Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot updater timeout on npm_and_yarn when running git stash show on github runner #11202

Open
1 task done
FreebeJan opened this issue Jan 2, 2025 · 6 comments
Open
1 task done
Labels

Comments

@FreebeJan
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

npm and yarm

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "monthly"
    groups:
      non-major-versions:
        update-types:
          - "minor"
          - "patch"

Updated dependency

No response

What you expected to see, versus what you actually saw

Expected

A pull request being created for the npm and yarn ecosystem.

What actually happened

After submitting the metrics, and creating a commit for workspace changes the updater hangs until timeout on git stash show - at least that is the last thing printed to the logs

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

image

Run github/dependabot-action@main
🤖 ~ starting update ~
Fetching job details
Pulling updater images
Starting update process
Created proxy container: 3[8](https://github.com/***/***/actions/runs/12575445626/job/35050406975#step:3:9)9b9de506ce86da829fd052324dfb78ed5d872cfd743e[9](https://github.com/***/***/actions/runs/12575445626/job/35050406975#step:3:10)f467c4508b9d0a4fd
Created container: 805c2bd3f81fe6161c30a5be3c7b93c329e6ac799700c74286814a3642b3d877
  proxy | 2025/01/01 23:39:44 proxy starting, commit: 39f5c2fb29cacce3bbeea1bdf58a1d3430dd0f97
  proxy | 2025/01/01 23:39:44 Listening (:[10](https://github.com/***/***/actions/runs/12575445626/job/35050406975#step:3:11)80)
updater | Updating certificates in /etc/ssl/certs...
updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
updater | 1 added, 0 removed; done.
updater | Running hooks in /etc/ca-certificates/update.d...
updater | done.
updater | 2025/01/01 23:39:47 INFO <job_94[18](https://github.com/***/***/actions/runs/12575445626/job/35050406975#step:3:20)05363> Starting job processing
2025/01/01 23:39:47 INFO <job_941805363> Job definition: {"job":{"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"commit-message-options":{"prefix":null,"prefix-development":null,"include-scope":null},"credentials-metadata":[{"type":"git_source","host":"github.com"}],"debug":null,"dependencies":null,"dependency-groups":[{"name":"non-major-versions","rules":{"update-types":["minor","patch"]}}],"dependency-group-to-refresh":null,"existing-pull-requests":[],"existing-group-pull-requests":[],"experiments":{"record-ecosystem-versions":true,"record-update-job-unknown-error":true,"proxy-cached":true,"move-job-token":true,"dependency-change-validation":true,"nuget-native-analysis":true,"nuget-use-direct-discovery":true,"enable-file-parser-python-local":true,"npm-v6-deprecation-warning":true,"lead-security-dependency":true,"enable-record-ecosystem-meta":true,"enable-shared-helpers-command-timeout":true},"ignore-conditions":[],"lockfile-only":false,"max-updater-run-time":2700,"package-manager":"npm_and_yarn","proxy-log-response-body-on-auth-failure":true,"requirements-update-strategy":null,"reject-external-code":false,"security-advisories":[],"security-updates-only":false,"source":{"provider":"github","repo":"***/***","branch":null,"directory":"/.","api-endpoint":"https://api.github.com/","hostname":"github.com"},"updating-a-pull-request":false,"update-subdependencies":false,"vendor-dependencies":false,"repo-private":true}}

... omitting most of the logs since nothing is wrong there ...

