Problem parsing gem file

[KaisHaddadin]

Hi Marco :)

we are getting some problems when running the action for a while now, the log is:

Warning: Unexpected input(s) 'bundler_version', valid inputs are ['entryPoint', 'args', 'dependencies', 'package_managers', 'branch', 'directory', 'username', 'token']
Run marcoroth/dependabot-bump-together-action@main
/usr/bin/docker run --name c044[2](https://github.com/PCPS/lcm-iot-value/actions/runs/4809747159/jobs/8561420886#step:4:2)13c77b4ce06045d9b214e9145edb5eb2_2c660d --label 6c0442 --workdir /github/workspace --rm -e "INPUT_DEPENDENCIES" -e "INPUT_PACKAGE_MANAGERS" -e "INPUT_DIRECTORY" -e "INPUT_BRANCH" -e "INPUT_USERNAME" -e "INPUT_BUNDLER_VERSION" -e "INPUT_TOKEN" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/lcm-iot-value/lcm-iot-value":"/github/workspace" 6c0442:13c77b4ce06045d9b214e9145edb5eb2
warning: parser/current is loading parser/ruby31, which recognizes 3.1.4-compliant syntax, but you are running 3.1.3.
Please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
INFO: using user: x-access-token
INFO: using repo: PCPS/lcm-iot-value
INFO: using directory: /
INFO: using branch: development

INFO: using package managers: bundler, npm_and_yarn
INFO: processing packages: lcm_iot_commons, lcm-iot-commons

ERROR: while proccessing package manager 'bundler'. Reason: Error evaluating your dependency files:
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:159:in `handle_eval_error'
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:150:in `rescue in parsed_gemfile'
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:132:in `parsed_gemfile'
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:54:in `block in gemfile_dependencies'
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:51:in `each'
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:51:in `gemfile_dependencies'
/usr/local/lib/ruby/gems/3.1.0/gems/dependabot-bundler-0.217.0/lib/dependabot/bundler/file_parser.rb:23:in `parse'
/action/lib/action.rb:71:in `block in <main>'
/action/lib/action.rb:54:in `each'
/action/lib/action.rb:54:in `<main>'

INFO: processing dependency lcm-iot-commons 3[11](https://github.com/PCPS/lcm-iot-value/actions/runs/4809747159/jobs/8561420886#step:4:12)76[25](https://github.com/PCPS/lcm-iot-value/actions/runs/4809747159/jobs/8561420886#step:4:26)b954f5a2c3[27](https://github.com/PCPS/lcm-iot-value/actions/runs/4809747159/jobs/8561420886#step:4:28)e[30](https://github.com/PCPS/lcm-iot-value/actions/runs/4809747159/jobs/8561420886#step:4:31)b9f045c0a3f01c7378

is there a reason why the bundle version parameter is removed? the error that we saw now is maybe related to the fact that the bundler that we use in our code base is not the same as the one used by default in the library.

[marcoroth]

Hey @KaisHaddadin, thanks for the detailed report!

I think we removed the bundler_version argument in favor of speed. The issue with specifying the bundler version was that it ran and built the docker image on every action run, which wasn't super efficient.

What we are doing now is pre-building the image once so the action run just needs to download it and run it, instead of building it first and then run it.

I'm wondering if you can use marcoroth/dependabot-bump-together-action@v0.2.0 in the meantime to make sure it runs again.

[KaisHaddadin]

good idea, we will try this for now and see whether this solves the problem.

Thanks Marco for the quick feedback!

[KaisHaddadin]

Unfortunately, this will not work: ERROR: Error installing dependabot-omnibus: The last version of nokogiri (~> 1.8) to support your Ruby & RubyGems was 1.13.10. Try installing it withgem install nokogiri -v 1.13.10and then running the current command again nokogiri requires Ruby version >= 2.7, < 3.3.dev. The current ruby version is 2.6.5.114.

I am not sure also whether the problem will be solved when the correct bundler is used, it is maybe also related to used dependentbot version, we will try to further investigate to localize the problem better.

[mirsadmustedanagic]

Hi Marco, hope you are doing well, I need to jump into the discussion.

First Question

A long the way to fix our problem with the PR Bump automation I found a announcement about dependabot-script which you are using for this project.

WARNING - Scripts are Currently Broken We recently refactored the monolithic docker image used within the [Dependabot Core](https://github.com/dependabot/dependabot-core) library into one-image-per-ecosystem. Unfortunately, that broke the scripts in this repo, and we haven't had time to update them yet. We are aware of the problem and hope to provide a solution soon.

What does it mean for this repo? As it depends on is it still usable?

Second Question

Do you know if the Docker image dependabot/dependabot-core has been removed from docker hub? At least it is not publicly visible.

Thank you very much!

[marcoroth]

Hey @mirsadmustedanagic, thanks for the heads-up!

This might actually be why it's not working as intended anymore. I didn't realize that they split up the Docker image.

And yes, you are right. They removed the dependabot/dependabot-core image from Docker Hub which might be the root cause.

I'm not sure if we can fix it as is. We probably need to rewrite it so that it now relies on the new images published here: https://github.com/orgs/dependabot/packages?repo_name=dependabot-core

[domoritz]

I ran into the docker issue as well. I really hope they can fix the docker scripts soon: https://github.com/dependabot/dependabot-script/pull/906.

[marcoroth]

I guess they are not going to fix them, since they migrated and split up their docker images.

I currently don't have a good setup to test the new images, but based on from what I've seen it might be enough to change the Dockerfile base image here https://github.com/marcoroth/dependabot-bump-together-action/blob/cf82f1cac3e79bdaf8db482d0cdb293ea27f66cc/Dockerfile#L1 and see if it still builds.

You can technically even test against your own repo to see if it works when you use the forked action, like:

    steps:
      - uses: [YOUR_FORK]/dependabot-bump-together-action@main
        with:
          # ...

[marcoroth]

21 solved some of the parts of this issue. It seems to work fine for my JavaScript use-cases, but seems like it doesn't work for Ruby unless you are actually also using Ruby 3.1.1 in your app you are trying to update. If you don't have a matching version bundler will complain about a mismatched Ruby version.

[marcoroth]

@KaisHaddadin @mirsadmustedanagic @domoritz check this out: https://github.blog/2023-08-24-a-faster-way-to-manage-version-updates-with-dependabot/

Looks like I can deprecate this GitHub Action!