dependabot-core
dependabot-core copied to clipboard
Published
20 hours ago •
dependabot
dependabot
Authentication not working with azure repositories
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
pip
Package manager version
No response
Language version
python 3.12
Manifest location and content before the Dependabot update
No response
dependabot.yml content
version: 2
registries:
python-azure:
type: python-index
url: https://pkgs.dev.azure.com/ORG_NAME/_packaging/ArtifactRepository/pypi/simple/
username: ORG_NAME
password: ${{secrets.PYTHON_REGISTRY_PKGS_DEV_AZURE_COM_ORG_NAME_PACKAGING_ARTIFACTR_PASSWORD}}
updates:
- package-ecosystem: "pip" # See documentation for possible values
directory: "/"
insecure-external-code-execution: allow
registries:
- python-azure
schedule:
interval: "weekly"
labels:
- "patch"
- "dependencies"
reviewers:
- TEAM_NAME
target-branch: "main"
Updated dependency
No response
What you expected to see, versus what you actually saw
What I expect to see
updater | 2024/02/07 16:00:10 INFO <job_784227778> Checking if fastapi needs updating
proxy | 2024/02/07 16:00:10 [015] GET https://pypi.org:443/simple/fastapi/
proxy | 2024/02/07 16:00:10 [015] 200 https://pypi.org:443/simple/fastapi/
proxy | 2024/02/07 16:00:11 [019] GET https://pkgs.dev.azure.com:443/ORG_NAME/_packaging/ArtifactRepository/pypi/simple/fastapi/
proxy | 2024/02/07 16:00:11 [019] * authenticating python index request (host: pkgs.dev.azure.com)
proxy | 2024/02/07 16:00:11 [019] 200 https://pkgs.dev.azure.com:443/ORG_NAME/_packaging/ArtifactRepository/pypi/simple/fastapi/
updater | 2024/02/07 16:00:11 INFO <job_784227778> Latest version is 0.109.2
Instead I get a 401 error saying it's not able to access the repository. I have verified that the tokens themselves work, and Dependabot itself is working on some repositories and not on others.
proxy | 2024/02/12 03:53:49 [047] GET https://pkgs.dev.azure.com:443/ORG_NAME/_packaging/ArtifactRepository/pypi/simple/PACKAGE_NAME/
proxy | 2024/02/12 03:53:49 [047] * authenticating python index request (host: pkgs.dev.azure.com)
proxy | 2024/02/12 03:53:49 [047] 200 https://pkgs.dev.azure.com:443/ORG_NAME/_packaging/ArtifactRepository/pypi/simple/PACKAGE_NAME/
proxy | 2024/02/12 03:53:49 [049] GET https://pkgs.dev.azure.com:443/ORG_NAME/_packaging/UPSTREAM_REPO/pypi/download/PACKAGE_NAME/0.0.1/PACKAGE_NAME-0.0.1-py3-none-any.whl
proxy | 2024/02/12 03:53:49 [049] 401 https://pkgs.dev.azure.com:443/ORG_NAME/_packaging/UPSTREAM_REPO/pypi/download/PACKAGE_NAME/0.0.1/PACKAGE_NAME-0.0.1-py3-none-any.whl
proxy | 2024/02/12 03:53:49 [049] Remote response: {"$id":"1","innerException":null,"message":"TF400813: The user 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.","typeName":"Microsoft.TeamFoundation.Framework.Server.UnauthorizedRequestException, Microsoft.TeamFoundation.Framework.Server","typeKey":"UnauthorizedRequestException","errorCode":0,"eventId":3000}
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
Additional Info
It is basically this same issue, but for Python
