Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot job fails due to attempt to update packages referenced via an MSBuild SDK #11479

Open
1 task done
martincostello opened this issue Feb 4, 2025 · 2 comments
Open
1 task done

Dependabot job fails due to attempt to update packages referenced via an MSBuild SDK #11479

martincostello opened this issue Feb 4, 2025 · 2 comments
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet T: bug 🐞 Something isn't working

Comments

@martincostello
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

NuGet

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/martincostello/alexa-london-travel/blob/main/global.json

dependabot.yml content

https://github.com/martincostello/alexa-london-travel/blob/main/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

If a NuGet package is pulled in via an MSBuild SDK, then dependabot will attempt to update NuGet packages associated with it (which are not referenced in any project files), fail, and then cause the dependabot job to fail.

For example, MSTest.Sdk.

updater | 2025/02/04 12:30:54 INFO <job_958824508> Checking if MSTest.SourceGeneration 1.0.0-alpha.24473.2 needs updating
updater | 2025/02/04 12:30:54 INFO <job_958824508> Writing dependency info: {"Name":"MSTest.SourceGeneration","Version":"1.0.0-alpha.24473.2","IsVulnerable":false,"IgnoredVersions":[],"Vulnerabilities":[]}
updater | running NuGet analyze:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli analyze --job-id 958824508 --job-path /home/dependabot/dependabot-updater/job.json --repo-root /home/dependabot/dependabot-updater/repo --discovery-file-path /home/dependabot/.dependabot/discovery.1.json --dependency-file-path /tmp/dependency/MSTest.SourceGeneration.json --analysis-folder-path /tmp/analysis
updater | 2025/02/04 12:30:54 INFO <job_958824508> Started process PID: 4609 with command: {} /opt/nuget/NuGetUpdater/NuGetUpdater.Cli analyze --job-id 958824508 --job-path /home/dependabot/dependabot-updater/job.json --repo-root /home/dependabot/dependabot-updater/repo --discovery-file-path /home/dependabot/.dependabot/discovery.1.json --dependency-file-path /tmp/dependency/MSTest.SourceGeneration.json --analysis-folder-path /tmp/analysis {}
  proxy | 2025/02/04 12:30:55 [969] GET [https://api.nuget.org:443/v3/registration5-gz-semver2/mstest.sourcegeneration/index.json](https://api.nuget.org/v3/registration5-gz-semver2/mstest.sourcegeneration/index.json)
  proxy | 2025/02/04 12:30:55 [969] 200 [https://api.nuget.org:443/v3/registration5-gz-semver2/mstest.sourcegeneration/index.json](https://api.nuget.org/v3/registration5-gz-semver2/mstest.sourcegeneration/index.json)
  proxy | 2025/02/04 12:30:56 [971] GET [https://api.nuget.org:443/v3-flatcontainer/mstest.sourcegeneration/1.0.0-alpha.24562.1/mstest.sourcegeneration.1.0.0-alpha.24562.1.nupkg](https://api.nuget.org/v3-flatcontainer/mstest.sourcegeneration/1.0.0-alpha.24562.1/mstest.sourcegeneration.1.0.0-alpha.24562.1.nupkg)
  proxy | 2025/02/04 12:30:56 [971] 200 [https://api.nuget.org:443/v3-flatcontainer/mstest.sourcegeneration/1.0.0-alpha.24562.1/mstest.sourcegeneration.1.0.0-alpha.24562.1.nupkg](https://api.nuget.org/v3-flatcontainer/mstest.sourcegeneration/1.0.0-alpha.24562.1/mstest.sourcegeneration.1.0.0-alpha.24562.1.nupkg)
updater | 2025/02/04 12:30:58 INFO <job_958824508> Process PID: 4609 completed with status: pid 4609 exit 0
2025/02/04 12:30:58 INFO <job_958824508> Total execution time: 4.24 seconds
2025/02/04 12:30:54 INFO Temporarily removing `global.json` from `/home/dependabot/dependabot-updater/repo`.
