.2.0"
python-dateutil = "^2.9.0.post0"
psycopg2-binary = "^2.9.9"
numpy = "1.26"
langchain-community = "^0.2.6"
locust = "^2.29.1"
bentoml = "^1.2.19"
html2text = "^2024.2.26"

[tool.poetry.group.dev.dependencies]
ruff = "^0.3.5"
mypy = "^1.8.0"
pytest = "^8.0.0"
pre-commit = "^3.6.1"
pytest-asyncio = "^0.23.5"
pytest-cov = "^4.1.0"
pytest-env = "^1.1.3"
httpx = "^0.26.0"

[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"

[[tool.poetry.source]]
name = "pytorch-cpu"
url = "https://download.pytorch.org/whl/cpu"
priority = "explicit"

[tool.mypy]
python_version = "3.11"
warn_return_any = false
warn_unused_configs = true
exclude = [
    "alembic",
    "scripts",
    "tests",
]
ignore_missing_imports = true

[tool.pytest.ini_options]
minversion = "7.2"
log_level = "ERROR"
addopts = """
    -ra
    --cov=app
    --cov-fail-under=80
    --cov-report term-missing:skip-covered
    --cov-report xml
    --durations=10
    --durations-min=1
    --maxfail=5
    --verbose
"""
# enable async mode
asyncio_mode = "auto"
# ignore DeprecationWarning
filterwarnings = "ignore::DeprecationWarning"
testpaths = ["tests"]
python_files = "test_*.py"
junit_duration_report = "call"
# set environment for testing
env = [
    "TESTING=true",
    "KAFKA__BROKERS_TLS=testkafka",
    "OPENAI_API_KEY=testkey",
]

[tool.coverage.run]
branch = true
concurrency = [
    "greenlet",
    "thread",
]
omit = [
    "alembic/*",
    "tests/*",
    "commands/*",
    "scripts/*",
    "backfill/*",
    "app/config/*",
    "app/cronjobs/*",
    "app/main.py",
    "app/consumer.py",
    "app/worker.py",
    "app/db/session.py",
    "app/db/unit_of_work.py",
    "app/services/sentry.py",
    "app/tasks/*",
    "app/utils/logging.py",
    "app/utils/sentry.py",
    "app/utils/trace.py",
    "app/utils/profiling.py",
    "app/tasks/update_jd_tasks.py",
]
source = ["app"]
relative_files = true

[tool.coverage.report]
# Regexes for lines to exclude from consideration
exclude_also = [
    # Don't complain if tests don't hit defensive assertion code:
    "raise AssertionError",
    "raise NotImplementedError",

    # Don't complain if non-runnable code isn't run:
    "if __name__ == .__main__.:",
    "if TYPE_CHECKING:",

    # Don't complain about abstract methods, they aren't run:
    "@(abc\\.)?abstractmethod",
]
ignore_errors = true

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: daily
      time: "14:45"
      timezone: Asia/Ho_Chi_Minh
    reviewers:
      - anhquan075
    target-branch: main
    labels: [Dependencies]

Updated dependency

No response

What you expected to see, versus what you actually saw

What I expected: The dependabot run update the poetry.lock successfully What I actually saw: I got the errors with the workflow: https://github.com/anhquan075/test-dependabot/network/updates/871674920

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

noamkush commented 2 weeks ago

I ran into a similar issue, in my case it was the poetry bug python-poetry/poetry#9505 with the yanked types-pkg-resources. So the workaround was to remove it as an indirect dependency (through types-all). Try to check for yanked packages, this might not be a dependabot bug.