Repeating "Skipping sending metrics because api endpoint is empty" message

[bene-tleilax-werdna]

Describe the bug Attempting to run the Dependabot extension on a TypeScript repo results in a repetitive message that occurs once every minute until the task times out.

I am not 100% certain this isn't a depedenabot-core issue but I figure I would raise this here first.

If something is misconfigured, I'm happy to correct it. I will say I was able to setup a pip/Python Dependabot extension task with minimal setup and no issues, but I keep encountering issues with the npm package manager.

Categorization

• [✔️ ] This is not a permissions issue (Seek help at https://github.com/tinglesoftware/dependabot-azure-devops/discussions/1245)

To Reproduce Steps to reproduce the behavior:

1. Configure the pipeline using the npm package-ecosystem and dependencies found at registry.npmjs.org.
2. Pipeline appears to run until it times out, repeating the same message over and over again once every minute.

Expected behavior The pipeline and task to complete.

Logs and screenshots

I will attach the task output log to this with system.debug enabled (which I cancelled so it wasn't holding up other pipelines from executing due to concurrent run constraints).

npm-dependabot-msg-repeat.log

Log sample

2024-11-21T17:39:19.7412979Z   proxy | 2024/11/21 17:39:19 [338] 304 https://registry.npmjs.org:443/copy-webpack-plugin
2024-11-21T17:39:19.7428382Z   proxy | 2024/11/21 17:39:19 [333] 304 https://registry.npmjs.org:443/@angular%2fbuild
2024-11-21T17:39:19.7428884Z   proxy | 2024/11/21 17:39:19 [350] 304 https://registry.npmjs.org:443/@babel%2fplugin-transform-async-generator-functions
2024-11-21T17:39:25.9781336Z   proxy | 2024/11/21 17:39:25 Skipping sending metrics because api endpoint is empty
2024-11-21T17:40:26.0233254Z   proxy | 2024/11/21 17:40:26 Skipping sending metrics because api endpoint is empty
2024-11-21T17:41:25.9779535Z   proxy | 2024/11/21 17:41:25 Skipping sending metrics because api endpoint is empty
2024-11-21T17:42:25.9788742Z   proxy | 2024/11/21 17:42:25 Skipping sending metrics because api endpoint is empty
2024-11-21T17:43:25.9880733Z   proxy | 2024/11/21 17:43:25 Skipping sending metrics because api endpoint is empty
2024-11-21T17:44:25.9777712Z   proxy | 2024/11/21 17:44:25 Skipping sending metrics because api endpoint is empty
2024-11-21T17:45:26.0014469Z   proxy | 2024/11/21 17:45:26 Skipping sending metrics because api endpoint is empty
2024-11-21T17:46:26.0033554Z   proxy | 2024/11/21 17:46:26 Skipping sending metrics because api endpoint is empty
2024-11-21T17:47:26.0124146Z   proxy | 2024/11/21 17:47:26 Skipping sending metrics because api endpoint is empty
2024-11-21T17:48:25.9778823Z   proxy | 2024/11/21 17:48:25 Skipping sending metrics because api endpoint is empty

pipeline.yml

jobs:
- job: DependabotJob
  displayName: "Run Dependabot"
  timeoutInMinutes: 240
  pool:
    vmImage: 'ubuntu-latest'
  steps:
  - script: echo "Branch name is $(Build.SourceBranch)"
    displayName: "Log branch name"
  - task: npmAuthenticate@0
    inputs:
        workingFile: .npmrc
  - task: dependabot@2
    displayName: Dependabot V2
    inputs:
      setAutoComplete: false
      mergeStrategy: squash
      autoApprove: false
      targetRepositoryName: '$(Build.Repository.Name)'
      azureDevOpsAccessToken: '$(System.AccessToken)' 
    retryCountOnTaskFailure: 3
    timeoutInMinutes: 240
    env:
      TOKEN: $(System.AccessToken)

dependabot.yml

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    registries: "*"
    target-branch: "deps"
    assignees:
      - "redacted"
    groups:
      all-dependencies:
        patterns:
          - "*"
        commit-message:
          prefix: "chore(deps)"

Extension (please complete the following information):

• Host: Azure DevOps Server
• Version: 2.38.1062

[rhyskoedijk]

@bene-tleilax-werdna the "Skipping sending metrics" shows up because we don't configure the OpenTelemetry collector. I don't think this message would be the root cause of the issue, there is likely something else going on which is causing Dependabot to want to send to OpenTelemetry, but it can't. You can see this message appear earlier in your logs and the update still continues regardless.

Unfortunately, the Dependabot proxy component is closed-source, so I would not be able to diagnose what is going on inside that component. When I have some free time, I will attempt to recreate your issue from the dependency list in your log and see if I can get any extra information out of it or at least boil it down to a minimal reproduction repo.

I did a quick search of the dependabot-core project and found https://github.com/dependabot/dependabot-core/issues/10309#issuecomment-2421803431 which seems to be similar to your issue. There is a follow-up comment suggesting the groups config is causing bottlenecks, maybe you could try using smaller groups or removing groups entirely to see if the update progresses past this point? Posting your experience there might help get the issue some attention.

[bene-tleilax-werdna]

Good idea, I will give that a shot and thank you for linking me to that issue, I'll post there after I see what happens if I remove groups entirely.

I appreciate your quick response and willingness to try to tackle this issue!