Closed rarkins closed 3 years ago
@aggre do you know if there's anything special about the configuration or permissions of this repo that could trigger this problem?
@whtsky anything special about this repo's branch naming, git hooks, etc?
The repo doesn't have any git hook and doesn't customize branch naming: https://github.com/whtsky/renovate-config/blob/99b970b80bdcdf34d61b13909e4150fca3e97a63/package.json#L35
Is yours also failing for an actions update? If so then it's probably permissions, and you could fix by going to https://github.com/apps/renovate and GitHub hopefully prompt you again to accept the permissions necessary to update Actions
Oh, I see GitHub prompts me to give workflow permissions to Renovate app. Will report if it fixes the issue.
Actions update for my other repos works ( https://github.com/whtsky/yais/pull/31 )but still fail for fulltextrssplz.
So you needed to grant permissions today, and now one repo works but another doesn't?
Yes, fulltextrssplz still has “failed to push some refs” error. And They use the same renovate config
And they both failed before the permissions grant?
Yes -- both repos worked after 2-3 hours, guess GitHub needs some time to propagate permission updates. Thanks!
We had a similar case with a self-hosted version, where a hook prevented pushing changes. Strangely, without debug logging this ends up with the "repository has changed" message, which is pretty confusing. Any chance to at least fix the error message?
@languitar PLease provide the git error messages, so we can add them to the failures list, so renovate will handle them as failure
DEBUG: Error committing files (repository=***, branch=renovate/docker-python-3.x)
"err": {
"task": {
"commands": [
"push",
"origin",
"renovate/docker-python-3.x:renovate/docker-python-3.x",
"--force",
"-u",
"--no-verify",
"--verbose",
"--porcelain"
],
"format": "utf-8"
},
"message": "Pushing to https://**redacted**@***' is not a member of team\nerror: failed to push some refs to 'https://gitlab.com/***.git'\n",
"stack": "Error: Pushing to https://**redacted**@***' is not a member of team\nerror: failed to push some refs to 'https://gitlab.com/***.git'\n\n at GitExecutorChain.onFatalException (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:67:77)\n at GitExecutorChain.<anonymous> (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:59:21)\n at Generator.throw (<anonymous>)\n at rejected (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.js:6:65)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)"
}
This happens if in Gitlab the repository forces committers to be Gitlab members.
Pretty short message, but we should be able to catch that.
With the amount of issues where a changed project was reported despite some other error: wouldn't it make sense to invert the logic that causes this report? Any kind of hook can generate some new arbitrary message that you would have to add to the list.
Our priorities should be:
Essentially the end result of (1) and (2) are the same - repo run aborts
2. Avoid trying to commit every branch if they're all going to fail 3. If we know it's a branch-only failure then keep going to more branches
Essentially the end result of (1) and (2) are the same - repo run aborts
I'm pretty fine with that. The only thing that was really confusing was the error message "Repository has changed during renovation". I'm wondering if avoiding this error message with a blacklist/whitelist is going to scale to indefinitely many git responses due to configurable hooks.
Same happens for me in react-tabs since some weeks, so renovate is basically not doing anything since this started.
No special config or git hooks. The only thing that recently changed was that the default branch was renamed from master
to main
and switched from travis to github actions
https://app.renovatebot.com/dashboard#github/reactjs/react-tabs/313377539
{
"err": {
"task": {
"commands": [
"push",
"origin",
"renovate/jamesives-github-pages-deploy-action-4.x:renovate/jamesives-github-pages-deploy-action-4.x",
"--force",
"-u",
"--no-verify",
"--verbose",
"--porcelain"
],
"format": "utf-8"
},
"message": "Pushing to https://github.com/reactjs/react-tabs.git\nPOST git-receive-pack (1320 bytes)\nerror: failed to push some refs to 'https://github.com/reactjs/react-tabs.git'\n",
"stack": "Error: Pushing to https://github.com/reactjs/react-tabs.git\nPOST git-receive-pack (1320 bytes)\nerror: failed to push some refs to 'https://github.com/reactjs/react-tabs.git'\n\n at GitExecutorChain.onFatalException (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:65:87)\n at GitExecutorChain.<anonymous> (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:56:28)\n at Generator.throw (<anonymous>)\n at rejected (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:6:65)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)"
}
}
In the log (right at the beginning) I see it uses the cache for the repo, maybe after renaming the default branch something is wrong? I wonder if on repository-changed-while-renovating
renovate should invalidate the repo cache.
