Private source authentication (was working last week)

[Doddy-codes]

This job was working fine last week and no changes were made, however it is now failing with:

To use retry middleware with Faraday v2.0+, install faraday-retry gem /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:319:in check_npm_response': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): https://pkgs.dev.azure.com/BC-SDPR-Research/_packaging/Research/npm/registry/ (Dependabot::PrivateSourceAuthenticationFailure) from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:276:innpm_details' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:108:in valid_npm_details?' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:36:inlatest_version_from_registry' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker.rb:294:in latest_released_version' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker.rb:319:inlatest_version_details' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker.rb:39:in latest_version' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/update_checkers/base.rb:231:innumeric_version_up_to_date?' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/update_checkers/base.rb:189:in version_up_to_date?' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/update_checkers/base.rb:33:inup_to_date?' from /home/dependabot/dependabot-script/.bundle/gems/dependabot-npm_and_yarn-0.213.0/lib/dependabot/npm_and_yarn/update_checker.rb:27:in up_to_date?' from ./update-script.rb:332:inblock in

' from ./update-script.rb:310:in each' from ./update-script.rb:310:in

' GitHub access token has been provided. Using hostname = 'dev.azure.com', protocol = 'https', port = '443'. Using 'https://dev.azure.com:443/' as API endpoint Pull Requests shall be linked to milestone (work item) 3499 Fetching npm_and_yarn dependency files for (our registry) Targeting 'develop' branch under '/' directory Parsing dependencies information Checking if @babel/runtime 7.20.1 needs updating No update needed for @babel/runtime 7.20.1 Checking if @research/react-app-cards 1.0.0 needs updating

[error]The process '/usr/bin/docker' failed with exit code 1

Finishing: Run Dependabot - dtes

OUR Pipeline is as defined below. NOTE: This was working last week and no changes were made schedules:

• cron: "0 4 SAT" displayName: 'Weekly Run' always: true branches: include:
  • 'main' trigger: none pool: vmImage: 'ubuntu-latest' variables: DEPENDABOT_EXTRA_CREDENTIALS: '[{"type":"npm_registry","token":"$(DEPENDABOT_PAT)","registry":"$(NPM_REG)"}]' # put the credentials for private registries and feeds stages:
• stage: Dtes jobs:
  • job: DependabotDtes steps:
    • task: Cache@2 inputs: key: docker | "$(IMAGETOCACHE)" path: $(Pipeline.Workspace)/docker cacheHitVar: DOCKER_CACHE_HIT displayName: Cache Docker images
    • script: | docker load -i $(Pipeline.Workspace)/docker/cache.tar displayName: Restore Docker image condition: and(not(canceled()), eq(variables.DOCKER_CACHE_HIT, 'true'))
    • script: | mkdir -p $(Pipeline.Workspace)/docker docker pull -q $(IMAGETOCACHE) docker save -o $(Pipeline.Workspace)/docker/cache.tar $(IMAGETOCACHE) displayName: Save Docker image condition: and(not(canceled()), or(failed(), ne(variables.DOCKER_CACHE_HIT, 'true')))
    • task: dependabot@1 displayName: 'Run Dependabot - dtes' inputs: useConfigFile: true setAutoComplete: false azureDevOpsAccessToken: $(DEPENDABOT_PAT) gitHubAccessToken: $(GITHUB_TOKEN)

Varibales: IMAGETOCACHE = tingle/dependabot-azure-devops:latest NPM_REG = our npm registry

Please let me know any suggestions, thank you.

[MO2k4]

I’ve got the same issue :-/

[mburumaxwell]

Please share dependabot.yml, .npmrc, and azure-pipelines.yml files

[ChrisDoddGit]

.github/dependabot.yml version: 2 updates:

• package-ecosystem: "npm" directory: "/" open-pull-requests-limit: 15 target-branch: 'develop' milestone: 3499

.azure-dependabot.yml schedules:

• cron: "0 4 SAT" displayName: 'Weekly Run' always: true branches: include:
  • 'main' trigger: none

pool: vmImage: 'ubuntu-latest'

variables: DEPENDABOT_EXTRA_CREDENTIALS: '[{"type":"npm_registry","token":"$(DEPENDABOT_PAT)","registry":"$(NPM_REG)"}]' # put the credentials for private registries and feeds

stages:

