Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Raise DependencyFileUnsupported error when API returns matching 400 error #11438

Merged
merged 3 commits into from
Jan 30, 2025
Merged

Raise DependencyFileUnsupported error when API returns matching 400 error #11438

merged 3 commits into from
Jan 30, 2025

Conversation

amazimbe
Copy link
Contributor

@amazimbe amazimbe commented Jan 29, 2025
edited
Loading

What are you trying to accomplish?

Handle the error below:

Dependabot::ApiError
{"errors":[{"status":400,"title":"Bad Request","detail":"The request contains invalid or unauthorized changes"}]}
dependabot-updater/lib/dependabot/api_client.rb in block in create_pull_request at line 44

so that it no longer appears in Sentry.

Anything you want to highlight for special attention from reviewers?

The above response is returned from dependabot-api UpdateJobs::CreatePullRequest.handle_invalid_dependency_files when the dependency files are invalid. There's not much we can do to prevent this API error but we need to handle it correctly so that it doesn't appear in Sentry as an Unknown Error.

How will you know you've accomplished your goal?

The above error won't appear in Sentry anymore.

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@amazimbe amazimbe self-assigned this Jan 29, 2025
@amazimbe amazimbe marked this pull request as ready for review January 29, 2025 13:06
@amazimbe amazimbe requested a review from a team as a code owner January 29, 2025 13:06
@amazimbe amazimbe force-pushed the amazimbe/handle-dependabot-api-error branch from a970126 to 1b1db67 Compare January 29, 2025 13:24
@amazimbe amazimbe force-pushed the amazimbe/handle-dependabot-api-error branch from 1b1db67 to 842792f Compare January 29, 2025 13:34
@amazimbe amazimbe force-pushed the amazimbe/handle-dependabot-api-error branch from 9bbba7a to 2d09583 Compare January 29, 2025 13:57
markhallen
markhallen reviewed Jan 29, 2025
View reviewed changes
updater/lib/dependabot/api_client.rb
@@ -18,10 +20,11 @@
module Dependabot
class ApiError < StandardError; end

class ApiClient
class ApiClient # rubocop:disable Metrics/ClassLength
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, we could satisfy the cop if we extracted some logic out into it's own method

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the class length so we would have to extract a mixin but then extracting a mixin just for this would probably not be worth it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should really make an effort to adhere by the suggestions from rubocop rather than disable them. Especially for a core class that is shared across ecosystems.

sachin-sandhu
sachin-sandhu approved these changes Jan 29, 2025
View reviewed changes
Copy link
Contributor

@sachin-sandhu sachin-sandhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on discussion

abdulapopoola
abdulapopoola reviewed Jan 29, 2025
View reviewed changes
updater/lib/dependabot/api_client.rb
extend T::Sig

MAX_REQUEST_RETRIES = 3
INVALID_REQUEST_MSG = /The request contains invalid or unauthorized changes/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you know why we do this?

Copy link
Contributor Author

@amazimbe amazimbe Jan 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To quote the API code, it's because we are trying to update GitHub Actions workflow files when our package manager is not github_actions or the dependency file is not one of the files specified in the allowed list .

It was added as a fix to prevent any potential security issues raised in issue

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Adding @honeyankit as a reviewer.

@amazimbe amazimbe force-pushed the amazimbe/handle-dependabot-api-error branch from 687b097 to af341c1 Compare January 30, 2025 09:19
@amazimbe amazimbe merged commit d90e71d into main Jan 30, 2025
126 of 128 checks passed
@amazimbe amazimbe deleted the amazimbe/handle-dependabot-api-error branch January 30, 2025 10:08
sachin-sandhu pushed a commit that referenced this pull request Jan 31, 2025
@amazimbe @sachin-sandhu
Raise DependencyFileUnsupported error when API returns matching 400 e…
2da605d 
…rror (#11438)

* Raise DependencyFileUnsupported error when API returns matching error

* Fix flaky tests that fail every time the versions on the container are updated

* Rubocop line length fix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abdulapopoola abdulapopoola abdulapopoola left review comments

@markhallen markhallen markhallen left review comments

@sachin-sandhu sachin-sandhu sachin-sandhu approved these changes

@thavaahariharangit thavaahariharangit Awaiting requested review from thavaahariharangit

@honeyankit honeyankit Awaiting requested review from honeyankit

Assignees

@amazimbe amazimbe

Labels
L: devcontainers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amazimbe @markhallen @abdulapopoola @sachin-sandhu