2025/02/04 12:30:54 INFO Restoring `global.json` to `/home/dependabot/dependabot-updater/repo`.
2025/02/04 12:30:54 INFO Starting analysis of MSTest.SourceGeneration...
2025/02/04 12:30:54 INFO   Determining multi-dependency property.
2025/02/04 12:30:54 INFO   Finding updated version.
2025/02/04 12:30:55 INFO The package MSTest.SourceGeneration.1.0.0-alpha.24473.2 is not compatible. Incompatible project frameworks: net9.0
2025/02/04 12:30:55 INFO   Finding updated peer dependencies.
2025/02/04 12:30:55 INFO InstallDotnetSdks == true; retaining `global.json` contents.
2025/02/04 12:30:57 INFO InstallDotnetSdks == true; retaining `global.json` contents.
2025/02/04 12:30:58 INFO Analysis complete.
2025/02/04 12:30:58 INFO   Writing analysis result to [/tmp/analysis/MSTest.SourceGeneration.json].
updater | 2025/02/04 12:30:58 INFO <job_958824508> MSTest.SourceGeneration.json analysis content: {
  "UpdatedVersion": "1.0.0-alpha.24562.1",
  "CanUpdate": true,
  "VersionComesFromMultiDependencyProperty": false,
  "UpdatedDependencies": [
    {
      "Name": "MSTest.SourceGeneration",
      "Version": "1.0.0-alpha.24562.1",
      "Type": "PackageReference",
      "EvaluationResult": null,
      "TargetFrameworks": [
        "net9.0"
      ],
      "IsDevDependency": false,
      "IsDirect": true,
      "IsTransitive": false,
      "IsOverride": false,
      "IsUpdate": false,
      "InfoUrl": "https://github.com/microsoft/testfx"
    }
  ],
  "Error": null
}
2025/02/04 12:30:58 INFO <job_958824508> Latest version is 1.0.0-alpha.24562.1
updater | 2025/02/04 12:30:58 INFO <job_958824508> Requirements to unlock all
2025/02/04 12:30:58 INFO <job_958824508> Requirements update strategy 
updater | 2025/02/04 12:30:58 INFO <job_958824508> Updating MSTest.SourceGeneration from 1.0.0-alpha.24473.2 to 1.0.0-alpha.24562.1
updater | 2025/02/04 12:30:58 INFO <job_958824508> Started process PID: 4671 with command: {} git reset HEAD --hard {}
updater | 2025/02/04 12:30:58 INFO <job_958824508> Process PID: 4671 completed with status: pid 4671 exit 0
2025/02/04 12:30:58 INFO <job_958824508> Total execution time: 0.01 seconds
updater | 2025/02/04 12:30:58 INFO <job_958824508> Started process PID: 4678 with command: {} git clean -fx {}
updater | 2025/02/04 12:30:58 INFO <job_958824508> Process PID: 4678 completed with status: pid 4678 exit 0
updater | 2025/02/04 12:30:58 INFO <job_958824508> Total execution time: 0.0 seconds
updater | running NuGet updater:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --job-id 958824508 --job-path /home/dependabot/dependabot-updater/job.json --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /test/LondonTravel.Skill.NativeAotTests/LondonTravel.Skill.NativeAotTests.csproj --dependency MSTest.SourceGeneration --new-version 1.0.0-alpha.24562.1 --previous-version 1.0.0-alpha.24473.2 --result-output-path /tmp/update-result.json
updater | 2025/02/04 12:30:58 INFO <job_958824508> Started process PID: 4685 with command: {} /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --job-id 958824508 --job-path /home/dependabot/dependabot-updater/job.json --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /test/LondonTravel.Skill.NativeAotTests/LondonTravel.Skill.NativeAotTests.csproj --dependency MSTest.SourceGeneration --new-version 1.0.0-alpha.24562.1 --previous-version 1.0.0-alpha.24473.2 --result-output-path /tmp/update-result.json {}
  proxy | 2025/02/04 12:31:02 Posting metrics to remote API endpoint
  proxy | 2025/02/04 12:31:02 Successfully posted metrics data via api client
updater | 2025/02/04 12:31:05 INFO <job_958824508> Process PID: 4685 completed with status: pid 4685 exit 0
