Merge pull request #6276 from dependabot/deivid-rodriguez/subprocess-…

…stacktraces Improve SubprocessFailed Sentry errors
dependabot · Dec 7, 2022 · 1074c64 · 1074c64
2 parents 3005635 + 7839a7e
commit 1074c64
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 10 deletions.
diff --git a/common/lib/dependabot/file_updaters/vendor_updater.rb b/common/lib/dependabot/file_updaters/vendor_updater.rb
@@ -23,7 +23,8 @@ def updated_vendor_cache_files(base_directory:)
           # rubocop:enable Performance/DeletePrefix
 
           status = SharedHelpers.run_shell_command(
-            "git status --untracked-files all --porcelain v1 #{relative_dir}"
+            "git status --untracked-files all --porcelain v1 #{relative_dir}",
+            fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
           )
           changed_paths = status.split("\n").map(&:split)
           changed_paths.map do |type, path|

diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb
@@ -190,7 +190,8 @@ def self.configure_git_to_use_https_with_credentials(credentials, safe_directori
       run_shell_command(
         "git config --global credential.helper " \
         "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
-        allow_unsafe_shell_command: true
+        allow_unsafe_shell_command: true,
+        fingerprint: "git config --global credential.helper '<helper_command>'"
       )
 
       # see https://github.blog/2022-04-12-git-security-vulnerability-announced/

diff --git a/github_actions/lib/dependabot/github_actions/update_checker.rb b/github_actions/lib/dependabot/github_actions/update_checker.rb
@@ -252,7 +252,8 @@ def shortened_semver_eq?(base, other)
 
       def find_container_branch(sha)
         branches_including_ref = SharedHelpers.run_shell_command(
-          "git branch --remotes --contains #{sha}"
+          "git branch --remotes --contains #{sha}",
+          fingerprint: "git branch --remotes --contains <sha>"
         ).split("\n").map { |branch| branch.strip.gsub("origin/", "") }
 
         current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") }

diff --git a/terraform/lib/dependabot/terraform/file_updater.rb b/terraform/lib/dependabot/terraform/file_updater.rb
@@ -173,7 +173,10 @@ def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLe
             # Terraform will update the lockfile in place so we use a fresh lockfile for each lookup
             File.write(".terraform.lock.hcl", lockfile_hash_removed)
 
-            SharedHelpers.run_shell_command("terraform providers lock -platform=#{arch} #{provider_source} -no-color")
+            SharedHelpers.run_shell_command(
+              "terraform providers lock -platform=#{arch} #{provider_source} -no-color",
+              fingerprint: "terraform providers lock -platform=<arch> <provider_source> -no-color"
+            )
 
             updated_lockfile = File.read(".terraform.lock.hcl")
             updated_hashes = extract_provider_h1_hashes(updated_lockfile, declaration_regex)
@@ -228,7 +231,10 @@ def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metric
 
           File.write(".terraform.lock.hcl", lockfile_dependency_removed)
 
-          SharedHelpers.run_shell_command("terraform providers lock #{platforms} #{provider_source}")
+          SharedHelpers.run_shell_command(
+            "terraform providers lock #{platforms} #{provider_source}",
+            fingerprint: "terraform providers lock <platforms> <provider_source>"
+          )
 
           updated_lockfile = File.read(".terraform.lock.hcl")
           updated_dependency = updated_lockfile.scan(declaration_regex).first

diff --git a/updater/lib/dependabot/updater.rb b/updater/lib/dependabot/updater.rb
@@ -854,11 +854,10 @@ def handle_dependabot_error(error:, dependency:)
           # info such as file contents or paths. This information is already
           # in the job logs, so we send a breadcrumb to Sentry to retrieve those
           # instead.
-          msg = "Dependency update process failed, please check the job logs"
-          Raven.capture_exception(
-            SubprocessFailed.new(msg, raven_context: error.raven_context),
-            raven_context
-          )
+          msg = "Subprocess #{error.raven_context[:fingerprint]} failed to run. Check the job logs for error messages"
+          sanitized_error = SubprocessFailed.new(msg, raven_context: error.raven_context)
+          sanitized_error.set_backtrace(error.backtrace)
+          Raven.capture_exception(sanitized_error, raven_context)
 
           { "error-type": "unknown_error" }
         when *Octokit::RATE_LIMITED_ERRORS