dependabot-common 0.163.1 → 0.166.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0bd670e45c5c3fa9f949f99d323975f16c2f6d65750a4027de802d51caba995b
-  data.tar.gz: f003a835d5f5e0875fbac29162dc3df96fd8fb963c691f5b3a9199e1dc25a246
+  metadata.gz: 8a3aea640c5c095314a2a681e4aa83144cfa3438f15ee84a7c6e71c551536b20
+  data.tar.gz: e7da1c50d04f2b84379b57e804702353e1d580718698e12a4ff9448a529dff8d
 SHA512:
-  metadata.gz: 4da8363f3276ad3cedc91a9273f904e6b419ff012511290f49a3c5f64d34a82377f53a0b1abb90b7653fb1d323be249930b6986e8ba8fa1c104f4fa53082cc92
-  data.tar.gz: 78e90b4e462daccab66e4374d5c27e0d4790332b199cd72732097bb08dcd8489a51cf6cddd89cff8458c8ea1416c6dde7104f7bc011e876ac23c5ecaf7471add
+  metadata.gz: 00ab9cb772d94a8f7d8ae82f0d0fff14d6167cbd8ef844fc698e5f81180b00f39cb3cd1dcd7dc4d74e9fb6f749def9a48ce5fdc797d0e93ab7891587735ca6c4
+  data.tar.gz: b847d1a4bbb1b8013caf86988a6e3e055df2294f773c3f2ef849b6a70b7f86ec90e62594e8d36195b01b13ff502206f20dbd730d7616e4b4d3f8eb20e903c642

data/lib/dependabot/pull_request_creator/gitlab.rb

@@ -10,25 +10,26 @@ module Dependabot
       attr_reader :source, :branch_name, :base_commit, :credentials,
                   :files, :pr_description, :pr_name, :commit_message,
                   :author_details, :labeler, :approvers, :assignees,
-                  :milestone
+                  :milestone, :target_project_id
 
       def initialize(source:, branch_name:, base_commit:, credentials:,
                      files:, commit_message:, pr_description:, pr_name:,
                      author_details:, labeler:, approvers:, assignees:,
-                     milestone:)
-        @source         = source
-        @branch_name    = branch_name
-        @base_commit    = base_commit
-        @credentials    = credentials
-        @files          = files
-        @commit_message = commit_message
-        @pr_description = pr_description
-        @pr_name        = pr_name
-        @author_details = author_details
-        @labeler        = labeler
-        @approvers      = approvers
-        @assignees      = assignees
-        @milestone      = milestone
+                     milestone:, target_project_id:)
+        @source            = source
+        @branch_name       = branch_name
+        @base_commit       = base_commit
+        @credentials       = credentials
+        @files             = files
+        @commit_message    = commit_message
+        @pr_description    = pr_description
+        @pr_name           = pr_name
+        @author_details    = author_details
+        @labeler           = labeler
+        @approvers         = approvers
+        @assignees         = assignees
+        @milestone         = milestone
+        @target_project_id = target_project_id
       end
 
       def create
@@ -76,7 +77,7 @@ module Dependabot
 
       def merge_request_exists?
         gitlab_client_for_source.merge_requests(
-          source.repo,
+          target_project_id || source.repo,
           source_branch: branch_name,
           target_branch: source.branch || default_branch,
           state: "all"
@@ -143,7 +144,8 @@ module Dependabot
           remove_source_branch: true,
           assignee_ids: assignees,
           labels: labeler.labels_for_pr.join(","),
-          milestone_id: milestone
+          milestone_id: milestone,
+          target_project_id: target_project_id
         )
       end
 
@@ -156,7 +158,7 @@ module Dependabot
           approvers.keys.map { |k| [k.to_sym, approvers[k]] }.to_h
 
         gitlab_client_for_source.edit_merge_request_approvers(
-          source.repo,
+          target_project_id || source.repo,
           merge_request.iid,
           approver_ids: approvers_hash[:approvers],
           approver_group_ids: approvers_hash[:group_approvers]

data/lib/dependabot/pull_request_creator.rb

@@ -157,7 +157,8 @@ module Dependabot
         labeler: labeler,
         approvers: reviewers,
         assignees: assignees,
-        milestone: milestone
+        milestone: milestone,
+        target_project_id: provider_metadata[:target_project_id]
       )
     end
 

data/lib/dependabot/pull_request_updater/gitlab.rb

@@ -8,16 +8,17 @@ module Dependabot
   class PullRequestUpdater
     class Gitlab
       attr_reader :source, :files, :base_commit, :old_commit, :credentials,
-                  :pull_request_number
+                  :pull_request_number, :target_project_id
 
       def initialize(source:, base_commit:, old_commit:, files:,
-                     credentials:, pull_request_number:)
+                     credentials:, pull_request_number:, target_project_id:)
         @source              = source
         @base_commit         = base_commit
         @old_commit          = old_commit
         @files               = files
         @credentials         = credentials
         @pull_request_number = pull_request_number
+        @target_project_id   = target_project_id
       end
 
