dependabot-common 0.119.6 → 0.120.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce4dd778f67c7a4f612edfbe2f1ef0bae78566f7c50a46212f0244745cf07da1
-  data.tar.gz: 46f644e4de54337eb399265827d754e6ba82477603e046f42c6d79924b32cb86
+  metadata.gz: 71c52ab937193ccc6c472643fe327544840ce8b99d27454d9f06f77435b52f88
+  data.tar.gz: 5fd0a5e3350466bbf47ea7658caa77c656469f1de10aafb8a8308a3bdd848d71
 SHA512:
-  metadata.gz: 73958fe712b9b38885ec5591114943367adec8cdb77af7efd9a7069261512b2b50b77d7c578335bf87e5f89bef934102c099dd1ec4353ecd075e0924a56d74d8
-  data.tar.gz: 54e51527b3f98b0e2b722b1c2617344d4601fde8272986b02c60edc8e9b1525ccb1ea093efb18a02c259279f75cf3e7ce41d9d6e01641ccc3b675335c930026b
+  metadata.gz: 4d28541943c3f27dfee7688002d4c3bd692597f5870d9db512a4dd07510d0f48db033603172c044c9b713493549878e202130bd77b1a7272c7d51d246b86bf17
+  data.tar.gz: 22a0c6246d7d2494614498736f94295986b29d1adfe31c8442361559d4d957ba7b0a1f419355b079247391cc2be75ad3383c580da2fb4f7de8181f8476014b91

data/lib/dependabot/clients/azure.rb

@@ -153,8 +153,9 @@ module Dependabot
           "/pushes?api-version=5.0", content.to_json)
       end
 
+      # rubocop:disable Metrics/ParameterLists
       def create_pull_request(pr_name, source_branch, target_branch,
-                              pr_description, labels)
+                              pr_description, labels, work_item = nil)
         # Azure DevOps only support descriptions up to 4000 characters
         # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
         azure_max_length = 3999
@@ -163,13 +164,15 @@ module Dependabot
           truncate_length = azure_max_length - truncated_msg.length
           pr_description = pr_description[0..truncate_length] + truncated_msg
         end
+        # rubocop:enable Metrics/ParameterLists
 
         content = {
           sourceRefName: "refs/heads/" + source_branch,
           targetRefName: "refs/heads/" + target_branch,
           title: pr_name,
           description: pr_description,
-          labels: labels.map { |label| { name: label } }
+          labels: labels.map { |label| { name: label } },
+          workItemRefs: [{ id: work_item }]
         }
 
         post(source.api_endpoint +
@@ -181,11 +184,12 @@ module Dependabot
       def get(url)
         response = Excon.get(
           url,
-          headers: auth_header,
           user: credentials&.fetch("username", nil),
           password: credentials&.fetch("password", nil),
           idempotent: true,
-          **SharedHelpers.excon_defaults
+          **SharedHelpers.excon_defaults(
+            headers: auth_header
+          )
         )
         raise NotFound if response.status == 404
 
@@ -195,16 +199,17 @@ module Dependabot
       def post(url, json)
         response = Excon.post(
           url,
-          headers: auth_header.merge(
-            {
-              "Content-Type" => "application/json"
-            }
-          ),
           body: json,
           user: credentials&.fetch("username", nil),
           password: credentials&.fetch("password", nil),
           idempotent: true,
-          **SharedHelpers.excon_defaults
+          **SharedHelpers.excon_defaults(
+            headers: auth_header.merge(
+              {
+                "Content-Type" => "application/json"
+              }
+            )
+          )
         )
         raise NotFound if response.status == 404
 

data/lib/dependabot/file_fetchers/base.rb

@@ -14,7 +14,7 @@ require "dependabot/shared_helpers"
 module Dependabot
   module FileFetchers
     class Base
-      attr_reader :source, :credentials
+      attr_reader :source, :credentials, :repo_contents_path
 
       CLIENT_NOT_FOUND_ERRORS = [
         Octokit::NotFound,
@@ -32,10 +32,19 @@ module Dependabot
         raise NotImplementedError
       end
 
-      def initialize(source:, credentials:)
+      # Creates a new FileFetcher for retrieving `DependencyFile`s.
+      #
+      # Files are typically grabbed individually via the source's API.
+      # repo_contents_path is an optional empty directory that will be used
+      # to clone the entire source repository on first read.
+      #
+      # If provided, file _data_ will be loaded from the clone.
+      # Submodules and directory listings are _not_ currently supported
+      # by repo_contents_path and still use an API trip.
+      def initialize(source:, credentials:, repo_contents_path: nil)
         @source = source
         @credentials = credentials
-
+        @repo_contents_path = repo_contents_path
         @linked_paths = {}
       end
 
@@ -68,14 +77,24 @@ module Dependabot
       end
 
       # Returns the path to the cloned repo
-      def clone_repo_contents(target_directory: nil)
+      def clone_repo_contents
         @clone_repo_contents ||=
-          _clone_repo_contents(target_directory: target_directory)
+          _clone_repo_contents(target_directory: repo_contents_path)
+      rescue Dependabot::SharedHelpers::HelperSubprocessFailed
+        raise Dependabot::RepoNotFound, source
       end
 
       private
 
       def fetch_file_if_present(filename, fetch_submodules: false)
+        unless repo_contents_path.nil?
+          begin
+            return load_cloned_file_if_present(filename)
+          rescue Dependabot::DependencyFileNotFound
+            return
+          end
+        end
+
         dir = File.dirname(filename)
         basename = File.basename(filename)
 
@@ -91,7 +110,35 @@ module Dependabot
         raise Dependabot::DependencyFileNotFound, path
       end
 
+      def load_cloned_file_if_present(filename)
+        path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
+        repo_path = File.join(clone_repo_contents, path)
+        unless File.exist?(repo_path)
+          raise Dependabot::DependencyFileNotFound, path
+        end
+
+        content = File.read(repo_path)
+        type = if File.symlink?(repo_path)
+                 symlink_target = File.readlink(repo_path)
+                 "symlink"
+               else
+                 "file"
+               end
+
+        DependencyFile.new(
+          name: Pathname.new(filename).cleanpath.to_path,
+          directory: directory,
+          type: type,
+          content: content,
+          symlink_target: symlink_target
+        )
+      end
+
       def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
+        unless repo_contents_path.nil?
+          return load_cloned_file_if_present(filename)
+        end
+
         path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
         content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
         type = @linked_paths.key?(path.gsub(%r{^/}, "")) ? "symlink" : type

data/lib/dependabot/git_metadata_fetcher.rb

@@ -183,7 +183,7 @@ module Dependabot
 
     def excon_defaults
       # Some git hosts are slow when returning a large number of tags
-      SharedHelpers.excon_defaults.merge(read_timeout: 20)
+      SharedHelpers.excon_defaults(read_timeout: 20)
     end
   end
 end

data/lib/dependabot/pull_request_creator.rb

@@ -17,13 +17,23 @@ module Dependabot
     class RepoDisabled < StandardError; end
     class NoHistoryInCommon < StandardError; end
 
+    # AnnotationError is raised if a PR was created, but failed annotation
+    class AnnotationError < StandardError
+      attr_reader :cause, :pull_request
+      def initialize(cause, pull_request)
+        super(cause.message)
+        @cause = cause
+        @pull_request = pull_request
+      end
+    end
+
     attr_reader :source, :dependencies, :files, :base_commit,
                 :credentials, :pr_message_header, :pr_message_footer,
                 :custom_labels, :author_details, :signature_key,
                 :commit_message_options, :vulnerabilities_fixed,
                 :reviewers, :assignees, :milestone, :branch_name_separator,
                 :branch_name_prefix, :github_redirection_service,
-                :custom_headers
+                :custom_headers, :provider_metadata
 
     def initialize(source:, base_commit:, dependencies:, files:, credentials:,
                    pr_message_header: nil, pr_message_footer: nil,
@@ -33,7 +43,8 @@ module Dependabot
                    branch_name_separator: "/", branch_name_prefix: "dependabot",
                    label_language: false, automerge_candidate: false,
                    github_redirection_service: "github-redirect.dependabot.com",
-                   custom_headers: nil, require_up_to_date_base: false)
+                   custom_headers: nil, require_up_to_date_base: false,
+                   provider_metadata: {})
       @dependencies               = dependencies
       @source                     = source
       @base_commit                = base_commit
@@ -56,6 +67,7 @@ module Dependabot
       @github_redirection_service = github_redirection_service
       @custom_headers             = custom_headers
       @require_up_to_date_base    = require_up_to_date_base
+      @provider_metadata          = provider_metadata
 
       check_dependencies_have_previous_version
     end
@@ -142,7 +154,8 @@ module Dependabot
         pr_description: message_builder.pr_message,
         pr_name: message_builder.pr_name,
         author_details: author_details,
-        labeler: labeler
+        labeler: labeler,
+        work_item: provider_metadata&.fetch(:work_item, nil)
       )
     end
 

data/lib/dependabot/pull_request_creator/azure.rb

@@ -8,11 +8,11 @@ module Dependabot
     class Azure
       attr_reader :source, :branch_name, :base_commit, :credentials,
                   :files, :commit_message, :pr_description, :pr_name,
-                  :author_details, :labeler
+                  :author_details, :labeler, :work_item
 
       def initialize(source:, branch_name:, base_commit:, credentials:,
                      files:, commit_message:, pr_description:, pr_name:,
-                     author_details:, labeler:)
+                     author_details:, labeler:, work_item: nil)
         @source         = source
         @branch_name    = branch_name
         @base_commit    = base_commit
@@ -23,6 +23,7 @@ module Dependabot
         @pr_name        = pr_name
         @author_details = author_details
         @labeler        = labeler
+        @work_item      = work_item
       end
 
