SHA1 Update Checker Fails With Error

[asummers]

Using GitHub Enterprise and also using the Hex package manager, (unsure if either are relevant for this). Using 0.107.6 but it was also failing on the 0.106 releases I was experimenting with yesterday in the same fashion.

When running the generic update script, it creates the PRs I would expect it to (I believe), but then the script fails with the following stacktrace.

Traceback (most recent call last):
    15: from generic-update-script.rb:116:in `<main>'
    14: from generic-update-script.rb:116:in `each'
    13: from generic-update-script.rb:133:in `block in <main>'
    12: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.6/lib/dependabot/update_checkers/base.rb:38:in `can_update?'
    11: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.6/lib/dependabot/update_checkers/base.rb:160:in `version_can_update?'
    10: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.6/lib/dependabot/update_checkers/base.rb:189:in `sha1_version_can_update?'
     9: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.6/lib/dependabot/update_checkers/base.rb:70:in `preferred_resolvable_version'
     8: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker.rb:30:in `latest_resolvable_version'
     7: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker.rb:79:in `latest_resolvable_version_for_git_dependency'
     6: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker.rb:136:in `latest_git_tag_is_resolvable?'
     5: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker/file_preparer.rb:29:in `prepared_dependency_files'
     4: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker/file_preparer.rb:29:in `map'
     3: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker/file_preparer.rb:32:in `block in prepared_dependency_files'
     2: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker/file_preparer.rb:61:in `mixfile_content_for_update_check'
     1: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/update_checker/file_preparer.rb:80:in `relax_version'
/usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.6/lib/dependabot/hex/file_updater/mixfile_requirement_updater.rb:24:in `updated_content': Expected content to change! (RuntimeError)

[greysteil]

Hmmm, can you share your mixfile and the dependency name being updated when the error occurs? You can email to support@dependabot.com and please redact anything sensitive.

[asummers]

It actually happens on just every project I have tried it on internally, but I will get sharing that information cleared and get back to you.

[greysteil]

I think this should be fixed in 0.107.9, but I'm not sure - can you give it a try?

[greysteil]

(The fix was very cowardly, so it might not catch every case.)

[asummers]

Seems to catch more of them, but it still fails with the same stack trace. It doesn't print diagnostic information about what dependency is failing, though, so I'm not sure which one is tripping it.

Traceback (most recent call last):
    15: from generic-update-script.rb:116:in `<main>'
    14: from generic-update-script.rb:116:in `each'
    13: from generic-update-script.rb:133:in `block in <main>'
    12: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.10/lib/dependabot/update_checkers/base.rb:38:in `can_update?'
    11: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.10/lib/dependabot/update_checkers/base.rb:160:in `version_can_update?'
    10: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.10/lib/dependabot/update_checkers/base.rb:189:in `sha1_version_can_update?'
     9: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-common-0.107.10/lib/dependabot/update_checkers/base.rb:70:in `preferred_resolvable_version'
     8: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker.rb:30:in `latest_resolvable_version'
     7: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker.rb:79:in `latest_resolvable_version_for_git_dependency'
     6: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker.rb:136:in `latest_git_tag_is_resolvable?'
     5: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker/file_preparer.rb:29:in `prepared_dependency_files'
     4: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker/file_preparer.rb:29:in `map'
     3: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker/file_preparer.rb:32:in `block in prepared_dependency_files'
     2: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker/file_preparer.rb:61:in `mixfile_content_for_update_check'
     1: from /usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/update_checker/file_preparer.rb:81:in `relax_version'
/usr/local/lib/ruby/gems/2.6.0/gems/dependabot-hex-0.107.10/lib/dependabot/hex/file_updater/mixfile_requirement_updater.rb:24:in `updated_content': Expected content to change! (RuntimeError)

[asummers]

Seems that it's when a private repository dependency is not in the format {:dependency, tag: "1.2.3", git: "git@..."} that it fails. It does not seem to like dependency: [tag: "1.2.3", git: "git@..."] though they're equivalent in elixir-ese. Converting to the former format causes the script to succeed.

[greysteil]

Yeah, it's definitely that! I need to update our regexes to be able to cope with the later format (hence my previous fix being cowardly).

[asummers]

If you have mix installed, you can ask the project about itself using Mix.Project. May help you have that be less fragile.

https://hexdocs.pm/mix/Mix.Project.html

[greysteil]

Yeah, the trouble is doing the updating, rather than the parsing - we already shell out to Mix for the former, but need to update the mixfile ourselves.

[jeffwidman]

👋 this is a really old issue. I suspect it still repro's, but wanted to check... are you still seeing it?