dependabot
cargo: dependabot's cargo toml parser fails, but the toml is valid and accepted by cargo
Package manager/ecosystem cargo
Manifest contents prior to update The file in question is:
[package]
name = "mc-sgx-epid-types"
version = "1.0.0"
authors = ["MobileCoin"]
description = "EPID FFI types for Intel SGX SDK."
readme = "README.md"
edition = "2018"
[features]
default = ["use_serde", "use_prost"]
use_serde = [
"serde",
"mc-sgx-core-types/use_serde",
"mc-util-repr-bytes/serde"
]
use_prost = [
"bytes",
"prost",
"mc-sgx-core-types/use_prost",
"mc-util-repr-bytes/prost"
]
[dependencies]
mc-util-encodings = { path = "../../util/encodings" }
mc-util-from-random = { path = "../../util/from-random" }
mc-util-repr-bytes = { path = "../../util/repr-bytes", default-features = false, features = ["alloc"] }
mc-sgx-core-types = { path = "../core-types", default-features = false }
mc-sgx-core-types-sys = { path = "../core-types-sys" }
mc-sgx-epid-types-sys = { path = "../epid-types-sys" }
base64 = "0.12"
bytes = { version = "0.5", optional = true , default-features = false}
hex = "0.4"
hex_fmt = "0.3"
prost = { version = "0.6.1", optional = true, default-features = false }
rand_core = "0.5"
serde = { version = "1.0", optional = true, default-features = false, features = ["alloc", "derive"] }
subtle = { version = "2.2", default-features = false, features = ["i128"] }
[dev-dependencies]
bincode = "1.2"
rand_hc = "0.2"
https://github.com/mobilecoinofficial/mobilecoin/blob/20f701b8289ea0fe0df1c63e0aa433e60c853fdb/sgx/epid-types/Cargo.toml#L1
What you expected to see, versus what you actually saw
cargo accepts our cargo.toml file and builds our project fine, but dependabot fails without a clear explanation: dependabot fails to run in our repository, reporting an error:
Dependabot can't parse your Cargo.toml
Dependabot couldn't parse the Cargo.toml found at /sgx/epid-types/Cargo.toml.
The error Dependabot encountered was:
Dependabot::DependencyFileNotParseable
The dependabot log shows:
proxy | 2020/09/24 06:40:58 [108] GET https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-sys/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
proxy | 2020/09/24 06:40:58 * authenticating github api request
proxy | 2020/09/24 06:40:58 [108] 200 https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-sys/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
proxy | 2020/09/24 06:40:58 [110] GET https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-types/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
proxy | 2020/09/24 06:40:58 * authenticating github api request
proxy | 2020/09/24 06:40:58 [110] 200 https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-types/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
updater | ERROR <job_63390675> Error during file fetching; aborting
updater | INFO <job_63390675> Finished job processing
updater | time="2020-09-24T06:40:59Z" level=info msg="task complete" container_id=job-63390675-file-fetcher exit_code=0 job_id=63390675 step=fetcher
updater | time="2020-09-24T06:40:59Z" level=warning msg="failed during fetch, skipping updater" job_id=63390675
Ideally: (1) dependabot would parse our file (2) dependabot would give a more specific explanation of why parsing failed, like a line / character number at which it didn't accept the toml. otherwise it's hard to act on this from our end
this was triaged by running the dependabot parser "citrus.rb" locally, see here: https://github.com/mobilecoinofficial/mobilecoin/pull/512
it would be great if dependabot can forward the error message from the parser library that it is using, to the user of dependabot
I can't reproduce this error, I think I fixed this upstream earlier this year: https://github.com/emancu/toml-rb/pull/138
Let me know if you're still having issues.