-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not swallow exception, print the message #8928
Do not swallow exception, print the message #8928
Conversation
e0745fe
to
f92328e
Compare
f92328e
to
fa9d24f
Compare
7c26114
to
7d45541
Compare
In production this should never fail, but it might when running locally; is that what you're seeing? |
Yes, I had a problem with the configuration of my environment. The first was that dotnet was not discoverable, and the second was that the native tool was not authorized against a private repository, which is relatively easy to introduce in many places (ruby, dotnet, remote repository, invalid scope of credentials, ...). |
The reason for the NuGet.Config mangling is specifically to pass through feed credentials that dependabot knows about, but the updater doesn't. The most common way for dependabot to be run with a custom feed is via a LOCAL_CONFIG_VARIABLES='[{"type":"nuget_feed","token":"MY_SECRET_TOKEN","url":"https://nuget.example.com/index.json"}]' # add feeds as necessary
bin/dry-run.rb nuget dependabot/dependabot-core # ... other arguments |
Thanks for indulging me in questions, but yes, doing something with an exception rather than silently swallowing it can only be a good thing. |
@brettfo #8928 (comment) a different PR :) |
About "In production, it should never fail." It did because dependabot does not handle well private repositories with native updater (I experience issue with Azure DevOps - it's handled in a different PR) |
I have too many tabs open to keep track. :)
Can you share more information about these scenarios and how the |
It's not about the file not being patched. The try-catch is not guarding It guards only calling native updater (passed block). |
Debugging of the native helper is extremely painful when you do not provide the context of failure.