ACF_PRO_KEY value not correctly passed to runner

Question

ACF_PRO_KEY value not correctly passed to runner

Qrious opened this issue 4 years ago · comments

When running Dependabot, it seems to mangle the provided ACF_PRO_KEY PHP environment variable, resulting in the following error:

Dependabot can't resolve your PHP dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

The "https://connect.advancedcustomfields.com/v2/plugins/download?p=pro&t=5.8.9&k=-" file > could not be downloaded (HTTP/1.1 404 Not Found)
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - > we'll do whatever we can to fix it.

We have created a public example repository in which this issue can be observed: https://github.com/pivvenit/bedrock-acf-example. This repository uses and old version of advanced-custom-fields/advanced-custom-fields (5.8.8, instead of 5.8.9).

The key is provided as config variable:

It is clear that the key is used, because if I remove it, i get a different error message (as expected from our installer plugin):

updater | ERROR <job_30180103> Error processing advanced-custom-fields/advanced-custom-fields-pro (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | ERROR <job_30180103> Could not find a license key for ACF PRO. No valid license key could be found

I've triple checked the provided license key multiple times, and recopied it several times, but to no avail. One thing that might be of interest is that our key ends with a '=' character, maybe this results in parsing issues on your end?

I've attached an example update log.
update_log.txt

If you need any other information, feel free to contact me.

Viktor Bijlenga · Answer 1 · Mon Apr 20 2020 22:48:50 GMT+0800 (China Standard Time)

We've noticed this error as well in all our repos that are using Dependabot + ACF Pro, so @Qrious is not alone with this problem.

Viktor Bijlenga · Answer 2 · Fri Apr 24 2020 16:07:37 GMT+0800 (China Standard Time)

Hi @feelepxyz - this Composer issue seems similar to #714, which was related to issues with config vars on the Dependabot side. Do you have the ability to take a look?

Philip Harrison · Answer 3 · Tue Apr 28 2020 20:50:40 GMT+0800 (China Standard Time)

@Qrious @viktorbijlenga ah looks like ACF have changed the URL used to serve up the download so we're no longer authenticating the request. Think it's a quick fix.

Qrious · Answer 4 · Tue Apr 28 2020 20:53:39 GMT+0800 (China Standard Time)

@feelepxyz Thanks, please keep in mind that the old URL is still used by people that are not on the latest versions. so I'd suggest to whitelist the entire (root)domain?

Philip Harrison · Answer 5 · Tue Apr 28 2020 20:58:14 GMT+0800 (China Standard Time)

@Qrious yep good shout, doing that.

Viktor Bijlenga · Answer 6 · Thu Apr 30 2020 16:41:59 GMT+0800 (China Standard Time)

This issue seems to be resolved now, since I've seen new pull requests from Dependabot in our affected repos today. I've also checked my fork of @Qrious testing repo, which also works great. So I think you can close this now @feelepxyz, if not @Qrious has any more input.

Thanks for making developing easier, love Dependabot 😍

Qrious · Answer 7 · Thu Apr 30 2020 17:32:29 GMT+0800 (China Standard Time)

I can confirm this works correctly now, so i'll close this issue. Thank you very much 👍