Fatal DependencyFileNotParseable exception is not reported to console
🐞 Bug report
We encountered an exception that was not visible from the Rake task even with the --trace
option. This made it difficult to troubleshoot; the problem ended up being that we had GOSUMDB=off
set, which had stopped working due to this commit in Go.
Is there an existing issue for this?
Please search existing issues to avoid creating duplicates
-
I have searched the existing issues
App version
dependabot-gitlab-gomod:3.6.0-alpha.1
container
Execution mode
Deployed
Package ecosystem
gomod
Package manager version
N/A, Go native package manager
Language version
go version go1.20.8 linux/amd64
dependabot.yml
---
version: 2
updates:
- package-ecosystem: docker
directory: '/'
schedule:
interval: defined in global Dependabot configuration
- package-ecosystem: gomod
directory: '/'
schedule:
interval: defined in global Dependabot configuration
dependabot-base.yml
(Python-only options have been omitted)
---
version: 2
updates:
open-pull-requests-limit: 999
labels:
- dependabot
schedule:
interval: daily
updater-options:
goprivate: ''
Updated dependency
golang.org/toolchain@v0.0.1-go1.20.8.linux-amd64
Expected outcome
Fatal exceptions should be reported to the console and either relayed by the worker pod or available in the web UI.
Native package manager behaviour
The native package manager logs to stderr.
Log output
Running the updater rake task in the updater container with tracing enabled does not produce useful output:
dependabot@dependabot-gitlab-updater-adhoc:~/app$ rake --trace dependabot:update[my-org/devops/services/my-app,gomod,/]
** Invoke dependabot:update (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute dependabot:update
[2023-10-26 16:55:48 +0000] WARN -- [dep-update: my-org/devops/services/my-app=>gomod] Missing GitHub access token. Dependency updates may fail if api rate limit is exceeded.
dependabot@dependabot-gitlab-updater-adhoc:~/app$
To get useful output, it's necessary to run the function from the Rails console:
irb(main):002:0> Update::Triggers::DependencyUpdate.call('my-org/devops/services/my-app','gomod','/')
[2023-10-26 17:18:38 +0000] WARN -- [dep-update: my-org/devops/services/my-app=>gomod] Missing GitHub access token. Dependency updates may fail if api rate limit is exceeded.
/home/dependabot/app/vendor/bundle/ruby/3.1.0/gems/dependabot-go_modules-0.234.0/lib/dependabot/go_modules/file_parser.rb:125:in `handle_parser_error': go: golang.org/toolchain@v0.0.1-go1.20.8.linux-amd64: verifying module: checksum database disabled by GOSUMDB=off (Dependabot::DependencyFileNotParseable)
irb(main):003:0>
Smallest manifest that reproduces the issue
Any Go project should reproduce the issue with GOSUMDB=off
set, because the affected Go executable gives the error even when I just run go version
from ~/app
on the container.