Failing to analyze - with Cargo failed to resolve dependencies for path 'rust-client/Cargo.toml': NoSuchElementException: Collection contains no element matching the predicate.
avifenesh opened this issue · comments
When running analyze on our project with githubactions we get 07:49:06.333 [DefaultDispatcher-worker-2] ERROR org.ossreviewtoolkit.analyzer.PackageManager - Cargo failed to resolve dependencies for path 'rust-client/Cargo.toml': NoSuchElementException: Collection contains no element matching the predicate. Error.
The error doesn't indicate which dependency exactly it fails on, but even when trying to remove each dependency at a time and also all of the dependencies the error keep occurring, even with an empty file.
Iv'e tried to both use ORT from source and both using gradlew, both are failing the same.
The issue started about a week+ ago without any changes to the relevant files from our side.
Our project: glide-for-redis
Cargo.toml:
[package]
name = "glide-rs"
version = "0.1.0"
edition = "2021"
license = "Apache-2.0"
authors = ["Amazon Web Services"]
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[lib]
crate-type = ["cdylib"]
[dependencies]
redis = { path = "../../submodules/redis-rs/redis", features = ["aio", "tokio-comp", "tokio-rustls-comp"] }
glide-core = { path = "../../glide-core", features = ["socket-layer"] }
tokio = { version = "1", features = ["rt", "macros", "rt-multi-thread", "time"] }
napi = {version = "2.14", features = ["napi4", "napi6"] }
napi-derive = "2.14"
logger_core = {path = "../../logger_core"}
byteorder = "1.4.3"
num-traits = "0.2.17"
num-bigint = { version = "0.4.4", optional = true }
[target.'cfg(not(target_env = "msvc"))'.dependencies]
tikv-jemallocator = {version = "0.5.4", features = ["disable_initial_exec_tls"] }
[build-dependencies]
napi-build = "2.0.1"
[profile.release]
lto = true
debug = true
[features]
testing_utilities = ["num-bigint"]
The actions:
name: The OSS Review Toolkit (ORT)
on:
schedule:
- cron: "0 0 * * *"
pull_request:
paths:
- .github/workflows/ort.yml
- .github/workflows/run-ort-tools/action.yml
- utils/get_licenses_from_ort.py
workflow_dispatch:
inputs:
branch:
description: 'The branch to run against the ORT tool'
required: true
version:
description: 'The release version of GLIDE'
required: true
jobs:
run-ort:
if: github.repository_owner == 'aws'
name: Create attribution files
runs-on: ubuntu-latest
strategy:
fail-fast: false
env:
PYTHON_ATTRIBUTIONS: "python/THIRD_PARTY_LICENSES_PYTHON"
NODE_ATTRIBUTIONS: "node/THIRD_PARTY_LICENSES_NODE"
RUST_ATTRIBUTIONS: "glide-core/THIRD_PARTY_LICENSES_RUST"
steps:
- name: Set the release version
shell: bash
run: |
export version=`if [ "$EVENT_NAME" == 'schedule' ] || [ "$EVENT_NAME" == 'pull_request' ]; then echo '255.255.255'; else echo "$INPUT_VERSION"; fi`
echo "RELEASE_VERSION=${version}" >> $GITHUB_ENV
env:
EVENT_NAME: ${{ github.event_name }}
INPUT_VERSION: ${{ github.event.inputs.version }}
- name: Set the base branch
run: |
export BASE_BRANCH=`if [ "$EVENT_NAME" == 'schedule' ]; then echo 'main'; elif [ "$EVENT_NAME" == 'workflow_dispatch' ]; then echo "$INPUT_BRANCH"; else echo ""; fi`
echo "Base branch is: ${BASE_BRANCH}"
echo "BASE_BRANCH=${BASE_BRANCH}" >> $GITHUB_ENV
env:
EVENT_NAME: ${{ github.event_name }}
INPUT_BRANCH: ${{ github.event.inputs.branch }}
- name: Checkout
uses: actions/checkout@v4
with:
submodules: "true"
ref: ${{ env.BASE_BRANCH }}
- name: Set up JDK 11 for the ORT package
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: 11
- name: Cache ORT and Gradle packages
uses: actions/cache@v4
