-
Notifications
You must be signed in to change notification settings - Fork 919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix race and updating local mounted repositories #5937
Conversation
f24b9e1
to
a1a20e0
Compare
a1a20e0
to
e2fae45
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense to me 👍
When deploying this I found a new error pop up caused by trying to get the base_commit_sha after the clone failed because the branch doesn't exist. We report the SHA based on the branch, and so if the clone failed then we can't really tell what branch we're on. So to prevent from hiding the root cause I added this check to see if this was really a git repo before trying to use it.
When deploying this I found a new error pop up caused by trying to get the base_commit_sha after the clone failed because the branch doesn't exist. Some users have a branch that does not exist in their dependabot.yml. We report the SHA based on the branch, and so if the clone failed then we can't really tell what branch we're on. So to prevent from hiding the root cause I added this check (aa50524) to see if this was really a git repo before trying to use it. This is somewhat minor, the job used to fail and it fails now too, but at least it reports what the issue is more accurately. |
Currently the Updater:
This seems like a race. To get the base commit it makes a call to get the default branch (if one isn't specified) and then another call to get the HEAD commit, then it clones. That leaves some space where a user could have pushed up a change, and so the base commit and cloned repo will be different.
It makes more sense to me to clone, then get the base commit and fetch the files from the locally cloned repo.
This also fixes the issue that we have when testing with local repositories with the Dependabot CLI. We were having to pass the
vendor_dependencies
flag to trick Dependabot into using the local repo. Now withalready_cloned?
Dependabot can tell it can use the local repo.