dependabot-common 0.129.2 → 0.130.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c7174415aef0e15737217d314a45c2630aacae829ef4e513534ad6f4a4a20e0e
-  data.tar.gz: 0f995c8ec75f07917de8829386a070a2d1ac3dab21162299b2b0cb3fa83190b7
+  metadata.gz: 1824c73ccafb3e95ab20e310365a7d2242b7c11d9ca4baf8d78a85754c7874fc
+  data.tar.gz: d024003cc13c297a07a528f404fe9b32d731302a543e827ec1c25abdff93209a
 SHA512:
-  metadata.gz: 41418972531aedf8379e330be0fc3439ecf7ec7f9d247740be77f9dd2d4a7d6da7c63769fd615bcd378f4e13075a41fab52069557e7cd6f6227ed05058f33f2e
-  data.tar.gz: 81b2df6efb3465fd42563ea28fa728a170d0bac9b68f7bd0cf13cfe4783d04dbab2bed462e59f7c3cd0fbc4114fc085b57f43bf2fcaf32e66669d1f0a599708b
+  metadata.gz: b0e6f725691d7c40f0c5e93ae28ccb765b03e0d39191d73cd66e9c94d166634ba04420a2ce4b5efb68de7f2188081a1a5ae72819384a1a86dc27eb6b9cb29bef
+  data.tar.gz: 2334d9e4713a924b67af19f699054b79f8bc36d4854228f0eaafa82047133850fe28cc9a20dd64fa758983d726e180c0c71ab53cda2bdd3208cc11aca7b435ce

data/lib/dependabot/clients/bitbucket.rb

@@ -12,6 +12,19 @@ module Dependabot
 
       class Forbidden < StandardError; end
 
+      #######################
+      # Constructor methods #
+      #######################
+
+      def self.for_source(source:, credentials:)
+        credential =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          find { |cred| cred["host"] == source.hostname }
+
+        new(credentials: credential)
+      end
+
       ##########
       # Client #
       ##########
@@ -53,6 +66,81 @@ module Dependabot
         response.body
       end
 
+      def commits(repo, branch_name = nil)
+        commits_path = "#{repo}/commits/#{branch_name}?pagelen=100"
+        next_page_url = base_url + commits_path
+        paginate({ "next" => next_page_url })
+      end
+
+      def branch(repo, branch_name)
+        branch_path = "#{repo}/refs/branches/#{branch_name}"
+        response = get(base_url + branch_path)
+
+        JSON.parse(response.body)
+      end
+
+      def pull_requests(repo, source_branch, target_branch)
+        pr_path = "#{repo}/pullrequests"
+        # Get pull requests with any status
+        pr_path += "?status=OPEN&status=MERGED&status=DECLINED&status=SUPERSEDED"
+        next_page_url = base_url + pr_path
+        pull_requests = paginate({ "next" => next_page_url })
+
+        pull_requests unless source_branch && target_branch
+
+        pull_requests.select do |pr|
+          pr_source_branch = pr.fetch("source").fetch("branch").fetch("name")
+          pr_target_branch = pr.fetch("destination").fetch("branch").fetch("name")
+          pr_source_branch == source_branch && pr_target_branch == target_branch
+        end
+      end
+
+      # rubocop:disable Metrics/ParameterLists
+      def create_commit(repo, branch_name, base_commit, commit_message, files,
+                        author_details)
+        parameters = {
+          message: commit_message, # TODO: Format markup in commit message
+          author: "#{author_details.fetch(:name)} <#{author_details.fetch(:email)}>",
+          parents: base_commit,
+          branch: branch_name
+        }
+
+        files.each do |file|
+          absolute_path = file.name.start_with?("/") ? file.name : "/" + file.name
+          parameters[absolute_path] = file.content
+        end
+
+        body = encode_form_parameters(parameters)
+
+        commit_path = "#{repo}/src"
+        post(base_url + commit_path, body, "application/x-www-form-urlencoded")
+      end
+      # rubocop:enable Metrics/ParameterLists
+
+      # rubocop:disable Metrics/ParameterLists
+      def create_pull_request(repo, pr_name, source_branch, target_branch,
+                              pr_description, _labels, _work_item = nil)
+        content = {
+          title: pr_name,
+          source: {
+            branch: {
+              name: source_branch
+            }
+          },
+          destination: {
+            branch: {
+              name: target_branch
+            }
+          },
+          description: pr_description,
+          close_source_branch: true
+        }
+
+        pr_path = "#{repo}/pullrequests"
+        post(base_url + pr_path, content.to_json)
+      end
+      # rubocop:enable Metrics/ParameterLists
+
       def tags(repo)
         path = "#{repo}/refs/tags?pagelen=100"
         response = get(base_url + path)
@@ -90,6 +178,28 @@ module Dependabot
         response
       end
 
