Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private registry error handling. #11724

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Private registry error handling. #11724

wants to merge 1 commit into from

Conversation

thavaahariharangit
Copy link
Contributor

What are you trying to accomplish?

Currently, if the private registry returns an error, Dependabot falls back to the global registry to fetch dependencies. Based on the discussion with the team, in this PR, I am now throwing an error and informing the customer that there was an issue accessing the configured registry.

Anything you want to highlight for special attention from reviewers?

The PR is not yet complete.

  1. I still need to discuss with the team regarding which error should be thrown.
  2. RSpec tests have not been implemented yet.
  3. I need to have a discussion with @jakecoffman since he has implemented the fallback logic.

How will you know you've accomplished your goal?

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@thavaahariharangit thavaahariharangit requested a review from a team as a code owner March 4, 2025 13:49
randhircs
randhircs approved these changes Mar 4, 2025
View reviewed changes
Copy link
Member

@randhircs randhircs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned , separate pull request for complete fix. I approve it.

abdulapopoola
abdulapopoola reviewed Mar 4, 2025
View reviewed changes
npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb
@@ -86,6 +86,10 @@ def first_registry_with_dependency_details
headers: auth_header_for(details["token"])
)
response.status < 400 && JSON.parse(response.body)
if response.status >= 400
raise DependencyFileNotResolvable,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you dig into where known_registries is set? It should only be a private registry if a private registry is set

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it is,
image

However, I see that a fallback logic has been implemented by @jakecoffman (see line 102). That's why I requested his review on these changes.

image

@jakecoffman
Copy link
Member

I need to have a discussion with @jakecoffman since he has implemented the fallback logic.

I'm not sure how you came to that conclusion. The change I have in this section of code is #5840 where I wrote:

When a global registry is present in one of these files, Dependabot shouldn't make calls to registry.npmjs.org.

So I am in agreement that a private registry failure shouldn't end up calling the public registry. Maybe you should also have the other rescue in this block raise a DependencyFileNotResolvable too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abdulapopoola abdulapopoola abdulapopoola left review comments

@randhircs randhircs randhircs approved these changes

Assignees
No one assigned
Labels
L: javascript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thavaahariharangit @jakecoffman @abdulapopoola @randhircs