search

tinglesoftware / dependabot-azure-devops

Tools for updating dependencies in Azure DevOps repositories using https://dependabot.com
MIT License
191 stars 64 forks source link

Fails to parse local folders with a relative path #1411

Open nicolasproton opened 4 days ago

nicolasproton commented 4 days ago

Describe the bug I am running TaskV2 with the directories options. As it parses each sub-folders, it fails to find dependencies that are located in other relative paths. I have tried adding an ignore statement but without success

    ignore:
      - dependency-name: 'datahub-*'

I am using tox and pytest for the unit tests execution, which requires the local dependencies to be also defined in the pyproject.toml file.

Expected behaviour I would expect dependabot to parse any folder using a relative path (or being able to ignore local folders)

Logs and screenshots .azuredevops/dependabot.yml

  - package-ecosystem: "pip"
    directories:
      - "/"
      - "/services/*"
    # schedule is ignored, using pipeline scheduled triggers instead.
    schedule:
      interval: "daily"
    versioning-strategy: "lockfile-only"
    groups:
      all-dependencies-python:
        applies-to: "version-updates"
        patterns:
          - "*" # Update all dependencies

services/access_control/pyproject.toml

[tool.poetry]
name = "datahub-access-control"
version = "0.1.0"
description = ""
package-mode = false

[tool.poetry.dependencies]
python = "^3.12"

[tool.poetry.group.dev.dependencies]
aws-lambda-powertools = "^2"
datahub-shared-services = { path = "../shared_services" }

Error Logs

...
updater | 2024/10/17 12:15:34 INFO <job_update_0_pip_all> Filtered out 6 yanked versions
updater | 2024/10/17 12:15:34 INFO <job_update_0_pip_all> Filtered out 164 pre-release versions
updater | 2024/10/17 12:15:34 INFO <job_update_0_pip_all> Latest version is 3.1.0
updater | 2024/10/17 12:15:36 WARN <job_update_0_pip_all> Path /home/dependabot/dependabot-updater/tmp/20241017-2931-64xo49/shared_services for datahub-shared-services does not exist
updater | Creating virtualenv datahub-orchestration-framework-KVs4QgZy-py3.12 in /home/dependabot/.cache/pypoetry/virtualenvs
updater | Updating dependencies
updater | Path /home/dependabot/dependabot-updater/tmp/20241017-2931-64xo49/shared_services for shared-services does not exist
updater | Resolving dependencies...
updater | 
updater | Path /home/dependabot/dependabot-updater/tmp/20241017-2931-64xo49/shared_services for datahub-shared-services does not exist
  proxy | 2024/10/17 12:15:36 [010] POST http://host.docker.internal:33029/update_jobs/update_0_pip_all/record_update_job_error
{"data":{"error-type":"unknown_error","error-details":null},"type":"record_update_job_error"}
  proxy | 2024/10/17 12:15:36 [010] 200 http://host.docker.internal:33029/update_jobs/update_0_pip_all/record_update_job_error
updater | 2024/10/17 12:15:36 ERROR <job_update_0_pip_all> Error processing aws-lambda-powertools (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | 2024/10/17 12:15:36 ERROR <job_update_0_pip_all> Path /home/dependabot/dependabot-updater/tmp/20241017-2931-64xo49/shared_services for datahub-shared-services does not exist
updater | Creating virtualenv datahub-orchestration-framework-KVs4QgZy-py3.12 in /home/dependabot/.cache/pypoetry/virtualenvs
updater | Updating dependencies
updater | Path /home/dependabot/dependabot-updater/tmp/20241017-2931-64xo49/shared_services for shared-services does not exist
updater | Resolving dependencies...
updater | 
updater | Path /home/dependabot/dependabot-updater/tmp/20241017-2931-64xo49/shared_services for datahub-shared-services does not exist
updater | 2024/10/17 12:15:36 ERROR <job_update_0_pip_all> /home/dependabot/common/lib/dependabot/shared_helpers.rb:463:in `run_shell_command'
updater | 2024/10/17 12:15:36 ERROR <job_update_0_pip_all> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `bind_call'
...

Extension:

rhyskoedijk commented 4 days ago

@nicolasproton thanks for the report. Unfortunately I don't have much experience with the pip ecosystem. I don't see any obvious clues that this is related to the Azure DevOps extension code, but that's not to say it isn't an extension issue. Before I dig into this, have you searched the dependabot-core issues list for similar issues?

I will try reproduce your issue locally and see if there are any problems in the DevOps extension code; Would using the pyproject.toml you included above be enough to reproduce this issue? or does it require the contents of ../shared_services to work as expected?

nicolasproton commented 4 days ago

Thanks. I checked and it could be somewhat related to https://github.com/dependabot/dependabot-core/issues/9554 but the error is a little different. So it is hard to tell if that's the same issue. ../shared_services would just need its own pyproject.toml but nothing else in order for you to test. Mine is set as below

/services/shared_services/pyproject.toml

[tool.poetry]
name = "datahub-shared-services"
version = "0.1.0"
description = ""
package-mode = false

[tool.poetry.dependencies]
python = "^3.9"
aws-requests-auth = "^0"
packaging = "^24"
typing-extensions = "^4"
msal = "^1"
pydantic = "^2"

[tool.poetry.group.dev.dependencies]
aws-lambda-powertools = "^2"