Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Auth Failure Mid Execution (Azure Devops Packages) #824

Closed
altnp opened this issue Sep 23, 2023 · 12 comments
Closed

NPM Auth Failure Mid Execution (Azure Devops Packages) #824

altnp opened this issue Sep 23, 2023 · 12 comments

Comments

@altnp
Copy link

altnp commented Sep 23, 2023

Describe the bug
Azure Devops NPM Feed starts erroring for "missing auth token" mid run.

HTTP Logs show the token being sent prior to the error triggering, no HTTP request is sent when "missing auth

Checking if single-spa-react 4.3.1 needs updating
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react
🌍 <-- 200 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react
🌍 <-- 200 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react/5.1.4
🌍 <-- 404 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react/5.1.4
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react/5.1.4
🌍 <-- 404 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react/5.1.4
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react/latest
🌍 <-- 404 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/single-spa-react/latest
Requirements to unlock own
Requirements update strategy bump_versions
Updating single-spa-react from 4.3.1 to 5.1.4
Pull request for 4.3.1 already exists (#5215) and does not need updating.
🌍 --> GET https://dev.azure.com/Tcetra/Vidapay/_apis/git/repositories/Vidapay-Dashboard-App/commits
🌍 <-- 200 https://dev.azure.com/Tcetra/Vidapay/_apis/git/repositories/Vidapay-Dashboard-App/commits
🌍 --> GET https://registry.npmjs.org/single-spa-react/latest
🌍 <-- 200 https://registry.npmjs.org/single-spa-react/latest
Checking if @babel/core 7.15.0 needs updating
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore
🌍 <-- 200 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore
🌍 <-- 200 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore/7.22.20
🌍 <-- 404 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore/7.22.20
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel/core/7.22.20
🌍 <-- 404 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel/core/7.22.20
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore/latest
🌍 <-- 404 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@babel%2Fcore/latest
Requirements to unlock own
Requirements update strategy bump_versions
Updating @babel/core from 7.15.0 to 7.22.20
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.232.0/lib/dependabot/shared_helpers.rb:344:in `run_shell_command': Progress: resolved 1, reused 0, downloaded 0, added 0 (Dependabot::SharedHelpers::HelperSubprocessFailed)
 ERR_PNPM_FETCH_401  GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@ampproject%2Fremapping: Unauthorized - 401

No authorization header was set for the request.

These authorization settings were found:
@tcetra-pkgs:registry=https://babel%2Fhelpers/: Unauthorized - 401

No authorization header was set for the request.

These authorization settings were found:
@tcetra-pkgs:registry=https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/
 ERR_PNPM_FETCH_401  GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/debug: Unauthorized - 401

No authorization header was set for the request.

These authorization settings were found:
@tcetra-pkgs:registry=https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/
 ERR_PNPM_FETCH_401  GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/convert-source-map: Unauthorized - 401

No authorization header was set for the request.

To Reproduce
Steps to reproduce the behavior:
Unknown

Expected behavior
The same auth token used previously should continue to work

Extension (please complete the following information):

  • Host: Azure Devops
  • Version Latest

Configs

Pipeline

trigger: none

schedules:
  - cron: "0 13 * * *"
    displayName: Daily Run
    branches:
      include:
      - master
    always: true

pool:
  vmImage: ubuntu-22.04

steps:
  - checkout: self
    clean: true
    persistCredentials: true'
  - task: npmAuthenticate@0
    inputs:
      workingFile: .npmrc
  - task: dependabot@1
    displayName: 'Run Dependabot'
    inputs:
      targetBranch: $(Build.SourceBranch)
      abandonUnwantedPullRequests: true

dependabot.yml

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    open-pull-requests-limit: 10
    groups:
      minor:
        update-types:
        - "minor"
        - "patch"
      major:
        update-types:
        - "major"
    registries:
      - tcetra-pkgs
registries:
  tcetra-pkgs:
    type: npm-registry
    url: https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/
    token: PAT:${{SYSTEM_ACCESSTOKEN}}
@mburumaxwell
Copy link
Contributor

See dependabot/dependabot-core#7731

Been unable to get to the bottom of the issue here for a while. It could be an upstream issue or not.

@mburumaxwell mburumaxwell mentioned this issue Sep 28, 2023
Closed
@mburumaxwell
Copy link
Contributor

dependabot/dependabot-core#7731 (comment)

@mburumaxwell
Copy link
Contributor

dockerImageTag: '1.21.1-pullrequest0829-0052'

@altnp
Copy link
Author

altnp commented Oct 2, 2023

Thanks

@mburumaxwell
Copy link
Contributor

dockerImageTag: '1.22.1-pullrequest0829-0018'

@mburumaxwell
Copy link
Contributor

Can anyone confirm that the issue is fixed with the latest image tag: 1.23.1-ci0014?

@altnp
Copy link
Author

altnp commented Nov 22, 2023

Can anyone confirm that the issue is fixed with the latest image tag: 1.23.1-ci0014?

How do I configure the task to use the tag?

@mburumaxwell
Copy link
Contributor

Seems 1.23.1-ci0014 is failing based on some changes in types. These have been fixed in #884, #885, and

You can test using 1.23.1-ci0018.

@altnp change your pipeline as below

trigger: none

schedules:
  - cron: "0 13 * * *"
    displayName: Daily Run
    branches:
      include:
      - master
    always: true

pool:
-  vmImage: ubuntu-22.04
+  vmImage: ubuntu-latest 

steps:
- - checkout: self
-   clean: true
-   persistCredentials: true'
- - task: npmAuthenticate@0
-   inputs:
-     workingFile: .npmrc
  - task: dependabot@1
    displayName: 'Run Dependabot'
    inputs:
-     targetBranch: $(Build.SourceBranch)
      abandonUnwantedPullRequests: true
+     dockerImageTag: '1.23.1-ci0018'

Version 1.24.0 will be released within 24 hours.

@mburumaxwell
Copy link
Contributor

Version 1.24.0 has been released

@mburumaxwell
Copy link
Contributor

Closing this as resolved. If this particular behaviour persists, we can always reopen.

@altnp
Copy link
Author

altnp commented Nov 27, 2023

Any idea why it would fail immediately now? No change to permissions or config..

Logs
/usr/bin/docker run --rm -i -e DEPENDABOT_PACKAGE_MANAGER=npm -e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=10 -e DEPENDABOT_DIRECTORY=/ -e DEPENDABOT_EXTRA_CREDENTIALS=[{"type":"npm_registry","token":"PAT:","replaces-base":true,"registry":"pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/"}] -e DEPENDABOT_FAIL_ON_EXCEPTION=true -e DEPENDABOT_CLOSE_PULL_REQUESTS=true -e AZURE_ORGANIZATION=Tcetra -e AZURE_PROJECT=Vidapay -e AZURE_REPOSITORY=Vidapay-Header-App -e AZURE_ACCESS_TOKEN= -e AZURE_MERGE_STRATEGY=squash ghcr.io/tinglesoftware/dependabot-updater-npm:1.24 update_script
Unable to find image 'ghcr.io/tinglesoftware/dependabot-updater-npm:1.24' locally
1.24: Pulling from tinglesoftware/dependabot-updater-npm

...

🌍 --> GET https://dev.azure.com/Tcetra/_apis/connectionData
🌍 <-- 200 https://dev.azure.com/Tcetra/_apis/connectionData
🌍 --> GET https://dev.azure.com/Tcetra/Vidapay/_apis/git/repositories/Vidapay-Header-App
🌍 <-- 200 https://dev.azure.com/Tcetra/Vidapay/_apis/git/repositories/Vidapay-Header-App
🌍 --> GET https://dev.azure.com/Tcetra/Vidapay/_apis/git/repositories/Vidapay-Header-App/pullrequests?api-version=6.0&searchCriteria.status=active&searchCriteria.creatorId=7d7d3dec-96bd-481d-ae56-fd66b12ebac1&searchCriteria.targetRefName=refs/heads/master
🌍 <-- 200 https://dev.azure.com/Tcetra/Vidapay/_apis/git/repositories/Vidapay-Header-App/pullrequests?api-version=6.0&searchCriteria.status=active&searchCriteria.creatorId=7d7d3dec-96bd-481d-ae56-fd66b12ebac1&searchCriteria.targetRefName=refs/heads/master
Checking if @heroicons/react 2.0.18 needs updating
🌍 --> GET https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@heroicons%2Freact
🌍 <-- 401 https://pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry/@heroicons%2Freact
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:316:in check_npm_response': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): pkgs.dev.azure.com/Tcetra/_packaging/tcetra-pkgs/npm/registry (Dependabot::PrivateSourceAuthenticationFailure) from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:275:in fetch_npm_details'
from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:269:in npm_details' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:111:in valid_npm_details?'
from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:37:in latest_version_from_registry' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker.rb:301:in latest_released_version'
from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker.rb:309:in latest_version_details' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker.rb:40:in latest_version'
from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/update_checkers/base.rb:240:in numeric_version_up_to_date?' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/update_checkers/base.rb:198:in version_up_to_date?'
from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/update_checkers/base.rb:35:in up_to_date?' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/update_checker.rb:28:in up_to_date?'
from bin/update_script.rb:576:in block in <main>' from bin/update_script.rb:539:in each'
from bin/update_script.rb:539:in `

'
##[error]The process '/usr/bin/docker' failed with exit code 1
Finishing: Run Dependabot

@josephsap
Copy link

@altnp I have the same issue as your November 27th comment. Were you able to fix it?

Setup: I have a repo in AzureDevops, a private NPM registry on Azure Artifacts, and I'm using the Tingle Software extension.

My .azuredevops/dependabot.yml file:

version: 2

updates:
  - package-ecosystem: 'npm'
    directory: "/src/packages/react-components"
    target-branch: 'master'
    registries:
      - npm-azure-artifacts-1

registries:
  npm-azure-artifacts-1:
    type: npm-registry
    url: 'https://{companyName}.pkgs.visualstudio.com/_packaging/{name}/npm/registry/'
    token: ':${{System.AccessToken}}'

dependabot.yml:

trigger: none
schedules:
  - cron: "0 2 * * 1" # Weekly on Monday at 2am UTC
    always: true # run even when there are no code changes
    branches:
      include:
        - master
    batch: true
    displayName: Weekly dependency update from Dependabot

pool:
  vmImage: 'ubuntu-latest' # requires macos or ubuntu (windows is not supported)

steps:
- task: dependabot@1
  displayName: 'Run Dependabot'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mburumaxwell @josephsap @altnp