From 6adc96e31c7b155bb44a13ac3653b4320fea6126 Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Fri, 9 Dec 2022 10:20:49 -0800
Subject: [PATCH] Expose composer error message when not resolvable

Expose the underlying composer error message when a dependency is not resolvable.

While debugging a customer issue, we ran into the problem that the error output from the `composer` helper was being swallowed:
https://github.com/dependabot/dependabot-core/blob/b911f9dfe1e11d19edcafb11e83d305758c97f85/composer/lib/dependabot/composer/update_checker/version_resolver.rb#L295-L304

The underlying error:
```
Your requirements could not be resolved to an installable set of packages. (Dependabot::SharedHelpers::HelperSubprocessFailed)
  Problem 1
    - php-amqplib/php-amqplib v2.11.3 conflicts with php[7.4.0].
    - php-amqplib/php-amqplib v2.11.3 conflicts with php[7.4.0].
    - Installation request for php 7.4.0 -> satisfiable by php[7.4.0].
    - Installation request for php-amqplib/php-amqplib (locked at v2.11.3, required as ^2.6) -> satisfiable by php-amqplib/php-amqplib[v2.11.3].
```

Swallowing the error makes it hard for users to figure what's going on.

The original motivation for swallowing was in the early days of Dependabot Preview, it opened issues for exceptions raised in the updater/core which has forced us to suppress certain errors that might be spammy or intermittent, e.g. resolvability errors. In version updates we no longer create issues so attaching errors to the last update job means we can attach any number of errors to highlight potential issues without spamming users.

Fix https://github.com/dependabot/dependabot-core/issues/6289
---
 .../lib/dependabot/composer/update_checker/version_resolver.rb  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer/lib/dependabot/composer/update_checker/version_resolver.rb b/composer/lib/dependabot/composer/update_checker/version_resolver.rb
index ddfdda34fd4..cc6161a55f3 100644
--- a/composer/lib/dependabot/composer/update_checker/version_resolver.rb
+++ b/composer/lib/dependabot/composer/update_checker/version_resolver.rb
@@ -301,7 +301,7 @@ def handle_composer_errors(error)
             # If there *is* a lockfile we can't confidently distinguish between
             # cases where we can't install and cases where we can't update. For
             # now, we therefore just ignore the dependency.
-            nil
+            raise Dependabot::DependencyFileNotResolvable, sanitized_message
           elsif error.message.include?("URL required authentication") ||
                 error.message.include?("403 Forbidden")
             source = error.message.match(%r{https?://(?<source>[^/]+)/}).named_captures.fetch("source")