Private pip registries not working

[DanielKnutsen]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

pip

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
registries:
pip-azure-artifacts:
type: 'python-index'
url: 'https://pkgs.dev.azure.com/removed_org/removed_project_id/_packaging/removed_feed_name/pypi/simple'
token: 'PAT:${{SYSTEM_TOKEN}}'
updates:

• package-ecosystem: 'pip'
  directory: '/'
  schedule:
  interval: 'daily'
  registries:
  • pip-azure-artifacts
    open-pull-requests-limit: 5
    target-branch: 'main'
    versioning-strategy: 'auto'
    insecure-external-code-execution: allow

Updated dependency

No response

What you expected to see, versus what you actually saw

I'm using the Azure Devops extension, but I suspect the problem is located in this code base (feel free to dismiss this if I'm wrong). As you can see from the attached dependabot.yml content I have specified my private pip registry as described in the documentation. More specifically I'm using the url key as opposed to index-url that was used previously. However, when I run the pipeline, all packages in the private registry fails to update with the error message highlighted in the logs below.

Here the code asks for index-url, should this maybe be url with the new config version?

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Smallest manifest that reproduces the issue

No response

[deivid-rodriguez]

Hi @DanielKnutsen!

I know this is confusing but while the publicly facing setting is url, Dependabot internally expects index-url as you observed. We have this discrepancy between publicly exposed names through config and internal namings in other places, and we should eventually reconcile things, but it is what it is now.

I think the easiest way to fix this for the moment would be at https://github.com/tinglesoftware/dependabot-azure-devops. In particular, properly a new special case around here: https://github.com/tinglesoftware/dependabot-azure-devops/blob/ea2ebb92e0d880e37752a5a428f42c65102d739e/extension/task/utils/parseConfigFile.ts#L281-L295.

Feel free to open an issue at https://github.com/tinglesoftware/dependabot-azure-devops and reference this ticket, so we can figure this out together.

[mburumaxwell]

This should now fixed in the extension repo via tinglesoftware/dependabot-azure-devops#526.

@deivid-rodriguez is there a place where this translations/transforms/mappings are documented or can be extracted?

[deivid-rodriguez]

Thanks for the fix @mburumaxwell! Unfortunately no, I'm finding about these discrepancies myself through issues like this one. We do plan to publish the configuration schema and eventually reconcile internal naming to match that, but not sure when we'll be able to get to that, so super appreciated that you fixed this on your side for now 🙏.

I'll close this, if something is not yet working for you @DanielKnutsen feel free to reach out!

[mburumaxwell]

Hopefully, it will be clearer some day.

[deivid-rodriguez]

Definitely!