our data seems not uptodate, dependabot is faster :(

[goern]

Describe the bug some of our repos need updated versions of dependencies, dependabot is working faster then kebechet. it seem our data is not up to date.

To Reproduce Steps to reproduce the behavior:

1. open https://github.com/thoth-station/s2i-thoth/pull/267
2. check curl -X 'GET' 'https://khemenu.thoth-station.ninja/api/v1/python/package/versionsorder_by=DESC&name=certifi&os_name=ubi&os_version=8&python_version=3.8' -H 'accept: application/json'
3. check for latest version known to thoth: 2022.9.14

Expected behavior

1. knowledge graph is up to date
2. kebechet opens PR as fast as dependabot

Screenshots n/a

Additional context form https://github.com/thoth-station/s2i-thoth/pull/268 which is ubi9-py39 no version of certifi is known.

/priority critical-urgent /assign @KPostOffice /assign @harshad16

[harshad16]

Kebechet update manager uses pipenv internally to resolve the issue and update the PR. As our model is to trigger on active repositories, kebechet would only function if there is some active on the repo. in contracts to dependabot, which trigger on package version update on upstream.

Kebechet update manager doesn't use thoth-station database. Only advise manager uses the thoth-station database. The delay in ingestion shouldn't hinder the update manager.

[goern]

thanks! I always forget about the 'activity on repo trigger'. so you think this is the root cause for kebechet not doing something? should we use advise manager for the repo?

[goern]

and, should https://github.com/thoth-station/s2i-minimal-notebook/pull/622 have triggered a kebechet update manager to use 2022.12.7 in /overlays/python38 ?

[harshad16]

thanks! I always forget about the 'activity on repo trigger'. so you think this is the root cause for kebechet not doing something? should we use advise manager for the repo?

yes, in the repo, where dependabot reactive first, this is the reason. Though as soon as the dependabot reacts, based on the reaction, kebechet should have worked on. we need to check what is reason for kebechet not opening a pr.

and, should thoth-station/s2i-minimal-notebook#622 have triggered a kebechet update manager to use 2022.12.7 in /overlays/python38 ?

we the commit should have triggered kebechet, we have to check on the log level, why kebechet didn't have any updates.

/sig devsecops /triage accepted

[KPostOffice]

Is there a reason to use Kebechet update manager over dependabot?

[harshad16]

and, should thoth-station/s2i-minimal-notebook#622 have triggered a kebechet update manager to use 2022.12.7 in /overlays/python38 ?

It seems like kebechet did function though with some delay. Seems like a bottleneck during that period of time Dec 6-15 in the cluster. kebechet pr can be seen in the repo: https://github.com/thoth-station/s2i-minimal-notebook/pull/627

[harshad16]

Is there a reason to use Kebechet update manager over dependabot?

idea was to use our own tooling to develop it better. we can further discuss this at the community meeting.

[harshad16]

The following comments summarize the output.

• https://github.com/thoth-station/support/issues/283#issuecomment-1352759867
• https://github.com/thoth-station/support/issues/283#issuecomment-1352771694
• https://github.com/thoth-station/support/issues/283#issuecomment-1396179940

If we want a different approach, we should invest time in a new trigger methodology for kebechet. closing the issue. Please feel free to open an issue on kebechet repo, to discuss the new feature. Thanks all for the discussion and thoughts.