Open thavaahariharangit opened 4 months ago
Temporary fix is provided here
but that should probably be a separate issue in itself.
Is this not that issue? When I wrote this, I meant that the permanent fix should not be considered a part of the Rubocop changes.
In order to pass the hex tests, I had to not only annotate them as skipped, but also comment them out. This is not an ideal solution. I commented out the entire context block in order to make them pass. This really needs a permanent solution as it is affecting other pull requests. I will add that these tests pass for me locally but not when they are marked as skipped.
In order to pass the hex tests, I had to not only annotate them as skipped, but also comment them out.
I doubt that that's accurate, if the skipped test is still getting ran that seems like an issue with how it is skipped.
We should look into running that Hex Registry Server on localhost in CI as part of the build process rather than having to rely on an externally hosted version. I think that we can't rely on stubbing or VCR here because a native Elixir process needs to access it. Running the server locally could be a viable option instead.
@jurre , Was looking at registry hosting externally, is it a viable option in this context as dependabot is kind of open source. https://hex.pm/pricing
Was looking at registry hosting externally, is it a viable option in this context as dependabot is kind of open source. https://hex.pm/pricing
FWIW, we do have test accounts that hex.pm has generously provided us. It helps that it's in their business interest to ensure that :dependabot: works with their product.
That said, there's a chance this may not be really relevant here--depends on if a self-hosted Hex registry server is identical to this or not.
We should look into running that Hex Registry Server on localhost in CI as part of the build process rather than having to rely on an externally hosted version. I think that we can't rely on stubbing or VCR here because a native Elixir process needs to access it. Running the server locally could be a viable option instead.
While this is technically correct, given the low usage here, I do think that if it's possible to use hex.pm for these tests, we should just do that. I realize it adds an external dependency, but we've done that for other registry services. IIRC, we dynamically check if a secret is set for the registry, and if it is the test proceeds, and if not the test skips. That way the test runs in CI but not in local development. And if hex.pm is down, then the Hex ecosystem has bigger problems.
Hex test suite is failing due to unknown or incorrect license key.
https://github.com/dependabot/dependabot-core/actions/runs/9321367540/job/25660190764?pr=9868
Findings
Action Required
Issue Identified in below PR.