Dependabot recreate / rebase not working #6886
Comments
|
Hmm... I'm not seeing any conflicts on those PR's? |
|
They need to rebase to incorporate updates to the target branch required for the build to pass. See this other PR where I manually merged main into the dependabot branch and the build now passes. I should be able to rebase or recreate to achieve the same affect. |
|
I am also seeing the same issue on several PRs: |
|
I am also running into this issue in multiple JS repos, but unfortunately they are all private so I can't share examples. |
|
Like @ikisler I'm also experiencing this on some JS/TS private repos. About 95% of the time asking dependabot to close the PR and then asking it to reopen it, then requesting a recreate or rebase will get things moving again. In the other 5% of cases I will wait for my team to push some additional changes to master/main and that will get the rebase going. |
|
Yeah, this unfortunately isn't one we can just ask you to repro on a public repository because it's a non-deterministic issue of some kind related to the I think the best thing to do here is to create a GitHub support ticket so you can point to the specific examples in your private repo, feel free to link specifically to this issue, and then one of us can dig into it to see if there's a race or some infra / DB flake that we're not properly recovering from. I'm going to close as this isn't one we can really address via the public issue tracker. |
service that GitHub runs.
|
@jeffwidman can you clarify why this is closed? The original issue I posted was reproducible on a public repo. Was this not an appropriate forum? |
|
Ah yeah, I missed that sorry. Let me re-open this one. We will almost certainly end up having an internal ticket on our side to track the investigation and any internal facing notes about DB/service, and using the support ticket that we get is a good placeholder for that conversation, but there's nothing needed more from you, so no need for you to jump through the hoops necessary for that. For anyone else who comes along, please open separate tickets... in general a public ticket linking to a publicly reproducible repository is preferred, but for something like this where it may only manifest on your private repo, then an internal support ticket is okay. |
|
I can see in the server logs that Dependabot ran the rebase, but when it posted the PR update to GitHub, it went silent. I'm adding additional logging on the server-side to get a better idea of what is happening. We need to capture what the error is from GitHub in order to address it. Let me know if it happens again to another PR. |
Will do! Thanks for the update. |
|
@jakecoffman just had another occurrence here. |
|
@jack-berg can you give it the rebase command one more time? |
|
Just ran it. |
|
Thanks I was able to capture the error with the new logging: It looks like that repo has a wildcard branch protection rule. I think it is preventing Dependabot from force pushing to the branch it created. |
|
Huh. There's a branch protection rule for branching matching
|
|
Oh never mind I see. The "Require a pull request before merging" setting dictates that changes can't be made to the dependabot branches except through a pull request. |
|
Removed that setting and it worked. Thanks for looking into that @jakecoffman! I didn't se anything like that in the docs, but maybe I missed something. If not, would be good to add it so folks like me that self help. Thanks again! 🙂 |
|
Please allow me to echo @jack-berg's request:
I just ran into this problem myself, where
However, no force-push was performed by Dependabot no matter how long I waited (over 24 hours for a particular pull request). I'm not sure how to tweak the branch protection rules in my repositories to allow Dependabot to do its thing. Just to be clear: I only have branch protection rules for I would expect Dependabot to respond to the pull request with a comment explaining why it was unable to update it. Isn't that a reasonable thing to expect, @jakecoffman? |
|
I have a few more (private) PRs that show the problem if it help to debug it: zfutura/office-iot#47, where I tried lots of different things, and zfutura/ferrum#268. I'm not sure it's related, but dependabot should actually have recognized the need to rebase itself. But for some reasons for pyproject.toml/poetry.lock changes this is flaky, while it works flawlessly for package.json/yarn.lock. |
|
Got a 👍, it put the rebase emoji, then nothing happened.
Got a 👍, it put the rebase emoji, then nothing happened. It's been happening all day with multiple PRs in multiple repos. I had to manually rebase them. I understand that there's a lot of dependabot activity on the first of the month, but it would be nice if this could be tracked somehow and to not have a rebase end with no action when there's clearly actions to be done |
|
another public example, tried a bunch of dependabot commands to try to get it to process. Can't get it to rebase. |
Seeing the same on a bunch of private repos and am frustrated on how to resolve this. |
|
I am also seeing this quite often on private repos. I will issue a If there is going to be a super long delay after issuing a command, then some other indication that something is happening would be nice. Instead it looks like dependabot gave me a sarcastic thumbs up and then left for the day. |
|
Definately seems to be an issue in private repos |
Is there an existing issue for this?
Package ecosystem
gradle
Package manager version
maven
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
I expected rebase / recreate to rebase / recreate the PR respectively. Instead, no updates are made to the PR commits. The PR description is temporarily changed to indicate some work is happening, but nothing is changed when the description returns to normal.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
The commands recreate and rebase don't do anything. When I comment with those commands, dependabot adds a 👍 emoji, the PR temporarily has its description changed to:
Eventually, the description is restored, but no changes have be applied. I'm forced to manually resolve conflicts.
Examples:
Many more examples available upon request.
Seems to be a duplicate of #1645 but the advice in that issue is that "catch all" issues aren't helpful and I should open a new issue.
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: