Send Ecosystem Metrics to Dependabot-API on Update Job Completion #10905
Conversation
| @@ -29,7 +29,7 @@ def constraints | |||
| end | |||
|
|
|||
| # Returns the highest lower limit among all minimum constraints. | |||
| sig { returns(T.nilable(Gem::Version)) } | |||
| sig { returns(T.nilable(Dependabot::Version)) } | |||
| def min_version | |||
There was a problem hiding this comment.
Review Tip: This PR addresses type issues introduced in the previous PR by ensuring all versions consistently use Dependabot::Version instead of the more generic Gem::Version. This change provides more specific typing, improving clarity and reducing abstraction.
d7936ef to
fcf6572
Compare
| @@ -243,7 +245,7 @@ def record_ecosystem_versions(ecosystem_versions) | |||
| rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError | |||
| retry_count ||= 0 | |||
| retry_count += 1 | |||
| raise if retry_count > 3 | |||
| raise if retry_count > MAX_REQUEST_RETRIES | |||
|
|
|||
There was a problem hiding this comment.
Review Tip: Moved retry request count in constant variable since it is always equal 3.
| Dependabot.logger.error("Failed to record ecosystem meta: #{e.message}") | ||
| end | ||
| end | ||
|
|
There was a problem hiding this comment.
Review Tip: Create metrics from ecosystem instance that stores ecosystem, package manager and language information.
| max_version: requirement.max_version&.to_s | ||
| } | ||
| end | ||
|
|
There was a problem hiding this comment.
Review Tip: Use common metrics creation functions for package manager and language since they have metrics in same structure.
| @@ -41,6 +41,9 @@ def upsert_pull_request_with_error_handling(dependency_change, group) | |||
| end | |||
| rescue StandardError => e | |||
| error_handler.handle_job_error(error: e, dependency_group: dependency_snapshot.job_group) | |||
| ensure | |||
| # record metrics for the ecosystem | |||
| service.record_ecosystem_meta(dependency_snapshot.ecosystem) | |||
| end | |||
There was a problem hiding this comment.
Review Tip: Send metrics for group refresh operation after update process (success, or fail)
| @@ -64,6 +64,8 @@ def perform | |||
| service.create_pull_request(T.must(dependency_change), dependency_snapshot.base_commit_sha) | |||
| rescue StandardError => e | |||
| error_handler.handle_job_error(error: e, dependency_group: group) | |||
| ensure | |||
| service.record_ecosystem_meta(dependency_snapshot.ecosystem) | |||
| end | |||
There was a problem hiding this comment.
Review Tip: Send metrics for create group operation after update process
| # - an update is available (has_update = true), or | ||
| # - an error occurred (has_update = nil) | ||
| service.record_ecosystem_meta(dependency_snapshot.ecosystem) if has_update != false | ||
| end | ||
| end |
There was a problem hiding this comment.
Review Tip: Send metrics for create security update after update process (success, or fail). Just being sure that metrics is getting called when there is update. We don't prefer to send metrics when there is not update necessary
There was a problem hiding this comment.
@kbukum1: Not logging no update necessary events simplifies logging but I would suggest, we should log no update as well. The reason being without logging no update for Dependabot job run, makes it hard to gauge the baseline activity level (example: lose the ability to compare how often checks lead to updates versus when no updates are necessary). Once we have this data we can reason with it. Same will be true at different places where you are sending metrics.
There was a problem hiding this comment.
@abdulapopoola what do you think. Should we log all update processes? This may be easier to implement but for each update process we are going to send metrics even through there may be no update
There was a problem hiding this comment.
Just wanted to mention, normally we discussed that when we were preparing the ADR and we thought it will be ok to start with only if there is update. We were thinking to add no-update later if we see is necessary.
There was a problem hiding this comment.
It is fixed now. I am sending metrics if update process started for a dependency or a group even there is no update.
| @@ -190,6 +219,7 @@ def check_and_create_pull_request(dependency) | |||
| record_warning_notices(notices) if notices.any? | |||
|
|
|||
| create_pull_request(dependency_change) | |||
| true | |||
| rescue Dependabot::AllVersionsIgnored | |||
There was a problem hiding this comment.
Review Tip: Using boolean to understand if update process (succeed, fail, no update)
| # - an update is available (has_update = true), or | ||
| # - an error occurred (has_update = nil) | ||
| service.record_ecosystem_meta(dependency_snapshot.ecosystem) if has_update != false | ||
| end |
There was a problem hiding this comment.
Review Tip: Send metrics for refresh version update after update process (success, or fail). Just being sure that metrics is getting called when there is update. We don't prefer to send metrics when there is not update necessary
| # - an update is available (has_update = true), or | ||
| # - an error occurred (has_update = nil) | ||
| service.record_ecosystem_meta(dependency_snapshot.ecosystem) if has_update != false | ||
| end | ||
| end |
There was a problem hiding this comment.
Review Tip: Send metrics for update all after update process. Just being sure that metrics is getting called when there is update. We don't prefer to send metrics when there is not update necessary
5cb9de1 to
3d25baf
Compare
updater/lib/dependabot/api_client.rb
Outdated
| api_url = "#{base_url}/update_jobs/#{job_id}/record_ecosystem_meta" | ||
|
|
||
| body = { | ||
| data: { |
There was a problem hiding this comment.
Just to note that this was an array in the ADR and that's the format the new endpoint expects.
There was a problem hiding this comment.
Thanks. I will change it as array then.
3b01cca to
5c76a35
Compare
5c76a35 to
67643bf
Compare
What are you trying to accomplish?
This PR adds functionality, controlled by the
enable_record_ecosystem_metafeature flag, to send ecosystem metrics fromupdate_jobresults to Dependabot-API. This allows for improved tracking of dependency updates across ecosystems, including versioning details for package managers and languages. Metrics cover raw and processed versions as well as constraints, enabling better visibility into compatibility trends.What issues does this affect or fix?
This change is part of ongoing efforts to enhance update visibility and track deprecations across ecosystems.
Anything you want to highlight for special attention from reviewers?
The
ecosystem_datamethod structures and extracts version and requirement details. Data includes nested fields, which may need flattening for Datadog compatibility. Reviewers should verify that the metric structure aligns with Dependabot-API requirements.How will you know you've accomplished your goal?
Checklist