Error while generating commit message: Passed nil into T.must
#1232
Comments
|
The code from your stacktrace is deep inside dependabot-core and suggests that no files were modified during the update. def pr_name_directory
return "" if T.must(files.first).directory == "/"
" in #{T.must(files.first).directory}"
end
Were there any error messages from the NuGet updater process? |
Until dependabot/dependabot-core#8927 is resolved, you have to use the |
|
Thank you for the fast response. The private Azure nuget feed did not gave errors, the Telerik one did (which uses basic HTTP AUTH). When I add this workaround it crashes after discovering the dependency files at the most recent commit.
(... which one fails authentication? does it try to connect to this whole concatenated mess? where do the doubles come from?) But if the error of creating the PR comes of the authentication error to that feed not being able to build anything... Phoe... It will be with a very small heart that I'll have to dive in that mess again... Last time i lost so many hours/days trying to fix the authentication (ended up with juggling the |
I feel your pain. I have just put up a change (#1233) that will make ADO NuGet feed auth "just work" like it did in 1.24, no special workaround required and hopefully it helps with this issue. |
|
At this moment the merged PR is not published so I cannot test it with the new code, but I doubt it will fix this (the problem is with the HTTP Auth on the external Telerik nuget feed, not the devops feed). I updated my configuration (removed the explicit DEPENDABOT_EXTRA_CREDENTIALS from the pipeline yaml, added the config in dependabot.yml registries). I see in the logs that this creates the environment variable DEPENDABOT_EXTRA_CREDENTIALS automatically and it is exactly the same as used and worked in 1.24 (which is good), but with this 1.30 version it just does not want to use the authentication (I tried configuration with username/password and token username:password which worked fine before): (using the v3 version of the telerik nuget feed also does not work) Using the Heh, just as I was testing it a last time with the excon debugging before submitting this post Any way to get more debugging information, or is it time to throw in the towel? |
|
I managed to recreate your issue, it won't work in 1.30 without some changes. I'll submit a PR shortly with a fix for this scenario. After making my change, I was able to get this to work with both Azure DevOps feeds and third-party feeds using the config: nuget.config <?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
<add key="My-Private-DevOps-NuGet" value="https://pkgs.dev.azure.com/...my_org_slug.../nuget/v3/index.json" />
<add key="Telerik-NuGet" value="https://nuget.telerik.com/v3/index.json" />
</packageSources>
</configuration>dependabot.yml version: 2
registries:
my-private-nuget:
type: nuget-feed
url: https://pkgs.dev.azure.com/...my_org_slug.../nuget/v3/index.json
token: PAT:${{MY_DEVOPS_PAT}} # this is used by Dependabot & NuGet/MSBuild/dotnet
telerik-nuget:
type: nuget-feed
url: https://nuget.telerik.com/v3/index.json
username: ${{MY_TELERIK_USERNAME}} # this is used by NuGet/MSBuild/dotnet
password: ${{MY_TELERIK_PASSWORD}} # this is used by NuGet/MSBuild/dotnet
token: ${{MY_TELERIK_USERNAME}}:${{MY_TELERIK_PASSWORD}} # this is used by Dependabot
updates:
- package-ecosystem: "nuget"
target-branch: "main"
directory: "/"
registries:
- my-private-nuget
- telerik-nuget
the result was: INFO: Creating the nuget plugin directory (i.e. /home/dependabot/.nuget/plugins).
Downloading from https://github.com/Microsoft/artifacts-credprovider/releases/latest/download/Microsoft.Net6.NuGet.CredentialProvider.tar.gz
INFO: credential provider netcore plugin extracted to /home/dependabot/.nuget/
2024/07/24 10:53:41 INFO Fetching pull request info for existing dependency updates.