• stage: Portal jobs:
  • job: PortalJob steps:
    • task: Cache@2 inputs: key: docker | "$(IMAGETOCACHE)" path: $(Pipeline.Workspace)/docker cacheHitVar: DOCKER_CACHE_HIT displayName: Cache Docker images
    • script: | docker load -i $(Pipeline.Workspace)/docker/cache.tar displayName: Restore Docker image condition: and(not(canceled()), eq(variables.DOCKER_CACHE_HIT, 'true'))
    • script: | mkdir -p $(Pipeline.Workspace)/docker docker pull -q $(IMAGETOCACHE) docker save -o $(Pipeline.Workspace)/docker/cache.tar $(IMAGETOCACHE) displayName: Save Docker image condition: and(not(canceled()), or(failed(), ne(variables.DOCKER_CACHE_HIT, 'true')))
    • task: dependabot@1 displayName: 'Run Dependabot - portal' inputs: useConfigFile: true setAutoComplete: false azureDevOpsAccessToken: $(DEPENDABOT_PAT) gitHubAccessToken: $(GITHUB_TOKEN)

.npmrc @research:registry=https://pkgs.dev.azure.com/OUR_ORGANIZATION/_packaging/Research/npm/registry/ @research:always-auth=true

[mburumaxwell]

What's the value of NPM_REG?

[ChrisDoddGit]

NPM_REG is the research:registry in npmrc

https://pkgs.dev.azure.com/OUR_ORGANIZATION/_packaging/Research/npm/registry/

Thanks!

[mburumaxwell]

Seems like the token needs to be prefixed by the registry name?

Try this for DEPENDABOT_EXTRA_CREDENTIALS:

"[{\"type\":\"npm_registry\",\"token\":\"Research:$(DEPENDABOT_PAT)\",\"registry\":\"pkgs.dev.azure.com/OUR_ORGANIZATION/_packaging/Research/npm/registry/\"}]"

[ChrisDoddGit]

When trying that:

2022-11-23T20:27:53.5825113Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:29: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.5837035Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.5852706Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.5909563Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:29: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.5933110Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.5967354Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7419707Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:29: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7421102Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7427173Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7608819Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:35: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7613127Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:35: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7614363Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:44: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:53.7700563Z /usr/local/lib/ruby/gems/3.1.0/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:118: warning: Pathname#untaint is deprecated and will be removed in Ruby 3.2. 2022-11-23T20:27:54.1805293Z To use retry middleware with Faraday v2.0+, install faraday-retry gem 2022-11-23T20:27:55.9769482Z /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/clients/azure.rb:237:in get': Dependabot::Clients::Azure::Unauthorized (Dependabot::Clients::Azure::Unauthorized) 2022-11-23T20:27:55.9772529Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/clients/azure.rb:52:infetch_commit' 2022-11-23T20:27:55.9774203Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/file_fetchers/base.rb:78:in commit' 2022-11-23T20:27:55.9775929Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/file_fetchers/base.rb:463:in_full_specification_for' 2022-11-23T20:27:55.9777926Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/file_fetchers/base.rb:473:in _fetch_file_content' 2022-11-23T20:27:55.9779694Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/file_fetchers/base.rb:149:infetch_file_from_host' 2022-11-23T20:27:55.9781620Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/config/file_fetcher.rb:32:in block in fetch_files' 2022-11-23T20:27:55.9783306Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/config/file_fetcher.rb:28:ineach' 2022-11-23T20:27:55.9784969Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/config/file_fetcher.rb:28:in fetch_files' 2022-11-23T20:27:55.9786580Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/file_fetchers/base.rb:69:infiles' 2022-11-23T20:27:55.9788197Z from /home/dependabot/dependabot-script/.bundle/gems/dependabot-common-0.213.0/lib/dependabot/config/file_fetcher.rb:20:in config_file' 2022-11-23T20:27:55.9789333Z from ./update-script.rb:265:in

' 2022-11-23T20:27:55.9806206Z GitHub access token has been provided. 2022-11-23T20:27:55.9806931Z Using hostname = 'dev.azure.com', protocol = 'https', port = '443'. 2022-11-23T20:27:55.9807943Z Using 'https://dev.azure.com:443/' as API endpoint 2022-11-23T20:27:55.9808468Z Pull Requests shall be linked to milestone (work item) 3499 2022-11-23T20:27:56.1512049Z ##[error]The process '/usr/bin/docker' failed with exit code 1 2022-11-23T20:27:56.1543345Z ##[section]Finishing: Run Dependabot - portal

[ChrisDoddGit]

NOTE: When specifying a different dependabot tag, (0:7) the originally defined pipeline runs fine

[ChrisDoddGit]

The updated dependabot image (0:10) has resolved the issue. Can close this issue.

Thank you for your help