+      def post(url, body, content_type = "application/json")
+        response = Excon.post(
+          url,
+          body: body,
+          user: credentials&.fetch("username", nil),
+          password: credentials&.fetch("password", nil),
+          idempotent: false,
+          **SharedHelpers.excon_defaults(
+            headers: auth_header.merge(
+              {
+                "Content-Type" => content_type
+              }
+            )
+          )
+        )
+        raise Unauthorized if response.status == 401
+        raise Forbidden if response.status == 403
+        raise NotFound if response.status == 404
+
+        response
+      end
+
       private
 
       def auth_header_for(token)
@@ -98,6 +208,37 @@ module Dependabot
         { "Authorization" => "Bearer #{token}" }
       end
 
+      def encode_form_parameters(parameters)
+        parameters.map do |key, value|
+          URI.encode_www_form_component(key.to_s) + "=" + URI.encode_www_form_component(value.to_s)
+        end.join("&")
+      end
+
+      # Takes a hash with optional `values` and `next` fields
+      # Returns an enumerator.
+      #
+      # Can be used a few ways:
+      # With GET:
+      #     paginate ({"next" => url})
+      # or
+      #     paginate(JSON.parse(get(url).body))
+      #
+      # With POST (for endpoints that provide POST methods for long query parameters)
+      #     response = post(url, body)
+      #     first_page = JSON.parse(repsonse.body)
+      #     paginate(first_page)
+      def paginate(page)
+        Enumerator.new do |yielder|
+          loop do
+            page.fetch("values", []).each { |value| yielder << value }
+            break unless page.key?("next")
+
+            next_page_url = page.fetch("next")
+            page = JSON.parse(get(next_page_url).body)
+          end
+        end
+      end
+
       attr_reader :auth_header
       attr_reader :credentials
 

data/lib/dependabot/logger.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "logger"
+
+module Dependabot
+  def self.logger
+    @logger ||= Logger.new(nil)
+  end
+
+  def self.logger=(logger)
+    @logger = logger
+  end
+end

data/lib/dependabot/pull_request_creator.rb

@@ -5,6 +5,7 @@ require "dependabot/metadata_finders"
 module Dependabot
   class PullRequestCreator
     require "dependabot/pull_request_creator/azure"
+    require "dependabot/pull_request_creator/bitbucket"
     require "dependabot/pull_request_creator/codecommit"
     require "dependabot/pull_request_creator/github"
     require "dependabot/pull_request_creator/gitlab"
@@ -88,6 +89,7 @@ module Dependabot
       when "github" then github_creator.create
       when "gitlab" then gitlab_creator.create
       when "azure" then azure_creator.create
+      when "bitbucket" then bitbucket_creator.create
       when "codecommit" then codecommit_creator.create
       else raise "Unsupported provider #{source.provider}"
       end
@@ -162,6 +164,22 @@ module Dependabot
       )
     end
 
