You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we at Orchard Core get update_not_possible, we are always confused why the update is not possible, as there's no indication of it in Dependabot's output. Please make Dependabot output error details, thus making the error actionable and something that we can thus fix.
We've encountered this with NuGet updates, but the issue might span all package ecosystems.
#5301 and #8903 are related but I think are about slightly different angles. Also, this is related to NuGet updates if that makes a difference.
E.g. this run failed for libphonenumber-csharp with the following output:
2024-10-04T10:48:16.5645537Z updater | 2024/10/04 10:48:16 INFO <job_895909503> Updating libphonenumber-csharp from 8.13.46 to 8.13.47
2024-10-04T10:48:16.6126080Z proxy | 2024/10/04 10:48:16 [330] POST /update_jobs/895909503/record_update_job_error
2024-10-04T10:48:16.7107816Z proxy | 2024/10/04 10:48:16 [330] 204 /update_jobs/895909503/record_update_job_error
2024-10-04T10:48:16.7117902Z updater | 2024/10/04 10:48:16 INFO <job_895909503> Handled error whilst updating libphonenumber-csharp: update_not_possible {:dependencies=>["libphonenumber-csharp"]}
This is despite dependabot.yml being there and configuring this update (what the Configure button actually points to too):
version: 2updates:
# Dependabot can handle at most 150 "manifests", so for NuGet, csprojs referencing packages (see docs:# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph#are-there-limits-which-affect-the-dependency-graph-data).# Thus, it would fail for the whole solution.# Grouping updates per directories or otherwise trying to have smaller batches is unnecessary, because due to# centralized package management, Dependabot will find all dependencies from any project. So, just processing the# OrchardCore project.
- package-ecosystem: "nuget"directory: "/src/OrchardCore/OrchardCore"schedule:
interval: "weekly"groups:
all-dependencies:
patterns:
- "*"ignore:
# We'll update GraphQL for v3 because it's breaking, see https://github.com/OrchardCMS/OrchardCore/issues/16826.
- dependency-name: "GraphQL*"# See the corresponding comment in Directory.Packages.props.
- dependency-name: "System.Drawing.Common"
Even before when this page recognized the configuration being present, it just linked back to the workflow output.
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Feature description
When we at Orchard Core get
update_not_possible
, we are always confused why the update is not possible, as there's no indication of it in Dependabot's output. Please make Dependabot output error details, thus making the error actionable and something that we can thus fix.We've encountered this with NuGet updates, but the issue might span all package ecosystems.
#5301 and #8903 are related but I think are about slightly different angles. Also, this is related to NuGet updates if that makes a difference.
E.g. this run failed for
libphonenumber-csharp
with the following output:This provides no details. At the end of the workflow output, we have "For more information see: https://github.com/OrchardCMS/OrchardCore/network/updates/895909503 (write access to the repository is required to view the log)" but that just brings us to this page:
This is despite
dependabot.yml
being there and configuring this update (what the Configure button actually points to too):Even before when this page recognized the configuration being present, it just linked back to the workflow output.
The text was updated successfully, but these errors were encountered: