dependabot-common 0.120.3 → 0.122.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e86bdfc4f410dbf077edfcea229a0125e0e6f56f3f78c02e8a0dcd082cf50445
-  data.tar.gz: e2ec62b6b2d8e487286014b21e87a021d169a518639010d33ab80b3030f8d3af
+  metadata.gz: 0cb8d42beb59f598224b8eeabe01953e3feb92f61e63231ae2e6842f1d848269
+  data.tar.gz: 5a89adfdc3206b73f54a7fc3d72dcb04c18524d6becdb910f9de5f89bbcb8ae3
 SHA512:
-  metadata.gz: 379aadb5ac467e6d8b31fc771f112a2d9590889ab2438326617e6f19f93c2fddc5b20a9fdff7454ef4c870ea849054b15672fb27fbbe99304f33a895bdd91357
-  data.tar.gz: 966790a0b7977b710db805c819b8952c85bad3d6fb87429a3aa8d300bdce13b2381ee3b9cfc184250f1735ee19281d01841fe7eefaad0fc7c40b2a8d33b1d4f5
+  metadata.gz: e97880807e925c059b3b48c9835f70981536b49b82a2e912c8d288fc19d46cb3e705c23a43cd31b3db626249f3383e95bbb334512cc4a7c834b625047c5d6640
+  data.tar.gz: 2f257b6b8e0344bd3992695fb6594702ec6df167f41043f450e22a6719907042286c0fb5f55cf8071d067f705aa4f24a57a9387c0937ea7f9e9f9754ab043f2f

data/lib/dependabot/file_fetchers/base.rb

@@ -14,7 +14,7 @@ require "dependabot/shared_helpers"
 module Dependabot
   module FileFetchers
     class Base
-      attr_reader :source, :credentials
+      attr_reader :source, :credentials, :repo_contents_path
 
       CLIENT_NOT_FOUND_ERRORS = [
         Octokit::NotFound,
@@ -32,10 +32,19 @@ module Dependabot
         raise NotImplementedError
       end
 
-      def initialize(source:, credentials:)
+      # Creates a new FileFetcher for retrieving `DependencyFile`s.
+      #
+      # Files are typically grabbed individually via the source's API.
+      # repo_contents_path is an optional empty directory that will be used
+      # to clone the entire source repository on first read.
+      #
+      # If provided, file _data_ will be loaded from the clone.
+      # Submodules and directory listings are _not_ currently supported
+      # by repo_contents_path and still use an API trip.
+      def initialize(source:, credentials:, repo_contents_path: nil)
         @source = source
         @credentials = credentials
-
+        @repo_contents_path = repo_contents_path
         @linked_paths = {}
       end
 
@@ -68,14 +77,24 @@ module Dependabot
       end
 
       # Returns the path to the cloned repo
-      def clone_repo_contents(target_directory: nil)
+      def clone_repo_contents
         @clone_repo_contents ||=
-          _clone_repo_contents(target_directory: target_directory)
+          _clone_repo_contents(target_directory: repo_contents_path)
+      rescue Dependabot::SharedHelpers::HelperSubprocessFailed
+        raise Dependabot::RepoNotFound, source
       end
 
       private
 
       def fetch_file_if_present(filename, fetch_submodules: false)
+        unless repo_contents_path.nil?
+          begin
+            return load_cloned_file_if_present(filename)
+          rescue Dependabot::DependencyFileNotFound
+            return
+          end
+        end
+
         dir = File.dirname(filename)
         basename = File.basename(filename)
 
@@ -91,7 +110,35 @@ module Dependabot
         raise Dependabot::DependencyFileNotFound, path
       end
 
+      def load_cloned_file_if_present(filename)
+        path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
+        repo_path = File.join(clone_repo_contents, path)
+        unless File.exist?(repo_path)
+          raise Dependabot::DependencyFileNotFound, path
+        end
+
+        content = File.read(repo_path)
+        type = if File.symlink?(repo_path)
+                 symlink_target = File.readlink(repo_path)
+                 "symlink"
+               else
+                 "file"
+               end
+
+        DependencyFile.new(
+          name: Pathname.new(filename).cleanpath.to_path,
+          directory: directory,
+          type: type,
+          content: content,
+          symlink_target: symlink_target
+        )
+      end
+
       def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
+        unless repo_contents_path.nil?
+          return load_cloned_file_if_present(filename)
+        end
+
         path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
         content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
         type = @linked_paths.key?(path.gsub(%r{^/}, "")) ? "symlink" : type

