dependabot-common 0.118.13 → 0.119.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd6bbc00b1d0c8db23fdad8a48e7c3b50dcde91cd9709066f3dca198bfc0fc12
-  data.tar.gz: ee033ae13291b1ae755a4879a311c92ef1c3f765a7dfc8a1fbaab56b147523f9
+  metadata.gz: 80651d092678ba4841245e6a4fc002dfba1ab3b2e1a46ed84882885ece8e4989
+  data.tar.gz: f8a26ab2da34de5159d7a94d53a0d81d6f490c7ef8e045dca662bfec0d024dd8
 SHA512:
-  metadata.gz: e785764a18c08b4223903fa24c5193e517a1bf1e0510ae84794edfeeb57c1d150dc848e23cfe2bed1df2912d4dfb043cb97f92d04a08b442d0e7cd3e03f4f031
-  data.tar.gz: 6f3a98da4aa78275dc11ae4935925bc7e429200053ef94d7657e4c98c3e63166d1f0a4752be71d038d8a94df577eea2df4498ce09cdc2dc796d1d017e4b56fe1
+  metadata.gz: efe477821294e613b73ff714056185aa7c8bfaa1133e833d0c9b10ec45316de0937245faa87b81566b5fd4fa671463908e2079a65803eee032cd3028f8070304
+  data.tar.gz: 5b3e6f20b0df041c73eb3f5313474d62910d283748a46c4b5808123c41b6d8ec4a0d213ab33667f9770ff1a9502f6a2906e0ddaec09892e8b37ed167843e032d

data/lib/dependabot/dependency_file.rb

@@ -79,6 +79,10 @@ module Dependabot
       @deleted
     end
 
+    def binary?
+      content_encoding == ContentEncoding::BASE64
+    end
+
     private
 
     def clean_directory(directory)

data/lib/dependabot/file_fetchers/base.rb

@@ -67,6 +67,12 @@ module Dependabot
         raise unless e.message.include?("Repository is empty")
       end
 
+      # Returns the path to the cloned repo
+      def clone_repo_contents(target_directory: nil)
+        @clone_repo_contents ||=
+          _clone_repo_contents(target_directory: target_directory)
+      end
+
       private
 
       def fetch_file_if_present(filename, fetch_submodules: false)
@@ -419,6 +425,20 @@ module Dependabot
           max_by(&:length)
       end
 
+      def _clone_repo_contents(target_directory:)
+        SharedHelpers.with_git_configured(credentials: credentials) do
+          path = target_directory || File.join("tmp", source.repo)
+          return path if Dir.exist?(File.join(path, ".git"))
+
+          FileUtils.mkdir_p(path)
+          br_opt = " --branch=#{source.branch} --single-branch" if source.branch
+          SharedHelpers.run_shell_command(
+            "git clone --depth=1#{br_opt} #{source.url} #{path}"
+          )
+          path
+        end
+      end
+
       def client_for_provider
         case source.provider
         when "github" then github_client

data/lib/dependabot/file_parsers/base.rb

@@ -3,10 +3,12 @@
 module Dependabot
   module FileParsers
     class Base
-      attr_reader :dependency_files, :credentials, :source
+      attr_reader :dependency_files, :repo_contents_path, :credentials, :source
 
-      def initialize(dependency_files:, source:, credentials: [])
+      def initialize(dependency_files:, repo_contents_path: nil, source:,
+                     credentials: [])
         @dependency_files = dependency_files
+        @repo_contents_path = repo_contents_path
         @credentials = credentials
         @source = source
 

data/lib/dependabot/file_updaters/base.rb

@@ -3,15 +3,18 @@
 module Dependabot
   module FileUpdaters
     class Base
-      attr_reader :dependencies, :dependency_files, :credentials
+      attr_reader :dependencies, :dependency_files, :repo_contents_path,
+                  :credentials
 
       def self.updated_files_regex
         raise NotImplementedError
       end
 
-      def initialize(dependencies:, dependency_files:, credentials:)
+      def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
+                     credentials:)
         @dependencies = dependencies
         @dependency_files = dependency_files
+        @repo_contents_path = repo_contents_path
         @credentials = credentials
 
         check_required_files

data/lib/dependabot/pull_request_creator/github.rb

@@ -170,12 +170,23 @@ module Dependabot
               sha: file.content
             }
           else
+            content = if file.binary?
+                        sha = github_client_for_source.create_blob(
+                          source.repo, file.content, "base64"
+                        )
+                        { sha: sha }
+                      elsif file.deleted?
+                        { sha: nil }
+                      else
+                        { content: file.content }
+                      end
+
             {
-              path: (file.symlink_target || file.path).sub(%r{^/}, ""),
+              path: (file.symlink_target ||
+                     file.path).sub(%r{^/}, ""),
               mode: "100644",
-              type: "blob",
-              content: file.content
-            }
+              type: "blob"
+            }.merge(content)
           end
         end
 

data/lib/dependabot/shared_helpers.rb

@@ -29,6 +29,19 @@ module Dependabot
       end
     end
 
+    def self.in_a_temporary_repo_directory(directory = "/",
+                                           repo_contents_path = nil,
+                                           &block)
+      if repo_contents_path
+        path = Pathname.new(File.join(repo_contents_path, directory)).
+               expand_path
+        reset_git_repo(repo_contents_path)
+        Dir.chdir(path) { yield(path) }
+      else
+        in_a_temporary_directory(directory, &block)
+      end
+    end
+
     def self.in_a_temporary_directory(directory = "/")
       Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
       Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
@@ -209,6 +222,12 @@ module Dependabot
       File.write("git.store", git_store_content)
     end
 
+    def self.reset_git_repo(path)
+      Dir.chdir(path) do
+        run_shell_command("git reset HEAD --hard && git clean -fx")
+      end
+    end
+
     def self.stash_global_git_config
       return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
 
@@ -234,7 +253,7 @@ module Dependabot
 
       # Raise an error with the output from the shell session if the
       # command returns a non-zero status
-      return if process.success?
+      return stdout if process.success?
 
       error_context = {
         command: command,

data/lib/dependabot/update_checkers/base.rb

@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
 module Dependabot
   module UpdateCheckers
     class Base
-      attr_reader :dependency, :dependency_files, :credentials,
-                  :ignored_versions, :raise_on_ignored,
+      attr_reader :dependency, :dependency_files, :repo_contents_path,
+                  :credentials, :ignored_versions, :raise_on_ignored,
                   :security_advisories, :requirements_update_strategy
 
-      def initialize(dependency:, dependency_files:, credentials:,
-                     ignored_versions: [], raise_on_ignored: false,
-                     security_advisories: [],
+      def initialize(dependency:, dependency_files:, repo_contents_path: nil,
+                     credentials:, ignored_versions: [],
+                     raise_on_ignored: false, security_advisories: [],
                      requirements_update_strategy: nil)
         @dependency = dependency
         @dependency_files = dependency_files
+        @repo_contents_path = repo_contents_path
         @credentials = credentials
         @requirements_update_strategy = requirements_update_strategy
         @ignored_versions = ignored_versions

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.118.13"
+  VERSION = "0.119.0.beta1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.118.13
+  version: 0.119.0.beta1
 platform: ruby
 authors:
 - Dependabot
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-19 00:00:00.000000000 Z
+date: 2020-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -393,7 +393,7 @@ homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -408,8 +408,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Shared code used between Dependabot package managers
 test_files: []