-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go_modules doesn't update vendor folder when vendoring is enabled #3380
Comments
Are you using the GH native version of dependabot or dependabot-preview? I don't believe vendoring currently works in preview, and I would suggest updating to the GH native version. If this happens in the native version, could you link to the pull request in question (or contact support if this is happening in a private repo) |
@jurre I'm using https://gitlab.com/dependabot-gitlab/dependabot |
Ah, that is not a project that we maintain, so I'm afraid I can't help here. You should contact the author, if they run into things I'm happy to provide some guidance on how to deal with vendoring from a dependabot-core point of view. |
@jurre That project includes dependabot-core directly, the only thing it does is making it interact with Gitlab. |
@jurre Sorry, my bad, it does look like it has some own config parsing logic... I'll open an issue over there. Also, hello fellow Stadjer :) |
👋! There needs to be some level of interop, dependabot-core by itself cannot open any pull requests, it needs to be orchestrated somehow, and that code will need to figure out when/how to deal with vendored code. I don't know the dependabot-gitlab codebase, so I can't point to exactly where the changes will need to be made. For the GitHub service, we check this, which returns |
Thanks for the extra information, I'll try to get this implemented correctly in dependabot-gitlab! |
Actually, while checking the code it looks like the current version of dependabot-core doesn't even use those options: It checks the content of the repo to decide whether it should vendor or not, so I don't think it's a config option 🤔 |
Yep that's what I was trying to get at in my previous version. For go modules we use the The code in dependabot-gitlab will have to set up a place for the repo to be cloned into, and pass that location on to other parts of the update process. |
Yep, think I have found the problem: Looks like it currently does not have the ability to clone the repo. I hoped this would have been an easy fix 😥 |
@jurre it looks like cloning is also required for |
Bundler currently doesn't always clone, it only clones when vendoring is configured |
Thanks :) I think we can replicate that behavior then. |
Package manager/ecosystem
go_modules
Manifest contents prior to update
github.com/buger/jsonparser v1.0.0
Updated dependency
github.com/buger/jsonparser v1.1.1
What you expected to see, versus what you actually saw
The go.mod and go.sum get updated in the MR, but the vendor folder isn't, causing the MR to fail because the modules.txt in the vendor folder doesn't match the go.mod/go.sum files.
The text was updated successfully, but these errors were encountered: