RubyGems - dependabot-common - Versions diffs - 0.118.16 → 0.119.0.beta1 - Mend

dependabot-common 0.118.16 → 0.119.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of dependabot-common might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/dependabot/file_fetchers/base.rb +17 -1
data/lib/dependabot/pull_request_creator/github.rb +3 -3
data/lib/dependabot/pull_request_updater/github.rb +9 -18
data/lib/dependabot/shared_helpers.rb +20 -1
data/lib/dependabot/version.rb +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b4b213d9ba28b1b28d2b54f8839993546b4b6461f949df87dc803a2bbe979929
-  data.tar.gz: c2f3e3dad541c07fe606333d50269271cb55ac5cf47d457ba50611200c2d94dc
+  metadata.gz: 80651d092678ba4841245e6a4fc002dfba1ab3b2e1a46ed84882885ece8e4989
+  data.tar.gz: f8a26ab2da34de5159d7a94d53a0d81d6f490c7ef8e045dca662bfec0d024dd8
 SHA512:
-  metadata.gz: 97cf295f272280ef1dfa3442f8029edf35f5b6f33e4dfcfd22ce25b44c1c9acdb2273a8ac037f54ad3b2c9410f6d8f8a15c703b390c0eb4f9d57c383da67ac85
-  data.tar.gz: 4b3379d899b4ab131f46f7b40561e62bb95c3f3041656c4ae68d8aeedf694e72e57eb5ca5dbcf9b5b48b82e3b9bef5cd6781cb93300ffdf4b46331bc89f75b7b
+  metadata.gz: efe477821294e613b73ff714056185aa7c8bfaa1133e833d0c9b10ec45316de0937245faa87b81566b5fd4fa671463908e2079a65803eee032cd3028f8070304
+  data.tar.gz: 5b3e6f20b0df041c73eb3f5313474d62910d283748a46c4b5808123c41b6d8ec4a0d213ab33667f9770ff1a9502f6a2906e0ddaec09892e8b37ed167843e032d

data/lib/dependabot/file_fetchers/base.rb CHANGED Viewed

@@ -67,8 +67,10 @@ module Dependabot
         raise unless e.message.include?("Repository is empty")
       end
+      # Returns the path to the cloned repo
       def clone_repo_contents(target_directory: nil)
-        # TODO: add implementation
+        @clone_repo_contents ||=
+          _clone_repo_contents(target_directory: target_directory)
       end
       private
@@ -423,6 +425,20 @@ module Dependabot
           max_by(&:length)
       end
+      def _clone_repo_contents(target_directory:)
+        SharedHelpers.with_git_configured(credentials: credentials) do
+          path = target_directory || File.join("tmp", source.repo)
+          return path if Dir.exist?(File.join(path, ".git"))
+          FileUtils.mkdir_p(path)
+          br_opt = " --branch=#{source.branch} --single-branch" if source.branch
+          SharedHelpers.run_shell_command(
+            "git clone --depth=1#{br_opt} #{source.url} #{path}"
+          )
+          path
+        end
+      end
       def client_for_provider
         case source.provider
         when "github" then github_client

data/lib/dependabot/pull_request_creator/github.rb CHANGED Viewed

@@ -170,13 +170,13 @@ module Dependabot
               sha: file.content
             }
           else
-            content = if file.deleted?
-                        { sha: nil }
-                      elsif file.binary?
+            content = if file.binary?
                         sha = github_client_for_source.create_blob(
                           source.repo, file.content, "base64"
                         )
                         { sha: sha }
+                      elsif file.deleted?
+                        { sha: nil }
                       else
                         { content: file.content }
                       end

data/lib/dependabot/pull_request_updater/github.rb CHANGED Viewed

@@ -124,7 +124,14 @@ module Dependabot
       def create_tree
         file_trees = files.map do |file|
-          if file.type == "submodule"
+          if %w(file symlink).include?(file.type)
+            {
+              path: (file.symlink_target || file.path).sub(%r{^/}, ""),
+              mode: "100644",
+              type: "blob",
+              content: file.content
+            }
+          elsif file.type == "submodule"
             {
               path: file.path.sub(%r{^/}, ""),
               mode: "160000",
@@ -132,23 +139,7 @@ module Dependabot
               sha: file.content
             }
           else
-            content = if file.deleted?
-                        { sha: nil }
-                      elsif file.binary?
-                        sha = github_client_for_source.create_blob(
-                          source.repo, file.content, "base64"
-                        )
-                        { sha: sha }
-                      else
-                        { content: file.content }
-                      end
-            {
-              path: (file.symlink_target ||
-                     file.path).sub(%r{^/}, ""),
-              mode: "100644",
-              type: "blob"
-            }.merge(content)
+            raise "Unknown file type #{file.type}"
           end
         end

data/lib/dependabot/shared_helpers.rb CHANGED Viewed

@@ -29,6 +29,19 @@ module Dependabot
       end
     end
+    def self.in_a_temporary_repo_directory(directory = "/",
+                                           repo_contents_path = nil,
+                                           &block)
+      if repo_contents_path
+        path = Pathname.new(File.join(repo_contents_path, directory)).
+               expand_path
+        reset_git_repo(repo_contents_path)
+        Dir.chdir(path) { yield(path) }
+      else
+        in_a_temporary_directory(directory, &block)
+      end
+    end
     def self.in_a_temporary_directory(directory = "/")
       Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
       Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
@@ -209,6 +222,12 @@ module Dependabot
       File.write("git.store", git_store_content)
     end
+    def self.reset_git_repo(path)
+      Dir.chdir(path) do
+        run_shell_command("git reset HEAD --hard && git clean -fx")
+      end
+    end
     def self.stash_global_git_config
       return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
@@ -234,7 +253,7 @@ module Dependabot
       # Raise an error with the output from the shell session if the
       # command returns a non-zero status
-      return if process.success?
+      return stdout if process.success?
       error_context = {
         command: command,

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.118.16"
+  VERSION = "0.119.0.beta1"
 end

metadata CHANGED Viewed

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.118.16
+  version: 0.119.0.beta1
 platform: ruby
 authors:
 - Dependabot
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
 date: 2020-08-20 00:00:00.000000000 Z
@@ -393,7 +393,7 @@ homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -408,8 +408,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Shared code used between Dependabot package managers
 test_files: []