Dependabot action do not trigger with poetry repository
Rogalek opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
poetry
Package manager version
poetry 1.8
Language version
python 3.9
Manifest location and content before the Dependabot update
/poetry.lock or /pyproject.toml
dependabot.yml content
version: 2
registries:
python-codeartifact:
type: python-index
url: PRIVATE_URL
username: USER
password: ${{secrets.TOKEN}}
replaces-base: true
updates:
- package-ecosystem: 'pip'
directory: '/'
insecure-external-code-execution: allow
open-pull-requests-limit: 0
schedule:
interval: 'daily'
registries:
- python-codeartifact
reviewers:
- Rogalek
Updated dependency
No response
What you expected to see, versus what you actually saw
In my organization we have two kinds of repositories with two kinds of package dependency managers.
Pipfile and poetry.
For Pipfiles everything is working correctly, but for all repositories with poetry dependabot stopped creating PRs or do not mark security issues anymore.
I tried marking dependabot in my PRs (@dependabot), I also tried change dependabot.yml file to trigger it again but nothing is helping.
I thought it is maybe problem with poetry, so I ran dependabot cli against that repository and it worked, I got some logs from it:
Nothing wrong here.
My question is what is wrong and how I can fix that? Thanks
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response