       def update
@@ -39,7 +40,7 @@ module Dependabot
 
       def merge_request
         @merge_request ||= gitlab_client_for_source.merge_request(
-          source.repo,
+          target_project_id || source.repo,
           pull_request_number
         )
       end

data/lib/dependabot/pull_request_updater.rb

@@ -9,11 +9,12 @@ module Dependabot
     class BranchProtected < StandardError; end
 
     attr_reader :source, :files, :base_commit, :old_commit, :credentials,
-                :pull_request_number, :author_details, :signature_key
+                :pull_request_number, :author_details, :signature_key, :provider_metadata
 
     def initialize(source:, base_commit:, old_commit:, files:,
                    credentials:, pull_request_number:,
-                   author_details: nil, signature_key: nil)
+                   author_details: nil, signature_key: nil,
+                   provider_metadata: {})
       @source              = source
       @base_commit         = base_commit
       @old_commit          = old_commit
@@ -22,6 +23,7 @@ module Dependabot
       @pull_request_number = pull_request_number
       @author_details      = author_details
       @signature_key       = signature_key
+      @provider_metadata   = provider_metadata
     end
 
     def update
@@ -55,7 +57,8 @@ module Dependabot
         old_commit: old_commit,
         files: files,
         credentials: credentials,
-        pull_request_number: pull_request_number
+        pull_request_number: pull_request_number,
+        target_project_id: provider_metadata[:target_project_id]
       )
     end
 

data/lib/dependabot/shared_helpers.rb

@@ -40,10 +40,14 @@ module Dependabot
 
     def self.in_a_temporary_directory(directory = "/")
       Dir.mkdir(Utils::BUMP_TMP_DIR_PATH) unless Dir.exist?(Utils::BUMP_TMP_DIR_PATH)
-      Dir.mktmpdir(Utils::BUMP_TMP_FILE_PREFIX, Utils::BUMP_TMP_DIR_PATH) do |dir|
-        path = Pathname.new(File.join(dir, directory)).expand_path
+      tmp_dir = Dir.mktmpdir(Utils::BUMP_TMP_FILE_PREFIX, Utils::BUMP_TMP_DIR_PATH)
+
+      begin
+        path = Pathname.new(File.join(tmp_dir, directory)).expand_path
         FileUtils.mkpath(path)
         Dir.chdir(path) { yield(path) }
+      ensure
+        FileUtils.rm_rf(tmp_dir)
       end
     end
 

data/lib/dependabot/source.rb

@@ -9,6 +9,15 @@ module Dependabot
       (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
     }x.freeze
 
+    GITHUB_ENTERPRISE_SOURCE = %r{
+      (?<protocol>(http://|https://|git://|ssh://))*
+      (?<username>[^@]+@)*
+      (?<host>[^/]+)
+      [/:]
+      (?<repo>[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)
+      (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
+    }x.freeze
+
     GITLAB_SOURCE = %r{
       (?<provider>gitlab)
       (?:\.com)[/:]
@@ -36,11 +45,13 @@ module Dependabot
       (?:#{AZURE_SOURCE})
     /x.freeze
 
+    IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org).freeze
+
     attr_accessor :provider, :repo, :directory, :branch, :commit,
                   :hostname, :api_endpoint
 
     def self.from_url(url_string)
-      return unless url_string&.match?(SOURCE_REGEX)
+      return github_enterprise_from_url(url_string) unless url_string&.match?(SOURCE_REGEX)
 
       captures = url_string.match(SOURCE_REGEX).named_captures
 
@@ -52,6 +63,36 @@ module Dependabot
       )
     end
 
+    def self.github_enterprise_from_url(url_string)
+      captures = url_string&.match(GITHUB_ENTERPRISE_SOURCE)&.named_captures
+      return unless captures
+      return if IGNORED_PROVIDER_HOSTS.include?(captures.fetch("host"))
+
+      base_url = "https://#{captures.fetch('host')}"
+
+      return unless github_enterprise?(base_url)
+
+      new(
+        provider: "github",
+        repo: captures.fetch("repo"),
+        directory: captures.fetch("directory"),
+        branch: captures.fetch("branch"),
+        hostname: captures.fetch("host"),
+        api_endpoint: File.join(base_url, "api", "v3")
+      )
+    end
+
+    def self.github_enterprise?(base_url)
+      resp = Excon.get(File.join(base_url, "status"))
+      resp.status == 200 &&
+        # Alternatively: resp.headers["Server"] == "GitHub.com", but this
+        # currently doesn't work with development environments
+        resp.headers["X-GitHub-Request-Id"] &&
+        !resp.headers["X-GitHub-Request-Id"].empty?
+    rescue Excon::Error
+      false
+    end
+
     def initialize(provider:, repo:, directory: nil, branch: nil, commit: nil,
                    hostname: nil, api_endpoint: nil)
       if (hostname.nil? ^ api_endpoint.nil?) && (provider != "codecommit")

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.163.1"
+  VERSION = "0.166.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.163.1
+  version: 0.166.0
 platform: ruby
 authors:
 - Dependabot