Server Error

[jamime]

I am seeing the same error as #386 in that nested folders are not scanned.
The action exited with a success but no output.

2023-02-01T12:11:13.1721349Z ##[group]Run actions/dependency-review-action@v3
2023-02-01T12:11:13.1721586Z with:
2023-02-01T12:11:13.1721808Z   allow-licenses: MIT
2023-02-01T12:11:13.1722159Z   repo-token: ***
2023-02-01T12:11:13.1722367Z   fail-on-severity: low
2023-02-01T12:11:13.1722580Z   fail-on-scopes: runtime
2023-02-01T12:11:13.1722783Z ##[endgroup]
2023-02-01T12:11:36.2620407Z ##[debug]Node Action run completed with exit code 0

But as you can see there was no output.

I re-ran the job by closing and re-opening the PR and now I get a server error but with no information.

2023-02-01T12:19:44.9155116Z ##[group]Run actions/dependency-review-action@v3
2023-02-01T12:19:44.9155401Z with:
2023-02-01T12:19:44.9155651Z   allow-licenses: MIT
2023-02-01T12:19:44.9156004Z   repo-token: ***
2023-02-01T12:19:44.9156245Z   fail-on-severity: low
2023-02-01T12:19:44.9156492Z   fail-on-scopes: runtime
2023-02-01T12:19:44.9156725Z ##[endgroup]
2023-02-01T12:20:40.6476468Z ##[error]Server Error
2023-02-01T12:20:40.6521886Z ##[debug]Node Action run completed with exit code 1

I tried to reproduce this on a public repository but it works without a problem.

https://github.com/ChrisC-testorg/public-dependency-review/pull/1

Any ideas what could cause this, can we enable more logging to see what the server error is?

For context I'm trying to review all dependencies - so I'm copying the package files from different repositories. Is there another way to set the basehead to review all dependencies instead of just those that have changed - that would resolve this problem for me.

[jamime]

I raised a support ticket for this with information on how to reproduce the issue. Looks like the API is returning a 502.

#1993524

[fbjaras]

Any updates regarding this @jamime? We have the same (or at least a similar) issue with the action just failing with Server Error and no more info when running with debugging.

For context: we are moving around a lot of packages internally in a monorepo using yarn workspaces.

The actions seems really flaky and occasionally passes. but most of the time i get this error.

[febuiles]

@jamime @fbjaras are you able to use the Dependency Review API on the PRs where the Action fails? I'm guessing this is a server error, not something related to the Action, but it'd be good to have some confirmation before proceeding.

[fbjaras]

@jamime @fbjaras are you able to use the Dependency Review API on the PRs where the Action fails? I'm guessing this is a server error, not something related to the Action, but it'd be good to have some confirmation before proceeding.

Yes this also fails. I guess i should raise a support ticket for this as well then!
Thank you!

[febuiles]

I've created a new issue to track this: #398, closing this issue.

Contributions are always welcome. If you'd like to work on this enhancement please see our contributor's guide, or ping me directly!

[dzmitry-lahoda]

I started to get same issue for some reason. I did nothing. No new deps or something. Just started to get error.

[febuiles]

@dzmitry-lahoda do you have a public repo where this behavior can be seen? Are you able to hit the API directly?

[dzmitry-lahoda]

ComposableFi/composable#3790

https://github.com/ComposableFi/composable/actions/runs/5568024051/jobs/10172706662

It was success on 5 or 6 retry.

Here is example debug enabled log

logs_76923.zip

I think I saw issue when I deleted many files (like 100+, may be 1000). Like big diff fails deps bot.

[febuiles]

@dzmitry-lahoda thanks for the extra details. I can see that the timeout is coming from the GitHub API and not the Action itself:

$ gh api -H "Accept: application/vnd.github+json" repos/ComposableFI/composable/dependency-graph/compare/main...4c50abd
{
  "message": "Server Error"
}
gh: Server Error (HTTP 502)