2025/02/04 12:31:05 INFO <job_958824508> Total execution time: 6.65 seconds
2025/02/04 12:30:58 INFO Temporarily removing `global.json` from `/home/dependabot/dependabot-updater/repo`.
2025/02/04 12:30:59 INFO Restoring `global.json` to `/home/dependabot/dependabot-updater/repo`.
2025/02/04 12:30:59 INFO   No dotnet-tools.json file found.
2025/02/04 12:30:59 INFO   Updating [global.json] file.
2025/02/04 12:30:59 INFO     Dependency [MSTest.SourceGeneration] not found.
2025/02/04 12:30:59 INFO Running for project file [test/LondonTravel.Skill.NativeAotTests/LondonTravel.Skill.NativeAotTests.csproj]
2025/02/04 12:30:59 INFO Updating project [/home/dependabot/dependabot-updater/repo/src/LondonTravel.Skill/LondonTravel.Skill.csproj]
2025/02/04 12:30:59 INFO   Running 'PackageReference' project direct XML update
2025/02/04 12:30:59 INFO InstallDotnetSdks == true; retaining `global.json` contents.
2025/02/04 12:31:00 INFO InstallDotnetSdks == true; retaining `global.json` contents.
2025/02/04 12:31:02 INFO Re-added SDK managed package [System.Threading.RateLimiting/8.0.0] to project [../../../../tmp/package-dependency-resolution_OWj2Gi/Project.csproj]
2025/02/04 12:31:02 INFO     Package [MSTest.SourceGeneration] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/LondonTravel.Skill/LondonTravel.Skill.csproj].
2025/02/04 12:31:02 INFO Updating project [/home/dependabot/dependabot-updater/repo/test/LondonTravel.Skill.NativeAotTests/LondonTravel.Skill.NativeAotTests.csproj]
2025/02/04 12:31:02 INFO   Running 'PackageReference' project direct XML update
2025/02/04 12:31:02 INFO InstallDotnetSdks == true; retaining `global.json` contents.
2025/02/04 12:31:04 INFO InstallDotnetSdks == true; retaining `global.json` contents.
2025/02/04 12:31:05 INFO Re-added SDK managed package [Microsoft.AspNetCore.TestHost/9.0.0] to project [../../../../tmp/package-dependency-resolution_xvHwtF/Project.csproj]
2025/02/04 12:31:05 INFO     Package [MSTest.SourceGeneration] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/test/LondonTravel.Skill.NativeAotTests/LondonTravel.Skill.NativeAotTests.csproj].
2025/02/04 12:31:05 INFO Update complete.
2025/02/04 12:31:05 INFO   Writing update result to [/tmp/update-result.json].
updater | 2025/02/04 12:31:05 INFO <job_958824508> update result: {
  "Error": null
}
  proxy | 2025/02/04 12:31:05 [973] POST /update_jobs/958824508/record_update_job_error
  proxy | 2025/02/04 12:31:05 [973] 204 /update_jobs/958824508/record_update_job_error
updater | 2025/02/04 12:31:05 INFO <job_958824508> Handled error whilst updating MSTest.SourceGeneration: update_not_possible {:dependencies=>["MSTest.SourceGeneration"]}
  proxy | 2025/02/04 12:31:05 [975] POST /update_jobs/958824508/record_ecosystem_meta
2025/02/04 12:31:05 [975] 204 /update_jobs/958824508/record_ecosystem_meta

Dependabot should not error when it encounters such dependencies and just ignore them.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@martincostello martincostello added the T: bug 🐞 Something isn't working label Feb 4, 2025
@github-actions github-actions bot added the L: dotnet:nuget NuGet packages via nuget or dotnet label Feb 4, 2025
@martincostello
Copy link
Contributor Author

I'm also getting this in this repo for Microsoft.NET.ILLink.Tasks where there are no MSBuild SDKs.

@brettfo
Copy link
Contributor

brettfo commented Feb 5, 2025

Good call. We also have an issue updating FSharp.Core from a .fsproj so I suspect the fix will be the same for both.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brettfo @martincostello