Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CT-3368] [Regression] warn-unpinned is ignored (dbt deps, packages.yml) #9050

Closed
2 tasks done
seub opened this issue Nov 10, 2023 · 2 comments · Fixed by #9147
Closed
2 tasks done

[CT-3368] [Regression] warn-unpinned is ignored (dbt deps, packages.yml) #9050

seub opened this issue Nov 10, 2023 · 2 comments · Fixed by #9147
Assignees
Labels
backport 1.7.latest bug Something isn't working deps dbt's package manager Medium Severity bug with minor impact that does not have resolution timeframe requirement regression

Comments

@seub
Copy link
Contributor

seub commented Nov 10, 2023

Is this a new bug in dbt-core?

  • I believe this is a new bug in dbt-core
  • I have searched the existing issues, and I could not find an existing issue for this bug

Current Behavior

The dbt documentation specifies that if a package is added to package.yml with warn-unpinned: false, then the warning is suppressed.

It does not work: the warning still appears.

packages:
  - git: https://github.com/dbt-labs/dbt-utils.git
    warn-unpinned: false
The git package "https://github.com/dbt-labs/dbt-utils.git" is not pinned.
This can introduce breaking changes into your project without warning!

Expected Behavior

Warning is suppressed

Steps To Reproduce

Create packages.yml as above, run dbt deps

Relevant log output

18:10:04  Installing https://github.com/dbt-labs/dbt-utils.git
18:10:07  WARNING: The git package "https://github.com/dbt-labs/dbt-utils.git" 
        is None.
        This can introduce breaking changes into your project without warning!

See https://docs.getdbt.com/docs/package-management#section-specifying-package-versions

Environment

- OS: MacOS Ventura
- Python: 3.9.10
- dbt: 1.7.1

Which database adapter are you using with dbt?

No response

Additional Context

No response

@seub seub added bug Something isn't working triage labels Nov 10, 2023
@github-actions github-actions bot changed the title [Bug] warn-unpinned does not work (dbt deps, packages.yml) [CT-3368] [Bug] warn-unpinned does not work (dbt deps, packages.yml) Nov 10, 2023
@seub seub changed the title [CT-3368] [Bug] warn-unpinned does not work (dbt deps, packages.yml) [CT-3368] [Bug] warn-unpinned is ignored (dbt deps, packages.yml) Nov 10, 2023
@jtcohen6 jtcohen6 added regression deps dbt's package manager labels Nov 13, 2023
@dbeatty10 dbeatty10 self-assigned this Nov 14, 2023
@dbeatty10
Copy link
Contributor

dbeatty10 commented Nov 14, 2023

Thanks for reporting this @seub 🙏

Root cause

This looks like a regression introduced in dbt 1.7.0 by #6735 (which was merged in #8408).

The package-lock.yml that it creates is missing the warn-unpinned: false field.

Reprex

I was able to reproduce the same thing as you with the following:

packages.yml

packages:
  - git: https://github.com/dbt-labs/dbt-utils.git
    warn-unpinned: false

Then:

dbt deps

Then it creates a file like the following:

package-lock.yml

packages:
- git: https://github.com/dbt-labs/dbt-utils.git
  revision: HEAD
sha1_hash: 15d074833b26c33d0ebabcfdac42b925eba0e019

Workaround

But if I just change that package-lock.yml file by hand to add warn-unpinned: false, then it works:

packages:
- git: https://github.com/dbt-labs/dbt-utils.git
  revision: HEAD
  warn-unpinned: false
sha1_hash: 15d074833b26c33d0ebabcfdac42b925eba0e019

Acceptance criteria

  • When warn-unpinned is set to false, its key/value pair persists within package-lock.yml
  • When warn-unpinned is set to false, it doesn't give a WARNING message

@dbeatty10 dbeatty10 removed the triage label Nov 14, 2023
@dbeatty10 dbeatty10 removed their assignment Nov 14, 2023
@dbeatty10 dbeatty10 changed the title [CT-3368] [Bug] warn-unpinned is ignored (dbt deps, packages.yml) [CT-3368] [Regression] warn-unpinned is ignored (dbt deps, packages.yml) Nov 14, 2023
@graciegoheen graciegoheen added Medium Severity bug with minor impact that does not have resolution timeframe requirement backport 1.7.latest labels Nov 21, 2023
@jtcohen6
Copy link
Contributor

IMO - we should solve for this by actually pinning the git package (with commit SHA) in the package "lock" file. That's the whole goal of "locking," to provide repeatable & predictable installs! You'll still get the "unpinned" warning when you run dbt deps for the first time, or dbt deps --upgrade to update the lock file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 1.7.latest bug Something isn't working deps dbt's package manager Medium Severity bug with minor impact that does not have resolution timeframe requirement regression
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants