Skip to content

Capture update_job warnings as well as errors#622

Merged
brrygrdn merged 1 commit into
mainfrom
brrygrdn/capture-uj-warnings
May 20, 2026
Merged

Capture update_job warnings as well as errors#622
brrygrdn merged 1 commit into
mainfrom
brrygrdn/capture-uj-warnings

Conversation

@brrygrdn
Copy link
Copy Markdown
Collaborator

@brrygrdn brrygrdn commented May 20, 2026
edited
Loading

When running the update_graph command in core, we have some scenarios that now produce calls to record_update_job_warnings instead of record_update_job_errors to record non-blocking problems during a run.

I'd like to add smoke-tests for some of these scenarios to dependabot/smoke-tests but first I need to add support here.

Example run

go run ./... test -f ../smoke-tests/tests/smoke-go-graph-private-no-creds.yaml

updater | {
updater |   "version": 1,
updater |   "sha": "6c7557f98092fee58a96b9f4cb1a0ec7e2472cb1",
updater |   "ref": "refs/heads/main",
updater |   "job": {
updater |     "correlator": "dependabot-go_modules-b643eab7160a61359bf52d40168d2deea7204e06d8e27384d7f27f461fc70bc1",
updater |     "id": "cli"
updater |   },
updater |   "detector": {
updater |     "name": "dependabot",
updater |     "version": "0.377.0",
updater |     "url": "https://github.com/dependabot/dependabot-core"
updater |   },
updater |   "manifests": {
updater |     "/go/graphs/private-packages-without-credentials/go.mod": {
updater |       "name": "/go/graphs/private-packages-without-credentials/go.mod",
updater |       "file": {
updater |         "source_location": "go/graphs/private-packages-without-credentials/go.mod"
updater |       },
updater |       "metadata": {
updater |         "ecosystem": "golang",
updater |         "blob_oid": "e9cbb2d39390e5a370d1fe3a94437f16e539878f"
updater |       },
updater |       "resolved": {
updater |         "pkg:golang/github.com/dependabot/sekret-project@v0.1.0": {
updater |           "package_url": "pkg:golang/github.com/dependabot/sekret-project@v0.1.0",
updater |           "relationship": "direct",
updater |           "scope": "runtime",
updater |           "dependencies": []
updater |         }
updater |       }
updater |     }
updater |   },
updater |   "metadata": {
updater |     "status": "degraded",
updater |     "reason": "error fetching sub-dependencies",
updater |     "scanned_manifest_path": "golang::/go/graphs/private-packages-without-credentials"
updater |   }
updater | }

input:
    job:
        command: graph
        package-manager: go_modules
        allowed-updates:
            - update-type: all
        source:
            provider: github
            repo: dependabot/smoke-tests
            directories:
                - /go/graphs/private-packages-without-credentials
            commit: 6c7557f98092fee58a96b9f4cb1a0ec7e2472cb1
            hostname: github.com
            api-endpoint: https://api.github.com
    credentials:
        - host: github.com
          password: $LOCAL_GITHUB_ACCESS_TOKEN
          type: git_source
          username: x-access-token
output:
    - type: record_update_job_warning
      expect:
        data:
            warn-type: dependency_graph_incomplete
            warn-title: dependency graph incomplete
            warn-description: 'The dependency graph may be incomplete. The following git URLs could not be retrieved: github.com/dependabot/sekret-project'
    - type: create_dependency_submission
      expect:
        data:
            version: 1
            sha: 6c7557f98092fee58a96b9f4cb1a0ec7e2472cb1
            ref: refs/heads/main
            job:
                correlator: dependabot-go_modules-b643eab7160a61359bf52d40168d2deea7204e06d8e27384d7f27f461fc70bc1
                id: cli
            detector:
                name: dependabot
                url: https://github.com/dependabot/dependabot-core
                version: 0.377.0
            manifests:
                /go/graphs/private-packages-without-credentials/go.mod:
                    file:
                        source_location: go/graphs/private-packages-without-credentials/go.mod
                    metadata:
                        blob_oid: e9cbb2d39390e5a370d1fe3a94437f16e539878f
                        ecosystem: golang
                    name: /go/graphs/private-packages-without-credentials/go.mod
                    resolved:
                        pkg:golang/github.com/dependabot/sekret-project@v0.1.0:
                            dependencies: []
                            package_url: pkg:golang/github.com/dependabot/sekret-project@v0.1.0
                            relationship: direct
                            scope: runtime
            metadata:
                reason: error fetching sub-dependencies
                scanned_manifest_path: golang::/go/graphs/private-packages-without-credentials
                status: degraded
    - type: mark_as_processed
      expect:
        data:
            base-commit-sha: 6c7557f98092fee58a96b9f4cb1a0ec7e2472cb1

@brrygrdn brrygrdn requested review from a team as code owners May 20, 2026 12:37
@brrygrdn brrygrdn added this pull request to the merge queue May 20, 2026
Merged via the queue into main with commit f1c9278 May 20, 2026
260 of 281 checks passed
@brrygrdn brrygrdn deleted the brrygrdn/capture-uj-warnings branch May 20, 2026 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Nishnha Nishnha Nishnha approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brrygrdn @Nishnha