NuGetUpdate.Cli discover gets Stuck in Docker

[SeMuell]

Describe the bug
After upgrading to the most recent version (1.29) from 1.24 with private nuget feeds and many projects (currently 87) the NuGetUpdater got stuck for several hours when running in the docker container. Unfortunately, no more logs are generated than below after the list of dependency files.

2024-06-10 09:26:10 Parsing dependencies information
2024-06-10 09:26:10 running NuGet discovery:
2024-06-10 09:26:10 /opt/nuget/NuGetUpdater/NuGetUpdater.Cli discover --repo-root /home/dependabot/dependabot-updater/tmp/Oganization/Project/_git/Repository --workspace / --output /tmp/.dependabot/discovery.json --verbose

Categorization

• This is not a permissions issue (We cannot solve permission issues)

To Reproduce
Steps to reproduce the behavior (did not test with another project):

1. Build the Dockerfile with following:

FROM ghcr.io/tinglesoftware/dependabot-updater-nuget:latest

USER root
ENV DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=20
ENV DEPENDABOT_PACKAGE_MANAGER=nuget
ENV DEPENDABOT_TARGET_BRANCH=develop
ENV DEPENDABOT_BRANCH_NAME_SEPARATOR='/'
ENV DEPENDABOT_EXTRA_CREDENTIALS='[{"type":"nuget_feed","token":"token","url":"url"}]'
ENV AZURE_ORGANIZATION=Organization
ENV AZURE_PROJECT=Project
ENV AZURE_REPOSITORY=Repository

ENTRYPOINT ["bin/run.sh", "update_script"]

2. Run the container

Expected behavior
Running dependabot

[SeMuell]

I also tried the workaround mentioned at the end of #921, but didn't work.

[rcaunt]

Concur we are seeing this. 1 private feed and only 6-7 relatively small .NET Core projects.

[GunnyDev]

We also seeing this across multiple repositories. Even more painful now version 1.24 has been removed and we cant revert to using that version!

[mburumaxwell]

This may have been resolved in #1241 and a number that came before.
@SeMuell, @rcaunt , @GunnyDev could you give this a try in new script (i.e. useUpdateScriptvNext: true)?

[rcaunt]

This may have been resolved in #1241 and a number that came before. @SeMuell, @rcaunt , @GunnyDev could you give this a try in new script (i.e. useUpdateScriptvNext: true)?

Using v1.30.0 with useUpdateScriptvNext: true and it seems the same TBH (15 mins in and nothing happening). Will report back if it does happen to succeed but it doesn't look it.

Is there any additional information you would like?

[mburumaxwell]

Is there a particular reason you pinned version 1.30.0 of the docker image? Yesterday, 1.30.1 was released and just now 1.30.2

[rcaunt]

Is there a particular reason you pinned version 1.30.0 of the docker image? Yesterday, 1.30.1 was released and just now 1.30.2

Just because I looked on the releases tab an saw 1.30.0. I'll try the other versions now :)

[rhyskoedijk]

Given that no errors are logged to console, it could just be a general performance issue during NuGet discovery rather than a specific bug in the update process.

v1.25 was where the NuGet updater was rewritten in native C# and takes a lot longer to complete discovery now.

In my own testing even with in a small repository of a handful of dependencies it can take several minutes to complete discovery. It's possible that the updater is working fine, it's just busy. Since it doesn't output any logs until it has finished it creates the perception that it has hung.

When you say your repo has 87 projects, roughly how many dependencies would you estimate there are in total?
If you changed your dependabot.yml project directory from / to /project1, does discovery complete or still hang? If it completes for a single project, I suspect the problem is the size of the repo.

[rcaunt]

@mburumaxwell I can report back that with both 1.30.0 and 1.30.2 it did no longer get stuck at this point and so that problem seems to be solved.