Dependabot-core: Incorrect commit messages
For some reason dependabot started to produce incorrect commit messages:
Build(deps): bump ts-node from 8.1.0 to 8.1.1, notice theB. It is not correct due to the existingconventional-commitsstandard where lower letters are used
It started ~2 days ago.
I am using 0.107.12: https://github.com/wemake-services/kira-dependencies/blob/master/Gemfile
sobolevn
All 24 comments
@greysteil any updates on this? It is still failing for me.
Parsing dependencies information
- Updating @nuxtjs/auth (from 4.5.3)β¦/builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.11.0/lib/gitlab/request.rb:67:in `validate': Server responded with code 400, message: Commit message does not follow the pattern '^(revert: )?(feat|fix|docs|build|refactor|chore)(\(.+\))?:.{1,50}(refs #\d+)?'. Request URI: https://gitlab.com/api/v4/projects/wemake%2Eservices%2Ftimeless_is/repository/commits (Gitlab::Error::BadRequest)
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.11.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.11.0/lib/gitlab/client/commits.rb:158:in `create_commit'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:67:in `public_send'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:67:in `block in method_missing'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:83:in `retry_connection_failures'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:64:in `method_missing'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/pull_request_creator/gitlab.rb:107:in `create_commit'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/pull_request_creator/gitlab.rb:41:in `create'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/pull_request_creator.rb:59:in `create'
from ./update.rb:130:in `block in <main>'
from ./update.rb:78:in `each'
from ./update.rb:78:in `<main>'
Sorry, been a brutal week, as you might imagine! :octocat:
I'll try to take a look at this today, but if I don't then I should be able to do it over the weekend.
greysteil
on 31 May 2019
OK, it's tricky to know exactly why Dependabot is doing this because commit prefix is looked up dynamically. The logic to do so is here. Is the repo you're running on here open source? Will make debugging a bunch easier if so.
greysteil
on 1 Jun 2019
It is not open-source, but it is not a secret either. I call it "internal-sourced".
I can send you an access on gitlab, please provide your username.
sobolevn
on 1 Jun 2019
In case you want to have a look at the commit history. Here it is:
I am using a separate repo for dependabot setup: https://gitlab.com/wemake.services/kira-dependencies (protected)
It then operates with other protected repos I own.
sobolevn
on 1 Jun 2019
I think someone is having a similar issue on a GitHub public repo, so just digging into that. Will let you know what I find.
greysteil
on 1 Jun 2019
Can you give 0.107.36 a go? Think it should be fixed by https://github.com/dependabot/dependabot-core/commit/2bd0e67c789cfd6bdf455faa28f2c406dd84f36a...
greysteil
on 1 Jun 2019
It works now. Thanks!
sobolevn
on 3 Jun 2019
Hurrah! Thanks for reporting and sorry for the delay fixing!
greysteil
on 3 Jun 2019
That's happening again:
$ bundle install -j $(nproc) --path vendor
Fetching gem metadata from https://rubygems.org/.................
Fetching gem metadata from https://rubygems.org/..
Resolving dependencies...
Using public_suffix 3.0.3
Using addressable 2.5.2
Using ast 2.4.0
Using aws-eventstream 1.0.3
Using aws-partitions 1.154.0
Using aws-sigv4 1.1.0
Using jmespath 1.4.0
Using aws-sdk-core 3.48.6
Using aws-sdk-ecr 1.14.0
Using bundler 1.17.3
Using citrus 3.0.2
Using unf_ext 0.0.7.6
Using unf 0.1.4
Using domain_name 0.5.20180417
Using http-cookie 1.0.3
Using mime-types-data 3.2019.0331
Using mime-types 3.2.2
Using netrc 0.11.0
Using rest-client 2.0.2
Using docker_registry2 1.5.0
Using excon 0.64.0
Using multi_xml 0.6.0
Using httparty 0.17.0
Using unicode-display_width 1.5.0
Using terminal-table 1.8.0
Using gitlab 4.11.0
Using mini_portile2 2.4.0
Using gpgme 2.0.18
Using nokogiri 1.10.3
Using multipart-post 2.0.0
Using faraday 0.15.4
Using sawyer 0.8.1
Using octokit 4.14.0
Using pandoc-ruby 2.0.2
Using parseconfig 1.0.8
Using parser 2.6.3.0
Using toml-rb 1.1.2
Using dependabot-common 0.106.20
Using dependabot-bundler 0.106.20
Using dependabot-cargo 0.106.20
Using dependabot-composer 0.106.20
Using dependabot-dep 0.106.20
Using dependabot-docker 0.106.20
Using dependabot-elm 0.106.20
Using dependabot-git_submodules 0.106.20
Using dependabot-go_modules 0.106.20
Using dependabot-gradle 0.106.20
Using dependabot-hex 0.106.20
Using dependabot-maven 0.106.20
Using dependabot-npm_and_yarn 0.106.20
Using dependabot-nuget 0.106.20
Using dependabot-python 0.106.20
Using dependabot-terraform 0.106.20
Using dependabot-omnibus 0.106.20
Bundle complete! 1 Gemfile dependency, 54 gems now installed.
Bundled gems are installed into `./vendor`
$ bundle exec ruby ./update.rb
warning: parser/current is loading parser/ruby26, which recognizes
warning: 2.6.3-compliant syntax, but you are running 2.6.2.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
Fetching npm_and_yarn dependency files for wemake.services/timeless_is
Parsing dependencies information
- Updating @nuxtjs/auth (from 4.6.6)β¦/builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.11.0/lib/gitlab/request.rb:67:in `validate': Server responded with code 400, message: Commit message does not follow the pattern '^(revert: )?(feat|fix|docs|build|refactor|chore)(\(.+\))?:.{1,50}(refs #\d+)?'. Request URI: https://gitlab.com/api/v4/projects/wemake%2Eservices%2Ftimeless_is/repository/commits (Gitlab::Error::BadRequest)
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.11.0/lib/gitlab/request.rb:46:in `block (2 levels) in <class:Request>'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/gitlab-4.11.0/lib/gitlab/client/commits.rb:158:in `create_commit'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:67:in `public_send'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:67:in `block in method_missing'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:83:in `retry_connection_failures'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/clients/gitlab_with_retries.rb:64:in `method_missing'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/pull_request_creator/gitlab.rb:107:in `create_commit'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/pull_request_creator/gitlab.rb:38:in `create'
from /builds/wemake.services/kira-dependencies/vendor/ruby/2.6.0/gems/dependabot-common-0.106.20/lib/dependabot/pull_request_creator.rb:59:in `create'
from ./update.rb:130:in `block in <main>'
from ./update.rb:78:in `each'
from ./update.rb:78:in `<main>'
@greysteil friendly ping. Dependabot is not working for me this week.
sobolevn
on 25 Jun 2019
Sorry for the delay. My job at GitHub doesn't include writing code (I'm in product, not engineering), and Dependabot Core doesn't have a team to replace me yet, so I'm not getting as much time to spend here as I'd like.
This is tricky to debug from the above alone. Is the repo this is occurring on public? Without a way to replicate I'm not sure what to suggest.
greysteil
on 25 Jun 2019
My job at GitHub doesn't include writing code (I'm in product, not engineering), and Dependabot Core doesn't have a team to replace me yet, so I'm not getting as much time to spend here as I'd like.
Ok, I see. π
Hm, I guess the easiest way is to invite you to the repo on Gitlab I am using right now. Is it fine?
If so, I can send you an invite, I just need your Gitlab account.
sobolevn
on 25 Jun 2019
π I'm @greysteil there, too.
greysteil
on 25 Jun 2019
Added!
Control panel: https://gitlab.com/wemake.services/kira-dependencies
Target repo: https://gitlab.com/wemake.services/timeless_is
sobolevn
on 25 Jun 2019
Awesome - I'll take a look today
greysteil
on 25 Jun 2019
greysteil
on 25 Jun 2019
Hang on, this says you're using v0.106.20 of Dependabot Core. That pre-dates the previous fix...
greysteil
on 25 Jun 2019
As you can see the commit hash is unchanged, but it had started failing one week ago.
sobolevn
on 25 Jun 2019
Can you try using v0.108.20?
greysteil
on 25 Jun 2019
It is now working again! I am using 0.108.22.
Sorry for the inconvenience.
Can I buy you a beer / coffee / pizza? π
sobolevn
on 25 Jun 2019
Thanks for the debugging session!
sobolevn
on 25 Jun 2019
Haha, no worries! π
greysteil
on 25 Jun 2019
I'll try to get #1227 in tomorrow (want to get 24 hours for feedback) which will make commit messages more robust :-)
greysteil
on 25 Jun 2019
Related issues
kiprasmel
Β·
3Comments
jbreitbart
Β·
3Comments
bennycode
Β·
3Comments
ZebraFlesh
Β·
3Comments
artzag
Β·
3Comments
Most helpful comment
Sorry, been a brutal week, as you might imagine! :octocat:
I'll try to take a look at this today, but if I don't then I should be able to do it over the weekend.