Renamed packages cause DependencyFileNotResolvable with go 1.16

Previously this error was only occuring with `go mod tidy` and was being ignored. With go 1.16 the error is triggered during `go get` so we need to handle it again. Distinguishing the error from GitDependenciesNotReachable also took some extra effort. The error message has changed from: github.com/dependabot/vgotest imports github.com/googleapis/gnostic/OpenAPIv2: module github.com/googleapis/gnostic@latest found (v0.5.1), but does not contain package github.com/googleapis/gnostic/OpenAPIv2 to: github.com/dependabot/vgotest imports github.com/googleapis/gnostic/OpenAPIv2: cannot find module providing package github.com/googleapis/gnostic/OpenAPIv2 We now use `go list` to check that github.com/googleapis/gnostic is a reachable repo/module.
dependabot · Mar 8, 2021 · f94051a · f94051a
1 parent 6b08218
commit f94051a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 13 deletions.
diff --git a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb
@@ -15,16 +15,17 @@ def self.handle(message, credentials:)
           SharedHelpers.with_git_configured(credentials: credentials) do
             File.write("go.mod", "module dummy\n")
 
-            env = { "GOPRIVATE" => "*" }
-            _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{mod_path}"))
-            raise Dependabot::DependencyFileNotResolvable, message if status.success?
-
             mod_split = mod_path.split("/")
             repo_path = if mod_split.size > 3
                           mod_split[0..2].join("/")
                         else
                           mod_path
                         end
+
+            env = { "GOPRIVATE" => "*" }
+            _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go list -m -versions #{repo_path}"))
+            raise Dependabot::DependencyFileNotResolvable, message if status.success?
+
             raise Dependabot::GitDependenciesNotReachable, [repo_path]
           end
         end

diff --git a/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb b/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb
@@ -229,16 +229,12 @@
             # OpenAPIV2 has been renamed to openapiv2 in this version
             let(:dependency_version) { "v0.5.1" }
 
-            # NOTE: We explitly don't want to raise a resolvability error from go mod tidy
-            it "does not raises a DependencyFileNotResolvable error" do
+            it "raises a DependencyFileNotResolvable error" do
+              error_class = Dependabot::DependencyFileNotResolvable
               expect { updater.updated_go_sum_content }.
-                to_not raise_error
-            end
-
-            it "updates the go.mod" do
-              expect(updater.updated_go_mod_content).to include(
-                %(github.com/googleapis/gnostic v0.5.1 // indirect\n)
-              )
+                to raise_error(error_class) do |error|
+                expect(error.message).to include("googleapis/gnostic/OpenAPIv2")
+              end
             end
           end
         end