dependabot-common 0.139.1 → 0.140.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14fda97b138d41cabecc3d42788bb0b4a327de69d04dc23f897daf83b9881df7
-  data.tar.gz: 9f3ee6368d26b56394b10c3dc2c104c316ef56cb4cda642915f8a45da61af116
+  metadata.gz: 189215ae85298ad27a01437d5702c01c8ba2e68dd149f1b334118680888bbc51
+  data.tar.gz: df61584f2d45aaad32480af08209e911271feab1c1c378167a84cf272b46aa3c
 SHA512:
-  metadata.gz: 5a09177d3c27a3c321980a9acf566543ce1ee657300854dc2e7a942de2e1124bea8189bcb54eb459d7e2820dc8745424c3479422ccf772b173db79027ac37567
-  data.tar.gz: c17abdd1331d9ee815a44e77e5de2ea51050c153a00859e411dddc78915c641bb385f2d45e7dd034fd9ea1efd4d82b29cdde4192dfc2efb9c641911472161471
+  metadata.gz: 907e246bd29e3393be326e7fcfe285c4211d1851fbb58d55b67f5e3530d1b11b107816f142e3c86081f6457d745e91b25bfa8f5abfa9b020deb631dc96196e85
+  data.tar.gz: b52deaf257874776bcf38e7a4346ce07ade51e490ad8ef864c4048bf6451bc5c69231f20a273fc45184107de50b08afcac041e122f45e6477765961b0d956a18

data/lib/dependabot/dependency_file.rb

@@ -5,23 +5,33 @@ require "pathname"
 module Dependabot
   class DependencyFile
     attr_accessor :name, :content, :directory, :type, :support_file,
-                  :symlink_target, :content_encoding, :deleted
+                  :symlink_target, :content_encoding, :operation
 
     class ContentEncoding
       UTF_8 = "utf-8"
       BASE64 = "base64"
     end
 
+    class Operation
+      UPDATE = "update"
+      CREATE = "create"
+      DELETE = "delete"
+    end
+
     def initialize(name:, content:, directory: "/", type: "file",
                    support_file: false, symlink_target: nil,
-                   content_encoding: ContentEncoding::UTF_8, deleted: false)
+                   content_encoding: ContentEncoding::UTF_8, deleted: false, operation: Operation::UPDATE)
       @name = name
       @content = content
       @directory = clean_directory(directory)
       @symlink_target = symlink_target
       @support_file = support_file
       @content_encoding = content_encoding
-      @deleted = deleted
+      @operation = operation
+
+      # Make deleted override the operation. Deleted is kept when operation
+      # was introduced to keep compatibility with downstream dependants.
+      @operation = Operation::DELETE if deleted
 
       # Type is used *very* sparingly. It lets the git_modules updater know that
       # a "file" is actually a submodule, and lets our Go updaters know which
@@ -44,7 +54,8 @@ module Dependabot
         "type" => type,
         "support_file" => support_file,
         "content_encoding" => content_encoding,
-        "deleted" => deleted
+        "deleted" => deleted,
+        "operation" => operation
       }
 
       details["symlink_target"] = symlink_target if symlink_target
@@ -75,8 +86,16 @@ module Dependabot
       @support_file
     end
 
+    def deleted
+      @operation == Operation::DELETE
+    end
+
+    def deleted=(deleted)
+      @operation = deleted ? Operation::DELETE : Operation::UPDATE
+    end
+
     def deleted?
-      @deleted
+      deleted
     end
 
     def binary?

data/lib/dependabot/file_updaters/vendor_updater.rb

@@ -27,12 +27,20 @@ module Dependabot
           )
           changed_paths = status.split("\n").map { |l| l.split(" ") }
           changed_paths.map do |type, path|
-            deleted = type == "D"
+            # The following types are possible to be returned:
+            # M = Modified = Default for DependencyFile
+            # D = Deleted
+            # ?? = Untracked = Created
+            operation = Dependabot::DependencyFile::Operation::UPDATE
+            operation = Dependabot::DependencyFile::Operation::DELETE if type == "D"
+            operation = Dependabot::DependencyFile::Operation::CREATE if type == "??"
             encoding = ""
-            encoded_content = File.read(path) unless deleted
+            encoded_content = File.read(path) unless operation == Dependabot::DependencyFile::Operation::DELETE
             if binary_file?(path)
               encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
-              encoded_content = Base64.encode64(encoded_content) unless deleted
+              if operation != Dependabot::DependencyFile::Operation::DELETE
+                encoded_content = Base64.encode64(encoded_content)
+              end
             end
 
             project_root =
@@ -44,7 +52,7 @@ module Dependabot
               name: file_path.to_s,
               content: encoded_content,
               directory: base_directory,
-              deleted: deleted,
+              operation: operation,
               content_encoding: encoding
             )
           end

data/lib/dependabot/pull_request_creator/github.rb

@@ -177,7 +177,7 @@ module Dependabot
               sha: file.content
             }
           else
-            content = if file.deleted?
+            content = if file.operation == Dependabot::DependencyFile::Operation::DELETE
                         { sha: nil }
                       elsif file.binary?
                         sha = github_client_for_source.create_blob(

data/lib/dependabot/pull_request_creator/gitlab.rb

@@ -91,23 +91,26 @@ module Dependabot
         )
       end
 
+      # @param [DependencyFile] file
+      def file_action(file)
+        if file.operation == Dependabot::DependencyFile::Operation::DELETE
+          "delete"
+        elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
+          "create"
+        else
+          "update"
+        end
+      end
+
       def create_commit
         return create_submodule_update_commit if files.count == 1 && files.first.type == "submodule"
 
