dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.73k stars 1.03k forks source link

Azure POST push returns 500 error #7107

Open nwcm opened 1 year ago

nwcm commented 1 year ago

Is there an existing issue for this?

Package ecosystem

npm

Package manager version

latest

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

# Basic set up for three package managers

version: 2
updates:

  # Maintain dependencies for npm
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"

Updated dependency

"prettier": "^2.8.1"
"prettier": "^2.8.7"

What you expected to see, versus what you actually saw

dependabot image fails to post to the Azure endpoint for creating a push, i have tried PAT and accessToken. It does not appear to be permission issue. I'm unsure how to have it debug out the content of the attempted POST

🌍 --> POST https://dev.azure.com/xx/xx/_apis/git/repositories/xx/pushes?api-version=5.0
🌍 <-- 500 https://dev.azure.com/xx/xx/_apis/git/repositories/xx/pushes?api-version=5.0
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/clients/azure.rb:303:in `block in post': Dependabot::Clients::Azure::InternalServerError (Dependabot::Clients::Azure::InternalServerError)
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/clients/azure.rb:357:in `retry_connection_failures'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/clients/azure.rb:287:in `post'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/clients/azure.rb:168:in `create_commit'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/pull_request_creator/azure.rb:68:in `create_commit'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/pull_request_creator/azure.rb:36:in `create'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/bundler/gems/dependabot-core-e02718538024/common/lib/dependabot/pull_request_creator.rb:107:in `create'
    from bin/update-script.rb:844:in `block in <main>'
    from bin/update-script.rb:563:in `each'
    from bin/update-script.rb:563:in `<main>'

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

jeffwidman commented 1 year ago

Since you're trying to create a pull request against a repo hosted on Azure DevOps, how are you running Dependabot?

We're big fans of folks running Dependabot standalone, are you doing it through totally custom code or using something like https://github.com/tinglesoftware/dependabot-azure-devops/ ?

Support for platforms other than GitHub is community-driven, we're happy to point you in the right direction with the debugging tools, but you'll need to do the rest yourself as we (the :dependabot: devs) aren't familiar with other platforms and don't have a way to try to reproduce issues.

For debugging the content of the attempted POST, I suggest starting here: https://github.com/dependabot/dependabot-core#debugging-problems

nwcm commented 1 year ago

Hey @jeffwidman, happy to help solve this one but i've been unable to get any info with my debugging. I can't currently utilize docker locally so i'll have to wait on that one.

Is there a specific image i can build which outputs more verbose?

I've given that extension a try and also building the image with https://github.com/dependabot/dependabot-script.git

Both give me the 500 error.

Using PAT and build access tokens result in the same.

rhyskoedijk commented 1 month ago

@jeffwidman this can probably be closed as based on the stack trace it appears to have been run using tinglesoftware/dependabot-azure-devops. If true, the version used has known auth issues due to the credentials proxy not being used when running the updater.

AFAIK, dependabot-script also would not be supported anymore given it doesn't use the credentials proxy either. Fix: