Closed LiorHen9 closed 4 months ago
Can you share the contents of the log? There should be more information in there to help figure out what went wrong.
We are having the same or a similar issue. We have use the public and a private repo and although dependabot finds updates it fails when checking the updates on the public repo as it can't access the private packages. The private repo update check runs fine.
ater | 2024/01/03 14:18:54 INFO <job_769538804> Latest version is 3.5.0.2 updater | 2024/01/03 14:18:54 INFO <job_769538804> No update needed for Antlr 3.5.0.2 updater | 2024/01/03 14:18:54 INFO <job_769538804> Finished job processing updater | 2024/01/03 14:18:54 INFO Results: updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details. updater | +----------------------------------------+ updater | | Dependencies failed to update | updater | +------------------------+---------------+ updater | | DocumentFormat.OpenXml | unknown_error | updater | +------------------------+---------------+ updater | time="2024-01-03T14:18:54Z" level=info msg="task complete" container_id=job-769538804-updater exit_code=0 job_id=769538804 step=updater
Ill see if its ok for me to share some more of our logs.
Possibly a duplicate of #8597 and caused by #8179 or subsequent changes. Basically private feeds no longer working.
@mburumaxwell ; does this still repro? We've shipped a couple of fixes and apologize for the break.
@abdulapopoola private feeds (Azure Repos) still not working as of 9eee7bf
@abdulapopoola, my company has also been hitting this issue since at least the beginning of 2024, perhaps earlier. Do you have any updates or progress on finding a solution? Here are snippets of our logs:
updater | Dependabot encountered '5' error(s) during execution, please check the logs for more details.
updater | +----------------------------------------------+
updater | | Dependencies failed to update |
updater | +------------------------------+---------------+
updater | | coverlet.collector | unknown_error |
updater | | Products.Services.Utilities | unknown_error |
updater | | Products.Provisioner.Library | unknown_error |
updater | | Atlas.Service.Base | unknown_error |
updater | | Products.ResourceStore.Data | unknown_error |
updater | +------------------------------+---------------+
There are tons of 404's for all of the common NuGet packages. Is there other information I can bring to the table?
~Gus
Tagging @brettfo
Just yesterday a change was made to better handle some of these cases and I'm actively working on others right now. What's the status of the latest run?
@brettfo I just tried three repositories and still see the same failures. Let me know if there's any additional information I can provide for you.
@gushill-ls Can you give me the job ID so I can pull the logs? There will be several instances of text like INFO <job_123456>
and I can go from there.
updater | 2024/04/25 19:12:59 INFO
@gushill-ls Thank you, that was very helpful. Looking through the logs I see a common theme, mainly that only a NuGet package source named github
is being checked for packages, so when attempting to do an actual update for something like xunit
the job fails.
I suspect the issue is in one of two places:
NuGet.Config
either next to a .csproj
or anywhere up to the root of the repo? I'm curious to see if that lists the default feed of https://api.nuget.org/v3/index.json
.dependabot.yml
? The regular NuGet feed needs to be explicitly added there; something like this:.github/dependabot.yml
:
...
registries:
# I suspect you already have an entry like this
github:
type: nuget-feed
url: https://nuget.pkg.github.com/MY-GITHUB-ORG/index.json
username: MY-GITHUB-USER
password: ${{ secrets.MY_GITHUB_PASSWORD }}
# and this needs to be present, too:
public-nuget:
type: nuget-feed
url: https://api.nuget.org/v3/index.json
...
updates:
- package-ecosystem: nuget
directory: "/"
registries:
- public-nuget # this needs to be added
- github # this is probably already present
@brettfo Thank you! That was indeed the issue: our dependabot.yml (several hundred of them) has never explicitly listed the NuGet feed. I suppose that changed last year, and we didn't see the notice.
Is there an existing issue for this?
Package ecosystem
NuGet
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
dependabot.yml content
Updated dependency
UiPath.System.Activities
What you expected to see, versus what you actually saw
I expect to get a PR from dependabot but I get an error of updating the dependency
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response