         actions = files.map do |file|
-          if file.type == "symlink"
-            {
-              action: "update",
-              file_path: file.symlink_target,
-              content: file.content
-            }
-          else
-            {
-              action: "update",
-              file_path: file.path,
-              content: file.content
-            }
-          end
+          {
+            action: file_action(file),
+            file_path: file.type == "symlink" ? file.symlink_target : file.path,
+            content: file.content
+          }
         end
 
         gitlab_client_for_source.create_commit(

data/lib/dependabot/pull_request_updater/github.rb

@@ -132,7 +132,7 @@ module Dependabot
               sha: file.content
             }
           else
-            content = if file.deleted?
+            content = if file.operation == Dependabot::DependencyFile::Operation::DELETE
                         { sha: nil }
                       elsif file.binary?
                         sha = github_client_for_source.create_blob(

data/lib/dependabot/pull_request_updater/gitlab.rb

@@ -62,10 +62,21 @@ module Dependabot
         gitlab_client_for_source.commit(source.repo, old_commit)
       end
 
+      # @param [DependencyFile] file
+      def file_action(file)
+        if file.operation == Dependabot::DependencyFile::Operation::DELETE
+          "delete"
+        elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
+          "create"
+        else
+          "update"
+        end
+      end
+
       def create_commit
         actions = files.map do |file|
           {
-            action: "update",
+            action: file_action(file),
             file_path: file.type == "symlink" ? file.symlink_target : file.path,
             content: file.content
           }

data/lib/dependabot/shared_helpers.rb

@@ -161,47 +161,21 @@ module Dependabot
       reset_global_git_config(backup_git_config_path)
     end
 
+    def self.credential_helper_path
+      File.join(__dir__, "../../bin/git-credential-store-immutable")
+    end
+
+    # rubocop:disable Metrics/AbcSize
+    # rubocop:disable Metrics/PerceivedComplexity
     def self.configure_git_to_use_https_with_credentials(credentials)
       File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
         file << "# Generated by dependabot/dependabot-core"
       end
-      configure_git_to_use_https
-      configure_git_credentials(credentials)
-    end
-
-    def self.configure_git_to_use_https
-      # NOTE: we use --global here (rather than --system) so that Dependabot
-      # can be run without privileged access
-      run_shell_command(
-        "git config --global --replace-all url.https://github.com/."\
-        "insteadOf ssh://git@github.com/"
-      )
-      run_shell_command(
-        "git config --global --add url.https://github.com/."\
-        "insteadOf ssh://git@github.com:"
-      )
-      run_shell_command(
-        "git config --global --add url.https://github.com/."\
-        "insteadOf git@github.com:"
-      )
-      run_shell_command(
-        "git config --global --add url.https://github.com/."\
-        "insteadOf git@github.com/"
-      )
-      run_shell_command(
-        "git config --global --add url.https://github.com/."\
-        "insteadOf git://github.com/"
-      )
-    end
 
-    # rubocop:disable Metrics/PerceivedComplexity
-    def self.configure_git_credentials(credentials)
       # Then add a file-based credential store that loads a file in this repo.
       # Under the hood this uses git credential-store, but it's invoked through
       # a wrapper binary that only allows non-mutating commands. Without this,
       # whenever the credentials are deemed to be invalid, they're erased.
-      credential_helper_path =
-        File.join(__dir__, "../../bin/git-credential-store-immutable")
       run_shell_command(
         "git config --global credential.helper "\
         "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
@@ -219,6 +193,9 @@ module Dependabot
         github_credentials.find { |c| !c["password"]&.start_with?("v1.") } ||
         github_credentials.first
 
+      # Make sure we always have https alternatives for github.com.
+      configure_git_to_use_https("github.com") if github_credential.nil?
+
       deduped_credentials = credentials -
                             github_credentials +
                             [github_credential].compact
@@ -234,13 +211,40 @@ module Dependabot
           "@#{cred.fetch('host')}"
 
         git_store_content += authenticated_url + "\n"
+        configure_git_to_use_https(cred.fetch("host"))
       end
 
       # Save the file
       File.write("git.store", git_store_content)
     end
+    # rubocop:enable Metrics/AbcSize
     # rubocop:enable Metrics/PerceivedComplexity
 
+    def self.configure_git_to_use_https(host)
+      # NOTE: we use --global here (rather than --system) so that Dependabot
+      # can be run without privileged access
+      run_shell_command(
+        "git config --global --replace-all url.https://#{host}/."\
+        "insteadOf ssh://git@#{host}/"
+      )
+      run_shell_command(
+        "git config --global --add url.https://#{host}/."\
+        "insteadOf ssh://git@#{host}:"
+      )
+      run_shell_command(
+        "git config --global --add url.https://#{host}/."\
+        "insteadOf git@#{host}:"
+      )
+      run_shell_command(
+        "git config --global --add url.https://#{host}/."\
+        "insteadOf git@#{host}/"
+      )
+      run_shell_command(
+        "git config --global --add url.https://#{host}/."\
+        "insteadOf git://#{host}/"
+      )
+    end
+
     def self.reset_git_repo(path)
       Dir.chdir(path) do
         run_shell_command("git reset HEAD --hard")

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.139.1"
+  VERSION = "0.140.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.139.1
+  version: 0.140.3
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-31 00:00:00.000000000 Z
+date: 2021-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport