Open atc0005 opened 2 years ago
PRs were submitted to update these from 1.17.7 to 18rc1:
- /stable/combined/Dockerfile
Log output from a recent recheck against this file:
proxy | time="2022-03-04T13:18:22Z" level=info msg="proxy starting" commit=0cfe6fc8a85a641097e4d9faf5c8349b892b1e40
proxy | 2022/03/04 13:18:22 Listening (:1080)
updater | 2022-03-04T13:18:22.932365486 [anonymous-instance:main:WARN:src/firecracker/src/main.rs:370] You are using a deprecated parameter: --seccomp-level 2, that will be removed in a future version.
updater | 2022-03-04T13:18:22.998264022 [310057742:main:WARN:src/devices/src/legacy/serial.rs:432] Detached the serial input due to peer close/error.
updater | time="2022-03-04T13:18:25Z" level=info msg="guest starting" commit=a5729a532c883b4e3cd2f515bc51b56439833597
updater | time="2022-03-04T13:18:25Z" level=info msg="starting job..." fetcher_timeout=5m0s job_id=310057742 updater_timeout=45m0s updater_version=0.176.0-cd3d79e20e6bf666ffd2378bf45b74abd83328ca
updater | I, [2022-03-04T13:18:28.745166 #7] INFO -- sentry: ** [Raven] Raven 3.1.2 ready to catch errors
updater | INFO <job_310057742> Starting job processing
proxy | 2022/03/04 13:18:34 [002] GET https://api.github.com:443/repos/atc0005/go-ci/git/refs/heads/master
proxy | 2022/03/04 13:18:34 [002] * authenticating github api request
proxy | 2022/03/04 13:18:34 [002] 200 https://api.github.com:443/repos/atc0005/go-ci/git/refs/heads/master
proxy | 2022/03/04 13:18:34 [004] GET https://api.github.com:443/repos/atc0005/go-ci/contents/stable/combined?ref=9a7309e4fba697b15cbb32a0380a3b5c51010589
proxy | 2022/03/04 13:18:34 [004] * authenticating github api request
proxy | 2022/03/04 13:18:34 [004] 200 https://api.github.com:443/repos/atc0005/go-ci/contents/stable/combined?ref=9a7309e4fba697b15cbb32a0380a3b5c51010589
proxy | 2022/03/04 13:18:34 [006] GET https://api.github.com:443/repos/atc0005/go-ci/contents/stable/combined/Dockerfile?ref=9a7309e4fba697b15cbb32a0380a3b5c51010589
proxy | 2022/03/04 13:18:34 [006] * authenticating github api request
proxy | 2022/03/04 13:18:34 [006] 200 https://api.github.com:443/repos/atc0005/go-ci/contents/stable/combined/Dockerfile?ref=9a7309e4fba697b15cbb32a0380a3b5c51010589
updater | INFO <job_310057742> Finished job processing
updater | time="2022-03-04T13:18:34Z" level=info msg="task complete" container_id=job-310057742-file-fetcher exit_code=0 job_id=310057742 step=fetcher
updater | I, [2022-03-04T13:18:36.659853 #7] INFO -- sentry: ** [Raven] Raven 3.1.2 ready to catch errors
updater | INFO <job_310057742> Starting job processing
updater | INFO <job_310057742> Starting update job for atc0005/go-ci
updater | INFO <job_310057742> Checking if golang 1.17.7 needs updating
proxy | 2022/03/04 13:18:39 [010] GET https://registry.hub.docker.com:443/v2/library/golang/tags/list
proxy | 2022/03/04 13:18:39 [010] 401 https://registry.hub.docker.com:443/v2/library/golang/tags/list
proxy | 2022/03/04 13:18:39 [012] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:39 [012] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:39 [014] GET https://registry.hub.docker.com:443/v2/library/golang/tags/list
proxy | 2022/03/04 13:18:40 [014] 200 https://registry.hub.docker.com:443/v2/library/golang/tags/list
proxy | 2022/03/04 13:18:40 [016] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/latest
proxy | 2022/03/04 13:18:40 [016] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/latest
proxy | 2022/03/04 13:18:40 [018] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [018] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [020] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/latest
proxy | 2022/03/04 13:18:40 [020] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/latest
proxy | 2022/03/04 13:18:40 [022] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18rc1
proxy | 2022/03/04 13:18:40 [022] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18rc1
proxy | 2022/03/04 13:18:40 [024] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [024] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [026] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18rc1
proxy | 2022/03/04 13:18:40 [026] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18rc1
proxy | 2022/03/04 13:18:40 [028] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta2
proxy | 2022/03/04 13:18:40 [028] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta2
proxy | 2022/03/04 13:18:40 [030] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [030] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [032] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta2
proxy | 2022/03/04 13:18:40 [032] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta2
proxy | 2022/03/04 13:18:40 [034] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta1
proxy | 2022/03/04 13:18:40 [034] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta1
proxy | 2022/03/04 13:18:40 [036] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [036] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:40 [038] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta1
proxy | 2022/03/04 13:18:41 [038] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.18beta1
proxy | 2022/03/04 13:18:41 [040] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.8
proxy | 2022/03/04 13:18:41 [040] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.8
proxy | 2022/03/04 13:18:41 [042] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [042] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [044] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.8
proxy | 2022/03/04 13:18:41 [044] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.8
proxy | 2022/03/04 13:18:41 [046] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.7
proxy | 2022/03/04 13:18:41 [046] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.7
proxy | 2022/03/04 13:18:41 [048] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [048] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [050] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.7
proxy | 2022/03/04 13:18:41 [050] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.7
proxy | 2022/03/04 13:18:41 [052] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.6
proxy | 2022/03/04 13:18:41 [052] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.6
proxy | 2022/03/04 13:18:41 [054] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [054] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [056] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.6
proxy | 2022/03/04 13:18:41 [056] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.6
proxy | 2022/03/04 13:18:41 [058] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.5
proxy | 2022/03/04 13:18:41 [058] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.5
proxy | 2022/03/04 13:18:41 [060] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [060] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [062] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.5
proxy | 2022/03/04 13:18:41 [062] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.5
proxy | 2022/03/04 13:18:41 [064] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.4
proxy | 2022/03/04 13:18:41 [064] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.4
proxy | 2022/03/04 13:18:41 [066] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [066] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [068] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.4
proxy | 2022/03/04 13:18:41 [068] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.4
proxy | 2022/03/04 13:18:41 [070] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.3
proxy | 2022/03/04 13:18:41 [070] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.3
proxy | 2022/03/04 13:18:41 [072] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [072] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [074] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.3
proxy | 2022/03/04 13:18:41 [074] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.3
proxy | 2022/03/04 13:18:41 [076] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.2
proxy | 2022/03/04 13:18:41 [076] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.2
proxy | 2022/03/04 13:18:41 [078] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [078] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [080] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.2
proxy | 2022/03/04 13:18:41 [080] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.2
proxy | 2022/03/04 13:18:41 [082] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.1
proxy | 2022/03/04 13:18:41 [082] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.1
proxy | 2022/03/04 13:18:41 [084] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [084] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:41 [086] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.1
proxy | 2022/03/04 13:18:41 [086] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.1
proxy | 2022/03/04 13:18:41 [088] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.0
proxy | 2022/03/04 13:18:41 [088] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.0
proxy | 2022/03/04 13:18:42 [090] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:42 [090] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:42 [092] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.0
proxy | 2022/03/04 13:18:42 [092] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17.0
proxy | 2022/03/04 13:18:42 [094] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17
proxy | 2022/03/04 13:18:42 [094] 401 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17
proxy | 2022/03/04 13:18:42 [096] GET https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:42 [096] 200 https://auth.docker.io:443/token?service=registry.docker.io&scope=repository%3Alibrary%2Fgolang%3Apull
proxy | 2022/03/04 13:18:42 [098] HEAD https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17
proxy | 2022/03/04 13:18:42 [098] 200 https://registry.hub.docker.com:443/v2/library/golang/manifests/1.17
updater | INFO <job_310057742> Latest version is 1.18rc1
updater | INFO <job_310057742> Pull request already exists for golang with latest version 1.18rc1
updater | INFO <job_310057742> Finished job processing
updater | time="2022-03-04T13:18:42Z" level=info msg="task complete" container_id=job-310057742-updater exit_code=0 job_id=310057742 step=updater
I had just removed this setting to see if maybe it was allowing non-stable container versions to be considered as a valid stable version updates:
allow:
- dependency-type: "all"
I saw this recently too in a private repo where Dependabot tried to go from go
1.18
-> 1.19rc1
(or whatever the pre-release tag was).
This is definitely a bug, if you're on stable we should not try to bump you to pre-release.
I haven't had time to track down the root cause yet.
See also https://github.com/dependabot/dependabot-core/issues/4643, we should probably use both the dockerfile names from that issue and from this issue in the eventual PR tests since that one has a suffix and this one doesn't.
I haven't yet tested anything, just checked the relevant code, but I think the issue is this method is incorrect:
The numeric_version_from(tag)
method extracts only the major version segment, for example, "3" from "3.11.0a4-slim". That's never going to get identified as a prerelease (for example, the check of whether it has letters will always fail). That means prereleases are never filtered out and we get update PRs.
Instead, the method should use the full version to identify prereleases, for example, "3.11.0a4" from "3.11.0a4-slim".
I can work on this in a couple of weeks!
I verified that this is now working as expected, and we have tests to check precisely for this, so I think this must've been fixed by some recent change.
If you run into this though, please reopen and we'll have a look!
Hi @deivid-rodriguez, @jeffwidman we encountered a similar issue in VPA (k8s/autoscaler), where Depandabot upgraded the Golang version of VPA components to 1.23rc1. which is not recommended I'm wondering if it is a bug in Depandabot or if it happened due to regression. Here are the corresponding PRs in which Depandabot upgrade golang version to 1.23rc1: https://github.com/kubernetes/autoscaler/pull/7000 https://github.com/kubernetes/autoscaler/pull/7001 https://github.com/kubernetes/autoscaler/pull/7002
We also opened a PR to resolve this issue, in which we configured the ignore option in depandabot.yaml so that Depandadabot ignores Golang RC versions.
Any help would be appreciated!
could you please reopen this issue?
I'm wondering if it is a bug in Depandabot or if it happened due to regression.
Hi @deivid-rodriguez, could you please take a look? why did it happen?
Sorry, I no longer maintain this repo. I recommend you investigate the problem yourself by following the instructions in the README!
Thanks, @deivid-rodriguez, Actually I'm a newbie to the dependabot/dependabot-core
repository, It would be great if someone from the maintainer would take a look at this.
cc @jeffwidman @abdulapopoola @jurre
This also happens for Python containers. We just had
build(deps): bump python from 3.12.4-slim-bullseye to 3.13.0rc1-slim-bullseye
opened across a slew of repos today.
Seeing this again across many of the repos I manage.
Example (from today) below.
This PR was closed (marked as superseded):
This PR was opened:
This is even with the ignore
constraint applied (https://github.com/atc0005/check-restart/blob/707196886077df8f4ba6a34578479899b93976f5/.github/dependabot.yml#L112-L116):
ignore:
- dependency-name: "golang"
versions:
- ">= 1.22"
- "< 1.21"
Package ecosystem
Package manager version
Language version
Manifest location and content prior to update
PRs were submitted to update these from 1.17.7 to 18rc1:
These files were successfully updated:
The branch was at this point in time when the PRs were submitted:
https://github.com/atc0005/go-ci/tree/82e831662089b357f00caee59a48c8e97e989c7d
dependabot.yml content
Updated dependency
What you expected to see, versus what you actually saw
Native package manager behavior
Images of the diff or a link to the PR, issue or logs
🕹 Bonus points: Smallest manifest that reproduces the issue
Apologies, I'm not certain what settings in the Dependabot configuration are irrelevant, so do not want to strip out any details which might make this harder to troubleshoot.