tinglesoftware / dependabot-azure-devops

Tools for updating dependencies in Azure DevOps repositories using https://dependabot.com
MIT License
201 stars 66 forks source link

Can't run Dependabot on Microsoft Hosted Agents due to high disc space demand #1473

Open Patrick-3000 opened 6 days ago

Patrick-3000 commented 6 days ago

We switched from free Microsoft Hosted Agents to paid Microsoft Hosted Agents due to the fact that since the update to Dependabot@V2 the 60 minutes timeout of the free agents is not enough anymore to run Dependabot on our repo. Since Dependabot@V2, we need ~2.5 hours, and with the paid agents, we have a timeout of 6 hours, so this issue is solved (with our credit card...).

However, we still can't run Dependabot on our repo due the following error:

##[error]System.IO.IOException: No space left on device : '/home/vsts/agents/3.246.0/_diag/Worker_20241118-151020-utc.log'

I suspect that the generated log file is too big for the 14 GB SSD storage Microsoft provides for us. I tried to reduce the logged data with

DetailedLog: false
logFileVerbosity: quiet

in the YAML file, unfortunatly without success. Is there anything else I could try?

rhyskoedijk commented 4 days ago

@Patrick-3000 thanks for the report. I would assume running out of disk space is primarily caused due to the mass downloading of packages rather than the log itself. I have a project running on MS hosted agents with a couple of thousand of NPM/NuGet dependencies and the last run was about 300K lines (55mb). In saying that, I totally agree that the logging is far too verbose by default and I have been thinking of ways to reduce the output in non-debug runs but not had time to make a change yet. I will look at addressing this in the near future, but I suspect it isn't the root cause of your issue.

Is there any extra information you can share about your project that would help me reduce your issue? What package ecyosystem is the update for? Do you know roughly how many dependencies you have and how many are out of date? Are you able to share your package list?

In some of the very large projects that I've enabled Dependabot for, I've had a lot of success with first doing a manual round of package updates to get everything mostly up to date and then enabling Dependabot after that. It significantly reduces the amount of work Dependabot needs to do initially and lead for far less pipeline timeouts. Just something to consider if that is an option for you.

Patrick-3000 commented 4 days ago

@rhyskoedijk: thanks for your answer, I will try to do manual updates first and come back to you.