  proxy | 2025/01/01 23:40:44 Posting metrics to remote API endpoint
  proxy | 2025/01/01 23:40:45 Successfully posted metrics data via api client
updater | 2025/01/01 23:40:53 INFO <job_941805363> Process PID: 1728 completed with status: pid 1728 exit 0
2025/01/01 23:40:53 INFO <job_941805363> Total execution time: 49.66 seconds
updater | 2025/01/01 23:40:53 INFO <job_941805363> Started process PID: 1755 with command: {} git status --untracked-files\=all --ignored\=matching --short . {}
updater | 2025/01/01 23:40:53 INFO <job_941805363> Process PID: 1755 completed with status: pid 1755 exit 0
2025/01/01 23:40:53 INFO <job_941805363> Total execution time: 0.03 seconds
updater | 2025/01/01 23:40:53 INFO <job_941805363> Started process PID: 1763 with command: {} git add --all --force . {}
updater | 2025/01/01 23:41:08 INFO <job_941805363> Process PID: 1763 completed with status: pid 1763 exit 0
2025/01/01 23:41:08 INFO <job_941805363> Total execution time: 15.21 seconds
updater | 2025/01/01 23:41:08 INFO <job_941805363> Started process PID: 1770 with command: {} git stash push --all -m "workspace change attempt" {}
updater | 2025/01/01 23:41:14 INFO <job_941805363> Process PID: 1770 completed with status: pid 1770 exit 0
2025/01/01 23:41:14 INFO <job_941805363> Total execution time: 5.77 seconds
updater | 2025/01/01 23:41:14 INFO <job_941805363> Started process PID: 1922 with command: {} git rev-parse refs/stash {}
updater | 2025/01/01 23:41:14 INFO <job_941805363> Process PID: 1922 completed with status: pid 1922 exit 0
2025/01/01 23:41:14 INFO <job_941805363> Total execution time: 0.01 seconds
updater | 2025/01/01 23:41:14 INFO <job_941805363> Started process PID: 1929 with command: {} git stash show --patch 32eb305451414c064cf70af0fa93a1e83f128317 {}
Error: The operation was canceled.

Smallest manifest that reproduces the issue

No response

@FreebeJan FreebeJan added the T: bug 🐞 Something isn't working label Jan 2, 2025
@github-actions github-actions bot added L: dotnet:nuget NuGet packages via nuget or dotnet L: github:actions GitHub Actions L: javascript L: python labels Jan 2, 2025
@FreebeJan
Copy link
Author

FreebeJan commented Jan 2, 2025

Also, this seems to have nothing to do with the package manager itself.

I investigated running dependabot locally.
LOCAL_GITHUB_ACCESS_TOKEN=*** bin/dry-run.rb npm_and_yarn ***/***

That worked without issue.

@jkbmat
Copy link

jkbmat commented Jan 2, 2025

Same thing is happening here. I've disabled groups as a temporary fix.

@quarian
Copy link

quarian commented Jan 3, 2025

We have the same - though looking back at logs this happened the first time two weeks ago and happens constantly now in some repositories. A few more details from a repo where the daily update fails now:

  • last successful run was on December 18th
  • image versions read from the logs
    • failed run runner image version: ´20241215.1.0´
    • successful runner image version: ´20241211.1.0´
  • minor difference in the job configuration json
    • failing runs have "enable-shared-helpers-command-timeout": true in the experiments field object
    • successful runs don't have it

I can dig up other information if need be, not sure what would be helpful. Above were the obvious differences.

@vintagesucks
Copy link

Our last successful run was also on December 18, but both the last successful run and the first failed run used version 20241215.1.0 of the runner image.


Here is a public reproduction repo with failing update runs if anyone wants to investigate why this is happening:

I've tried to keep the number of dependencies here to a minimum, but when I do, the update job just works at some point, indicating that I've either removed the culprit or it hasn't timed out – I'm not sure (and spent too much time on this 😅).

The workaround of disabling groups also works for us. This reproduction repo without groups has successful update runs:

@lehmat
Copy link

lehmat commented Jan 8, 2025

👍

This is important for our company for compliance reasons (ISO27001). It is essential to have dependencies updated in timely manner in order to stay compliant.

@brettfo brettfo removed the L: dotnet:nuget NuGet packages via nuget or dotnet label Jan 8, 2025
@quarian
Copy link

quarian commented Jan 10, 2025

Some more behaviour observed:

  • we tried manually updating dependencies in a few repos
  • after updating some of the dependencies (let's around half of the available updates, like 4), we were able to manually run dependabot
    • would even update according to the groups
  • but it would not then run on the next scheduled run, same timeout.

This happens to only some of our repos as well, and repo size / dependency amount doesn't seem to be a factor. We were suspecting internal packages being a potential problem, but the repro (thanks for that @vintagesucks) fails the same way with just internals.

And yes, we use groups heavily, so I would assume based on this it is something wrong in the handling of those somehow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: No status
Development

No branches or pull requests

6 participants