Error resolving private repository for Go using git

[sblatnick]

We have a Go repo we are attempting to scan with dependabot/cli, but it fails with:

 updater | 2024/02/15 21:44:00 INFO Handled error whilst updating golang.org/x/sys: dependency_file_not_resolvable {:message=>"go: bitbucket.redacted.com/scm/iums/user-session-service-go-proto-client.git@v1.15.0: reading bitbucket.redacted.com/scm/iums/user-session-service-go-proto-client.git/go.mod at revision v1.15.0: git ls-remote -q origin in /home/dependabot/go/pkg/mod/cache/vcs/6cf72754ff80bde10b25a250e064293bf43b37f4cbb34cede67f8ca5083e5255: exit status 128:\n\tfatal: unable to look up bitbucket.redacted.com (port 9418) (Temporary failure in name resolution)"}

Since this only seems to be happening on dependencies referencing a private repository, I've attempted to fix this with configuring auth in my job.yaml:

job:
    package-manager: go_modules
    allowed-updates:
      - update-type: all
    source:
        provider: github
        repo: local/scan
        directory: /
credentials:
  - type: git
    url: https://bitbucket.redacted.com/scm/
    username: redacted
    password: redacted

But the error remains unchanged and doesn't mention authenticating.

For go using a git dependency, does my job.yaml look right?
How can I resolve this dns look up?

The host should be reachable, as the repo this project is cloned from is hosted on the same bitbucket as the module we import. Also, we have other private registries for other languages which dependabot/cli has accessed.

[jeffwidman]

The error Temporary failure in name resolution makes me think this might have been a DNS issue??

Does it still happen for you?

[sblatnick]

It is possibly DNS related, but not temporary, as I still see this error. I wonder if the docker containers need additional information to resolve the DNS.

Please note: The cli commands also run in a container as part of a Jenkins pipeline, so you have docker-in-docker.

[sblatnick]

Could the issue be similar to #113 where we need to specify a host and/or port to the proxy container? Keep in mind that this is docker-in-docker.

I've tried to docker run the proxy container to see it while running, but it fails because of needing a config.json mounted.

Edit: Another consideration is maybe this isn't the real error. I see a 401 immediately before:

 proxy | 2024/07/30 20:58:18 [276] 401 https://bitbucket.redacted.com:443/scm/project/repo-name/info/refs?service=git-upload-pack
  proxy | 2024/07/30 20:58:18 [277] POST http://host.docker.internal:8088/update_jobs/cli/record_update_job_error
{"data":{"error-type":"dependency_file_not_resolvable","error-details":{"message":"go: bitbucket.redacted.com/scm/project/repo-name.git@v1.18.0: reading bitbucket.redacted.com/scm/project/repo-name.git/go.mod at revision v1.18.0: git ls-remote -q origin in /home/dependabot/go/pkg/mod/cache/vcs/8e0121133f6c288299f7e70be62d8ac7f27dab8b15529e43912ac2ced908a043: exit status 128:\n\tfatal: unable to look up bitbucket.redacted.com (port 9418) (Temporary failure in name resolution)"}},"type":"record_update_job_error"}

I've seen problems authenticating when using improper keys or values for a specific credential type in the undocumented job.yaml credentials.

CC: @jakecoffman since he worked on #113