dependabot-bazel 0.344.0

data/lib/dependabot/bazel/update_checker.rb

@@ -0,0 +1,186 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "time"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/bazel/version"
+require "dependabot/package/package_release"
+
+module Dependabot
+  module Bazel
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+
+      require_relative "update_checker/requirements_updater"
+      require_relative "update_checker/registry_client"
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_version
+        @latest_version ||= T.let(
+          fetch_latest_version,
+          T.nilable(T.any(String, Gem::Version))
+        )
+      end
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_resolvable_version
+        latest_version
+      end
+
+      sig { override.returns(T.nilable(String)) }
+      def latest_resolvable_version_with_no_unlock
+        nil
+      end
+
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        return dependency.requirements unless latest_version
+
+        RequirementsUpdater.new(
+          requirements: dependency.requirements,
+          latest_version: latest_version.to_s
+        ).updated_requirements
+      end
+
+      sig { returns(T.class_of(Dependabot::Bazel::Version)) }
+      def version_class
+        Dependabot::Bazel::Version
+      end
+
+      private
+
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock?
+        !latest_version.nil?
+      end
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def updated_dependencies_after_full_unlock
+        return [] unless latest_version
+
+        [
+          Dependabot::Dependency.new(
+            name: dependency.name,
+            version: latest_version.to_s,
+            requirements: updated_requirements,
+            previous_version: dependency.version,
+            previous_requirements: dependency.requirements,
+            package_manager: dependency.package_manager
+          )
+        ]
+      end
+
+      sig { returns(T.nilable(T.any(String, Gem::Version))) }
+      def fetch_latest_version
+        return nil unless registry_client.get_metadata(dependency.name)
+
+        versions = registry_client.all_module_versions(dependency.name)
+        return nil if versions.empty?
+
+        filtered_versions = apply_cooldown_filter(versions)
+        return nil if filtered_versions.empty?
+
+        latest_version_string = filtered_versions.max_by { |v| version_sort_key(v) }
+        return nil unless latest_version_string
+
+        Dependabot::Bazel::Version.new(latest_version_string)
+      rescue Dependabot::DependabotError => e
+        Dependabot.logger.warn("Failed to fetch latest version for #{dependency.name}: #{e.message}")
+        nil
+      end
+
+      sig { returns(UpdateChecker::RegistryClient) }
+      def registry_client
+        @registry_client ||= T.let(
+          UpdateChecker::RegistryClient.new(credentials: credentials),
+          T.nilable(UpdateChecker::RegistryClient)
+        )
+      end
+
+      sig { params(versions: T::Array[String]).returns(T::Array[String]) }
+      def apply_cooldown_filter(versions)
+        return versions if should_skip_cooldown?
+
+        sorted_versions = versions.sort_by { |v| version_sort_key(v) }
+
+        filtered_versions = sorted_versions.reject do |version|
+          details = publication_detail(version)
+
+          next false unless details&.released_at
+
+          if cooldown_period?(T.must(details.released_at))
+            Dependabot.logger.info("Skipping version #{version} due to cooldown period")
+            true
+          else
+            false
+          end
+        end
+
+        filtered_versions
+      end
+
+      sig { params(version: String).returns(T.nilable(Dependabot::Package::PackageRelease)) }
+      def publication_detail(version)
+        return publication_details[version] if publication_details.key?(version)
+
+        details = get_version_publication_details(version)
+        publication_details[version] = details
+
+        details
+      end
+
+      sig { params(version: String).returns(T.nilable(Dependabot::Package::PackageRelease)) }
+      def get_version_publication_details(version)
+        release_date = registry_client.get_version_release_date(dependency.name, version)
+        return nil unless release_date
+
+        Dependabot::Package::PackageRelease.new(
+          version: Dependabot::Bazel::Version.new(version),
+          released_at: release_date,
+          latest: false,
+          yanked: false,
+          url: nil,
+          package_type: "bazel"
+        )
+      end
+
+      sig { returns(T::Hash[String, T.nilable(Dependabot::Package::PackageRelease)]) }
+      def publication_details
+        @publication_details ||= T.let(
+          {},
+          T.nilable(T::Hash[String, T.nilable(Dependabot::Package::PackageRelease)])
+        )
+      end
+
+      sig { params(release_date: Time).returns(T::Boolean) }
+      def cooldown_period?(release_date)
+        cooldown = update_cooldown
+        return false unless cooldown
+
+        cooldown_days = cooldown.default_days
+        (Time.now.to_i - release_date.to_i) < (cooldown_days * 24 * 60 * 60)
+      end
+
+      sig { returns(T::Boolean) }
+      def should_skip_cooldown?
+        cooldown = update_cooldown
+        cooldown.nil? || !cooldown_enabled? || !cooldown.included?(dependency.name)
+      end
+
+      sig { returns(T::Boolean) }
+      def cooldown_enabled?
+        true
+      end
+
+      sig { params(version: String).returns(T::Array[Integer]) }
+      def version_sort_key(version)
+        cleaned = version.gsub(/^v/, "")
+        parts = cleaned.split(".")
+        parts.map { |part| part.match?(/^\d+$/) ? part.to_i : 0 }
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("bazel", Dependabot::Bazel::UpdateChecker)