       def create
@@ -46,9 +47,7 @@ module Dependabot
       end
 
       def branch_exists?
-        @branch_ref ||= azure_client_for_source.branch(branch_name)
-
-        @branch_ref
+        azure_client_for_source.branch(branch_name)
       rescue ::Azure::Error::NotFound
         false
       end
@@ -79,7 +78,8 @@ module Dependabot
           branch_name,
           source.branch || default_branch,
           pr_description,
-          labeler.labels_for_pr
+          labeler.labels_for_pr,
+          work_item
         )
       end
 

data/lib/dependabot/pull_request_creator/github.rb

@@ -7,6 +7,7 @@ require "dependabot/pull_request_creator"
 require "dependabot/pull_request_creator/commit_signer"
 module Dependabot
   class PullRequestCreator
+    # rubocop:disable Metrics/ClassLength
     class Github
       attr_reader :source, :branch_name, :base_commit, :credentials,
                   :files, :pr_description, :pr_name, :commit_message,
@@ -41,7 +42,7 @@ module Dependabot
         return if require_up_to_date_base? && !base_commit_is_up_to_date?
 
         create_annotated_pull_request
-      rescue Octokit::Error => e
+      rescue AnnotationError, Octokit::Error => e
         handle_error(e)
       end
 
@@ -111,7 +112,11 @@ module Dependabot
         pull_request = create_pull_request
         return unless pull_request
 
-        annotate_pull_request(pull_request)
+        begin
+          annotate_pull_request(pull_request)
+        rescue StandardError => e
+          raise AnnotationError.new(e, pull_request)
+        end
 
         pull_request
       end
@@ -417,24 +422,49 @@ module Dependabot
       end
 
       def handle_error(err)
-        case err
+        cause = case err
+                when AnnotationError
+                  err.cause
+                else
+                  err
+                end
+
+        case cause
         when Octokit::Forbidden
-          raise RepoDisabled, err.message if err.message.include?("disabled")
-          raise RepoArchived, err.message if err.message.include?("archived")
+          if err.message.include?("disabled")
+            raise_custom_error err, RepoDisabled, err.message
+          elsif err.message.include?("archived")
+            raise_custom_error err, RepoArchived, err.message
+          end
 
           raise err
         when Octokit::NotFound
           raise err if repo_exists?
 
-          raise RepoNotFound, err.message
+          raise_custom_error err, RepoNotFound, err.message
         when Octokit::UnprocessableEntity
-          raise err unless err.message.include?("no history in common")
+          if err.message.include?("no history in common")
+            raise_custom_error err, NoHistoryInCommon, err.message
+          end
 
-          raise NoHistoryInCommon, err.message
+          raise err
         else
           raise err
         end
       end
+
+      def raise_custom_error(base_err, type, message)
+        case base_err
+        when AnnotationError
+          raise AnnotationError.new(
+            type.new(message),
+            base_err.pull_request
+          )
+        else
+          raise type, message
+        end
+      end
     end
+    # rubocop:enable Metrics/ClassLength
   end
 end

data/lib/dependabot/shared_helpers.rb

@@ -8,11 +8,17 @@ require "digest"
 require "open3"
 require "shellwords"
 
+require "dependabot/version"
+
 module Dependabot
   module SharedHelpers
     BUMP_TMP_FILE_PREFIX = "dependabot_"
     BUMP_TMP_DIR_PATH = "tmp"
     GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
+    USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
+                 "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
+                 "(#{RUBY_PLATFORM}) "\
+                 "(+https://github.com/dependabot/dependabot-core)"
 
     class ChildProcessFailed < StandardError
       attr_reader :error_class, :error_message, :error_backtrace
@@ -138,14 +144,24 @@ module Dependabot
         [Excon::Middleware::RedirectFollower]
     end
 
-    def self.excon_defaults
+    def self.excon_headers(headers = nil)
+      headers ||= {}
+      {
+        "User-Agent" => USER_AGENT
+      }.merge(headers)
+    end
+
+    def self.excon_defaults(options = nil)
+      options ||= {}
+      headers = options.delete(:headers)
       {
         connect_timeout: 5,
         write_timeout: 5,
         read_timeout: 20,
         omit_default_port: true,
-        middlewares: excon_middleware
-      }
+        middlewares: excon_middleware,
+        headers: excon_headers(headers)
+      }.merge(options)
     end
 
     def self.with_git_configured(credentials:)

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.119.6"
+  VERSION = "0.120.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.119.6
+  version: 0.120.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-21 00:00:00.000000000 Z
+date: 2020-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -292,14 +292,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.90.0
+        version: 0.91.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.90.0
+        version: 0.91.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement