Dependabot-core: Poetry version support
Dependabot supports Poetry but it doesn't use given version in pyproject.toml file. When i use any version newer than 1.0.0a1, update check fails because of changed lock file syntax.
ulgens
All 13 comments
Would also be interested in this. Just upgraded to the newly released poetry v1 and getting the error:
updater | ERROR <job_17789943> Error processing tld (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | ERROR <job_17789943>
updater | <job_17789943> [NonExistentKey]
updater | <job_17789943> 'Key "hashes" does not exist.'
updater | <job_17789943>
updater | <job_17789943> update [--no-dev] [--dry-run] [--lock] [--] [<packages>]...
updater | <job_17789943>
tommilligan
on 16 Dec 2019
I am all in for this change!
Repo that has this problem: https://github.com/wemake-services/wemake-python-styleguide/blob/master/pyproject.toml
Poetry version is specified in the build file:
[build-system]
requires = ["poetry>=1.0"]
build-backend = "poetry.masonry.api"
But, it does not work. What website says:
Logs:
updater | ERROR <job_18040832> Error processing astboom (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | ERROR <job_18040832>
updater | <job_18040832> [NonExistentKey]
updater | <job_18040832> 'Key "hashes" does not exist.'
updater | <job_18040832>
updater | <job_18040832> update [--no-dev] [--dry-run] [--lock] [--] [<packages>]...
updater | <job_18040832>
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-python-0.113.28/lib/dependabot/python/update_checker/poetry_version_resolver.rb:319:in `run_poetry_command'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-python-0.113.28/lib/dependabot/python/update_checker/poetry_version_resolver.rb:85:in `block (2 levels) in fetch_latest_resolvable_version_string'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:143:in `with_git_configured'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-python-0.113.28/lib/dependabot/python/update_checker/poetry_version_resolver.rb:73:in `block in fetch_latest_resolvable_version_string'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `chdir'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
updater | ERROR <job_18040832> /usr/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-python-0.113.28/lib/dependabot/python/update_checker/poetry_version_resolver.rb:72:in `fetch_latest_resolvable_version_string'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-python-0.113.28/lib/dependabot/python/update_checker/poetry_version_resolver.rb:42:in `latest_resolvable_version'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-python-0.113.28/lib/dependabot/python/update_checker.rb:43:in `latest_resolvable_version'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/update_checkers/base.rb:70:in `preferred_resolvable_version'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/update_checkers/base.rb:233:in `preferred_version_resolvable_with_unlock?'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/update_checkers/base.rb:225:in `numeric_version_can_update?'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/update_checkers/base.rb:175:in `version_can_update?'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/update_checkers/base.rb:38:in `can_update?'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:208:in `requirements_to_unlock'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:159:in `check_and_create_pull_request'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:62:in `check_and_create_pr_with_error_handling'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:48:in `block in run'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:48:in `each'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:48:in `run'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:16:in `perform_job'
updater | ERROR <job_18040832> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:29:in `run'
updater | ERROR <job_18040832> bin/update_files.rb:21:in `<main>'
In case making a support for several versions is a hard thing, then I suggest to drop [email protected] support in favour of [email protected] support. Because update process is easy for developers.
sobolevn
on 18 Dec 2019
At this point I have upgraded almost all my packages to [email protected] and dependabot almost stoped working to me 馃槥
sobolevn
on 20 Dec 2019
Related pull requests: #1571, #1623, #1624. Related issue on feedback repo: https://github.com/dependabot/feedback/issues/798.
m-aciek
on 8 Jan 2020
Any update on this?
gabor-boros
on 16 Jan 2020
The automated pull request for Poetry 1.0.3 is here: https://github.com/dependabot/dependabot-core/pull/1667
cjolowicz
on 9 Feb 2020
https://github.com/dependabot/dependabot-core/pull/1710
~Does anyone have any idea why this test fails?~
Tests are failing because dependabot can't parse new lock file format. Any Ruby developers to help with it? :face_with_head_bandage:
ulgens
on 14 Mar 2020
dependendabot is not working for me for almost 4 month now. Sadly, but there's nothing I can do about it.
sobolevn
on 14 Mar 2020
@ulgens I've submitted PR #1739, which fixes the failing tests you mentioned. The fix is only in the tests themselves, so hopefully should be a quick review.
tommilligan
on 15 Mar 2020
Issue is now solved.
tetienne
on 26 Mar 2020
Not fully. There are several issues:
- I got a lot of spam like this: https://github.com/wemake-services/wemake-python-styleguide/issues?q=is%3Aissue+author%3Aapp%2Fdependabot-preview+is%3Aclosed
- Every dependency update has merge conflicts. Because of the
[metadata].content-hashfield: https://github.com/wemake-services/wemake-python-styleguide/pull/1287/files#diff-41fe8bebc1a2a52eb5321b759e40b3a8R1627 Now all merge must be done like: merge first -> rebase second -> merge second. I guess it is a problem withpoetry. Here's the upstream issue: https://github.com/python-poetry/poetry/issues/496
There's a workaround for the second problem: https://pypi.org/project/poetry-merge-lock/
sobolevn
on 26 Mar 2020
Also dependabot cannot update my deps, here's what it says: https://github.com/wemake-services/wemake-python-styleguide/pull/1286#issuecomment-604388383
sobolevn
on 26 Mar 2020
Not fully. There are several issues:
- I got a lot of spam like this: https://github.com/wemake-services/wemake-python-styleguide/issues?q=is%3Aissue+author%3Aapp%2Fdependabot-preview+is%3Aclosed
- Every dependency update has merge conflicts. Because of the
[metadata].content-hashfield: https://github.com/wemake-services/wemake-python-styleguide/pull/1287/files#diff-41fe8bebc1a2a52eb5321b759e40b3a8R1627 Now all merge must be done like: merge first -> rebase second -> merge second. I guess it is a problem withpoetry. Here's the upstream issue: python-poetry/poetry#496There's a workaround for the second problem: https://pypi.org/project/poetry-merge-lock/
https://github.com/python-poetry/poetry/pull/2654 is my PR to poetry to try and resolve this issue upstream. It seeks to make content-hash omitted, so no merge conflict.
donbowman
on 11 Jul 2020
Related issues
kubawerlos
路
3Comments
qnighy
路
4Comments
bennycode
路
3Comments
tjwallace
路
3Comments
glenn-jocher
路
3Comments
Most helpful comment
Any update on this?