Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: Error during "Dependency-Update-Tools" on GitHub Enterprise Server #3607

Open
mariusfilipowski opened this issue Oct 25, 2023 · 2 comments
Open

BUG: Error during "Dependency-Update-Tools" on GitHub Enterprise Server #3607

mariusfilipowski opened this issue Oct 25, 2023 · 2 comments
Labels
Check/Dependency-Update-Tool kind/bug Something isn't working self-hosted

Comments

@mariusfilipowski
Copy link

Describe the bug
Running against a repo in GHES 3.8 oder 3.9 we get this output:

| ?       | Dependency-Update-Tool | internal error: Search.Code: GET                                                                                                            | https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool |
|         |                        | https://github.****.com/api/v3/search/commits?per_page=100&q=repo%***%2F***+author%3Adependabot%5Bbot%5D: |                                                                                                                       |
|         |                        | 422 Validation Failed [{Resource:Search Field:q Code:invalid Message:Search text is required when searching commits. Searches that use      |                                                                                                                       |
|         |                        | qualifiers only are not allowed. Were you searching for something else?}]

Internal reponames and urls have been redacted with ***

Reproduction steps
Steps to reproduce the behavior:

  1. Run scorecard against GHES

Expected behavior
The Dependency-Update-Tool check should work correctly.

Additional context
Add any other context about the problem here.
@mariusfilipowski mariusfilipowski added the kind/bug Something isn't working label Oct 25, 2023
@raghavkaul
Copy link
Contributor

I think a 422 on Search.Code on GitHub Enterprise is something we might want to have special error handling around so that we could still check for other Dependency Update Tools than dependabot. It feels more difficult to special case specific GitHub Enterprise versions with new search queries.

@raghavkaul raghavkaul mentioned this issue Oct 25, 2023
Open
@spencerschrock
Copy link
Member

I think a 422 on Search.Code on GitHub Enterprise is something we might want to have special error handling around so that we could still check for other Dependency Update Tools than dependabot. It feels more difficult to special case specific GitHub Enterprise versions with new search queries.

Hmm, we could detect the 422 and try falling back to the 30 commits we grab via ListCommits elsewhere in scorecard?

@afmarcum afmarcum moved this to Backlog - Bugs in Scorecard - NEW Mar 5, 2024
@diberry diberry mentioned this issue Sep 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Check/Dependency-Update-Tool kind/bug Something isn't working self-hosted
Projects
Scorecard - NEW
Status: Backlog - Bugs
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mariusfilipowski @spencerschrock @raghavkaul