Open Ammanyi opened 1 day ago
Thank you for creating this issue, I was going to open one myself. I experience the exact same issue with npm.
I have also exhausted all of the permission steps referenced in #1245.
I thought I was just doing something wrong, but I can't identify what it may be. The error seems to reference this or this but I am not knowledgeable enough to determine how or what is the cause of the error here.
Error:
Creating pull request 'chore(deps): bump the all-dependencies group with 269 updates'...
- Pushing 2 change(s) to branch 'dependabot/npm_and_yarn/main/all-dependencies-8c0fc2b678'...
- Creating pull request to merge 'dependabot/npm_and_yarn/main/all-dependencies-8c0fc2b678' into 'main'...
- Adding dependency metadata to pull request properties...
##[error]Failed to create pull request: TypeError: Cannot read properties of null (reading 'pullRequestId')
TypeError: Cannot read properties of null (reading 'pullRequestId')
at AzureDevOpsWebApiClient.createPullRequest (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/utils/azure-devops/AzureDevOpsWebApiClient.js:191:48)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async DependabotOutputProcessor.process (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/utils/dependabot-cli/DependabotOutputProcessor.js:66:42)
at async DependabotCli.update (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/utils/dependabot-cli/DependabotCli.js:101:51)
at async run (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/index.js:72:50)
pipeline.yaml:
- task: dependabot@2
displayName: Dependabot V2
inputs:
setAutoComplete: false
mergeStrategy: squash
autoApprove: false
retryCountOnTaskFailure: 3
timeoutInMinutes: 240
env:
TOKEN: $(System.AccessToken)
dependabot.yml:
version: 2
updates:
- package-ecosystem: "npm_and_yarn"
directory: "/"
registries:
- private
- npm
target-branch: "main"
commit-message:
prefix: "chore(deps)"
versioning-strategy: increase-if-necessary
allow:
- dependency-type: "all"
groups:
all-dependencies:
patterns:
- "*"
commit-message:
prefix: "chore(deps)"
registries:
private:
type: npm-registry
url: <url>
token: ${{TOKEN}}
npm:
type: npm-registry
url: https://registry.npmjs.org/
Interestingly, I just noticed this works on a separate pipeline I have setup for a pip/Python app. In that instance, I notice that I have autoApprove: true
set versus in @Ammanyi and the failing example I provided previously, we have autoApprove: false
. Obviously though, we need to be able to reliably set auto-approval to false when these pipelines run, in some cases app development teams need to be able to review the dependency updates Dependabot identifies.
Edit: I tried to set autoApprove: true
on the failing example and still encountered the same error.
Here's my working example.
pipeline.yaml:
- task: dependabot@2
displayName: Dependabot V2
inputs:
setAutoComplete: true
mergeStrategy: squash
autoApprove: true
retryCountOnTaskFailure: 3
dependabot.yml:
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
target-branch: "main"
commit-message:
prefix: "chore(deps)"
ignore:
- dependency-name: "kubernetes"
- dependency-name: "elasticsearch"
allow:
- dependency-type: "all"
groups:
all-dependencies:
patterns:
- "*"
commit-message:
prefix: "chore(deps)"
@Ammanyi thanks for the report; I ran in to this issue last week too. I've started a fix in https://github.com/tinglesoftware/dependabot-azure-devops/pull/1385, but it is still in-progress. Hopefully resolved in a few days.
Thank you quick turn up, @rhyskoedijk. I really appreciate you looking into it. It's good to know that a fix is in progress. I'll keep an eye on #1385 and look forward to the resolution in the coming days. Let me know if there's anything I can do to help or test once it's ready! 😊
Describe the bug I am managing NuGet packages, specifically SumNumbers, in Azure Artifacts and have configured the following dependabot.yml file for version updates. The pipeline triggers using Dependabot with the below configuration:
dependabot.yml
azure-pipelines.yml
In the logs, Dependabot successfully detects the latest NuGet package versions. However, when attempting to create the pull request with Dependabot V2, I encounter the following error:
##[error]Failed to create pull request: TypeError: Cannot read properties of null (reading 'pullRequestId')
Categorization
Expected behavior The new Dependabot V2 should able to detect any new nuget version and create a PR.
Logs and screenshots _Creating pull request 'Bump the dev-dependencies group in /Dependency/ConsoleApp1 with 2 updates'... Pushing 1 change(s) to branch 'dependabot/nuget/main/dev-dependencies-9c2157c9ac'... Creating pull request to merge 'dependabot/nuget/main/dev-dependencies-9c2157c9ac' into 'main'... Adding dependency metadata to pull request properties...
[error]Failed to create pull request: TypeError: Cannot read properties of null (reading 'pullRequestId')
TypeError: Cannot read properties of null (reading 'pullRequestId') at AzureDevOpsWebApiClient.createPullRequest (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/utils/azure-devops/AzureDevOpsWebApiClient.js:191:48) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async DependabotOutputProcessor.process (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/utils/dependabot-cli/DependabotOutputProcessor.js:66:42) at async DependabotCli.update (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/utils/dependabot-cli/DependabotCli.js:101:51) at async run (/home/vsts/work/_tasks/dependabot_d98b873d-cf18-41eb-8ff5-234f14697896/2.35.955/index.js:72:50) Processing output 'mark_as_processed' with data: { 'base-commit-sha': '34acc3f01c7f67e215cc5a135a24dce63ed5dd36' }
[error]1 update job(s) failed, check logs for more information_
Extension (please complete the following information):
Additional context I have recently migrated to Dependabot V2 from the previous version. In the past, the configuration worked smoothly for triggering PRs in Azure Pipelines with dependabot@1. However, the new setup seems to fail during the PR creation step, despite successful version detection.
I am currently using Azure Artifacts to host NuGet packages, and the pipeline is designed to handle updates for multiple projects. The error occurs consistently with the Dependabot V2 task, and I haven’t been able to identify what might be causing the failure in creating the pull request, particularly the pullRequestId not being read correctly.