Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while running action #233

Closed
kislyuk opened this issue Nov 10, 2021 · 8 comments
Closed

Error while running action #233

kislyuk opened this issue Nov 10, 2021 · 8 comments

Comments

@kislyuk
Copy link

kislyuk commented Nov 10, 2021

Error: request to https://dependabot-badges.githubapp.com/config_files/validate failed, reason: Hostname/IP does not match certificate's altnames: Host: api.dependabot.com. is not in the cert's altnames: DNS:*.gist.githubusercontent.com, DNS:gist.githubusercontent.com
@marocchino
Copy link
Owner

Thank you for the report.
They must have noticed about stealing traffic.
It is easy to imitate IP and address and fix it, but it would be better to implement it in a different way. Let's take a look to see if there are any reusable parts of the code they've released.

@Sleepful
Copy link

Subscribing, was trying to add this today and sad face

@mark-stopka mark-stopka mentioned this issue Jan 24, 2022
Merged
@mark-stopka
Copy link

Hi folks any update / workaround on this?

@marocchino
Copy link
Owner

TL;DR sorry but, there is not clear answer here yet.

after research, It looks clear they use json schema but, there dose not opensource that schema.

I found the json schema but I am not sure it is officially maintained one.

@eirnym
Copy link

eirnym commented Jan 25, 2022

I've saw Jetbrains products use similar schema

@mark-stopka
Copy link

Issue is logged with upstream dependabot/dependabot-core#4605

@mark-stopka
Copy link

mark-stopka commented Jan 25, 2022
edited
Loading

Following worked:

Migrate dependabot-2.0.json to newest version ajv migrate -s dependabot-2.0.json -o new-dependabot-2.0.json and run ajv validate in such a way that it ignores the undefined x-intellij attributes.

mark_stopka@mark-asus-zenbook-s:~> ajv validate --strict=log -s dependabot-2.0.json -d dependabot.yml && echo ok
strict mode: unknown keyword: "x-intellij-enum-metadata"
strict mode: missing type "number" for keyword "minimum" at "http://json-schema.org/draft-04/schema#/properties/assignees" (strictTypes)
strict mode: unknown keyword: "x-intellij-enum-metadata"
strict mode: missing type "number" for keyword "minimum" at "http://json-schema.org/draft-04/schema#/properties/reviewers" (strictTypes)
strict mode: unknown keyword: "x-intellij-enum-metadata"
schema dependabot-2.0.json is invalid
error: schema is invalid: data must have required property 'version'

ajv migrate -s dependabot-2.0.json -o new-dependabot-2.0.json

mark_stopka@mark-asus-zenbook-s:~> ajv validate --strict=log -s new-dependabot-2.0.json -d dependabot.yml && echo ok
strict mode: unknown keyword: "x-intellij-enum-metadata"
strict mode: missing type "number" for keyword "minimum" at "http://json-schema.org/draft-04/schema#/properties/assignees" (strictTypes)
strict mode: unknown keyword: "x-intellij-enum-metadata"
strict mode: missing type "number" for keyword "minimum" at "http://json-schema.org/draft-04/schema#/properties/reviewers" (strictTypes)
strict mode: unknown keyword: "x-intellij-enum-metadata"
dependabot.yml valid
ok
mark_stopka@mark-asus-zenbook-s:~>

@mark-stopka mark-stopka mentioned this issue Jan 25, 2022
Open
activescott added a commit to activescott/agentmarkdown that referenced this issue Feb 21, 2022
@activescott
chore(build): remove dependabot validate as it no longer works
13ee487 
due to marocchino/validate-dependabot#233 and dependabot/dependabot-core#4605
@activescott activescott mentioned this issue Feb 21, 2022
Merged
activescott added a commit to activescott/agentmarkdown that referenced this issue Feb 22, 2022
@activescott
chore(build): remove dependabot validate as it no longer works
c96cb11 
due to marocchino/validate-dependabot#233 and dependabot/dependabot-core#4605
jeffsays added a commit to CumulusDS/github-vulnerable-repos that referenced this issue Mar 2, 2022
@jeffsays
remove dependabot validate as it no longer works marocchino/validate-…
f7871bd 
…dependabot#233
jeffsays added a commit to CumulusDS/dlq that referenced this issue Mar 2, 2022
@jeffsays
remove dependabot validate as it no longer works marocchino/validate-…
fe89941 
…dependabot#233
LeslieColor added a commit to color/lokalise-actions that referenced this issue Nov 10, 2022
@LeslieColor
Disable validate-dependabot
06f6a8c 
Due to: marocchino/validate-dependabot#233

Already disabled in other color repos:
https://github.com/color/color/pull/32551
https://github.com/color/ops/commit/bd435dbfe0ebbd5e61001cb23ab73807ea405b0e
@marocchino
Copy link
Owner

I reimplement this with schema-json and tag as v2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@marocchino @eirnym @kislyuk @Sleepful @mark-stopka