Git fetch does not respect relative path installs
🐞 Bug report
We're running dependabot against a gitlab install with a relative url path (e.g. https://example.com/gitlab) and seeing some strange results. The initial request to a repository (either manually or on a schedule) successfully queries the correct relative path ../gitlab/api/v4/..
, but subsequent git fetches strip the relative base url from requests (and thus fail) /project/repo/...
. Interestingly this only seems to happen with some package types (npm and go did not work) but not others (pip). Since the incorrect requests have git
as the user agent, I suspect a child process is not getting the right config.
Side note: Debug logs show no sign of an error when this failure occurs. We were able to see failures in the logs when passing a badly scoped token however (missing the read_repository
scope).
Is there an existing issue for this?
Please search existing issues to avoid creating duplicates
-
I have searched the existing issues
App version
1.0.0-alpha1
(deployed via helm chart)
Execution mode
Deployed
Package ecosystem
Pip, npm, gomod, etc.
Package manager version
Language version
dependabot.yml
version: 2
updates:
- package-ecosystem: npm
directory: /
schedule:
interval: daily
open-pull-requests-limit: 20
rebase-strategy: auto
target-branch: develop
Updated dependency
Expected outcome
Running against a relative url install should follow relative paths
Native package manager behaviour
git
commands (ssh and https) work when used directly
Log output
Outputs from manual runs (automated runs produce similar output)
bundle exec rake 'dependabot:update[tss/plasma,npm,/socket/]'
[2023-04-06 00:00:54 +0000] DEBUG -- Sidekiq client with Sidekiq::RedisConnection::RedisAdapter options {:password=>"REDACTED", :timeout=>1, :reconnect_attempts=>2, :size=>5, :url=>"redis://dependabot-redis-master.gitlab.svc.cluster.local"}
[2023-04-06 00:00:54 +0000] WARN -- [dep-update: tss/plasma=>npm=>/socket/] Missing github_access_token. Dependency updates may fail if api rate limit is exceeded.
dependabot@dependabot-dependabot-gitlab-worker-6674bd765f-wjf6n:~/app$ bundle exec rake 'dependabot:update[tss/console,npm,/]'
[2023-04-06 00:01:34 +0000] DEBUG -- Sidekiq client with Sidekiq::RedisConnection::RedisAdapter options {:password=>"REDACTED", :timeout=>1, :reconnect_attempts=>2, :size=>5, :url=>"redis://dependabot-redis-master.gitlab.svc.cluster.local"}
[2023-04-06 00:01:35 +0000] WARN -- [dep-update: tss/console=>npm] Missing github_access_token. Dependency updates may fail if api rate limit is exceeded.
dependabot@dependabot-dependabot-gitlab-worker-6674bd765f-wjf6n:~/app$ bundle exec rake 'dependabot:update[tss/console,pip,/]'
[2023-04-06 00:06:39 +0000] DEBUG -- Sidekiq client with Sidekiq::RedisConnection::RedisAdapter options {:password=>"REDACTED", :timeout=>1, :reconnect_attempts=>2, :size=>5, :url=>"redis://dependabot-redis-master.gitlab.svc.cluster.local"}
dependabot@dependabot-dependabot-gitlab-worker-6674bd765f-wjf6n:~/app$ bundle exec rake 'dependabot:update[tss/console,npm,/]'
[2023-04-06 00:20:59 +0000] DEBUG -- Sidekiq client with Sidekiq::RedisConnection::RedisAdapter options {:password=>"REDACTED", :timeout=>1, :reconnect_attempts=>2, :size=>5, :url=>"redis://dependabot-redis-master.gitlab.svc.cluster.local"}
[2023-04-06 00:21:00 +0000] WARN -- [dep-update: tss/console=>npm] Missing github_access_token. Dependency updates may fail if api rate limit is exceeded.
dependabot@dependabot-dependabot-gitlab-worker-6674bd765f-wjf6n:~/app$ bundle exec rake 'dependabot:validate[tss/console]'
[2023-04-06 00:21:47 +0000] DEBUG -- Sidekiq client with Sidekiq::RedisConnection::RedisAdapter options {:password=>"REDACTED", :timeout=>1, :reconnect_attempts=>2, :size=>5, :url=>"redis://dependabot-redis-master.gitlab.svc.cluster.local"}
[2023-04-06 00:21:47 +0000] INFO -- Validating config '.gitlab/dependabot.yml'
[2023-04-06 00:21:47 +0000] INFO -- Fetching configuration for tss/console from develop
[2023-04-06 00:21:47 +0000] INFO -- Configuration is valid
Apache logs for the proxy in front of gitlab
[05/Apr/2023:16:23:20 -0800] "GET /gitlab/tss/console/info/refs?service=git-upload-pack? HTTP/1.1" 302 5530 "-" "curl/7.87.0"
[05/Apr/2023:16:23:38 -0800] "GET /tss/console/info/refs?service=git-upload-pack? HTTP/1.1" 404 5060 "-" "curl/7.87.0"
[05/Apr/2023:16:23:54 -0800] "GET /tss/console/info/refs?service=git-upload-pack? HTTP/1.1" 301 616 "-" "curl/7.87.0"
[05/Apr/2023:16:23:54 -0800] "GET /tss/console/info/refs?service=git-upload-pack? HTTP/1.1" 404 5060 "-" "curl/7.87.0"
[05/Apr/2023:16:24:04 -0800] "GET /tss/console/info/refs?service=git-upload-pack? HTTP/1.1" 301 616 "-" "curl/7.87.0"
[05/Apr/2023:16:24:04 -0800] "GET /tss/console/info/refs?service=git-upload-pack? HTTP/1.1" 404 5060 "-" "curl/7.87.0"
Smallest manifest that reproduces the issue
- gitlab install
https://example.com/gitlab
- Basic dependabot config
- Attempt update check
- (optional) check with a pip configured repository