data/lib/dependabot/bazel/version.rb

@@ -0,0 +1,24 @@
+# typed: strong
+# frozen_string_literal: true
+
+# NOTE: This file was scaffolded automatically but is OPTIONAL.
+# If your ecosystem uses standard semantic versioning without special logic,
+# you can safely delete this file and remove the require from lib/dependabot/bazel.rb
+
+require "dependabot/version"
+require "dependabot/utils"
+
+module Dependabot
+  module Bazel
+    class Version < Dependabot::Version
+      extend T::Sig
+
+      # TODO: Implement custom version comparison logic if needed
+      # Example: Handle pre-release versions, build metadata, etc.
+      # If standard semantic versioning is sufficient, delete this file
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_version_class("bazel", Dependabot::Bazel::Version)

data/lib/dependabot/bazel.rb

@@ -0,0 +1,21 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/bazel/language"
+require "dependabot/bazel/package_manager"
+require "dependabot/bazel/file_fetcher"
+require "dependabot/bazel/file_parser"
+require "dependabot/bazel/update_checker"
+require "dependabot/bazel/file_updater"
+require "dependabot/bazel/metadata_finder"
+require "dependabot/bazel/version"
+require "dependabot/bazel/requirement"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("bazel", name: "bazel", colour: "000000")
+
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check("bazel", ->(_) { true })

metadata

@@ -0,0 +1,283 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-bazel
+version: !ruby/object:Gem::Version
+  version: 0.344.0
+platform: ruby
+authors:
+- Dependabot
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.344.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.344.0
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: Dependabot-Bazel provides support for bumping Bazel dependencies via
+  Dependabot. If you want support for multiple package managers, you probably want
+  the meta-gem dependabot-omnibus.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/bazel.rb
+- lib/dependabot/bazel/file_fetcher.rb
+- lib/dependabot/bazel/file_parser.rb
+- lib/dependabot/bazel/file_parser/starlark_parser.rb
+- lib/dependabot/bazel/file_updater.rb
+- lib/dependabot/bazel/file_updater/bzlmod_file_updater.rb
+- lib/dependabot/bazel/file_updater/declaration_parser.rb
+- lib/dependabot/bazel/file_updater/workspace_file_updater.rb
+- lib/dependabot/bazel/language.rb
+- lib/dependabot/bazel/metadata_finder.rb
+- lib/dependabot/bazel/package_manager.rb
+- lib/dependabot/bazel/requirement.rb
+- lib/dependabot/bazel/update_checker.rb
+- lib/dependabot/bazel/update_checker/registry_client.rb
+- lib/dependabot/bazel/update_checker/requirements_updater.rb
+- lib/dependabot/bazel/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.344.0
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Provides Dependabot support for Bazel
+test_files: []