Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Grouped updates] Incorrect "Skipping <dependency> as it has already been handled by a previous group" #11093

Open
1 task done
edmorley opened this issue Dec 10, 2024 · 0 comments
Labels
L: github:actions GitHub Actions L: go:modules Golang modules L: rust:cargo Rust crates via cargo T: bug 🐞 Something isn't working

Comments

@edmorley
Copy link

edmorley commented Dec 10, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Cargo

Package manager version

1.83

Language version

1.83

Manifest location and content before the Dependabot update

https://github.com/heroku/buildpacks-procfile/blob/7cded99455a9d57d998d1f986b7ad1252ae7f0d6/Cargo.toml

dependabot.yml content

https://github.com/heroku/buildpacks-procfile/blob/7cded99455a9d57d998d1f986b7ad1252ae7f0d6/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

I expected Dependabot to open a grouped PR for the "libcnb" group, containing updates to three packages: libcnb, libcnb-test and libherokubuildpack.

Instead, no PR was opened, and in the Dependabot logs I see an incorrect message about the dependencies having been handled in a previous group:

updater | 2024/12/10 11:08:54 INFO <job_930479970> Skipping libcnb as it has already been handled by a previous group
2024/12/10 11:08:54 INFO <job_930479970> Skipping libherokubuildpack as it has already been handled by a previous group
...
updater | 2024/12/10 11:08:54 INFO <job_930479970> Skipping libcnb-test as it has already been handled by a previous group

(see https://github.com/heroku/buildpacks-procfile/actions/runs/12254836672/job/34186616891)

This is not the first time we've had strange behaviour around groups (eg PRs not opening when expected, or else one of the libcnb packages appearing in the fallback "rust-dependencies" group, rather than the "libcnb" group that's been defined for them).

IMO there is a race condition or similar here, which is meaning the "groups are applied in the order they are defined in the Dependabot config" rule is not applied consistently, for cases where the criteria for the groups are overlapping. (eg the Dependencies sometimes get associated with the wrong group)

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

@edmorley edmorley added the T: bug 🐞 Something isn't working label Dec 10, 2024
@github-actions github-actions bot added L: github:actions GitHub Actions L: go:modules Golang modules L: rust:cargo Rust crates via cargo labels Dec 10, 2024
edmorley added a commit to heroku/buildpacks-python that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-python that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-ruby that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-procfile that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-php that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-go that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-dotnet that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-deb-packages that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-nodejs that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-jvm that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/languages-github-actions that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-procfile that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-go that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-deb-packages that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-nodejs that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-jvm that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/languages-github-actions that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-dotnet that referenced this issue Dec 10, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
schneems pushed a commit to heroku/buildpacks-ruby that referenced this issue Dec 11, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
edmorley added a commit to heroku/buildpacks-ruby that referenced this issue Dec 11, 2024
To work around this Dependabot bug:
dependabot/dependabot-core#11093
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
L: github:actions GitHub Actions L: go:modules Golang modules L: rust:cargo Rust crates via cargo T: bug 🐞 Something isn't working
Projects
Status: No status
Development

No branches or pull requests

1 participant