+    def bitbucket_creator
+      Bitbucket.new(
+        source: source,
+        branch_name: branch_namer.new_branch_name,
+        base_commit: base_commit,
+        credentials: credentials,
+        files: files,
+        commit_message: message_builder.commit_message,
+        pr_description: message_builder.pr_message,
+        pr_name: message_builder.pr_name,
+        author_details: author_details,
+        labeler: labeler,
+        work_item: provider_metadata&.fetch(:work_item, nil)
+      )
+    end
+
     def codecommit_creator
       Codecommit.new(
         source: source,

data/lib/dependabot/pull_request_creator/bitbucket.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require "dependabot/clients/bitbucket"
+require "dependabot/pull_request_creator"
+
+module Dependabot
+  class PullRequestCreator
+    class Bitbucket
+      attr_reader :source, :branch_name, :base_commit, :credentials,
+                  :files, :commit_message, :pr_description, :pr_name,
+                  :author_details, :labeler, :work_item
+
+      def initialize(source:, branch_name:, base_commit:, credentials:,
+                     files:, commit_message:, pr_description:, pr_name:,
+                     author_details:, labeler: nil, work_item: nil)
+        @source         = source
+        @branch_name    = branch_name
+        @base_commit    = base_commit
+        @credentials    = credentials
+        @files          = files
+        @commit_message = commit_message
+        @pr_description = pr_description
+        @pr_name        = pr_name
+        @author_details = author_details
+        @labeler        = labeler
+        @work_item      = work_item
+      end
+
+      def create
+        return if branch_exists? && pull_request_exists?
+
+        # FIXME: Copied from Azure, but not verified whether this is true
+        # For Bitbucket we create or update a branch in the same request as creating
+        # a commit (so we don't need create or update branch logic here)
+        create_commit
+
+        create_pull_request
+      end
+
+      private
+
+      def bitbucket_client_for_source
+        @bitbucket_client_for_source ||=
+          Dependabot::Clients::Bitbucket.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+
+      def branch_exists?
+        bitbucket_client_for_source.branch(source.repo, branch_name)
+      rescue Clients::Bitbucket::NotFound
+        false
+      end
+
+      def pull_request_exists?
+        bitbucket_client_for_source.pull_requests(
+          source.repo,
+          branch_name,
+          source.branch || default_branch
+        ).any?
+      end
+
+      def create_commit
+        author = author_details&.slice(:name, :email)
+        author = nil unless author&.any?
+
+        bitbucket_client_for_source.create_commit(
+          source.repo,
+          branch_name,
+          base_commit,
+          commit_message,
+          files,
+          author
+        )
+      end
+
+      def create_pull_request
+        bitbucket_client_for_source.create_pull_request(
+          source.repo,
+          pr_name,
+          branch_name,
+          source.branch || default_branch,
+          pr_description,
+          labeler&.labels_for_pr,
+          work_item
+        )
+      end
+
+      def default_branch
+        @default_branch ||=
+          bitbucket_client_for_source.fetch_default_branch(source.repo)
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -45,9 +45,13 @@ module Dependabot
 
         def sanitize_mentions(doc)
           doc.walk do |node|
-            if !parent_node_link?(node) && node.type == :text &&
+            if node.type == :text &&
                node.string_content.match?(MENTION_REGEX)
-              nodes = build_mention_nodes(node.string_content)
+              nodes = if !parent_node_link?(node)
+                        build_mention_nodes(node.string_content)
+                      else
+                        build_mention_link_text_nodes(node.string_content)
+                      end
 
               nodes.each do |n|
                 node.insert_before(n)
@@ -113,12 +117,18 @@ module Dependabot
           nodes
         end
 
+        def build_mention_link_text_nodes(text)
+          code_node = CommonMarker::Node.new(:code)
+          code_node.string_content = text
+          [code_node]
+        end
+
         def create_link_node(url, text)
           link_node = CommonMarker::Node.new(:link)
-          text_node = CommonMarker::Node.new(:text)
+          code_node = CommonMarker::Node.new(:code)
           link_node.url = url
-          text_node.string_content = text
-          link_node.append_child(text_node)
+          code_node.string_content = text
+          link_node.append_child(code_node)
           link_node
         end
 

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "dependabot/clients/azure"
+require "dependabot/clients/bitbucket"
 require "dependabot/clients/codecommit"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
@@ -264,6 +265,7 @@ module Dependabot
         when "github" then recent_github_commit_messages
         when "gitlab" then recent_gitlab_commit_messages
         when "azure" then recent_azure_commit_messages
+        when "bitbucket" then recent_bitbucket_commit_messages
         when "codecommit" then recent_codecommit_commit_messages
         else raise "Unsupported provider: #{source.provider}"
         end
@@ -307,6 +309,18 @@ module Dependabot
           map(&:strip)
       end
 
+      def recent_bitbucket_commit_messages
+        @recent_bitbucket_commit_messages ||=
+          bitbucket_client_for_source.commits(source.repo)
+
+        @recent_bitbucket_commit_messages.
+          reject { |c| bitbucket_commit_author_email(c) == dependabot_email }.
+          map { |c| c.fetch("message", nil) }.
+          compact.
+          reject { |m| m.start_with?("Merge") }.
+          map(&:strip)
+      end
+
       def recent_codecommit_commit_messages
         @recent_codecommit_commit_messages ||=
           codecommit_client_for_source.commits
@@ -324,6 +338,7 @@ module Dependabot
           when "github" then last_github_dependabot_commit_message
           when "gitlab" then last_gitlab_dependabot_commit_message
           when "azure" then last_azure_dependabot_commit_message
+          when "bitbucket" then last_bitbucket_dependabot_commit_message
           when "codecommit" then last_codecommit_dependabot_commit_message
           else raise "Unsupported provider: #{source.provider}"
           end
@@ -365,6 +380,16 @@ module Dependabot
           strip
       end
 
+      def last_bitbucket_dependabot_commit_message
+        @recent_bitbucket_commit_messages ||=
+          bitbucket_client_for_source.commits(source.repo)
+
+        @recent_bitbucket_commit_messages.
+          find { |c| bitbucket_commit_author_email(c) == dependabot_email }&.
+          fetch("message", nil)&.
+          strip
+      end
+
       def last_codecommit_dependabot_commit_message
         @recent_codecommit_commit_messages ||=
           codecommit_client_for_source.commits(source.repo)
@@ -379,6 +404,11 @@ module Dependabot
         commit.fetch("author").fetch("email", "")
       end
 
+      def bitbucket_commit_author_email(commit)
+        matches = commit.fetch("author").fetch("raw").match(/<(.*)>/)
+        matches ? matches[1] : ""
+      end
+
       def github_client_for_source
         @github_client_for_source ||=
           Dependabot::Clients::GithubWithRetries.for_source(
@@ -403,6 +433,14 @@ module Dependabot
           )
       end
 
+      def bitbucket_client_for_source
+        @bitbucket_client_for_source ||=
+          Dependabot::Clients::Bitbucket.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+
       def codecommit_client_for_source
         @codecommit_client_for_source ||=
           Dependabot::Clients::CodeCommit.for_source(

data/lib/dependabot/utils.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "set"
+
 # TODO: in due course, these "registries" should live in a wrapper gem, not
 #       dependabot-core.
 module Dependabot

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.129.2"
+  VERSION = "0.130.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.129.2
+  version: 0.130.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-04 00:00:00.000000000 Z
+date: 2021-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -168,34 +168,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: parseconfig
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: parser
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: toml-rb
   requirement: !ruby/object:Gem::Requirement
@@ -292,14 +284,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -387,6 +379,7 @@ files:
 - lib/dependabot/file_updaters/vendor_updater.rb
 - lib/dependabot/git_commit_checker.rb
 - lib/dependabot/git_metadata_fetcher.rb
+- lib/dependabot/logger.rb
 - lib/dependabot/metadata_finders.rb
 - lib/dependabot/metadata_finders/README.md
 - lib/dependabot/metadata_finders/base.rb
@@ -396,6 +389,7 @@ files:
 - lib/dependabot/metadata_finders/base/release_finder.rb
 - lib/dependabot/pull_request_creator.rb
 - lib/dependabot/pull_request_creator/azure.rb
+- lib/dependabot/pull_request_creator/bitbucket.rb
 - lib/dependabot/pull_request_creator/branch_namer.rb
 - lib/dependabot/pull_request_creator/codecommit.rb
 - lib/dependabot/pull_request_creator/commit_signer.rb
@@ -438,7 +432,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Shared code used between Dependabot package managers