From 32846c4f2487e1a120adf907037c340e194bc506 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Wed, 7 Dec 2022 12:25:37 +0100 Subject: [PATCH 1/3] Improve SubprocessFailed Sentry errors * Add a more meaningful title so they are distinguishable in the main index. * Copy the original backtrace. --- updater/lib/dependabot/updater.rb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/updater/lib/dependabot/updater.rb b/updater/lib/dependabot/updater.rb index 596c6b434e..d1ad5522b6 100644 --- a/updater/lib/dependabot/updater.rb +++ b/updater/lib/dependabot/updater.rb @@ -854,11 +854,10 @@ def handle_dependabot_error(error:, dependency:) # info such as file contents or paths. This information is already # in the job logs, so we send a breadcrumb to Sentry to retrieve those # instead. - msg = "Dependency update process failed, please check the job logs" - Raven.capture_exception( - SubprocessFailed.new(msg, raven_context: error.raven_context), - raven_context - ) + msg = "Subprocess #{error.raven_context[:fingerprint]} failed to run. Check the job logs for error messages" + sanitized_error = SubprocessFailed.new(msg, raven_context: error.raven_context) + sanitized_error.set_backtrace(error.backtrace) + Raven.capture_exception(sanitized_error, raven_context) { "error-type": "unknown_error" } when *Octokit::RATE_LIMITED_ERRORS From f3818d22239a5737ba26f0773963dfdcadb6722c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Wed, 7 Dec 2022 12:48:53 +0100 Subject: [PATCH 2/3] Aggregate git errors too --- common/lib/dependabot/file_updaters/vendor_updater.rb | 3 ++- common/lib/dependabot/shared_helpers.rb | 3 ++- github_actions/lib/dependabot/github_actions/update_checker.rb | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/common/lib/dependabot/file_updaters/vendor_updater.rb b/common/lib/dependabot/file_updaters/vendor_updater.rb index b108940371..a8fc743316 100644 --- a/common/lib/dependabot/file_updaters/vendor_updater.rb +++ b/common/lib/dependabot/file_updaters/vendor_updater.rb @@ -23,7 +23,8 @@ def updated_vendor_cache_files(base_directory:) # rubocop:enable Performance/DeletePrefix status = SharedHelpers.run_shell_command( - "git status --untracked-files all --porcelain v1 #{relative_dir}" + "git status --untracked-files all --porcelain v1 #{relative_dir}", + fingerprint: "git status --untracked-files all --porcelain v1 " ) changed_paths = status.split("\n").map(&:split) changed_paths.map do |type, path| diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb index 0537e0de08..d1c027749f 100644 --- a/common/lib/dependabot/shared_helpers.rb +++ b/common/lib/dependabot/shared_helpers.rb @@ -190,7 +190,8 @@ def self.configure_git_to_use_https_with_credentials(credentials, safe_directori run_shell_command( "git config --global credential.helper " \ "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'", - allow_unsafe_shell_command: true + allow_unsafe_shell_command: true, + fingerprint: "git config --global credential.helper ''" ) # see https://github.blog/2022-04-12-git-security-vulnerability-announced/ diff --git a/github_actions/lib/dependabot/github_actions/update_checker.rb b/github_actions/lib/dependabot/github_actions/update_checker.rb index b1d0c098b7..722587f393 100644 --- a/github_actions/lib/dependabot/github_actions/update_checker.rb +++ b/github_actions/lib/dependabot/github_actions/update_checker.rb @@ -252,7 +252,8 @@ def shortened_semver_eq?(base, other) def find_container_branch(sha) branches_including_ref = SharedHelpers.run_shell_command( - "git branch --remotes --contains #{sha}" + "git branch --remotes --contains #{sha}", + fingerprint: "git branch --remotes --contains " ).split("\n").map { |branch| branch.strip.gsub("origin/", "") } current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") } From 7839a7e3111fd361743d5e0591a910cc7ecbf97f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Wed, 7 Dec 2022 15:23:37 +0100 Subject: [PATCH 3/3] Aggregate terraform errors --- terraform/lib/dependabot/terraform/file_updater.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/terraform/lib/dependabot/terraform/file_updater.rb b/terraform/lib/dependabot/terraform/file_updater.rb index 7a4e69aaaa..e2cf3a8b9b 100644 --- a/terraform/lib/dependabot/terraform/file_updater.rb +++ b/terraform/lib/dependabot/terraform/file_updater.rb @@ -173,7 +173,10 @@ def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLe # Terraform will update the lockfile in place so we use a fresh lockfile for each lookup File.write(".terraform.lock.hcl", lockfile_hash_removed) - SharedHelpers.run_shell_command("terraform providers lock -platform=#{arch} #{provider_source} -no-color") + SharedHelpers.run_shell_command( + "terraform providers lock -platform=#{arch} #{provider_source} -no-color", + fingerprint: "terraform providers lock -platform= -no-color" + ) updated_lockfile = File.read(".terraform.lock.hcl") updated_hashes = extract_provider_h1_hashes(updated_lockfile, declaration_regex) @@ -228,7 +231,10 @@ def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metric File.write(".terraform.lock.hcl", lockfile_dependency_removed) - SharedHelpers.run_shell_command("terraform providers lock #{platforms} #{provider_source}") + SharedHelpers.run_shell_command( + "terraform providers lock #{platforms} #{provider_source}", + fingerprint: "terraform providers lock " + ) updated_lockfile = File.read(".terraform.lock.hcl") updated_dependency = updated_lockfile.scan(declaration_regex).first