dependabot-common 0.120.1 → 0.121.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e821980897c896e2168012ad53b0abfbef9d7f74b12da81c9fdcbbfbe7a979a3
-  data.tar.gz: 4a0184cde0aaa924ebca0068094cf299f67d7c4bc51bdec4c467e84bc1c57823
+  metadata.gz: e49dd9c04e251ff4d87f90eaef54669476e9c50c0edb30566e642a17ca1f67e5
+  data.tar.gz: 9cfe5407169467cdae03e431795dea225ece22c128eabcdaf2009eb67f3a63b4
 SHA512:
-  metadata.gz: fe4f0b9234032f9728db6e8fe08269f001241dfd0012b99410678ab1a1c5ef1388d10d94fd4f7e27cb3329a7049d7de06659b09790dce9d16a95a6bc0fbc6f85
-  data.tar.gz: 0f3139f4c4271e542c3ae30b231f909538caeace5a7d47bbd0da3873c2e9a3a13a2b768eadebe85ef4167b4834c305d7fb3decbc088dbfcba7b2f0a577a869c0
+  metadata.gz: dae7095e2a8c9b961c24c8f24ed370f55e6033109ff0ac31f01113153454fb3c1f2a75e3efc7d00a9fae3386788d1e51f5de13b1b196e03ddd3a49b97c895c71
+  data.tar.gz: 0f61149cd1a25f5e378250d4b6158faf7954f1893089723ffd0116f9715f63007b242cfc44a57900b60ec2ee940843537b2cf072dab21f0cdc5858f72118d0eb

data/lib/dependabot/clients/azure.rb

@@ -184,11 +184,12 @@ module Dependabot
       def get(url)
         response = Excon.get(
           url,
-          headers: auth_header,
           user: credentials&.fetch("username", nil),
           password: credentials&.fetch("password", nil),
           idempotent: true,
-          **SharedHelpers.excon_defaults
+          **SharedHelpers.excon_defaults(
+            headers: auth_header
+          )
         )
         raise NotFound if response.status == 404
 
@@ -198,16 +199,17 @@ module Dependabot
       def post(url, json)
         response = Excon.post(
           url,
-          headers: auth_header.merge(
-            {
-              "Content-Type" => "application/json"
-            }
-          ),
           body: json,
           user: credentials&.fetch("username", nil),
           password: credentials&.fetch("password", nil),
           idempotent: true,
-          **SharedHelpers.excon_defaults
+          **SharedHelpers.excon_defaults(
+            headers: auth_header.merge(
+              {
+                "Content-Type" => "application/json"
+              }
+            )
+          )
         )
         raise NotFound if response.status == 404
 

data/lib/dependabot/file_fetchers/base.rb

@@ -14,7 +14,7 @@ require "dependabot/shared_helpers"
 module Dependabot
   module FileFetchers
     class Base
-      attr_reader :source, :credentials
+      attr_reader :source, :credentials, :repo_contents_path
 
       CLIENT_NOT_FOUND_ERRORS = [
         Octokit::NotFound,
@@ -32,10 +32,19 @@ module Dependabot
         raise NotImplementedError
       end
 
-      def initialize(source:, credentials:)
+      # Creates a new FileFetcher for retrieving `DependencyFile`s.
+      #
+      # Files are typically grabbed individually via the source's API.
+      # repo_contents_path is an optional empty directory that will be used
+      # to clone the entire source repository on first read.
+      #
+      # If provided, file _data_ will be loaded from the clone.
+      # Submodules and directory listings are _not_ currently supported
+      # by repo_contents_path and still use an API trip.
+      def initialize(source:, credentials:, repo_contents_path: nil)
         @source = source
         @credentials = credentials
-
+        @repo_contents_path = repo_contents_path
         @linked_paths = {}
       end
 
@@ -68,14 +77,24 @@ module Dependabot
       end
 
       # Returns the path to the cloned repo
-      def clone_repo_contents(target_directory: nil)
+      def clone_repo_contents
         @clone_repo_contents ||=
-          _clone_repo_contents(target_directory: target_directory)
+          _clone_repo_contents(target_directory: repo_contents_path)
+      rescue Dependabot::SharedHelpers::HelperSubprocessFailed
+        raise Dependabot::RepoNotFound, source
       end
 
       private
 
       def fetch_file_if_present(filename, fetch_submodules: false)
+        unless repo_contents_path.nil?
+          begin
+            return load_cloned_file_if_present(filename)
+          rescue Dependabot::DependencyFileNotFound
+            return
+          end
+        end
+
         dir = File.dirname(filename)
         basename = File.basename(filename)
 
@@ -91,7 +110,35 @@ module Dependabot
         raise Dependabot::DependencyFileNotFound, path
       end
 
+      def load_cloned_file_if_present(filename)
+        path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
+        repo_path = File.join(clone_repo_contents, path)
+        unless File.exist?(repo_path)
+          raise Dependabot::DependencyFileNotFound, path
+        end
+
+        content = File.read(repo_path)
+        type = if File.symlink?(repo_path)
+                 symlink_target = File.readlink(repo_path)
+                 "symlink"
+               else
+                 "file"
+               end
+
+        DependencyFile.new(
+          name: Pathname.new(filename).cleanpath.to_path,
+          directory: directory,
+          type: type,
+          content: content,
+          symlink_target: symlink_target
+        )
+      end
+
       def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
+        unless repo_contents_path.nil?
+          return load_cloned_file_if_present(filename)
+        end
+
         path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
         content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
         type = @linked_paths.key?(path.gsub(%r{^/}, "")) ? "symlink" : type

data/lib/dependabot/file_updaters/base.rb

@@ -4,18 +4,19 @@ module Dependabot
   module FileUpdaters
     class Base
       attr_reader :dependencies, :dependency_files, :repo_contents_path,
-                  :credentials
+                  :credentials, :options
 
       def self.updated_files_regex
         raise NotImplementedError
       end
 
       def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
-                     credentials:)
+                     credentials:, options: {})
         @dependencies = dependencies
         @dependency_files = dependency_files
         @repo_contents_path = repo_contents_path
         @credentials = credentials
+        @options = options
 
         check_required_files
       end

data/lib/dependabot/git_metadata_fetcher.rb

@@ -183,7 +183,7 @@ module Dependabot
 
     def excon_defaults
       # Some git hosts are slow when returning a large number of tags
-      SharedHelpers.excon_defaults.merge(read_timeout: 20)
+      SharedHelpers.excon_defaults(read_timeout: 20)
     end
   end
 end

data/lib/dependabot/shared_helpers.rb

@@ -8,11 +8,17 @@ require "digest"
 require "open3"
 require "shellwords"
 
+require "dependabot/version"
+
 module Dependabot
   module SharedHelpers
     BUMP_TMP_FILE_PREFIX = "dependabot_"
     BUMP_TMP_DIR_PATH = "tmp"
     GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
+    USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
+                 "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
+                 "(#{RUBY_PLATFORM}) "\
+                 "(+https://github.com/dependabot/dependabot-core)"
 
     class ChildProcessFailed < StandardError
       attr_reader :error_class, :error_message, :error_backtrace
@@ -138,14 +144,24 @@ module Dependabot
         [Excon::Middleware::RedirectFollower]
     end
 
-    def self.excon_defaults
+    def self.excon_headers(headers = nil)
+      headers ||= {}
+      {
+        "User-Agent" => USER_AGENT
+      }.merge(headers)
+    end
+
+    def self.excon_defaults(options = nil)
+      options ||= {}
+      headers = options.delete(:headers)
       {
         connect_timeout: 5,
         write_timeout: 5,
         read_timeout: 20,
         omit_default_port: true,
-        middlewares: excon_middleware
-      }
+        middlewares: excon_middleware,
+        headers: excon_headers(headers)
+      }.merge(options)
     end
 
     def self.with_git_configured(credentials:)

data/lib/dependabot/utils.rb

@@ -29,5 +29,15 @@ module Dependabot
     def self.register_requirement_class(package_manager, requirement_class)
       @requirement_classes[package_manager] = requirement_class
     end
+
+    @cloning_package_managers = Set[]
+
+    def self.always_clone_for_package_manager?(package_manager)
+      @cloning_package_managers.include?(package_manager)
+    end
+
+    def self.register_always_clone(package_manager)
+      @cloning_package_managers << package_manager
+    end
   end
 end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.120.1"
+  VERSION = "0.121.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.120.1
+  version: 0.121.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-25 00:00:00.000000000 Z
+date: 2020-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -292,14 +292,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.91.0
+        version: 0.92.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.91.0
+        version: 0.92.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement