search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.63k stars 990 forks source link

Dependabot::PullRequestCreator.new creates branch name that is too long #3107

Closed cyril-s closed 2 years ago

cyril-s commented 3 years ago

Package manager/ecosystem ruby:bundler

What you expected to see, versus what you actually saw When dependabot tried to create a merge request in gitlab, API responded with:

{
   "api_error" : [
      "{\"message\":\"Invalid reference name: 6cca8a5a83a143598d5acd494f099fcdab4105ae\"}"
   ],
   "redis_calls" : 4,
   "redis_write_bytes" : 545,
   "duration_s" : 0.31665,
   "username" : "builder",
   "correlation_id" : "OBo4uFA7Zu4",
   "db_duration_s" : 0.01291,
   "meta.caller_id" : "/api/:version/projects/:id/repository/branches",
   "route" : "/api/:version/projects/:id/repository/branches",
   "gitaly_duration_s" : 0.248659,
   "queue_duration_s" : 0.047001,
   "meta.user" : "builder",
   "redis_cache_write_bytes" : 545,
   "severity" : "INFO",
   "redis_cache_read_bytes" : 220,
   "redis_read_bytes" : 220,
   "host" : "******",
   "remote_ip" : "******",
   "redis_cache_duration_s" : 0.001662,
   "redis_duration_s" : 0.001662,
   "meta.project" : "******",
   "time" : "2021-02-09T12:22:28.100Z",
   "ua" : "Gitlab Ruby Gem 4.16.1",
   "view_duration_s" : 0.30374,
   "user_id" : 6,
   "status" : 400,
   "params" : [
      {
         "value" : "dependabot/bundler/rails-and-draper-and-rails-controller-testing-and-rspec-rails-and-font-awesome-rails-and-activeadmin-and-responders-and-sass-rails-and-devise-and-jquery-rails-and-jquery-tablesorter-and-factory_bot_rails-and-ransack-and-delayed_job_active_record-and-activerecord-partitioning-and-active_record_extended-and-active_admin_import-6.1.1",
         "key" : "branch"
      },
      {
         "key" : "ref",
         "value" : "6cca8a5a83a143598d5acd494f099fcdab4105ae"
      }
   ],
   "method" : "POST",
   "path" : "/api/v4/projects/******/repository/branches",
   "gitaly_calls" : 1,
   "meta.root_namespace" : "******",
   "redis_cache_calls" : 4
}

The ref is perfectly fine, but branch name length exceeds ext4 255 file name char limit, which prevent git from creating a branch:

{
   "level" : "info",
   "msg" : "E, [2021-02-09T12:22:28.094227 #23515] ERROR -- githost.log: 'git update-ref' in /data/git-data/repositories/******/******.git: fatal: cannot lock ref 'refs/heads/dependabot/bundler/rails-and-draper-and-rails-controller-testing-and-rspec-rails-and-font-awesome-rails-and-activeadmin-and-responders-and-sass-rails-and-devise-and-jquery-rails-and-jquery-tablesorter-and-factory_bot_rails-and-ransack-and-delayed_job_active_record-and-activerecord-partitioning-and-active_record_extended-and-active_admin_import-6.1.1': Unable to create '/data/git-data/repositories/******/******.git/./refs/heads/dependabot/bundler/rails-and-draper-and-rails-controller-testing-and-rspec-rails-and-font-awesome-rails-and-activeadmin-and-responders-and-sass-rails-and-devise-and-jquery-rails-and-jquery-tablesorter-and-factory_bot_rails-and-ransack-and-delayed_job_active_record-and-activerecord-partitioning-and-active_record_extended-and-active_admin_import-6.1.1.lock': File name too long",
   "supervisor.args" : [
      "bundle",
      "exec",
      "bin/ruby-cd",
      "/var/opt/gitlab/gitaly",
      "/opt/gitlab/embedded/service/gitaly-ruby/bin/gitaly-ruby",
      "3358",
      "/var/opt/gitlab/gitaly/internal_sockets/ruby.0"
   ],
   "supervisor.name" : "gitaly-ruby.0",
   "time" : "2021-02-09T12:30:37.052Z"
}
bmeeder22 commented 2 years ago

Any updates on this? getting the same thing makes it much harder to use dependabot.

jurre commented 2 years ago

It seems like this is currently only an issue on GitLab. As we're a small team we're currently relying on community contributions for anything but GitHub, but we would welcome a PR that resolves this for GitLab.

The logic around branch naming lives here. One options I see is we could give that a max_length option, and set it to 255 for GitLab?

nudded commented 2 years ago

@jurre any chance you could check the PR here?

jeffwidman commented 2 years ago

https://github.com/dependabot/dependabot-core/pull/5338 is now merged. But I think a follow-on PR is needed to set this arg to 255 for GitLab?

I'm unclear if that value should be set here in dependabot-core or in the external entrypoints (typically for GitLab I think that's https://github.com/dependabot/dependabot-script or https://gitlab.com/dependabot-gitlab/dependabot). We're trying to avoid adding more platform-specific logic into dependabot-core, so the entrypoints are preferred if possible... but I haven't looked at how the wrappers actually load dependabot-core to see how easy that is.

If the best place to set this is external, then this issue can be closed from the perspective of dependabot-core... otherwise happy to review the follow-on PR.

cc @nudded @TomNaessens as you may know more?

nudded commented 2 years ago

@jeffwidman yes, we'll be fixing that upstream in the dependabot-gitlab repository, so only the configuration was needed, no specific value needs to be set in dependabot-core

TomNaessens commented 1 year ago

For anyone following, dependabot-gitlab v0.30.0 is released which contains this option: https://gitlab.com/dependabot-gitlab/dependabot/-/releases/v0.30.0