id: cache-ort
with:
path: |
./ort
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-ort
- name: Checkout ORT Repository
if: steps.cache-ort.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: "oss-review-toolkit/ort"
path: "./ort"
ref: main
submodules: recursive
- name: Checkout ORT latest release tag
if: steps.cache-ort.outputs.cache-hit != 'true'
working-directory: ./ort/
run: |
# Get new tags from remote
git fetch --tags
# Get latest tag name
LATEST_TAG=$(git describe --tags "$(git rev-list --tags --max-count=1)")
# Checkout latest tag
git checkout $LATEST_TAG
- name: Install ORT
if: steps.cache-ort.outputs.cache-hit != 'true'
working-directory: ./ort/
run: |
export JAVA_OPTS="$JAVA_OPTS -Xmx8g"
./gradlew installDist
- name: Create ORT config file
run: |
mkdir -p ~/.ort/config
cat << EOF > ~/.ort/config/config.yml
ort:
analyzer:
allowDynamicVersions: true
enabledPackageManagers: [Cargo, NPM, PIP]
EOF
cat ~/.ort/config/config.yml
### NodeJS ###
- name: Set up Node.js 16.x
uses: actions/setup-node@v4
with:
node-version: 16.x
- name: Create package.json file for the Node wrapper
uses: ./.github/workflows/node-create-package-file
with:
release_version: ${{ env.RELEASE_VERSION }}
os: "ubuntu-latest"
- name: Fix Node base NPM package.json file for ORT
working-directory: ./node/npm/glide
run: |
# Remove the glide-rs dependency to avoid duplication
sed -i '/ "glide-rs":/d' ../../package.json
export pkg_name=glide-for-redis-base
export package_version="${{ env.RELEASE_VERSION }}"
export scope=`if [ "$NPM_SCOPE" != '' ]; then echo "$NPM_SCOPE/"; fi`
mv package.json package.json.tmpl
envsubst < package.json.tmpl > "package.json"
cat package.json
- name: Run ORT tools for Node
uses: ./.github/workflows/run-ort-tools
with:
folder_path: "${{ github.workspace }}/node"
And:
name: Run the OSS review tool
inputs:
folder_path:
description: "The root folder to run the ORT tool from"
required: true
type: string
runs:
using: "composite"
steps:
- name: Run ORT tools
working-directory: ./ort/
shell: bash
run: |
echo "Running ORT tools for ${{ inputs.folder_path }}"
FOLDER=${{ inputs.folder_path }}
mkdir $FOLDER/ort_results
# Analyzer (analyzer-result.json)
./gradlew cli:run --args="analyze -i $FOLDER -o $FOLDER/ort_results -f JSON"
# NOTICE DEFAULT
./gradlew cli:run --args="report -i $FOLDER/ort_results/analyzer-result.json -o $FOLDER/ort_results/ -f PlainTextTemplate"
Iv'e tried:
Make sure that locale lang is fine.
Generating cargo.lock before analyzing.
Removing any comments from cargo file.
Sync submuodoles.
Deleting each dependencies at a time, and all of them together.
And more..
Any help or hint will be great.
Thanks!
Thanks for the report! I believe to know what the problem is. But just to double-check, which version of Cargo are you using?
Which one i use generally for development or which one is in use by this action?
In the action i believe it takes it from the tool. In development i use what come out of the box using rustup, i believe it is the last stable version.
Nevermind, I've found out that the issue is caused by a change of package IDs in Cargo 1.77. I'll work on a fix. For now, downgrading to Cargo 1.76 works around the issue.
Thanks a lot. Will be happy to know when this issue is fixed.
How can i tell the tool which cargo version to use? Should i install it separately?
ORT will use whatever tool version is available in the environment.
In any case, #8497 is supposed to fix this specific issue, but as a follow-up I'm running into redis-rs/redis-rs#1143 and a variant of the issue that #6533 tries to address.