experiments.ts: disable 'enable-record-ecosystem-meta'

[niklas-holzwarth-bos-ag]

When this experiment is enabled by default, it will produce http timeouts and retries, which cause the pipeline to run extremely slow and fail at the end.

The CLI tries to connect to "host.docker.internal" but the server returns the status code 501 (not implemented), so the cli logs "unexpected output type: record_ecosystem_meta".

This will cause a long timeout (see timestamp) and the action is performed 4 times per dependency, so the entire devops pipeline takes us currently ~16 minutes to run and it also cannot be cancelled.

[rhyskoedijk]

Thanks @niklas-holzwarth-bos-ag. The experiment is enabled by default as that is what GitHub does.

Looking in to the background of record_ecosystem_meta more, it was introduced in v0.286.0 via dependabot/dependabot-core#10905 and it seems to be primarily for GitHub's own analytics; It probably doesn't add value to the DevOps implementation so I think disabling it is a good call.

Dependabot-CLI main does not currently have a handler for this: https://github.com/dependabot/cli/blob/4e7612fe884683ade8c54ad8fd137fc6da92bb84/internal/server/api.go#L217C1-L248C2

[rhyskoedijk]

It is also quite possible that this experiment will be removed and the behavior forced on by default in a future dependabot-core update, which has been the case with many previous experiments.

We will likely need to submit a PR to Dependabot-CLI to add support for record_ecosystem_meta before this happens, else the issue will return and there won't be any way to disable it.

[niklas-holzwarth-bos-ag]

Hi, thank's a lot for your fast response!
It is unfortunate, that github implements breaking changes in such a way, that the cli does not correctly support it's own implementation.

[rhyskoedijk]

I have submitted dependabot/cli#407 to try resolve the root cause of this issue, the missing record_ecosystem_meta API endpoint.