dependabot struggles with wasmtime-go

[srenatus]

Hi there.

I'm sure others have run into this, too: dependabot fails to update wasmtime-go, and projects depending on it. We're seeing this with basically every release:

OPA updating wasmtime-go via dependabot fails (Time out)

  proxy | 2021/12/14 11:22:48 [149] * authenticating github api request
  proxy | 2021/12/14 11:22:48 [149] 200 https://api.github.com:443/repos/bytecodealliance/wasmtime-go/commits?sha=v0.31.0
  proxy | 2021/12/14 11:22:48 [151] GET https://api.github.com:443/repos/bytecodealliance/wasmtime-go/commits?sha=v0.32.0
  proxy | 2021/12/14 11:22:48 [151] * authenticating github api request
  proxy | 2021/12/14 11:22:49 [151] 200 https://api.github.com:443/repos/bytecodealliance/wasmtime-go/commits?sha=v0.32.0
updater | INFO <job_244311460> Submitting github.com/bytecodealliance/wasmtime-go pull request for creation
  proxy | 2021/12/14 11:59:08 [153] WARN: Cannot read TLS response from mitm'd server read tcp 192.168.1.1:1080->192.168.1.2:53268: read: connection reset by peer
updater | time="2021-12-14T11:59:08Z" level=info msg="task complete" container_id=job-244311460-updater exit_code=137 job_id=244311460 step=updater
updater | time="2021-12-14T11:59:09Z" level=warning msg="timeout running job" error="waiting for updater: waiting for container: context deadline exceeded" job_id=244311460

The same thing happens with every project depending on OPA after OPA has (manually) bumped wasmtime-go. My guess is that it has to do with the size of the release's binary libs, and the way they'd have to be pulled down and pushed up for a PR, since OPA vendors its dependencies.

I'm sharing this here because I might be missing some workaround...? Has anyone solved that issue?

We've already got a support ticket open with github, but there's hasn't been much progress with that.

[alexcrichton]

I'd love to have a better way to ship this library without checking in precompiled binaries but I haven't ever figured out a way to do so :(

[srenatus]

I don't know what, but something happened -- I've just had a dependabot-created PR for wasmtime-go 0.38.0. 🎉 That's good news. Let's see if the problem is just gone. 🤞

[srenatus]

It's OK now, I think. Closing.

[srenatus]

The problem came but, not it slightly changed its shape:

updater | INFO <job_457016066> Submitting github.com/bytecodealliance/wasmtime-go pull request for creation
updater | bin/update_files.rb: failed to allocate memory (NoMemoryError)
updater | time="2022-09-12T11:19:13Z" level=info msg="task complete" container_id=job-457016066-updater exit_code=1 job_id=457016066 step=updater
updater | time="2022-09-12T11:19:13Z" level=warning msg="updater container failed" error="waiting for updater: bad response from container: 1" exit_code=1 job_id=457016066

The icky thing is that you don't notice, and you can't see for how long it has been failing -- but that's a dependabot UX issue.