data/lib/dependabot/file_updaters/base.rb

@@ -4,18 +4,19 @@ module Dependabot
   module FileUpdaters
     class Base
       attr_reader :dependencies, :dependency_files, :repo_contents_path,
-                  :credentials
+                  :credentials, :options
 
       def self.updated_files_regex
         raise NotImplementedError
       end
 
       def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
-                     credentials:)
+                     credentials:, options: {})
         @dependencies = dependencies
         @dependency_files = dependency_files
         @repo_contents_path = repo_contents_path
         @credentials = credentials
+        @options = options
 
         check_required_files
       end

data/lib/dependabot/file_updaters/vendor_updater.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require "dependabot/dependency_file"
+
+module Dependabot
+  module FileUpdaters
+    class VendorUpdater
+      # notable filenames without a reliable extension:
+      TEXT_FILE_NAMES = [
+        "README",
+        "LICENSE",
+        "Gemfile",
+        "Gemfile.lock",
+        ".bundlecache",
+        ".gitignore"
+      ].freeze
+
+      TEXT_FILE_EXTS = [
+        # code
+        ".rb",
+        ".erb",
+        ".gemspec",
+        ".js",
+        ".html",
+        # config
+        ".json",
+        ".xml",
+        ".toml",
+        ".yaml",
+        ".yml",
+        # docs
+        ".md",
+        ".txt",
+        ".go"
+      ].freeze
+
+      def initialize(repo_contents_path:, vendor_dir:)
+        @repo_contents_path = repo_contents_path
+        @vendor_dir = vendor_dir
+      end
+
+      # Returns changed files in the vendor/cache folder
+      #
+      # @param base_directory [String] Update config base directory
+      # @return [Array<Dependabot::DependencyFile>]
+      def updated_vendor_cache_files(base_directory:)
+        return [] unless repo_contents_path && vendor_dir
+
+        Dir.chdir(repo_contents_path) do
+          relative_dir = vendor_dir.sub("#{repo_contents_path}/", "")
+          status = SharedHelpers.run_shell_command(
+            "git status --untracked-files=all --porcelain=v1 #{relative_dir}"
+          )
+          changed_paths = status.split("\n").map { |l| l.split(" ") }
+          changed_paths.map do |type, path|
+            deleted = type == "D"
+            encoding = ""
+            encoded_content = File.read(path) unless deleted
+            if binary_file?(path)
+              encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
+              encoded_content = Base64.encode64(encoded_content) unless deleted
+            end
+            Dependabot::DependencyFile.new(
+              name: path,
+              content: encoded_content,
+              directory: base_directory,
+              deleted: deleted,
+              content_encoding: encoding
+            )
+          end
+        end
+      end
+
+      private
+
+      attr_reader :repo_contents_path, :vendor_dir
+
+      def binary_file?(path)
+        return false if TEXT_FILE_NAMES.include?(File.basename(path))
+        return false if TEXT_FILE_EXTS.include?(File.extname(path))
+
+        true
+      end
+    end
+  end
+end

data/lib/dependabot/utils.rb

@@ -29,5 +29,15 @@ module Dependabot
     def self.register_requirement_class(package_manager, requirement_class)
       @requirement_classes[package_manager] = requirement_class
     end
+
+    @cloning_package_managers = Set[]
+
+    def self.always_clone_for_package_manager?(package_manager)
+      @cloning_package_managers.include?(package_manager)
+    end
+
+    def self.register_always_clone(package_manager)
+      @cloning_package_managers << package_manager
+    end
   end
 end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.120.3"
+  VERSION = "0.122.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.120.3
+  version: 0.122.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-28 00:00:00.000000000 Z
+date: 2020-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -292,14 +292,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.91.0
+        version: 0.92.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.91.0
+        version: 0.92.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.0
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.2
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -356,6 +384,7 @@ files:
 - lib/dependabot/file_updaters.rb
 - lib/dependabot/file_updaters/README.md
 - lib/dependabot/file_updaters/base.rb
+- lib/dependabot/file_updaters/vendor_updater.rb
 - lib/dependabot/git_commit_checker.rb
 - lib/dependabot/git_metadata_fetcher.rb
 - lib/dependabot/metadata_finders.rb