Updater failing with "Setting experimental.system-git-client does not exist"

[diguid]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

pip

Package manager version

Poetry 1.2.1

Language version

Python 3.7.5

Manifest location and content before the Dependabot update

/poetry.lock

dependabot.yml content

version: 2
registries:
  python-index-pypi-hub-legiti-io-simple:
    type: python-index
    url: https://pypi.hub.legiti.io/simple/
    username: "${{secrets.PYTHON_INDEX_PYPI_HUB_LEGITI_IO_SIMPLE_USERNAME}}"
    password: "${{secrets.PYTHON_INDEX_PYPI_HUB_LEGITI_IO_SIMPLE_PASSWORD}}"

updates:
- package-ecosystem: pip
  directory: "/"
  insecure-external-code-execution: allow
  schedule:
    interval: daily
    time: "18:00"  # UTC
  open-pull-requests-limit: 10
  target-branch: develop
  registries:
  - python-index-pypi-hub-legiti-io-simple

Updated dependency

No response

What you expected to see, versus what you actually saw

Expected: PRs with updated versions

Actual: Errors in the dependabot run.

updater | ERROR <job_471376381> Error processing pytest-cov (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | ERROR <job_471376381> ValueError
updater | <job_471376381> 
updater | <job_471376381>   Setting experimental.system-git-client does not exist
updater | <job_471376381> 
updater | <job_471376381>   at /usr/local/.pyenv/versions/3.7.13/lib/python3.7/site-packages/poetry/console/commands/config.py:248 in handle
updater | <job_471376381>       244│                 raise ValueError("You must pass exactly 1 value")
updater | <job_471376381>       245│ 
updater | <job_471376381>       246│             return 0
updater | <job_471376381>       247│ 
updater | <job_471376381>     → 248│         raise ValueError("Setting {} does not exist".format(self.argument("key")))
updater | <job_471376381>       249│ 
updater | <job_471376381>       250│     def _handle_single_value(self, source, key, callbacks, values):
updater | <job_471376381>       251│         validator, normalizer, _ = callbacks
updater | <job_471376381>       252│
updater | ERROR <job_471376381> /home/dependabot/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb:353:in `run_poetry_command'

Native package manager behavior

Successful dependency upgrade.

Images of the diff or a link to the PR, issue, or logs

I've noticed that this change was introduced a couple weeks ago: #5688, could it be related?

Smallest manifest that reproduces the issue

No response

[jeffwidman]

The setting was introduced in #5688 and worked fine, so possibly removed in #5746 ?? Although nothing in the changelog mentions removing this version... I specifically checked when I pulled in the upgrade.

I'm a little surprised as I knew they planned to remove this setting eventually but thought it was a little ways down the road...

How are you running Dependabot? Is it the native github service or are you running it on another platform?

[diguid]

How are you running Dependabot? Is it the native github service or are you running it on another platform?

It's the native github service.

I checked the history of my pyproject.toml file and noticed that the last time dependabot succesfully opened a PR was on Sep 12th 16:27 BRT. I noticed that #5688 was merged on Sep 12th 17:58 BRT. We have a private library that gets updated everyday, so I'm quite confident that the dependabot runs started failing on the 13th, as I would expect it to have tried to open a PR by then.

Honestly seems a bit suspicious that the problem started right after #5688. I have like zero context regarding how dependabot is implemented, so I apologize beforehand if this is nonsense, but could it be somehow related to python3.7?

[diguid]

Any updates on this? I'm still getting the same error

[deivid-rodriguez]

I just checked this and you're right, Python 3.7.13 which you are using resolves poetry to 1.1.5 😬.

This code here:

dependabot-core/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb

Lines 105 to 109 in 5ae1a8c

	# use system git instead of the pure Python dulwich
	unless python_version&.start_with?("3.6")
	run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
	end

The cleanest solution would be to check the Poetry version (>= 1.2), not the Python version. I did check that Python 3.8.0 resolves to Poetry 1.2, but we would need to check all Python versions to be sure, so checking the Poetry version directly feels better to me.

Want to try opening a PR?

[diguid]

Want to try opening a PR?

Is there an easy way of figuring out the poetry version? I'm not familiar with ruby, so that's making it a lot more difficult than it should be 😬

[deivid-rodriguez]

I think you can use run_poetry_command("pyenv exec poetry --version") and parse the output. Does that help?

[jeffwidman]

Anything else we can do to unblock you @diguid ?

[diguid]

Anything else we can do to unblock you @diguid ?

Thanks! I'm working on this PR here and I'm unsure about how to implement tests for this and if they're even necessary, but I suppose I should get these answers there in the PR rather than here, right?

[deivid-rodriguez]

Yes, I can help out in the PR! Thanks for diving into fixing this 💪

[jeffwidman]

My take on this is that Python 3.7 is EOL for security support in 5 months.

So within the next 6-12 months this will be irrelevant because most projects/teams will have upgraded to 3.8 and the problem will simply disappear.

As a result, while we're happy to merge a community-contributed PR, I just don't see us spending any maintainer time to fix this.

So I'm going to close as "wontfix" for now, but again, if someone from the community comes along and wants to push a PR across the finish line, we're more than happy to review/merge.