Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot jobs for Python projects using poetry fails #8020

Open
1 task done
akhileshraju opened this issue Sep 12, 2023 · 0 comments
Open
1 task done

Dependabot jobs for Python projects using poetry fails #8020

akhileshraju opened this issue Sep 12, 2023 · 0 comments
Labels
good first issue T: bug 🐞 Something isn't working

Comments

@akhileshraju
Copy link

akhileshraju commented Sep 12, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

pip

Package manager version

poetry 1.3.1

Language version

Python 3.11.4

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "npm" # See documentation for possible values
    directory: "/ui" # Location of package manifests
    schedule:
      interval: "monthly"
    commit-message:
      prefix: "UI: "
    allow:
      - dependency-type: direct
    ignore:
      # Ignore all @theia/*, electron and electron-* since we are staying in lock-step with versions from Rigel
      - dependency-name: "@theia/*"
      - dependency-name: "typescript"
      - dependency-name: "electron"
      - dependency-name: "electron-chromedriver"

  - package-ecosystem: "pip" # See documentation for possible values
    directory: "/engine" # Location of package manifests
    schedule:
      interval: "monthly"
    commit-message:
      prefix: "Engine: "
    allow:
      - dependency-type: direct
    # Maybe this is needed to allow Poetry to run?
    insecure-external-code-execution: allow
      
  - package-ecosystem: "pip" # See documentation for possible values
    directory: "/cli" # Location of package manifests
    schedule:
      interval: "monthly"
    commit-message:
      prefix: "CLI: "
    allow:
      - dependency-type: direct
    # Maybe this is needed to allow Poetry to run?
    insecure-external-code-execution: allow

Updated dependency

This happens for all dependencies that aren't up to date.

What you expected to see, versus what you actually saw

We are trying to get dependabot to scan our Python projects that make use of poetry.
When dependabot finds a dep version to be outdated, it seems to try updating it but then immediately fails with below message.

Could someone help guide me as to what the problem might be or how I might go about debugging it?

image

NOTE - Dependabot is being run on a GHE v3.8 instance.

pyproject.toml file

[tool.poetry.dependencies]
python = "~3.11"
grpcio = "^1.51.3"

[tool.poetry.group.dev.dependencies]
black = "^23.1.0"
mypy-protobuf = "^3.4.0"
grpcio-tools = "^1.51.3"
pytest = "^7.2.2"
pytest-asyncio = "^0.20.3"
coverage = "^7.2.1"
pyinstaller = "^5.8.0"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue T: bug 🐞 Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants