Hex Test Failure: unknown or incorrect license key

Question

Hex Test Failure: unknown or incorrect license key

thavaahariharangit opened this issue 2 months ago · comments

Hariharan Thavachelvam commented 2 months ago

Hex test suite is failing due to unknown or incorrect license key.

https://github.com/dependabot/dependabot-core/actions/runs/9321367540/job/25660190764?pr=9868

Findings

Test trying to access the private registry : https://dependabot-private.fly.dev/ and failing due to unknown or incorrect license key
Looks like that registry was set up as part of #5043 by a contributor and now no longer exists, and we don't own it
The source for that private hex registry still exists at https://github.com/sorentwo/dependabot-private-repo, so we should be able to set up a new instance of it. (Primary focus of this ticket.)
We could also look into setting up request stubs or VCR for these tests, so that they do not rely on a private registry being available, but that only works if the native tooling isn't making these requests.

Action Required

Ensuring the hex tests use a stub
Addressing the tests running on draft PRs

Issue Identified in below PR.
#9868

Hariharan Thavachelvam · Answer 1 · Mon Jun 03 2024 19:27:30 GMT+0800 (China Standard Time)

Temporary fix is provided here

Jurre · Answer 2 · Mon Jun 03 2024 19:54:50 GMT+0800 (China Standard Time)

but that should probably be a separate issue in itself.

Is this not that issue? When I wrote this, I meant that the permanent fix should not be considered a part of the Rubocop changes.

Garry L Hurley Jr · Answer 3 · Tue Jun 04 2024 02:26:52 GMT+0800 (China Standard Time)

In order to pass the hex tests, I had to not only annotate them as skipped, but also comment them out. This is not an ideal solution. I commented out the entire context block in order to make them pass. This really needs a permanent solution as it is affecting other pull requests. I will add that these tests pass for me locally but not when they are marked as skipped.

Jurre · Answer 4 · Tue Jun 04 2024 20:34:04 GMT+0800 (China Standard Time)

In order to pass the hex tests, I had to not only annotate them as skipped, but also comment them out.

I doubt that that's accurate, if the skipped test is still getting ran that seems like an issue with how it is skipped.

Jurre · Answer 5 · Tue Jun 04 2024 20:36:38 GMT+0800 (China Standard Time)

We should look into running that Hex Registry Server on localhost in CI as part of the build process rather than having to rely on an externally hosted version. I think that we can't rely on stubbing or VCR here because a native Elixir process needs to access it. Running the server locally could be a viable option instead.

S.Sandhu · Answer 6 · Fri Jun 07 2024 12:15:47 GMT+0800 (China Standard Time)

@jurre ,
Was looking at registry hosting externally, is it a viable option in this context as dependabot is kind of open source. https://hex.pm/pricing