Azure pipeline execution - process '/usr/bin/docker' failed with exit code 1

[rafek1241]

Error:

...
5c14dd7cf847: Pull complete
72c9e99967c5: Pull complete
Digest: sha256:629e24b3595b970299422de925ea1632535c166a788a1689623667c49c25f065
Status: Downloaded newer image for tingle/dependabot-azure-devops:0.5
warning: parser/current is loading parser/ruby27, which recognizes
warning: 2.7.4-compliant syntax, but you are running 2.7.1.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-nuget-0.159.0/lib/dependabot/nuget/file_fetcher.rb:42:in `fetch_files': Dependabot::DependencyFileNotFound (Dependabot::DependencyFileNotFound)
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:65:in `files'
	from ./update-script.rb:245:in `<main>'
Using hostname = 'dev.azure.com', protocol = 'https', port = '443'.
Using 'https://dev.azure.com:443/' as API endpoint
Fetching nuget dependency files for XXX/Dev/_git/XXX-example
Targeting 'master' branch under '/src' directory
Using 'auto' requirements update strategy
##[error]The process '/usr/bin/docker' failed with exit code 1
...

Pipeline:

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: dependabot@1
    inputs:
      packageManager: 'nuget'
      directory: '/src'
      targetBranch: 'master'
      versioningStrategy: 'auto'
      setAutoComplete: true
      azureDevOpsAccessToken: '$(PAT)'
      targetRepositoryName: 'XXX-example'

I can't see any different error than process '/usr/bin/docker' failed with exit code 1. Can you help me with that?

[muhmuhhum]

I have the same problem. Have you found the solution ?
Update:
Found the solution in #50

[ray-kay]

My error is slightly different:

Status: Downloaded newer image for tingle/dependabot-azure-devops:0.5
warning: parser/current is loading parser/ruby27, which recognizes
warning: 2.7.4-compliant syntax, but you are running 2.7.1.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:471:in `rescue in default_branch_for_repo': Dependabot::RepoNotFound (Dependabot::RepoNotFound)
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:467:in `default_branch_for_repo'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:71:in `commit'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:386:in `_full_specification_for'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:396:in `_fetch_file_content'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:140:in `fetch_file_from_host'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.159.0/lib/dependabot/npm_and_yarn/file_fetcher.rb:51:in `package_json'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.159.0/lib/dependabot/npm_and_yarn/file_fetcher.rb:36:in `fetch_files'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:65:in `files'
	from ./update-script.rb:245:in `<main>'
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/clients/azure.rb:237:in `get': Dependabot::Clients::Azure::NotFound (Dependabot::Clients::Azure::NotFound)
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/clients/azure.rb:61:in `fetch_default_branch'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:469:in `default_branch_for_repo'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:71:in `commit'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:386:in `_full_specification_for'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:396:in `_fetch_file_content'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:140:in `fetch_file_from_host'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.159.0/lib/dependabot/npm_and_yarn/file_fetcher.rb:51:in `package_json'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.159.0/lib/dependabot/npm_and_yarn/file_fetcher.rb:36:in `fetch_files'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.159.0/lib/dependabot/file_fetchers/base.rb:65:in `files'

pipeline task:

• task: dependabot@1
  inputs:
  packageManager: 'npm'
  directory: $(npmWorkingDir)
  versioningStrategy: 'auto'

same error with
targetBranch: 'develop'

no npm registry used

Please advice.
Thanks

[mburumaxwell]

@ray-kay sometimes this may occur due to an issue with permissions. Could you at least try and debug using the EXCON_DEBUG=1 options in the extraEnvironmentVariables input?

- task: dependabot@1
  inputs:
    packageManager: 'npm'
    directory: '/myfolder'
    extraEnvironmentVariables: 'EXCON_DEBUG=1'

This will output the HTTP requests and responses being sent to Azure DevOps. They are the truth-tellers. You can post the output here for further assistance. Remember to redact anything sensitive.

[rafek1241]

@mburumaxwell
I decided to wait for a solution and just mention that issue on repository because it's an optional feature for me.

[ray-kay]

@mburumaxwell
thanks for your hint with the debug var.
Output:

  :remote_ip     => "13.107.42.18"
  :status        => 404
  :status_line   => "HTTP/1.1 404 Not Found\r\n"
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:471:in `rescue in default_branch_for_repo': Dependabot::RepoNotFound (Dependabot::RepoNotFound)
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:467:in `default_branch_for_repo'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:71:in `commit'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:386:in `_full_specification_for'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:396:in `_fetch_file_content'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:140:in `fetch_file_from_host'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.162.1/lib/dependabot/npm_and_yarn/file_fetcher.rb:51:in `package_json'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.162.1/lib/dependabot/npm_and_yarn/file_fetcher.rb:36:in `fetch_files'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:65:in `files'
	from ./update-script.rb:245:in `<main>'
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/clients/azure.rb:237:in `get': Dependabot::Clients::Azure::NotFound (Dependabot::Clients::Azure::NotFound)
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/clients/azure.rb:61:in `fetch_default_branch'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:469:in `default_branch_for_repo'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:71:in `commit'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:386:in `_full_specification_for'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:396:in `_fetch_file_content'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:140:in `fetch_file_from_host'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.162.1/lib/dependabot/npm_and_yarn/file_fetcher.rb:51:in `package_json'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.162.1/lib/dependabot/npm_and_yarn/file_fetcher.rb:36:in `fetch_files'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/file_fetchers/base.rb:65:in `files'
	from ./update-script.rb:245:in `<main>'
Using hostname = 'asfinag.visualstudio.com', protocol = 'https', port = '443'.
Using 'https://asfinag.visualstudio.com:443/' as API endpoint
Fetching npm_and_yarn dependency files for asfinag/content/_git/content-backoffice-client
Targeting 'default' branch under './Asfinag.ContentPortal.BackOffice/Asfinag.ContentPortal.BackOffice/ClientApp' directory
Using 'bump_versions' requirements update strategy
##[error]The process '/usr/bin/docker' failed with exit code 1

The correct repo URL is: https://asfinag.visualstudio.com/content/_git/content-backoffice-client
but its showing host: 'asfinag.visualstudio.com' and path "asfinag/content/_git/content-backoffice-client" where "asfinag/" seems wrong.

Br

[MO2k4]

You need to use the "new" url schema dev.azure.com as the old one is not supported.

[sven5]

I'm getting this error message:

:host          => "dev.azure.com"
  :local_address => "172.17.0.2"
  :local_port    => 58654
  :path          => "/xxxxxx/xxx-xxxx/_apis/git/repositories/xxx-xxx/pushes"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "13.107.42.20"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.162.1/lib/dependabot/clients/azure.rb:267:in `post': Dependabot::Clients::Azure::Forbidden (Dependabot::Clients::Azure::Forbidden)
from /home/dependabot/dependabot-script/vendor/rub

When I call the pushes in browser it's working.
Do I need a PAT here?

My build pipeline is simple:

- task: dependabot@1
  inputs:
    packageManager: 'npm'
    extraEnvironmentVariables: 'EXCON_DEBUG=1'

[MO2k4]

I think you are missing some permissions

[MartijnErmersI]

We encounter the exit code 1 also sometimes:
2021-10-04T00:03:40.0882517Z Checking if LiteDB 4.1.4 needs updating 2021-10-04T00:03:40.0882807Z Requirements to unlock own 2021-10-04T00:03:40.0883090Z Updating LiteDB from 4.1.4 to 5.0.11 2021-10-04T00:03:40.0883494Z Submitting LiteDB pull request for creation. Failed! PR already exists or an error has occurred. 2021-10-04T00:03:40.2359467Z ##[error]The process '/usr/bin/docker' failed with exit code 1 2021-10-04T00:03:40.2389960Z ##[section]Finishing: dependabot

The problem in our case is caused by a wrong case issue of references in the .sln files to .csproj files. Other parts of the build do not have a problem with this, because other parts are run in Windows (case insensitive file system).

If more people encounter this casing issue. Perhaps it's a good idea to add a check to this extension that pre-checks on casing issues and report clearly that that is the issue.

[ray-kay]

Thanks @MO2k4 that brought me one step further. Now I am getting a permission (403) error:

excon.request
  :body                => "{\"refUpdates\":[{\"name\":\"refs/heads/dependabot/npm_and_yarn/Asfinag.ContentPortal.BackOffice/Asfinag.ContentPortal.BackOffice/ClientApp/tslib-2.3.1\",\"oldObjectId\":\"c35dd2647c13ebc8c3f2a8a5469aa08bba836b11\"}],\"commits\":[{\"comment\":\"Bump tslib\\n\\nBumps [tslib](https://github.com/Microsoft/tslib) from 2.2.0 to 2.3.1.\\n- [Release notes](
  :chunk_size          => 1048576
  :ciphers             => "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!DSS"
  :connect_timeout     => 5
  :debug_request       => true
  :debug_response      => true
  :headers             => {
    "Authorization" => "REDACTED"
    "Content-Type"  => "application/json"
    "Host"          => "dev.azure.com"
    "User-Agent"    => "dependabot-core/0.163.0 excon/0.87.0 ruby/2.7.1 (x86_64-linux-gnu) (+https://github.com/dependabot/dependabot-core)"
  }
  :host                => "dev.azure.com"
  :hostname            => "dev.azure.com"
  :idempotent          => true
  :instrumentor        => Excon::StandardInstrumentor
  :instrumentor_name   => "excon"
  :method              => :post
  :middlewares         => [
    Excon::Middleware::ResponseParser
    Excon::Middleware::Expects    
	Excon::Middleware::Idempotent
    Excon::Middleware::Instrumentor
    Excon::Middleware::Mock
    Excon::Middleware::Decompress
    Excon::Middleware::RedirectFollower
  ]
  :mock                => false
  :nonblock            => true
  :omit_default_port   => true
  :password            => "REDACTED"
  :path                => "/asfinag/content/_apis/git/repositories/content-backoffice-client/pushes"
  :persistent          => false
  :port                => 443
  :query               => "api-version=5.0"
  :read_timeout        => 20
  :retries_remaining   => 4
  :retry_errors        => [
    Excon::Error::Timeout
    Excon::Error::Socket
    Excon::Error::HTTPStatus
  ]
  :retry_limit         => 4
  :scheme              => "https"
  :ssl_uri_schemes     => [
    "https"
  ]
  :ssl_verify_peer     => true
  :stubs               => :global
  :tcp_nodelay         => false
  :thread_safe_sockets => true
  :uri_parser          => URI
  :user                => "x-access-token"
  :versions            => "excon/0.87.0 (x86_64-linux-gnu) ruby/2.7.1"
  :write_timeout       => 5
excon.response
  :body          => "{\"$id\":\"1\",\"innerException\":null,\"message\":\"TF401027: You need the Git 'CreateBranch' permission to perform this action. Details: identity 'Build\\\\c33ef28b-5b7b-4026-9023-3867df39639a', scope 'repository'.\",\"typeName\":\"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server\",\"typeKey\":\"GitNeedsPermissionException\",\"errorCode\":0,\"eventId\":3000}"
  :cookies       => [
    "VstsSession=%7B%22PersistentSessionId%22%3A%225cf6cc28-4542-4bcb-8a56-577df159d2a5%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22SignInState%22%3A%7B%7D%7D;SameSite=None; domain=.dev.azure.com; expires=Wed, 12-Oct-2022 13:41:50 GMT; path=/; secure; HttpOnly"
  ]
  :headers       => {
    "Access-Control-Expose-Headers" => "Request-Context"
    "ActivityId"                    => "8ff46831-75c7-4cd7-aa72-e6e8e97abb2a"
    "Cache-Control"                 => "no-cache, no-store, must-revalidate"
    "Content-Length"                => "390"
    "Content-Type"                  => "application/json; charset=utf-8"
