Giters

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.

Home Page:https://docs.github.com/en/code-security/dependabot

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Private package causes GetAllPackageDependenciesAsync build failure, No packages exist with this id in source(s):

lukasz-pyrzyk opened this issue · comments

commented

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Nuget

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
registries:
  nuget-org:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json
  releases:
    type: nuget-feed
    url: https://company.com/nexus/repository/custom-repository-name/index.json
    username: ${{secrets.LOGIN}}
    password: ${{secrets.PASSWORD}}
updates:
  - package-ecosystem: "nuget"
    directory: "/"
    schedule:
      interval: "daily"
      time: "07:00"
      timezone: "Europe/Warsaw"
    open-pull-requests-limit: 10
    registries:
      - nuget-org
      - releases

Updated dependency

No response

What you expected to see, versus what you actually saw

During dependabot update of the any library in the project, for example Microsoft.Identity.Web from version 2.18.1 to 2.18.2, dependabot raises following command

/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/Project/Project.csproj --dependency Microsoft.Identity.Web --new-version 2.18.2 --previous-version 2.18.1 --verbose

That continues with:

updater |   No global.json files found.
  No dotnet-tools.json files found.
Running for project [/home/dependabot/dependabot-updater/repo/src/Project/Project.csproj]
  Running for SDK-style project
dotnet build in GetAllPackageDependenciesAsync failed. STDOUT: MSBuild version 17.8.3+195e7f5a3 for .NET

And it fails with information that private company packages cannot be resolved from nuget org

  Determining projects to restore...
/tmp/package-dependency-resolution_utbYG6/Project.csproj : error NU1101: Unable to find package Project.Http.Client. No packages exist with this id in source(s): nuget.org
/tmp/package-dependency-resolution_utbYG6/Project.csproj : error NU1101: Unable to find package Project.Messaging.ServiceBus. No packages exist with this id in source(s): nuget.org
  Failed to restore /tmp/package-dependency-resolution_utbYG6/Project.csproj (in 1.48 sec).

It looks like private source details are not used by the restore happening in the build process.

Environment:
Github Actions Runner for Linux x64 2.311.0
'github/dependabot-action@ghes-3.12' (SHA:867a767288b525c0b958f08538f5e61b9e5b3b93)

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Packages are defined in the Directory.Build.targets file

<?xml version="1.0" encoding="utf-8"?>
<Project>
  <PropertyGroup>
    <SharedVersion>11.6.1</SharedVersion>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Update="Project.Http.Client" Version="$(SharedVersion)" />
    <PackageReference Update="Project.Messaging.Client" Version="$(SharedVersion)" />
    
    <PackageReference Update="Microsoft.Identity.Web" Version="2.18.1" />
  </ItemGroup>
</Project>

Smallest manifest that reproduces the issue

No response

commented

Hi,

i confirm this issue
i have exactly the same problem, and i have a open case at GitHub support team

please fix as soon as possible

commented

Hi Team,

We are also facing this same issue in case of private GitHub nugget packages.
Please fix. This started happening from last 1-2 months, previously same was working fine.