🌍 --> GET https://dev.azure.com/rhyskoedijk/_apis/connectionData
🌍 <-- 200 https://dev.azure.com/rhyskoedijk/_apis/connectionData
🌍 --> GET https://dev.azure.com/rhyskoedijk/Dependabot/_apis/git/repositories/Dependabot-Tests/pullrequests?api-version=7.1&searchCriteria.status=active&searchCriteria.creatorId=f6be700d-10f9-65fd-9296-09272a761d5e&searchCriteria.targetRefName=refs/heads/main
🌍 <-- 200 https://dev.azure.com/rhyskoedijk/Dependabot/_apis/git/repositories/Dependabot-Tests/pullrequests?api-version=7.1&searchCriteria.status=active&searchCriteria.creatorId=f6be700d-10f9-65fd-9296-09272a761d5e&searchCriteria.targetRefName=refs/heads/main
2024/07/24 10:53:41 INFO <job_1721818415> Starting job processing
2024/07/24 10:53:41 INFO <job_1721818415> Cloning repository 'https://dev.azure.com/rhyskoedijk/Dependabot/_git/Dependabot-Tests' to '/home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests'
2024/07/24 10:53:42 INFO <job_1721818415> Searching for nuget dependency reference files in '/', this can take a while...
running NuGet discovery:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli discover --repo-root /home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests --workspace / --output /tmp/.dependabot/discovery.1.json --verbose
Discovering build files in workspace [/home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests].
No dotnet-tools.json file found.
No global.json file found.
Discovering projects beneath [.].
No packages.config file found.
Central Package Management is not enabled.
Discovery complete.
2024/07/24 10:53:51 INFO <job_1721818415> Discovery JSON content: {
"Path": "",
"IsSuccess": true,
"Projects": [
{
"FilePath": "WebApplicationNetCore/WebApplicationNetCore.csproj",
"Dependencies": [
{
"Name": "Microsoft.NET.Sdk.Web",
"Version": null,
"Type": "MSBuildSdk",
"EvaluationResult": null,
"TargetFrameworks": null,
"IsDevDependency": false,
"IsDirect": false,
"IsTransitive": false,
"IsOverride": false,
"IsUpdate": false,
"InfoUrl": null
},
{
"Name": "SixLabors.ImageSharp",
"Version": "3.1.4",
"Type": "PackageReference",
"EvaluationResult": {
"ResultType": "Success",
"OriginalValue": "3.1.4",
"EvaluatedValue": "3.1.4",
"RootPropertyName": null,
"ErrorMessage": null
},
"TargetFrameworks": [
"net8.0"
],
"IsDevDependency": false,
"IsDirect": true,
"IsTransitive": false,
"IsOverride": false,
"IsUpdate": false,
"InfoUrl": null
},
{
"Name": "Telerik.Reporting",
"Version": "10.1.16.615",
"Type": "PackageReference",
"EvaluationResult": {
"ResultType": "Success",
"OriginalValue": "10.1.16.615",
"EvaluatedValue": "10.1.16.615",
"RootPropertyName": null,
"ErrorMessage": null
},
"TargetFrameworks": [
"net8.0"
],
"IsDevDependency": false,
"IsDirect": true,
"IsTransitive": false,
"IsOverride": false,
"IsUpdate": false,
"InfoUrl": null
}
],
"IsSuccess": true,
"Properties": [
{
"Name": "ImplicitUsings",
"Value": "enable",
"SourceFilePath": "WebApplicationNetCore/WebApplicationNetCore.csproj"
},
{
"Name": "Nullable",
"Value": "enable",
"SourceFilePath": "WebApplicationNetCore/WebApplicationNetCore.csproj"
},
{
"Name": "TargetFramework",
"Value": "net8.0",
"SourceFilePath": "WebApplicationNetCore/WebApplicationNetCore.csproj"
}
],
"TargetFrameworks": [
"net8.0"
],
"ReferencedProjectPaths": []
}
],
"DirectoryPackagesProps": null,
"GlobalJson": null,
"DotNetToolsJson": null,
"ErrorType": null,
"ErrorDetails": null
}
2024/07/24 10:53:51 INFO <job_1721818415> Repository scan completed for 'https://dev.azure.com/rhyskoedijk/Dependabot/_git/Dependabot-Tests' at commit '53d71c8bf8332f011ddc3d6e249cef6649975e0f'
2024/07/24 10:53:51 INFO <job_1721818415> Found 2 nuget dependency reference files:
2024/07/24 10:53:51 INFO <job_1721818415> - //WebApplicationNetCore/WebApplicationNetCore.csproj
2024/07/24 10:53:51 INFO <job_1721818415> - //WebApplicationNetCore/nuget.config
2024/07/24 10:53:51 INFO <job_1721818415> Found 2 top-level dependencies:
2024/07/24 10:53:52 INFO <job_1721818415> - SixLabors.ImageSharp (3.1.4) (VULNERABLE!)
2024/07/24 10:53:52 INFO <job_1721818415> - Telerik.Reporting (10.1.16.615)
2024/07/24 10:53:52 INFO <job_1721818415> Found 0 transitive dependencies:
2024/07/24 10:53:52 INFO <job_1721818415> Found 0 dependency group(s):
2024/07/24 10:53:52 INFO <job_1721818415> Found 0 open pull requests(s):
2024/07/24 10:53:52 INFO <job_1721818415> Checking if any dependencies need a new pull request created
2024/07/24 10:53:52 DEBUG <job_1721818415> Finding operation for a version to create a Pull Request for all dependencies
2024/07/24 10:53:52 DEBUG <job_1721818415> Performing job with Dependabot::Updater::Operations::UpdateAllVersions
2024/07/24 10:53:52 INFO <job_1721818415> Starting update job for rhyskoedijk/Dependabot/_git/Dependabot-Tests
2024/07/24 10:53:52 INFO <job_1721818415> Checking all dependencies for version updates...
2024/07/24 10:53:52 INFO <job_1721818415> Checking if SixLabors.ImageSharp 3.1.4 needs updating
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/Dependabot/_packaging/Private-NuGet/nuget/v3/index.json
🌍 <-- 200 https://pkgs.dev.azure.com/rhyskoedijk/Dependabot/_packaging/Private-NuGet/nuget/v3/index.json
🌍 --> GET https://nuget.telerik.com/v3/index.json
🌍 <-- 200 https://nuget.telerik.com/v3/index.json
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/registrations2/sixlabors.imagesharp/index.json
🌍 <-- 200 https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/registrations2/sixlabors.imagesharp/index.json
🌍 --> GET https://nuget.telerik.com/v3/registration/sixlabors.imagesharp/index.json
🌍 <-- 404 https://nuget.telerik.com/v3/registration/sixlabors.imagesharp/index.json
🌍 --> GET https://api.nuget.org/v3/registration5-gz-semver2/sixlabors.imagesharp/index.json
🌍 <-- 200 https://api.nuget.org/v3/registration5-gz-semver2/sixlabors.imagesharp/index.json
2024/07/24 10:53:56 INFO <job_1721818415> Filtered out 10 pre-release versions
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/sixlabors.imagesharp/3.1.4/sixlabors.imagesharp.nuspec
🌍 <-- 200 https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/sixlabors.imagesharp/3.1.4/sixlabors.imagesharp.nuspec
2024/07/24 10:53:56 INFO <job_1721818415> Latest version is 3.1.5
2024/07/24 10:53:56 INFO <job_1721818415> Filtered out 10 pre-release versions
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/sixlabors.imagesharp/3.1.4/sixlabors.imagesharp.nuspec
🌍 <-- 200 https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/sixlabors.imagesharp/3.1.4/sixlabors.imagesharp.nuspec
2024/07/24 10:53:56 INFO <job_1721818415> Requirements to unlock own
2024/07/24 10:53:56 INFO <job_1721818415> Requirements update strategy
2024/07/24 10:53:56 INFO <job_1721818415> Updating SixLabors.ImageSharp from 3.1.4 to 3.1.5
running NuGet updater:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests --solution-or-project /home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests/WebApplicationNetCore/WebApplicationNetCore.csproj --dependency SixLabors.ImageSharp --new-version 3.1.5 --previous-version 3.1.4 --result-output-path /tmp/update-result.json --verbose
No dotnet-tools.json file found.
