Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

py3-charset-normalizer/3.4.1 package update #38320

Merged
merged 4 commits into from
Dec 26, 2024
Merged

py3-charset-normalizer/3.4.1 package update #38320

merged 4 commits into from
Dec 26, 2024
+3 −6

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 24, 2024

@wolfi-bot
py3-charset-normalizer/3.4.1 package update
dd30524 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Dec 24, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Dec 24, 2024

Gen AI suggestions to solve the build error:

Based on the error log and the melange YAML file, I can identify the issue:

• Detected Error: The repository URL appears to be incorrect - "https://github.com/jawah/charset_normalizer.git"

• Error Category: Version/Configuration

• Failure Point: Git checkout step in the pipeline

• Root Cause Analysis: The repository URL is incorrect. The correct repository for charset-normalizer is "https://github.com/Ousret/charset_normalizer.git"

• Suggested Fix:
Update the git-checkout step in the pipeline:

pipeline:
  - uses: git-checkout
    with:
      repository: https://github.com/Ousret/charset_normalizer.git
      tag: ${{package.version}}
      expected-commit: c7197b7b425835dd7abf028f45e6b533060886e3

• Explanation: The current URL points to a non-existent repository (jawah/charset_normalizer). The package is actually maintained by Ousret on GitHub. The build system cannot fetch the source code from an invalid repository URL.

• Additional Notes:

  • The version and commit hash appear correct
  • All other configuration appears valid
  • The package dependencies and build environment are properly configured
  • The Python version ranges (3.10-3.13) are appropriate

• References:

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Dec 25, 2024

Gen AI suggestions to solve the build error:

• Detected Error: "Expected commit c7197b7b425835dd7abf028f45e6b533060886e3 for 3.4.1, found ffdf7f5f08beb0ceb92dc0637e97382ba27cecfa"

• Error Category: Version/Commit

• Failure Point: Git checkout step in the pipeline

• Root Cause Analysis: The expected commit hash in the melange YAML doesn't match the actual commit hash for the tag 3.4.1 in the repository. This is likely due to an incorrect commit hash being specified in the configuration.

• Suggested Fix: Update the expected-commit hash in the git-checkout step:

  - uses: git-checkout
    with:
      repository: https://github.com/jawah/charset_normalizer.git
      tag: ${{package.version}}
      expected-commit: ffdf7f5f08beb0ceb92dc0637e97382ba27cecfa

• Explanation: The build system verifies the commit hash as a security measure to ensure the exact version of code being built. The current configuration expects commit c7197b7... but the tag 3.4.1 actually points to ffdf7f5... Updating the expected-commit to match the actual commit hash for the tag will resolve the verification failure.

• Additional Notes:

  • This is a common issue when updating package versions where the commit hash needs to be synchronized with the new tag
  • The error is a security feature to ensure reproducible builds
  • You can verify the correct commit hash for a tag using:
    git ls-remote https://github.com/jawah/charset_normalizer.git refs/tags/3.4.1

• References:

@Dentrax
fix(py3-charset-normalizer): update commit
2069cf5 
Signed-off-by: Dentrax <furkan.turkal@chainguard.dev>
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Dec 25, 2024

Gen AI suggestions to solve the build error:

• Detected Error: Repository not found or inaccessible when attempting git checkout from "https://github.com/jawah/charset_normalizer.git"

• Error Category: Version/Configuration

• Failure Point: git-checkout pipeline step

• Root Cause Analysis: The repository URL is incorrect. The actual repository is "Ousret/charset_normalizer" not "jawah/charset_normalizer"

• Suggested Fix:
Update the git-checkout repository URL and update section in the YAML:

pipeline:
  - uses: git-checkout
    with:
      repository: https://github.com/Ousret/charset_normalizer.git
      tag: ${{package.version}}
      expected-commit: ffdf7f5f08beb0ceb92dc0637e97382ba27cecfa

update:
  enabled: true
  github:
    identifier: Ousret/charset_normalizer

• Explanation: The build is failing because it cannot access the specified repository. The charset-normalizer package is maintained by Ousret on GitHub, not jawah. Updating to the correct repository URL will allow the git-checkout step to succeed.

• Additional Notes:

  • The commit hash appears correct for version 3.4.1
  • All other package configuration appears correct
  • The package dependencies and build environment are properly configured

• References:

@Dentrax
fix(py3-charset-normalizer): remove deprecated setup.cfg
2ac3074 
Signed-off-by: Dentrax <furkan.turkal@chainguard.dev>
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Dec 25, 2024
@Dentrax Dentrax enabled auto-merge (squash) December 25, 2024 17:10
@Dentrax Dentrax self-assigned this Dec 25, 2024
@Dentrax Dentrax merged commit e7e7fde into main Dec 26, 2024
14 checks passed
@Dentrax Dentrax deleted the wolfictl-8cdd4f1a-9add-4aca-bfaa-3f3690e4df57 branch December 26, 2024 07:49
@cpanato cpanato mentioned this pull request Jan 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debasishbsws debasishbsws debasishbsws approved these changes

Assignees

@Dentrax Dentrax

Labels
automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@debasishbsws @Dentrax @wolfi-bot