Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing Yarn1 erroring with failed to replace env #7767

Merged
merged 2 commits into from
Aug 9, 2023
Merged

Fixing Yarn1 erroring with failed to replace env #7767

merged 2 commits into from
Aug 9, 2023

Conversation

honeyankit
Copy link
Contributor

@honeyankit honeyankit commented Aug 8, 2023
edited
Loading

Context

If a repo has multiple .npmrc files, Dependabot only rewrites one of them to remove variables. NPM doesn't have an issue but Yarn 1 is not ok and errors out.

This issue was fixed in the PR but one of the edge case was to leading to raise the issue again.

Edge case:
User root dir contained the .npmrc file with it's sub-dir (foo/bar/foo1/bar1/yarn.lock). The Dependabot npm job was failing for path /foo/bar/foo1/bar1 with the below error:

updater | 2023/07/13 16:04:33 ERROR <job_694149843> Failed to replace env in config: ${ARTIFACTORY_PASSWORD}
updater | 2023/07/13 16:04:33 ERROR <job_694149843> /home/dependabot/common/lib/dependabot/shared_helpers.rb:131:in `run_helper_subprocess'
updater | 2023/07/13 16:04:33 ERROR <job_694149843> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:191:in `run_yarn_top_level_updater'
updater | 2023/07/13 16:04:33 ERROR <job_694149843> /home/dependabot/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:114:in `block (2 levels) in run_yarn_updater'

Approach

The modified code now checks all the parent directories for .npmrc files, whereas the previous code used to stopped, if a directory did not have one. Now I have removed the break statement and continually performing dirs.pop in each iteration, the loop in the modified code advances up to the root directory. This modification make sures that all relevant .npmrc files are addressed. Also a minor regex change was done in the gsub technique for non-greedy matching.

@honeyankit honeyankit requested a review from a team as a code owner August 8, 2023 22:18
@honeyankit honeyankit self-assigned this Aug 8, 2023
@honeyankit
Copy link
Contributor Author

I have test it with Dependabot CLI and it passes and creates the PR successfully

@honeyankit honeyankit mentioned this pull request Aug 8, 2023
Open
@honeyankit
Copy link
Contributor Author

Create a smoke test for the same: dependabot/smoke-tests#113

abdulapopoola
abdulapopoola reviewed Aug 8, 2023
View reviewed changes
npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb
@@ -380,9 +380,10 @@ def clean_npmrc_in_path(yarn_lock)
dirs.pop
while dirs.any?
npmrc = dirs.join("/") + "/.npmrc"
break unless File.exist?(npmrc)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this was breaking and not walking through the entire dirs right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. If the subdir did not contain the .npmrc file then it was breaking out. In such case if the repo root dir still had .npmrc file then error was getting raised.

deivid-rodriguez
deivid-rodriguez approved these changes Aug 9, 2023
View reviewed changes
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, nice catch!

Just had a question, purely out of curiosity!

npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb Show resolved Hide resolved
@honeyankit honeyankit force-pushed the honeyankit/fix-unknown-error-for-npm-private-registries branch from 196e48d to a5f61a9 Compare August 9, 2023 17:26
@honeyankit honeyankit force-pushed the honeyankit/fix-unknown-error-for-npm-private-registries branch from a5f61a9 to 642c17b Compare August 9, 2023 18:39
@honeyankit honeyankit merged commit bcead73 into main Aug 9, 2023
90 checks passed
@honeyankit honeyankit deleted the honeyankit/fix-unknown-error-for-npm-private-registries branch August 9, 2023 19:09
brettfo pushed a commit to brettfo/dependabot-core that referenced this pull request Oct 11, 2023
@honeyankit
Fixing Yarn1 erroring with failed to replace env (dependabot#7767)
1c9e228 
* Fixing Yarn1 erroring on parent npmrc files with undefined vars

* removed unwanted spaces
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deivid-rodriguez deivid-rodriguez deivid-rodriguez approved these changes

@abdulapopoola abdulapopoola abdulapopoola approved these changes

@jakecoffman jakecoffman Awaiting requested review from jakecoffman

Assignees

@honeyankit honeyankit

Labels
L: javascript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@honeyankit @abdulapopoola @deivid-rodriguez