No global.json file found.
Running for project file [WebApplicationNetCore/WebApplicationNetCore.csproj]
Updating project [/home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests/WebApplicationNetCore/WebApplicationNetCore.csproj]
Running for SDK-style project
Found incorrect [PackageReference] version attribute in [WebApplicationNetCore/WebApplicationNetCore.csproj].
Saved [WebApplicationNetCore/WebApplicationNetCore.csproj].
Update complete.
Writing update result to [/tmp/update-result.json].
2024/07/24 10:54:03 INFO <job_1721818415> update result: {
"ErrorType": null,
"ErrorDetails": null
}
The contents of file [WebApplicationNetCore/WebApplicationNetCore.csproj] were updated.
2024/07/24 10:54:03 INFO <job_1721818415> Submitting SixLabors.ImageSharp pull request for creation
2024/07/24 10:54:03 INFO <job_1721818415> Skipping pull request creation as it is disabled for this job.
2024/07/24 10:54:03 DEBUG <job_1721818415> Staged file changes were:
2024/07/24 10:54:03 DEBUG <job_1721818415> ± Updated 'WebApplicationNetCore/WebApplicationNetCore.csproj' in '/'
~~~
--- /tmp/original20240724-7-l0ya05 2024-07-24 10:54:03.045745437 +0000
+++ /tmp/updated20240724-7-nee7da 2024-07-24 10:54:03.045745437 +0000
@@ -7,7 +7,7 @@
</PropertyGroup>
<ItemGroup>
- <PackageReference Include="SixLabors.ImageSharp" Version="3.1.4" />
+ <PackageReference Include="SixLabors.ImageSharp" Version="3.1.5" />
<PackageReference Include="Telerik.Reporting" Version="10.1.16.615" />
</ItemGroup>
~~~
2 insertions (+), 2 deletions (-)
2024/07/24 10:54:03 INFO <job_1721818415> Checking if Telerik.Reporting 10.1.16.615 needs updating
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/registrations2/telerik.reporting/index.json
🌍 <-- 404 https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/registrations2/telerik.reporting/index.json
🌍 --> GET https://nuget.telerik.com/v3/registration/telerik.reporting/index.json
🌍 <-- 200 https://nuget.telerik.com/v3/registration/telerik.reporting/index.json
🌍 --> GET https://api.nuget.org/v3/registration5-gz-semver2/telerik.reporting/index.json
🌍 <-- 404 https://api.nuget.org/v3/registration5-gz-semver2/telerik.reporting/index.json
2024/07/24 10:54:05 INFO <job_1721818415> Filtered out 16 pre-release versions
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/telerik.reporting/10.1.16.615/telerik.reporting.nuspec
🌍 <-- 404 https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/telerik.reporting/10.1.16.615/telerik.reporting.nuspec
2024/07/24 10:54:11 INFO <job_1721818415> Latest version is 15.1.21.616
2024/07/24 10:54:11 INFO <job_1721818415> Requirements to unlock all
2024/07/24 10:54:11 INFO <job_1721818415> Requirements update strategy
Finding updated dependencies for Telerik.Reporting.
🌍 --> GET https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/telerik.reporting/15.1.21.616/telerik.reporting.nuspec
🌍 <-- 404 https://pkgs.dev.azure.com/rhyskoedijk/e392b1b0-13c4-4279-8aed-df068190d82e/_packaging/24ec61b3-7f0a-46e4-bca5-9db1caaf7d1f/nuget/v3/flat2/telerik.reporting/15.1.21.616/telerik.reporting.nuspec
...snip...
2024/07/24 10:54:47 INFO <job_1721818415> Updating Telerik.Reporting from 10.1.16.615 to 15.1.21.616
running NuGet updater:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests --solution-or-project /home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests/WebApplicationNetCore/WebApplicationNetCore.csproj --dependency Telerik.Reporting --new-version 15.1.21.616 --previous-version 10.1.16.615 --result-output-path /tmp/update-result.json --verbose
No dotnet-tools.json file found.
No global.json file found.
Running for project file [WebApplicationNetCore/WebApplicationNetCore.csproj]
Updating project [/home/dependabot/dependabot-updater/job/1721818415/repo/rhyskoedijk/Dependabot/_git/Dependabot-Tests/WebApplicationNetCore/WebApplicationNetCore.csproj]
Running for SDK-style project
Found incorrect [PackageReference] version attribute in [WebApplicationNetCore/WebApplicationNetCore.csproj].
Saved [WebApplicationNetCore/WebApplicationNetCore.csproj].
Update complete.
Writing update result to [/tmp/update-result.json].
2024/07/24 10:55:11 INFO <job_1721818415> update result: {
"ErrorType": null,
"ErrorDetails": null
}
The contents of file [WebApplicationNetCore/WebApplicationNetCore.csproj] were updated.
2024/07/24 10:55:11 INFO <job_1721818415> Submitting Telerik.Reporting pull request for creation
2024/07/24 10:55:11 INFO <job_1721818415> Skipping pull request creation as it is disabled for this job.
2024/07/24 10:55:11 DEBUG <job_1721818415> Staged file changes were:
2024/07/24 10:55:11 DEBUG <job_1721818415> ± Updated 'WebApplicationNetCore/WebApplicationNetCore.csproj' in '/'
~~~
--- /tmp/original20240724-7-o5km1o 2024-07-24 10:55:11.603803089 +0000
+++ /tmp/updated20240724-7-acsyyo 2024-07-24 10:55:11.603803089 +0000
@@ -8,7 +8,7 @@
<ItemGroup>
<PackageReference Include="SixLabors.ImageSharp" Version="3.1.4" />
- <PackageReference Include="Telerik.Reporting" Version="10.1.16.615" />
+ <PackageReference Include="Telerik.Reporting" Version="15.1.21.616" />
</ItemGroup>
</Project>
~~~
2 insertions (+), 2 deletions (-)
2024/07/24 10:55:11 INFO <job_1721818415> Finished job processing
2024/07/24 10:55:11 INFO Results:
+-----------------------------------------------------------------+
| Changes to Dependabot Pull Requests |
+---------+-------------------------------------------------------+
| created | SixLabors.ImageSharp ( from 3.1.4 to 3.1.5 ) |
| created | Telerik.Reporting ( from 10.1.16.615 to 15.1.21.616 ) |
+---------+-------------------------------------------------------+ |
|
You are a saint, thank you so much :) |
|
@AgidensKevinG if the latest image doesn't resolve this for you, fee free to reopen and i'll take another look. |
The fix works like a charm, thanks a lot! |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Our dependabot is configured to only create PR's on vulnerabilities. Today it found one, but the pipeline fails with this error (it used to work with v1.24 but that one does not exist anymore).
Categorization
Repository
Private :(
To Reproduce
Have a project with SixLabors.ImageSharp 3.1.4 in the Nuget. Earliest non-vulnerable is 3.1.5.
Expected behavior
Vulnerability is detected (OK), and PR is created (NOK).
Screenshots
I'll paste the stacktrace instead of a chain of screenshots:
Pool: Azure Pipelines
Image: ubuntu-latest
Agent: Hosted Agent
Version : 1.30.776
Unable to find image 'ghcr.io/tinglesoftware/dependabot-updater-nuget:1.30' locally
1.30: Pulling from tinglesoftware/dependabot-updater-nuget
Additional context
Dependabot 1.30 still complains about 401 errors on private feeds (telerik) but the vulnerable package is a public one. And I can't test with the 1.24 image anymore :(
The text was updated successfully, but these errors were encountered: