Improve detection of unsupported cargo toolchains

[deivid-rodriguez]

We're getting the following flaky in cargo:

https://github.com/dependabot/dependabot-core/actions/runs/6493735738/job/17635263354

Failures:

  1) Dependabot::Cargo::UpdateChecker::VersionResolver latest_resolvable_version when using a toolchain that is too old raises a helpful error
     Failure/Error:
       expect { subject }
         .to raise_error(Dependabot::DependencyFileNotEvaluatable)

       expected Dependabot::DependencyFileNotEvaluatable, got #<Dependabot::SharedHelpers::HelperSubprocessFailed: Blocking waiting for file lock on package cache
       error: Unable to update registry `crates-io`

       Caused by:
         usage of sparse registries requires `-Z sparse-registry`> with backtrace:
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:153:in `run_cargo_command'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:137:in `run_cargo_update_command'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:307:in `block (2 levels) in original_requirements_resolvable?'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:195:in `with_git_configured'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:306:in `block in original_requirements_resolvable?'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:56:in `block in in_a_temporary_directory'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:56:in `chdir'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:56:in `in_a_temporary_directory'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:303:in `original_requirements_resolvable?'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:298:in `resolvability_error?'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:245:in `handle_cargo_errors'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:59:in `rescue in fetch_latest_resolvable_version'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:41:in `fetch_latest_resolvable_version'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:33:in `latest_resolvable_version'
         # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:71:in `block (3 levels) in <top (required)>'
         # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:177:in `block (5 levels) in <top (required)>'
         # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:177:in `block (4 levels) in <top (required)>'
         # /home/dependabot/common/spec/spec_helper.rb:46:in `block (2 levels) in <top (required)>'
     # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:177:in `block (4 levels) in <top (required)>'
     # /home/dependabot/common/spec/spec_helper.rb:46:in `block (2 levels) in <top (required)>'

Finished in 33.38 seconds (files took 1.24 seconds to load)
360 examples, 1 failure

Failed examples:

rspec ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:176 # Dependabot::Cargo::UpdateChecker::VersionResolver latest_resolvable_version when using a toolchain that is too old raises a helpful error

It seems confusing to me because we fail to categorize the error as matching usage of sparse registries requires `-Z sparse-registry` which is what determines that the cargo version is too old. But still, the command being raised is including that.

The problem is that we fail to match the string in the original error, but then when later trying to figure out whether the error was a resolvability issue, we end up running another cargo command to see if the original requirements were resolvable, and in that case, the usage of sparse registries requires `-Z sparse-registry` string is in the output.

So I'm wondering why the original error did not include the string.

To be able to verify this, we could return "nil" from original_requirements_resolvable if this happens, and let the original error be raised in that case.

[deivid-rodriguez]

That did the trick and I can see the real culprit now! Original error is:

  1) Dependabot::Cargo::UpdateChecker::VersionResolver latest_resolvable_version when using a toolchain that is too old raises a helpful error
     Failure/Error:
       expect { subject }
         .to raise_error(Dependabot::DependencyFileNotEvaluatable)

       expected Dependabot::DependencyFileNotEvaluatable, got #<Dependabot::SharedHelpers::HelperSubprocessFailed: info: syncing channel updates for '1.67-x86_64-unknown-linux-gnu'
       info: latest update on 2023-02-09, rust version 1.67.1 (d5a82bbd2 2023-02-07)
       info: downloading component 'rustc'
       info: downloading component 'cargo'
       info: downloading component 'rust-std'
       info: downloading component 'rust-docs'
       info: downloading component 'rustfmt'
       info: downloading component 'clippy'
       info: removing previous version of component 'rustc'
       warning: during uninstall...on of component 'rust-docs'
       warning: during uninstall component rust-docs was not found
       info: removing previous version of component 'rustfmt'
       warning: during uninstall component rustfmt was not found
       info: removing previous version of component 'clippy'
       warning: during uninstall component clippy was not found
       info: installing component 'rustc'
       info: rolling back changes
       error: could not read downloaded file: '/opt/rust/downloads/e27ec0c6d1a2b2b38e5258904c3741ddb246bff5715aa95e595f818aa77f7bee'> with backtrace:
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:153:in `run_cargo_command'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:137:in `run_cargo_update_command'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:47:in `block (2 levels) in fetch_latest_resolvable_version'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:195:in `with_git_configured'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:46:in `block in fetch_latest_resolvable_version'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:56:in `block in in_a_temporary_directory'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:56:in `chdir'
         # /home/dependabot/common/lib/dependabot/shared_helpers.rb:56:in `in_a_temporary_directory'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:43:in `fetch_latest_resolvable_version'
         # ./lib/dependabot/cargo/update_checker/version_resolver.rb:33:in `latest_resolvable_version'
         # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:71:in `block (3 levels) in <top (required)>'
         # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:177:in `block (5 levels) in <top (required)>'
         # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:177:in `block (4 levels) in <top (required)>'
         # /home/dependabot/common/spec/spec_helper.rb:46:in `block (2 levels) in <top (required)>'
     # ./spec/dependabot/cargo/update_checker/version_resolver_spec.rb:177:in `block (4 levels) in <top (required)>'
     # /home/dependabot/common/spec/spec_helper.rb:46:in `block (2 levels) in <top (required)>'

[deivid-rodriguez]

I ended up with three different commits here, but I'm not sure if this is correct:

• First commit exposes the original error as explained in this PR body. This one seems ok.
• Second commit detects an old Rust version in the output as another way of detecting old Rust. The rationale is that I believe if the automatic download/install of old Rust fails, we don't even get the chance to use it, and can't detect that it does not support the sparse flag.
• Third commit removes this detection from lockfile updater. I believe it's enough to do this in update checker since we always go through that before trying to update lockfiles.

[deivid-rodriguez]

By the way, this flakes seems to be happening consistently right now? At least I'm not being able to get #8174 green by retrying!

[jakecoffman]

Can the test go back in now that it works?

[deivid-rodriguez]

This is me completely removing the detection from lockfile updater, because I believe this should never be triggered. We always go through UpdateChecker first, and we would detect it there before?

If this is really needed, then I need to duplicate the fix in the updater to get the test to pass.

[jakecoffman]

Maybe move it to the UpdateChecker specs?

[deivid-rodriguez]

It's already there!

[jakecoffman]

Oh ok, then we're good to go!

[deivid-rodriguez]

Actually my assumption was incorrect. I think in the case of security updates, we won't go through VersionResolver sometimes but pick the lowest fixed version directly from LatestVersionFinder. So the check in LockfileUpdater may be still needed. I'll port the fix and restore the test just in case.

[deivid-rodriguez]

I duplicated the fix in LockfileUpdater at 39bb742, and restored the spec 👍.

[jakecoffman]

It's still early here, trying to understand this change. It looks the same as the code it replaces?

[deivid-rodriguez]

The previous code returns always either true or false. The new code returns either true, false, or nil if we couldn't find a definitive hint about a resolvability issue.

[deivid-rodriguez]

Satisfying RuboCop requests made it quite unreadable, I'll add a comment.

[jakecoffman]

Not a big deal, I was trying to figure out the significance of the change.

[deivid-rodriguez]

Have a look at e1c8dce, it should be easier to read!

[jakecoffman]

Looks good, would be good to have a test to make sure this doesn't break in the future. I recall it was causing a lot of unknown errors at the time.

Edit: @deivid-rodriguez says there's already a test there so we good!