dheeraj12347 commented on issue #12923:
URL: https://github.com/apache/cloudstack/issues/12923#issuecomment-4279569874
I looked into a few recent Dependabot PRs to see why they’re failing CI.
JS / UI PRs
#13036 (dompurify 3.2.6 → 3.4.0 in /ui):
build.yml passes; only “TestHook interrupted while sleeping” shows up in the
logs.
ui.yml fails in the codecov/codecov-action@v4 step. The Codecov CLI logs
show {"message":"Token required because branch is protected"} for the branch
dependabot/npm_and_yarn/ui/dompurify-3.4.0, and the action exits with code 1.
I don’t see npm ci / npm run build failing here, so this looks like a
Codecov + protected-branch issue, not a dompurify issue.
#12987 (fast-xml-parser 4.3.0 → 4.5.6 in /ui):
build.yml also passes with the same “TestHook interrupted while sleeping”
messages.
The red checks come from UI Build and simulator/coverage workflows, not from
the main Maven build.
Maven PRs
#12916 (maven-dependency-plugin 3.9.0 → 3.10.0):
ui.yml again fails at codecov/codecov-action@v4 with the same pattern:
Codecov runs create-commit, gets HTTP 400 with {"message":"Token required
because branch is protected"}, and fails the job.
#12915 (org.springframework.version 5.3.26 → 7.0.6):
ui.yml shows the same Codecov failure and Node 20 deprecation warning for
codecov/codecov-action@v4.
From these, it looks like many Dependabot PRs (JS and Maven) are being
marked failed mainly because Codecov cannot operate on protected Dependabot
branches without a token, and because of shared simulator/coverage workflow
issues, rather than because the underlying dependency bumps immediately break
the main build.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
