Fix fetching bug for requirements.in files#5580
Fix fetching bug for requirements.in files#5580jeffwidman merged 2 commits intodependabot:mainfrom stulle123:main
Conversation
|
Regarding the 2nd commit, would it be possible to increase the file size of the Especially in large projects, compiled |
|
👋 Hey @stulle123 thanks for the PR! A few quick questions:
BTW, I noticed this is your first PR on GitHub, so congrats! 🥳 I still remember the first time I opened a PR for an open-source project, a little scary, but I was thrilled when it was merged. |
|
It would be even better if the file size heuristic could be configurable, so that it would be possible to override the default size cap when it's not appropriate. |
|
I was thinking that if we're going to make this configurable, it makes more sense to make the name of the manifest configurable, so that we don't have to make any guesses, fetch files that we don't need at all, or put any size limits on what we fetch. We'd probably need to keep the current logic for backwards compatibility, though. |
|
Hey @jeffwidman thanks for the quick reply and warm welcome! Regarding your questions:
Cheers |
|
Hey @jeffwidman! I've just split up this PR into two. That's the one changing the file size of Can you please help me on how to add unit tests for the two changes? Thanks! |
|
Hey @stulle123 thanks for splitting them out here. For this one, the test should be relatively straightforward. Look in this file: https://github.com/dependabot/dependabot-core/blob/main/python/spec/dependabot/python/file_fetcher_spec.rb I'd grep for "with only" and you'll see how the tests were written for other file types. Just need to add one saying "with only a requirements.in". You can run the tests natively using these instructions, but the easier way to avoid having to muck around with installing the proper ruby libraries locally is to use the docker image. Instructions for booting the image are here, and a few paragraphs in there's a section on running tests within the docker image. |
|
Hey @jeffwidman just added the unit test! Cheers! |
|
@stulle123 sorry to bother you, but looks like this code is failing a lint error about line too long, probably because we tidied up our Rubocop settings in #5588. Do you mind fixing? Should be straightforward. Also, while you're in there, can you squash to a single commit? that way the test + the change are located in the same commit for anyone in the future doing debugging via |
|
Hey @jeffwidman Rubocop checks are green now. As you can see I had some troubles with the commit squashing, but I somehow managed. |
jeffwidman
left a comment
jeffwidman
left a comment
There was a problem hiding this comment.
Thanks!
I tweaked it slightly so that it doesn't have two return values,
as that can start to imply there's two groups of things, rather
than that they're all on an equal footing.
Use a single `return` to make the intent clear that all these files should be treated the same, they don't comprise two groups.
We run CI via actions on `main` on a daily cron to catch any unexpected regressions, or if CodeQL adds a new check that suddenly flags something. However, this can result in some unexpected notification noise: 1. I merged a PR from an external contributor: #5580 2. That PR was opened from the fork's `main` branch 3. Before merging, I clicked the "Update by rebase". So a commit from me landed on the fork's `main` branch. 4. I'm now receiving daily emails about failing CI runs from the fork. These are pure noise, since I don't care about the state of an external contributor's forked repo. This hasn't happened for any other PR's that I've merged from external contributors, so I suspect it's related to the rebase so I'm now seen as a committer to the fork's `main` branch. Not really sure though. I double-checked and I am _not_ subscribed to notifications on the repo. I am aware that after 30 days this should age out because actions are disabled for forks after 30 days assuming the external contributor doesn't update his fork/click re-enable actions, but it's still annoying. I checked internally with the Actions team, and they said this is known behavior, and it's complicated. So for now, let's default to disabling running cron for forks.
4 participants
Hi there,
There seems to be a bug in the file_fetcher.rb class when trying to fetch
requirements.infiles:If there's also a
requirements.txtfile in the repository, the download works.If not, Dependabot doesn't continue to look for
requirements.infiles and raises aDependencyFileNotFoundexception here.When I add
requirements_in_files.any?to the list of checks the download works just fine. Maybe, there's a better fix for this, didn't investigate the issue any further.Thanks.