search

tinglesoftware / dependabot-azure-devops

Tools for updating dependencies in Azure DevOps repositories using https://dependabot.com
MIT License
201 stars 66 forks source link

(NoMethodError) on Private Registry #1426

Closed caglanurcetinn closed 1 month ago

caglanurcetinn commented 1 month ago

Describe the bug I got this error when my dependabot try to create PR for private Nuget package in Azure Devops.

2024/10/22 08:40:23 INFO Checking if AAA.Common.Http 2.0.1 needs updating 🌍 --> GET https://xxx.pkgs.visualstudio.com/aaa/_packaging/private-feed/nuget/v3/index.json 🌍 <-- 200 https://xxx.pkgs.visualstudio.com/aaa/_packaging/private-feed/nuget/v3/index.json 🌍 --> GET https://xxx.pkgs.visualstudio.com/744cec9e-c94a-41aa-a3a1-ed866b65b436/_packaging/d7ac292f-e20f-4e34-918f-5406eb9364ee/nuget/v3/registrations2/AAA.Common.Http/index.json 🌍 <-- 200 https://xxx.pkgs.visualstudio.com/744cec9e-c94a-41aa-a3a1-ed866b65b436/_packaging/d7ac292f-e20f-4e34-918f-5406eb9364ee/nuget/v3/registrations2/AAA.Common.Http/index.json 🌍 --> GET https://api.nuget.org/v3/registration5-gz-semver2/AAA.Common.Http/index.json 🌍 <-- 404 https://api.nuget.org/v3/registration5-gz-semver2/AAA.Common.Http/index.json 🌍 --> GET https://api.nuget.org/v3-flatcontainer/AAA.Common.Http/2.0.1/AAA.Common.Http.nuspec 🌍 <-- 404 https://api.nuget.org/v3-flatcontainer/AAA.Common.Http/2.0.1/AAA.Common.Http.nuspec 2024/10/22 08:40:24 INFO Latest version is 2.0.2 2024/10/22 08:40:24 ERROR Error processing AAA.Common.Http (NoMethodError) 2024/10/22 08:40:24 ERROR undefined method contains_dependency?' for an instance of Array 2024/10/22 08:40:24 ERROR <job_1729586364> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:255:inblock in pr_exists_for_latest_version?' 2024/10/22 08:40:24 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:255:in any?' 2024/10/22 08:40:24 ERROR <job_1729586364> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:255:inpr_exists_for_latest_version?'

my dependabot.yaml

version: 2
registries:
  artifacts:
    type: nuget-feed
    key: "private-feed"
    url: "https://xxx.pkgs.visualstudio.com/aaa/_packaging/private-feed/nuget/v3/index.json"
    token: PAT:${{ AZURE_ACCESS_TOKEN }}
updates:
  - package-ecosystem: "nuget"
    directories: [ '/xxx/YYY/*' ]
    allow:
      - dependency-name: "AAA.Common.Http"
    target-branch: main
    registries:
      - artifacts
    schedule:
      interval: "daily"
    commit-message:
      prefix: "private repo upgrade"
    open-pull-requests-limit: 5

Additional context I found something similar on internet https://github.com/dependabot/dependabot-core/issues/8003 However it is for group but I only need to use allow. Any idea how can I pass this error?

rhyskoedijk commented 1 month ago

@caglanurcetinn thanks for the report. It looks like you are using version 1 of the Dependabot task; can you let us know which version of the dockerImageTag you have set in your pipeline?

Briefly looking at the stack trace, it looks like the Dependabot metadata stored in one of your existing pull requests is causing problems. It is possible you might be work around this issue by completing or abandoning any active Dependabot PRs that are currently open.

If you are able to confirm which Docker image tag you are using, I will investigate further.

caglanurcetinn commented 1 month ago

Thanks for the quick response. It worked when I closed the other open PR. The open PR was related with a different package. Basically, I would expect it to create 2 different PRs as they are not related with same package.

My pipeline is;

pool:
  vmImage: 'ubuntu-latest'

stages:
  - stage: CheckDependencies
    jobs:
      - job: Dependabot
        displayName: 'Run Dependabot'
        steps:
          - task: dependabot@1
            displayName: 'Detect Outdated Nuget Packages and Create PRs'
            inputs:
              useUpdateScriptvNext: true
            env:
              AZURE_ACCESS_TOKEN: $(System.AccessToken)

I could not find the dockerImageTag. How can I find it? And you said I use version1 in task, when I try to use task: dependabot@2, it didnt work. Thanks for help!

rhyskoedijk commented 1 month ago

The open PR was related with a different package. Basically, I would expect it to create 2 different PRs as they are not related with same package.

Could you elaborate on this? What was the branch names of the two pull requests that were causing the issue?

I could not find the dockerImageTag. How can I find it?

Sorry, I just assumed you had explicitly set it; Based on your pipeline config, looks like you are using the default value, "latest".

when I try to use task: dependabot@2, it didnt work.

No problem, it is still in preview and does still have issues. If it isn't an already known issue, opening a new issue would be appreciated so that I can investigate it.

caglanurcetinn commented 1 month ago

Sure, I will open another issue for dependabot@2. Thanks!

Could you elaborate on this? What was the branch names of the two pull requests that were causing the issue?

First one --> dependabot/nuget/xxx/YYY/AAA.{facadeName}.BBB/main/Microsoft.NET.Test.Sdk-17.11.1 Second one --> dependabot/nuget/xxx/YYY/AAA.{name}.BBB/main/AAA.Common.Http-2.0.2

After I closed first one as you suggested, It worked.

caglanurcetinn commented 1 month ago

I updated Task to version 2 and it worked fine. I dont know why it didnt work at the beginning but now version 2 works for me. Thanks for all the help!