    "Date"                          => "Tue, 12 Oct 2021 13:41:50 GMT"
    "Expires"                       => "-1"
    "P3P"                           => "CP=\"CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT\""
    "Pragma"                        => "no-cache"
    "Request-Context"               => "appId=cid-v1:a32646d4-6542-4ff0-b4b1-416ef6b2d466"
    "Set-Cookie"                    => "VstsSession=%7B%22PersistentSessionId%22%3A%225cf6cc28-4542-4bcb-8a56-577df159d2a5%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22SignInState%22%3A%7B%7D%7D;SameSite=None; domain=.dev.azure.com; expires=Wed, 12-Oct-2022 13:41:50 GMT; path=/; secure; HttpOnly"
	"Strict-Transport-Security"     => "max-age=31536000; includeSubDomains"
    "X-Cache"                       => "CONFIG_NOCACHE"
    "X-Content-Type-Options"        => "nosniff"
    "X-FRAME-OPTIONS"               => "SAMEORIGIN"
    "X-MSEdge-Ref"                  => "Ref A: 46E2EF38853E48DBA78572F11321F83A Ref B: PRAEDGE1410 Ref C: 2021-10-12T13:41:50Z"
    "X-TFS-ProcessId"               => "af39b1d6-df28-4da0-af7b-4101f72c98e2"
    "X-TFS-Session"                 => "8ff46831-75c7-4cd7-aa72-e6e8e97abb2a"
    "X-VSS-E2EID"                   => "8ff46831-75c7-4cd7-aa72-e6e8e97abb2a"
    "X-VSS-SenderDeploymentId"      => "fa85298d-d7df-eba2-6cd2-9d3c9247a546"
    "X-VSS-UserData"                => "b767a928-da79-4721-afdf-f6eb1ccb353e:c33ef28b-5b7b-4026-9023-3867df39639a"
  }
  :host          => "dev.azure.com"
  :local_address => "172.17.0.2"
  :local_port    => 54832
  :path          => "/asfinag/content/_apis/git/repositories/content-backoffice-client/pushes"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "13.107.42.20"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"
/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.163.0/lib/dependabot/clients/azure.rb:267:in `post': Dependabot::Clients::Azure::Forbidden (Dependabot::Clients::Azure::Forbidden)
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.163.0/lib/dependabot/clients/azure.rb:166:in `create_commit'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.163.0/lib/dependabot/pull_request_creator/azure.rb:66:in `create_commit'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.163.0/lib/dependabot/pull_request_creator/azure.rb:34:in `create'
	from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.163.0/lib/dependabot/pull_request_creator.rb:104:in `create'
	from ./update-script.rb:427:in `block in <main>'
	from ./update-script.rb:272:in `each'
	from ./update-script.rb:272:in `<main>'

Do I need to grant dependabot access to something?

[sven5]

@ray-kay Please read your output carefully:
TF401027: You need the Git 'CreateBranch' permission to perform this action. Details: identity ...

You definitely missed granting a permission.

[MO2k4]

I think you are missing some permissions

@ray-kay did you set this permissions?

[ray-kay]

Thanks @sven5
sorry for this question but:
Where do I find the docs for granting permissions for dependabot in Azure Devops?

[ray-kay]

Thanks @MO2k4 after adding these permissions everything works.
The glue was to add a new user "Project Collection Build Service" which I did'nt know I had to.

[AurimasNav]

If using targetRepositoryName to check other repos, in addition to build agent permissions I also had to disable Protect access to repositories in YAML pipelines option under project settings -> pipelines -> settings

[SchulteMarkus]

I think you are missing some permissions

In my case, "force push" was not required for running Dependabot. I am quite happy not having to give "force" permissions.
But I had to give "Contribute" permissions.