cargo depedanbot jobs currently failing with "No such file or directory - cargo"

[alex]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

cargo

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/pyca/cryptography

dependabot.yml content

https://github.com/pyca/cryptography/blob/main/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

https://github.com/pyca/cryptography/actions/runs/13654388302/job/38169960654

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[alex]

It occurs to me that one variable here is that we have enable-beta-ecosystems: true set, to enable testing with uv.

[tamird]

Also seen in #10478 (comment) since enabling beta ecosystems for the same reason.

[markhallen]

It occurs to me that one variable here is that we have enable-beta-ecosystems: true set, to enable testing with uv.

Hi @alex 👋

I doubt it is related to enable-beta-ecosystems as this is not checked in a lot of places in dependabot-core and definitely not in the cargo ecosystem.

Additionally, when it is processed in the dependabot.yml file it is only checked in one single place to confirm that uv files can be parsed.

Did you try the same without enable-beta-ecosystems: true to see if the issue persists? Another issue may have been introduced at the same time.

[alex]

I have not tested that (the potential correlation only occurred to me only when I saw @tamird's comments 👋).

FWIW, dependabot's own smoke tests for cargo are also failing with the same error.

[tamird]

Last pass: https://github.com/dependabot/dependabot-core/actions/runs/13643100314
First fail: https://github.com/dependabot/dependabot-core/actions/runs/13665434940

de9aceb...b19f62f

Runner-image version changed from Version: 20250223.1.0 to Version: 20250302.1.0.

https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250302.1

[markhallen]

On the branch markhallen/handle-uv-lock-file of dependabot-core that fixes this issue for uv in the project root I ran:

script/dependabot update cargo pyca/cryptography

And it returns:

updater | 2025/03/05 15:26:33 INFO Finished job processing
updater | 2025/03/05 15:26:33 INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +--------------------+
updater | |       Errors       |
updater | +--------------------+
updater | | update_files_error |
updater | +--------------------+
  proxy | 2025/03/05 15:26:35 0/3 calls cached (0%)

The error in this case is on line /home/dependabot/cargo/lib/dependabot/cargo/file_parser.rb:86, whereas the uv error was /home/dependabot/uv/lib/dependabot/uv/file_parser.rb:99:in detected_package_manager'.

The issue in this case is that it can't run cargo --version as it can't find cargo.

[tamird]

@markhallen yes, that is what I reported in #10478 (comment) and what is shown in the logs @alex linked at the top.