Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependabot doesn't seem to init submodules before resolving dependencies #3554

Closed
macklin-10x opened this issue Apr 23, 2021 · 4 comments
Closed

dependabot doesn't seem to init submodules before resolving dependencies #3554

macklin-10x opened this issue Apr 23, 2021 · 4 comments
Labels
L: go:modules Golang modules T: bug 🐞 Something isn't working

Comments

@macklin-10x
Copy link

Package ecosystem
gomod

Manifest location and content prior to update
/go.mod
/some_submodule/go.mod
dependabot.yml content

version: 2

updates:
- package-ecosystem: gomod
  directory: "/"
  schedule:
    interval: weekly
  open-pull-requests-limit: 10

What you expected to see, versus what you actually saw
I expected Dependabot to resolve my dependencies inside a submodule. Instead, it appears to have not initialized the submodule, as when it attempts to find go.mod in the submodule via go mod replace directive, it fails to find it:

updater | ERROR <job_113688959> Error processing github.com/getsentry/sentry-go (Dependabot::DependabotError)
updater | ERROR <job_113688959> go: github.com/OurOrg/[email protected] (replaced by ./some_submodule): reading some_submodule/go.mod: open /some_submodule/go.mod: no such file or directory

To be clear, I am not trying to have Dependabot manage/update the version of the submodule. I just want Dependabot to manage the dependencies in the root go.mod file, but it is failing to resolve due to errors like the one shown above.
@macklin-10x macklin-10x added the T: bug 🐞 Something isn't working label Apr 23, 2021
@spmason
Copy link

spmason commented May 4, 2021

I'm also seeing this problem with a Java/Maven project. The old version of dependabot coped just fine..

@spmason
Copy link

spmason commented Nov 17, 2021
edited
Loading

Coming back to this, it seems dependabot does resolve submodules properly now, however I was still seeing 404s trying to access the submodule when I viewed the dependabot logs

Turns out I needed to give it access to my private repo in my org settings before it would work

I now have dependabot happily spamming me with dependency bump PRs after 6 months of tumbleweeds

@macklin-10x
Copy link
Author

I'm still seeing the exact same type of error as before:

updater | ERROR <job_234105584> Error processing google.golang.org/api (Dependabot::DependabotError)
updater | ERROR <job_234105584> go: github.com/OurOrg/[email protected] (replaced by ./some_submodule): reading some_submodule/go.mod: open /some_submodule/go.mod: no such file or directory

@jeffwidman jeffwidman added the L: go:modules Golang modules label Sep 18, 2022
@jakecoffman
Copy link
Member

Sorry for the lack of communication here.

Submodule cloning for Go was recently added in #5982 so this should be working now!

Let us know if you are seeing any issues with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: go:modules Golang modules T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spmason @jeffwidman @jakecoffman @macklin-10x