admin管理员组文章数量:1122832
I'm using dependabot from tingle software which is available in azure marketplace and I want it to be used for security updates alone but ended up in below error. For version updates, it is raising PR as expected and I used to follow this documentation - .yml-file#configuration-options-for-the-dependabotyml-file
proxy | 2024/11/20 09:01:55 [140] 200 :35915/update_jobs/update_0_nuget_security_only/update_dependency_listupdater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> Dependabot::NotImplementedupdater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:36:in run' updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:44:in block in perform_job'updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace/tracer.rb:37:in block in in_span' updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace.rb:70:in block in with_span'updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/context.rb:87:in with_value' updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace.rb:70:in with_span'updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace/tracer.rb:37:in in_span' updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:18:in perform_job'updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in run' updater | 2024/11/20 09:01:55 ERROR <job_update_0_nuget_security_only> bin/update_files.rb:46:in <main>'proxy | 2024/11/20 09:01:55 [141] POST :35915/update_jobs/update_0_nuget_security_only/record_update_job_error{"data":{"error-type":"unknown_error","error-details":{"message":"Dependabot::NotImplemented"}},"type":"record_update_job_error"}proxy | 2024/11/20 09:01:55 [141] 200 :35915/update_jobs/update_0_nuget_security_only/record_update_job_errorproxy | 2024/11/20 09:01:55 [142] PATCH :35915/update_jobs/update_0_nuget_security_only/mark_as_processed{"data":{"base-commit-sha":"48833615b0f9d072ef767fd84f899a4109b5bfe8"},"type":"mark_as_processed"}proxy | 2024/11/20 09:01:55 [142] 200 :35915/update_jobs/update_0_nuget_security_only/mark_as_processedupdater | 2024/11/20 09:01:55 INFO Results:updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.updater | +---------------+updater | | Errors |updater | +---------------+updater | | unknown_error |updater | +---------------+proxy | 2024/11/20 09:01:57 0/576 calls cached (0%)proxy | 2024/11/20 09:01:57 Skipping sending metrics because api endpoint is emptycli | 2024/11/20 09:01:58 updater failure: updater exited with code 1
I followed dependabot file instruction from this documentation for security updates -
dependabot.yaml:- (security updates)
version: 2
updates:
- package-ecosystem: "nuget"
directory: /Engine
labels:
- "nuget"
- "dependencies"
open-pull-requests-limit: 0
commit-message:
prefix: "nuget"
prefix-development: "nuget"
include: "scope-and-version"
separator: "-"
groups:
nuget:
patterns:
- "*"
dependabot-pipeline.yaml:-
trigger: none
schedules:
- cron: 0 0 * * 1,3,5
displayName: Every Monday,Wednesday,Friday at 05:30am IST
branches:
include:
- develop
always: true
pool:
vmImage: ubuntu-latest
jobs:
- job: Dependabot
displayName: Dependabot Execution
timeoutInMinutes: 720
steps:
- script: |
sudo cp -r $(Build.SourcesDirectory)/.azuredevops/ /.azuredevops/
displayName: Move Dependabot file
- task: dependabot@2
inputs:
authorEmail: '[email protected]'
authorName: 'serviceaccount'
azureDevOpsAccessToken: '$(System.AccessToken)'
gitHubAccessToken: '$(GITHUB_ACCESS_TOKEN)'
displayName: Run Dependabot
I have tried almost all the options here, none of them are working. I want dependabot to detect vulnerable package and raise PR for security updates alone. Right now, it is working fine for version updates in package manager npm, nuget & pip.
dependabot.yaml(version updates):-
version: 2
updates:
- package-ecosystem: "nuget"
directory: /Engine
allow:
- dependency-type: "direct"
target-branch: "develop"
labels:
- "nuget"
- "dependencies"
open-pull-requests-limit: 10
commit-message:
prefix: "nuget"
prefix-development: "nuget"
include: "scope-and-version"
separator: "-"
groups:
nuget:
patterns:
- "*"
本文标签: githubDependabotNotImplemented in azure devopsStack Overflow
版权声明:本文标题:github - Dependabot::NotImplemented in azure devops - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736299777a1930579.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论