Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot selects the wrong file as a dependency under the pip ecosystem #10007

Open
1 task done
Zxilly opened this issue Jun 15, 2024 · 2 comments
Open
1 task done

Dependabot selects the wrong file as a dependency under the pip ecosystem #10007

Zxilly opened this issue Jun 15, 2024 · 2 comments
Labels
L: python T: bug 🐞 Something isn't working

Comments

@Zxilly
Copy link

Zxilly commented Jun 15, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

pip

Package manager version

pip 24.0

Language version

Python 3.12

Manifest location and content before the Dependabot update

https://github.com/Zxilly/go-size-analyzer/blob/master/scripts/requirements.txt

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"

#  - package-ecosystem: "npm"
#    directory: "/ui"
#    schedule:
#      interval: "daily"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

  - package-ecosystem: "pip"
    directory: "/scripts"
    schedule:
      interval: "daily"

Updated dependency

No response

What you expected to see, versus what you actually saw

dependabot should read dependecies from requirements.txt which locates at https://github.com/Zxilly/go-size-analyzer/blob/3d58b6d6f93783e7d3fffa03ac0128758418c899/scripts/requirements.txt. However, it reads data from skip.txt, which is a data file which not related to the package manager.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/Zxilly/go-size-analyzer/actions/runs/9508733973/job/26210566565

Smallest manifest that reproduces the issue

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/scripts"
    schedule:
      interval: "daily"
@Zxilly Zxilly added the T: bug 🐞 Something isn't working label Jun 15, 2024
@Zxilly
Copy link
Author

Zxilly commented Jun 15, 2024

Seems dependabot has some rules to search for deps file (#3940), it's obvious that it's broken right now.
I known little about ruby so I may not be able to help.

@Zxilly
Copy link
Author

Zxilly commented Jun 15, 2024

Seems

dependabot-core/python/helpers/lib/parser.py

Lines 83 to 87 in fff2779

requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
+ glob.glob(os.path.join(directory, '**', '*.txt'))
pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
+ glob.glob(os.path.join(directory, '**', '*.in'))
results to this.

Zxilly added a commit to Zxilly/go-size-analyzer that referenced this issue Jun 15, 2024
@Zxilly
ci: workaround dependant bot
d8c0187 
see dependabot/dependabot-core#10007

Signed-off-by: Zxilly <zxilly@outlook.com>
@ssbarnea ssbarnea mentioned this issue Aug 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: python T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jakecoffman @Zxilly