Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poetry 1.5 Source Priority (Error processing NoMethodError) #7431

Closed
1 task done
DanielRejniak opened this issue Jun 14, 2023 · 2 comments · Fixed by #7499
Closed
1 task done

Poetry 1.5 Source Priority (Error processing NoMethodError) #7431

DanielRejniak opened this issue Jun 14, 2023 · 2 comments · Fixed by #7499
Labels
T: bug 🐞 Something isn't working

Comments

@DanielRejniak
Copy link

DanielRejniak commented Jun 14, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Poetry

Package manager version

=1.5.0

Language version

python 3.10

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
registries:
  artifactory-pypi:
    type: python-index
    url: ***
    username: ${{ secrets.SECRET_USERNAME }}
    password: ${{ secrets.SECRET_PASSWORD }}
    replaces-base: false
updates:
  - package-ecosystem: "pip"
    directory: "/"
    insecure-external-code-execution: allow
    registries:
      - artifactory-pypi
    schedule:
      interval: "daily"
      time: "22:00"
    allow:
      - dependency-name: "*"
        dependency-type: "all"

Updated dependency

No response

What you expected to see, versus what you actually saw

Context

Poetry 1.5.0 introduces priority key to sources. After the priority key was introduced all the dependencies failed to update with the following error.

Our pyproject.toml has two sources one for pypi and one for out private repo.

[[tool.poetry.source]]
name = "jfrog-repo"
url = "***"
priority = "supplemental"

[[tool.poetry.source]]
name = "PyPI"
priority = "primary"

What is the error

All the packages fail to update the root of the error starts with Error processing (NoMethodError) following with and attempt to strip the url in the updater. The example below is only one error for pyyaml package but all other packages yield the same error.

....
updater | 2023/06/14 08:16:55 ERROR <job_678219019> Error processing pyyaml (NoMethodError)
updater | 2023/06/14 08:16:55 ERROR <job_678219019> undefined method `strip' for nil:NilClass
updater | 
updater |           url = url.strip.gsub(%r{/*$}, "") + "/"
updater |                    ^^^^^^
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:153:in `clean_check_and_remove_environment_variables'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:28:in `block in index_urls'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:27:in `map'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/index_finder.rb:27:in `index_urls'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:216:in `index_urls'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:145:in `available_versions'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:52:in `fetch_latest_version'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker/latest_version_finder.rb:33:in `latest_version'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker.rb:241:in `fetch_latest_version'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/python/lib/dependabot/python/update_checker.rb:32:in `latest_version'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:165:in `all_versions_ignored?'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:78:in `check_and_create_pull_request'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in `check_and_create_pr_with_error_handling'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:34:in `block in perform'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:34:in `each'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:34:in `perform'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:72:in `run'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:38:in `perform_job'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:52:in `run'
updater | 2023/06/14 08:16:55 ERROR <job_678219019> bin/update_files.rb:23:in `<main>'
.....

What we expect

We would have expected the dependecies to be updated without the above errors.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

The easiest way to reproduce this error is to create a basic poetry project and add two sources one for pypi and one for private repo.

poetry source add --priority=primary PyPI

poetry source add --priority=supplemental foo ***

Next navigate to the Insights and observe the dependabot attempting to update the packages with the failure above.
@DanielRejniak DanielRejniak added the T: bug 🐞 Something isn't working label Jun 14, 2023
@DanielRejniak DanielRejniak changed the title Error : undefined method `strip' for nil:NilClass Error : Poetry (undefined method `strip' for nil:NilClass) Jun 14, 2023
@GriceTurrble
Copy link

GriceTurrble commented Jun 14, 2023
edited
Loading

Seeing the same error on our end. We've set PyPI as a "primary" source per their documentation (with our private repo as "supplemental"), using command poetry source add pypi.

This creates an entry in pyproject.toml like:

[[tool.poetry.source]]
name = "PyPI"
priority = "primary"

Is there an issue here due to the missing url key for this source? I'm assuming inside Poetry code they have the "pypi" name set to the default URL?

@DanielRejniak DanielRejniak changed the title Error : Poetry (undefined method `strip' for nil:NilClass) Poetry Source Priority (Error processing NoMethodError) Jun 15, 2023
@DanielRejniak DanielRejniak changed the title Poetry Source Priority (Error processing NoMethodError) Poetry 1.5.0 Source Priority (Error processing NoMethodError) Jun 15, 2023
@DanielRejniak DanielRejniak changed the title Poetry 1.5.0 Source Priority (Error processing NoMethodError) Poetry 1.5 Source Priority (Error processing NoMethodError) Jun 15, 2023
@DanielRejniak DanielRejniak mentioned this issue Jun 15, 2023
Open
1 task
@JensMadsen
Copy link

We see the same error with:

[tool.poetry.dependencies]
torch = { version = "2.0.1+cpu", source = "torchcpu" }

[[tool.poetry.source]]
name = "torchcpu"
url = "https://download.pytorch.org/whl/cpu"
priority = "explicit"

torarvid added a commit to torarvid/dependabot-core that referenced this issue Jun 30, 2023
@torarvid
python: Handle explicit PyPI source in pyproject.toml
e8dd474 
Fixes dependabot#7431

When a github user has poetry >= 1.5.0, they will be nagged by a warning
to run `poetry source add pypi`, which will add the following section to
the users pyproject.toml:

    [[tool.poetry.source]]
    name = "PyPI"
    priority = "primary"

This causes the problem outlined in dependabot#7431, that the index_finder will
fail due to this section missing a `url`.

This commit works around this issue by explicitly adding a url for the
case where the source "name" is equal to "PyPI".
@torarvid torarvid mentioned this issue Jun 30, 2023
Merged
jurre pushed a commit to torarvid/dependabot-core that referenced this issue Jul 3, 2023
@torarvid @jurre
python: Handle explicit PyPI source in pyproject.toml
2c7f3a2 
Fixes dependabot#7431

When a github user has poetry >= 1.5.0, they will be nagged by a warning
to run `poetry source add pypi`, which will add the following section to
the users pyproject.toml:

    [[tool.poetry.source]]
    name = "PyPI"
    priority = "primary"

This causes the problem outlined in dependabot#7431, that the index_finder will
fail due to this section missing a `url`.

This commit works around this issue by explicitly adding a url for the
case where the source "name" is equal to "PyPI".
@deivid-rodriguez deivid-rodriguez mentioned this issue Aug 22, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

python: Handle explicit PyPI source in pyproject.toml torarvid/dependabot-core
3 participants
@JensMadsen @GriceTurrble @DanielRejniak