fix: handle invalid YAML in existing dependabot config gracefully (#526)

* fix: return None instead of re-raising on invalid YAML in existing dependabot config

Fixes #523

## What

Changed build_dependabot_file() to return None instead of re-raising when an existing dependabot config has invalid YAML (e.g., duplicate keys, indentation errors). Updated existing test expectations and added a new test for the duplicate key scenario reported in the issue.

## Why

When a repository had an invalid dependabot.yml (such as a duplicate key), the YAML parse error crashed the entire program, preventing all remaining repositories from being processed. Returning None allows the caller's existing `if dependabot_file is None` check to skip the repo and continue.

## Notes

- The error message is still printed via the existing `print(f"YAML indentation error: {e}")` so users can identify which repo has a broken config.
- The second test at line 175 (indentation error) also changed from `assertRaises` to `assertIsNone` since it exercises the same code path.

Signed-off-by: jmeridth <jmeridth@gmail.com>

* fix: move None guard above yaml.dump to avoid writing null to debug file

## What

Moved the `if dependabot_file is None` check above the `yaml.dump()` call in `main()` so that None results skip immediately without writing `null` to `dependabot-output.yaml`.

## Why

The previous ordering called `yaml.dump(None, yaml_file)` before checking for None, writing a `null` YAML literal to the debug artifact. This was a pre-existing issue for the "no package managers" path, but the YAML error handling change made it newly reachable via the error path.

## Notes

- The YAML object and stream setup also moved below the guard since they're only needed when dependabot_file is not None.

Signed-off-by: jmeridth <jmeridth@gmail.com>

* fix: Update dependabot_file.py

Co-authored-by: Zack Koppert <zkoppert@github.com>
Signed-off-by: Jason Meridth <jmeridth@gmail.com>

* fix: restore return None and remove duplicate print in YAML error handler

The UI merge of the error message suggestion accidentally replaced
`return None` with the new print line, leaving two print statements
and no early return. This caused UnboundLocalError on repos with
invalid YAML configs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: jmeridth <jmeridth@gmail.com>

* fix: use generic "Skipping repository" message when dependabot_file is None

## What

Change the print message from "No (new) compatible package manager found" to "Skipping repository" when `build_dependabot_file()` returns `None`.

## Why

`build_dependabot_file()` now returns `None` for two distinct reasons: no compatible package managers found, and a YAML parse error. The old message was only accurate for the first case and misleading for the second. Since the YAML error is already printed just before this point, a generic message avoids false attribution.

Signed-off-by: jmeridth <jmeridth@gmail.com>

---------

Signed-off-by: jmeridth <jmeridth@gmail.com>
Signed-off-by: Jason Meridth <jmeridth@gmail.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 3 people

dependabot_file.py

@@ -250,8 +250,8 @@ def build_dependabot_file(
         try:
             dependabot_file = yaml.load(base64.b64decode(existing_config.content))
         except ruamel.yaml.YAMLError as e:
-            print(f"YAML indentation error: {e}")
-            raise
+            print(f"YAML parsing error in existing dependabot config: {e}")
+            return None
     else:
         dependabot_file = copy.deepcopy(data)
 

evergreen.py

@@ -178,6 +178,10 @@ def main():  # pragma: no cover
             cooldown,
         )
 
+        if dependabot_file is None:
+            print("\tSkipping repository")
+            continue
+
         yaml = ruamel.yaml.YAML()
         stream = io.StringIO()
         yaml.indent(mapping=2, sequence=4, offset=2)
@@ -186,10 +190,6 @@ def main():  # pragma: no cover
         with open("dependabot-output.yaml", "w", encoding="utf-8") as yaml_file:
             yaml.dump(dependabot_file, yaml_file)
 
-        if dependabot_file is None:
-            print("\tNo (new) compatible package manager found")
-            continue
-
         dependabot_file = yaml.dump(dependabot_file, stream)
         dependabot_file = stream.getvalue()
 

test_dependabot_file.py

@@ -131,6 +131,29 @@ def test_build_dependabot_file_with_2_space_indent_existing_config_bundler_with_
         )
         self.assertEqual(result, expected_result)
 
+    def test_build_dependabot_file_with_duplicate_key_in_existing_config(self):
+        """Test that a duplicate key in existing dependabot config returns None instead of crashing"""
+        repo = MagicMock()
+        repo.file_contents.side_effect = lambda f, filename="Gemfile": f == filename
+
+        existing_config = MagicMock()
+        existing_config.content = base64.b64encode(b"""
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+""")
+
+        result = build_dependabot_file(
+            repo, False, [], {}, existing_config, "weekly", "", [], None
+        )
+        self.assertIsNone(result)
+
     def test_build_dependabot_file_with_weird_space_indent_existing_config_bundler_with_update(
         self,
     ):
@@ -152,10 +175,10 @@ def test_build_dependabot_file_with_weird_space_indent_existing_config_bundler_w
     prefix: "chore(deps)"
   """)
 
-        with self.assertRaises(ruamel.yaml.YAMLError):
-            build_dependabot_file(
-                repo, False, [], {}, existing_config, "weekly", "", [], None
-            )
+        result = build_dependabot_file(
+            repo, False, [], {}, existing_config, "weekly", "", [], None
+        )
+        self.assertIsNone(result)
 
     def test_build_dependabot_file_with_incorrect_indentation_in_extra_dependabot_config_file(
         self,