dependabot-common 0.120.2 → 0.121.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 83263fa7e5a3d1dbd38624d9476cab98b226ef442af42cd6e9324dcb61226476
-  data.tar.gz: a47175b2fb55cb804e95a1f438f21de893f73b3921b319bcb296e3ff7f0397da
+  metadata.gz: 25ecba430a3c4e0437ca444e4ac4ea59341370f1fcc9bf5732aa404ed2c76435
+  data.tar.gz: a5d4c9744bf13f271136c1a307cf04207a7ccc6273d0b52025361d57eb32482f
 SHA512:
-  metadata.gz: c04da188b4d2914b86db40c0640074d45010ce6f0834117b3b6b9faf6371893af47bafd643b4d905a5db2f853c21e3c6cc8c40df38659b93281299820fb6b812
-  data.tar.gz: f6e8639ddfc7ffdd50926c3f32e1087076f3e66ad915eb074663669537b37b993df346dda6fc35144e0fd02aedba423b609e5d6eb596d35ecc67cace0c2c12f7
+  metadata.gz: fd41873f07384bf578d3431471deb14ef57601e48e6a326a68a2d1bcc02cd7de504c02f26e94218591bc8e1536fb0aba030ccb15777bb9e66afb59a0f43a2cb4
+  data.tar.gz: 200b360a032a55d421b903bc62f6285f11650b82a9bcaf366c2842821eaff2c31337ea93cc6a6ca52569065aa1dc0b5ec9bc6309378a1c10ecb619f517c4b808

data/lib/dependabot/file_fetchers/base.rb

@@ -14,7 +14,7 @@ require "dependabot/shared_helpers"
 module Dependabot
   module FileFetchers
     class Base
-      attr_reader :source, :credentials
+      attr_reader :source, :credentials, :repo_contents_path
 
       CLIENT_NOT_FOUND_ERRORS = [
         Octokit::NotFound,
@@ -32,10 +32,19 @@ module Dependabot
         raise NotImplementedError
       end
 
-      def initialize(source:, credentials:)
+      # Creates a new FileFetcher for retrieving `DependencyFile`s.
+      #
+      # Files are typically grabbed individually via the source's API.
+      # repo_contents_path is an optional empty directory that will be used
+      # to clone the entire source repository on first read.
+      #
+      # If provided, file _data_ will be loaded from the clone.
+      # Submodules and directory listings are _not_ currently supported
+      # by repo_contents_path and still use an API trip.
+      def initialize(source:, credentials:, repo_contents_path: nil)
         @source = source
         @credentials = credentials
-
+        @repo_contents_path = repo_contents_path
         @linked_paths = {}
       end
 
@@ -68,14 +77,24 @@ module Dependabot
       end
 
       # Returns the path to the cloned repo
-      def clone_repo_contents(target_directory: nil)
+      def clone_repo_contents
         @clone_repo_contents ||=
-          _clone_repo_contents(target_directory: target_directory)
+          _clone_repo_contents(target_directory: repo_contents_path)
+      rescue Dependabot::SharedHelpers::HelperSubprocessFailed
+        raise Dependabot::RepoNotFound, source
       end
 
       private
 
       def fetch_file_if_present(filename, fetch_submodules: false)
+        unless repo_contents_path.nil?
+          begin
+            return load_cloned_file_if_present(filename)
+          rescue Dependabot::DependencyFileNotFound
+            return
+          end
+        end
+
         dir = File.dirname(filename)
         basename = File.basename(filename)
 
@@ -91,7 +110,35 @@ module Dependabot
         raise Dependabot::DependencyFileNotFound, path
       end
 
+      def load_cloned_file_if_present(filename)
+        path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
+        repo_path = File.join(clone_repo_contents, path)
+        unless File.exist?(repo_path)
+          raise Dependabot::DependencyFileNotFound, path
+        end
+
+        content = File.read(repo_path)
+        type = if File.symlink?(repo_path)
+                 symlink_target = File.readlink(repo_path)
+                 "symlink"
+               else
+                 "file"
+               end
+
+        DependencyFile.new(
+          name: Pathname.new(filename).cleanpath.to_path,
+          directory: directory,
+          type: type,
+          content: content,
+          symlink_target: symlink_target
+        )
+      end
+
       def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
+        unless repo_contents_path.nil?
+          return load_cloned_file_if_present(filename)
+        end
+
         path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
         content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
         type = @linked_paths.key?(path.gsub(%r{^/}, "")) ? "symlink" : type

data/lib/dependabot/file_updaters/base.rb

@@ -4,18 +4,19 @@ module Dependabot
   module FileUpdaters
     class Base
       attr_reader :dependencies, :dependency_files, :repo_contents_path,
-                  :credentials
+                  :credentials, :options
 
