Skip to content

fix: handle invalid YAML in existing dependabot config gracefully #526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jmeridth merged 5 commits into from
Mar 31, 2026
Merged

fix: handle invalid YAML in existing dependabot config gracefully #526

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3bd6225
fix: return None instead of re-raising on invalid YAML in existing de…
jmeridth Mar 29, 2026
2b558c4
fix: move None guard above yaml.dump to avoid writing null to debug file
jmeridth Mar 29, 2026
68e49b0
fix: Update dependabot_file.py
jmeridth Mar 31, 2026
2d2d081
fix: restore return None and remove duplicate print in YAML error han…
jmeridth Mar 31, 2026
3aaf4db
fix: use generic "Skipping repository" message when dependabot_file i…
jmeridth Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dependabot_file.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ def build_dependabot_file(
dependabot_file = yaml.load(base64.b64decode(existing_config.content))
except ruamel.yaml.YAMLError as e:
print(f"YAML indentation error: {e}")
raise
print(f"YAML parsing error in existing dependabot config: {e}")
Comment thread
jmeridth marked this conversation as resolved.
Comment thread
jmeridth marked this conversation as resolved.
else:
dependabot_file = copy.deepcopy(data)

Expand Down
8 changes: 4 additions & 4 deletions evergreen.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,10 @@ def main(): # pragma: no cover
cooldown,
)

if dependabot_file is None:
print("\tNo (new) compatible package manager found")
Comment thread
jmeridth marked this conversation as resolved.
Outdated
continue
Comment thread
jmeridth marked this conversation as resolved.

yaml = ruamel.yaml.YAML()
stream = io.StringIO()
yaml.indent(mapping=2, sequence=4, offset=2)
Expand All @@ -186,10 +190,6 @@ def main(): # pragma: no cover
with open("dependabot-output.yaml", "w", encoding="utf-8") as yaml_file:
yaml.dump(dependabot_file, yaml_file)

if dependabot_file is None:
print("\tNo (new) compatible package manager found")
continue

dependabot_file = yaml.dump(dependabot_file, stream)
dependabot_file = stream.getvalue()

Expand Down
31 changes: 27 additions & 4 deletions test_dependabot_file.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,29 @@ def test_build_dependabot_file_with_2_space_indent_existing_config_bundler_with_
)
self.assertEqual(result, expected_result)

def test_build_dependabot_file_with_duplicate_key_in_existing_config(self):
"""Test that a duplicate key in existing dependabot config returns None instead of crashing"""
repo = MagicMock()
repo.file_contents.side_effect = lambda f, filename="Gemfile": f == filename

existing_config = MagicMock()
existing_config.content = base64.b64encode(b"""
version: 2
updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "daily"
schedule:
interval: "weekly"
day: "friday"
""")

result = build_dependabot_file(
repo, False, [], {}, existing_config, "weekly", "", [], None
)
self.assertIsNone(result)

def test_build_dependabot_file_with_weird_space_indent_existing_config_bundler_with_update(
self,
):
Expand All @@ -152,10 +175,10 @@ def test_build_dependabot_file_with_weird_space_indent_existing_config_bundler_w
prefix: "chore(deps)"
""")

with self.assertRaises(ruamel.yaml.YAMLError):
build_dependabot_file(
repo, False, [], {}, existing_config, "weekly", "", [], None
)
result = build_dependabot_file(
repo, False, [], {}, existing_config, "weekly", "", [], None
)
self.assertIsNone(result)

def test_build_dependabot_file_with_incorrect_indentation_in_extra_dependabot_config_file(
self,
Expand Down
Loading