The extract cache should be based on (a) the branch name, and (b) the commit SHA. If either has changed, then the extract cache should have been invalidated. @danez was there no other error message printed as to why the push failed? Have you manually resolved it yet or is it still possible to view the problem live and debug? Because of the nature of this problem it probably wouldn't reproduce if I forked for testing.
Also, is the above error for existing branches, new branches, or both?
There is no other related message in the log. The branch it happens on is a new one. One preexisting branch does get updated/pushed before the error happens. https://github.com/reactjs/react-tabs/branches I also just noticed this because I ticked the rebase PR checkbox in the PRs 11 days ago, but nothing happened since.
I haven't solved the problem yet, do you want access to the repo?
I haven't solved the problem yet, do you want access to the repo?
I don't expect I should need any collaborator access, and it's public, so I shouldn't need anything further.
If you can hold out for a few days for me to try to work out why it's failing to git push then it could benefit others if successful. i.e. as opposed to attempting manual actions to resolve it.
Troubleshooting out loud:
main
, presumably which was auto-migrated from master
by GitHub when you changed default branch {
"depName": "JamesIves/github-pages-deploy-action",
"currentValue": "4.0.0",
"commitMessageTopic": "{{{depName}}} action",
"datasource": "github-tags",
"versioning": "docker",
"depType": "action",
"pinDigests": false,
"depIndex": 15,
"updates": [
{
"currentVersion": "4.0.0",
"newVersion": "4.1.0",
"newValue": "4.1.0",
"bucket": "non-major",
"newMajor": 4,
"newMinor": 1,
"updateType": "minor",
"isSingleVersion": true,
"releaseTimestamp": "2021-03-04T14:26:25.000Z"
}
],
"warnings": [],
"sourceUrl": "https://github.com/JamesIves/github-pages-deploy-action",
"fixedVersion": "4.0.0"
}
First thing to rule out is whether it's related to Actions security and GitHub is rejecting it for that reason. It's strange because I was pretty sure that GitHub gave a verbose error message in such cases, so either they stopped that, or we're accidentally suppressing it, or it's not the problem.
I don't see any other actions updates in the previous PRs. Worst case we can narrow down on that possibility the next time you have a non-Actions update PR and see if it works or not, but we don't when that will be.
Can you or an admin visit https://github.com/reactjs/react-tabs/settings/installations in the meantime and see if there's any notice to accept increased permissions from Renovate? github.com/reactjs
was installed on 2019-01-20T06:24:12.000Z
which was probably before Renovate had asked for workflow update permissions - maybe even before GitHub had the concept.
Ohhhh, I just had a similar thing with gitpod.io. The permissions of the github app were missing the workflow permission there too. Let me check.
Okay while I wait for someone to fix the permissions, which I'm fairly confident is the culprit, I just remembered when I had the same issue with gitpod.io. I also wasn't able to push but github actually responded with a message. So it might be possible to display the message?
! [remote rejected] master -> master (refusing to allow an OAuth App to create or update workflow .github/workflows/main.yml without workflow scope)
We look for something similar here: https://github.com/renovatebot/renovate/blob/40a048d67daee3e65a7721cd450213342b952f3f/lib/util/git/index.ts#L686-L693
But instead it seems to be missing a meaningful message and falls through to https://github.com/renovatebot/renovate/blob/40a048d67daee3e65a7721cd450213342b952f3f/lib/util/git/index.ts#L700 (which is why I have some doubts about the root cause - otherwise I'd be confident like you)
It's possible that the git library we use is suppressing that error message and no longer passing it up. Unfortunately I don't have any "old" installations to test that hunch on, and it's pretty inconvenient to test too.
I'm spinning up renovate locally right now. As long as I have this "broken" repo I might as well use it and will check if I can find where this message is or if it changed, etc.
It's likely a bit of work to fully reproduce, and I don't think you can do it on the same repo. Probably:
x-access-token:
and be sure to configure the username and git author manually (e.g. danezrenovate[bot]
and danezrenovate[bot]@noreply.users.github.com
IIRC)Alternatively you could use that token and simply try to clone, modify and git push manually - that way you'd be sure to get the full git error once you reproduce.
(which is why I have some doubts about the root cause - otherwise I'd be confident like you)
I'm confident because of this. It nowhere mentions workflow
, whereas I see workflow
being mentioned in the permissions in other orgs I'm in:
I opened a PR with simple-git
to fix the workflow permission error detection. 🤞
steveukx/git-js#598
What Renovate type, platform and version are you using?
Hosted app
Describe the bug
The app repeatedly fails to push a branch and aborts the run with platform-changed.
Relevant debug logs
Have you created a minimal reproduction repository?
Please read the minimal reproductions documentation to learn how to make a good minimal reproduction repository.
Additional context