       def self.updated_files_regex
         raise NotImplementedError
       end
 
       def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
-                     credentials:)
+                     credentials:, options: {})
         @dependencies = dependencies
         @dependency_files = dependency_files
         @repo_contents_path = repo_contents_path
         @credentials = credentials
+        @options = options
 
         check_required_files
       end

data/lib/dependabot/file_updaters/vendor_updater.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require "dependabot/dependency_file"
+
+module Dependabot
+  module FileUpdaters
+    class VendorUpdater
+      # notable filenames without a reliable extension:
+      TEXT_FILE_NAMES = [
+        "README",
+        "LICENSE",
+        "Gemfile",
+        "Gemfile.lock",
+        ".bundlecache",
+        ".gitignore"
+      ].freeze
+
+      TEXT_FILE_EXTS = [
+        # code
+        ".rb",
+        ".erb",
+        ".gemspec",
+        ".js",
+        ".html",
+        # config
+        ".json",
+        ".xml",
+        ".toml",
+        ".yaml",
+        ".yml",
+        # docs
+        ".md",
+        ".txt",
+        ".go"
+      ].freeze
+
+      def initialize(repo_contents_path:, vendor_dir:)
+        @repo_contents_path = repo_contents_path
+        @vendor_dir = vendor_dir
+      end
+
+      # Returns changed files in the vendor/cache folder
+      #
+      # @param base_directory [String] Update config base directory
+      # @return [Array<Dependabot::DependencyFile>]
+      def updated_vendor_cache_files(base_directory:)
+        return [] unless repo_contents_path && vendor_dir
+
+        Dir.chdir(repo_contents_path) do
+          relative_dir = vendor_dir.sub("#{repo_contents_path}/", "")
+          status = SharedHelpers.run_shell_command(
+            "git status --untracked-files=all --porcelain=v1 #{relative_dir}"
+          )
+          changed_paths = status.split("\n").map { |l| l.split(" ") }
+          changed_paths.map do |type, path|
+            deleted = type == "D"
+            encoding = ""
+            encoded_content = File.read(path) unless deleted
+            if binary_file?(path)
+              encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
+              encoded_content = Base64.encode64(encoded_content) unless deleted
+            end
+            Dependabot::DependencyFile.new(
+              name: path,
+              content: encoded_content,
+              directory: base_directory,
+              deleted: deleted,
+              content_encoding: encoding
+            )
+          end
+        end
+      end
+
+      private
+
+      attr_reader :repo_contents_path, :vendor_dir
+
+      def binary_file?(path)
+        return false if TEXT_FILE_NAMES.include?(File.basename(path))
+        return false if TEXT_FILE_EXTS.include?(File.extname(path))
+
+        true
+      end
+    end
+  end
+end

data/lib/dependabot/shared_helpers.rb

@@ -8,6 +8,8 @@ require "digest"
 require "open3"
 require "shellwords"
 
+require "dependabot/version"
+
 module Dependabot
   module SharedHelpers
     BUMP_TMP_FILE_PREFIX = "dependabot_"
@@ -151,13 +153,14 @@ module Dependabot
 
     def self.excon_defaults(options = nil)
       options ||= {}
+      headers = options.delete(:headers)
       {
         connect_timeout: 5,
         write_timeout: 5,
         read_timeout: 20,
         omit_default_port: true,
         middlewares: excon_middleware,
-        headers: excon_headers(options[:headers])
+        headers: excon_headers(headers)
       }.merge(options)
     end
 

data/lib/dependabot/utils.rb

@@ -29,5 +29,15 @@ module Dependabot
     def self.register_requirement_class(package_manager, requirement_class)
       @requirement_classes[package_manager] = requirement_class
     end
+
+    @cloning_package_managers = Set[]
+
+    def self.always_clone_for_package_manager?(package_manager)
+      @cloning_package_managers.include?(package_manager)
+    end
+
+    def self.register_always_clone(package_manager)
+      @cloning_package_managers << package_manager
+    end
   end
 end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.120.2"
+  VERSION = "0.121.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.120.2
+  version: 0.121.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-25 00:00:00.000000000 Z
+date: 2020-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -292,14 +292,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.91.0
+        version: 0.92.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.91.0
+        version: 0.92.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -356,6 +356,7 @@ files:
 - lib/dependabot/file_updaters.rb
 - lib/dependabot/file_updaters/README.md
 - lib/dependabot/file_updaters/base.rb
+- lib/dependabot/file_updaters/vendor_updater.rb
 - lib/dependabot/git_commit_checker.rb
 - lib/dependabot/git_metadata_fetcher.rb
 - lib/dependabot/metadata_finders.rb