Open dciborow opened 3 years ago
@dciborow this seems like the error is happening when trying to parse the results from the native python helpers, it seems like those may not be installed?
Also, looks like you're running a fairly old version of dependabot-core, might be worth updating that to the latest version.
It might be easiest to try and run this from within the dependabot-core docker container, that way you can ensure that the native helpers and all other dependencies required to run dependabot are present, as quite a few dependencies are needed at runtime.
Also, I know there is some effort within Microsoft to run Dependabot as a service for ADO, I've asked someone who works on that to reach out to you about that.
@jurre Thanks for the internal connect, going to pull on that thread!
Can you help me with this, "the native python helpers, it seems like those may not be installed?" suggestion?
This accounts for all my ruby experience, so I am not sure what I may be missing here? Going to try and update the version regardless in case you think thats all it needs.
For some ecosystems, python being one, there is some code written in the native language so we can use the package manager as a library. Those helpers are being called from the ruby code as binaries, that code will print some json to stdout which we then parse.
Those native helpers are here: https://github.com/dependabot/dependabot-core/tree/main/python/helpers
And here is the code that determines where to look for those python scripts: https://github.com/dependabot/dependabot-core/blob/main/python/lib/dependabot/python/native_helpers.rb
You'll need to export that DEPENDABOT_NATIVE_HELPERS_PATH env variable with a path to those python scripts. This is all set up already in the docker container
It looks like the container may be missing an update to "git".
Leading to this missing command.
My other build has git 2.29.0, which seems to have no issues.
I don't think you need to do a checkout of the repo, those steps seem to be run separately from what dependabot-core does? I've never used azure pipelines so I may be off here, but dependabot should be able to fetch any files it needs via the API, and in the cases where it needs a checkout of the repo (mostly for golang projects), it will do so in the FileFetcher
step in the script.
Hi,
Im facing a similar issue and im trying to debug line by line(im trying to bump all the pip dependencies). Ive managed to get nuget up and running but npm and pip seem to be having too many issues at the minute
the problem seems to be at 3 places
1) there needs to be a .python-config in the codebase 2) the folder for run.py does not seem to be setup properly..(i had to change code in dependabot-python-0.125.2/lib/dependabot/python/native_helpers.rb) for the path to run.py 3) pyenv needs to be installed as well..
Please if someone could help take a look. i guess running the docker image is more easier? At the minute im using omnibus. and its azuredevops repo
Thanks, Alreich
seems to have gotten it to work because these python packages also need to be installed:
pip install hashin pip install pipfile pip install poetry
as they are used by these 2 python helpers:
ls ~/.rvm/gems/ruby-2.6.6/gems/dependabot-python-0.125.2/helpers/lib/ total 16 hasher.py parser.py
im wondering if this is the right way to get dependabot integrated with python.. unless im missing something obvious :/
also, had to make these changes in : lib/dependabot/python/native_helpers.rb
def self.python_helpers_dir
File.join(native_helpers_root, "python/helpers")
end
def self.native_helpers_root
default_path = File.join(__dir__, "../../../..")
ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
end
to
def self.python_helpers_dir
File.join(native_helpers_root, "helpers")
end
def self.native_helpers_root
default_path = File.join(__dir__, "../../..")
ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
end
too many changes :/.. im wondering if im going down a rabbits hole :D
I am trying to leverage depandabot in my Azure DevOps repo.
I keep thinking that my issue is rooted in the fact that my ADO is not defaulted to the new URL format. So our URL is "https://msorg.visualstudio.com/msproject", not "https://dev.visualstudio.com/msorg/msproject". But, my errors seem better sticking with "dev.visualstudio.com".
So far I get the following two outputs. Fetching pip dependency files for msazure/One/_git/AGAI-IndustryAI-Template Parsing dependencies information
Then big error block.
Azure Pipeline calling update.rb
in the root of my dir is a very simple requirements.txt
I also have a more complex one that I would ultimately like to load generated from pip-tools pip-compile process.