dependabot-common 0.220.0 → 0.221.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ffac7b072d3084a0eaa087c7bf4cdf6bf8f180a7312a55bd99fd5648320bb38f
-  data.tar.gz: af8cb21616a02e1a3368ae839f591fd2dfed3154bd4b138fe13843447f9306d6
+  metadata.gz: 883ba90c6d526f51118f6fabc2082e4ddd09cd73338f103978e2c59a63c6ef67
+  data.tar.gz: e86edce90676becde42edc6fdc7c7a17304ddab77966905d059a3ae11934d8f6
 SHA512:
-  metadata.gz: 3073fb55361f0b46820a01071dc35e14fa91bdbbe653cd581256dde2889df9abeef87bd6787d5c32fd619aaa728736db98116dce9ca357d132e7814941f949dd
-  data.tar.gz: 3a1c6297dcd5425c3838550486066ece3ca2f89f7d1386adc0fa29e1afa681d17a0c30ed8fe987c672e25727af75319e072e1db4668fed0d35b4f4220457fdb9
+  metadata.gz: a806d1c610355284b4a98a4e3b6ae5ad7f070be18af6fadf23ed98b2ac842eeb55ccc09f4e90c5483b2ab42821ece37c1c3390133817f61e52c4fc580fda111d
+  data.tar.gz: 87ca2cbe54385a9ebd526ea9016ef652f183eb7b9b5d8be0849cd5ad7513ba5ce57071081c95788e3eb92600696ca801fa2abbbe020c32d537c26157bcb38d3b

data/lib/dependabot/dependency_file.rb

@@ -5,7 +5,8 @@ require "pathname"
 module Dependabot
   class DependencyFile
     attr_accessor :name, :content, :directory, :type, :support_file,
-                  :symlink_target, :content_encoding, :operation, :mode
+                  :vendored_file, :symlink_target, :content_encoding,
+                  :operation, :mode
 
     class ContentEncoding
       UTF_8 = "utf-8"
@@ -19,7 +20,7 @@ module Dependabot
     end
 
     def initialize(name:, content:, directory: "/", type: "file",
-                   support_file: false, symlink_target: nil,
+                   support_file: false, vendored_file: false, symlink_target: nil,
                    content_encoding: ContentEncoding::UTF_8, deleted: false,
                    operation: Operation::UPDATE, mode: nil)
       @name = name
@@ -27,6 +28,7 @@ module Dependabot
       @directory = clean_directory(directory)
       @symlink_target = symlink_target
       @support_file = support_file
+      @vendored_file = vendored_file
       @content_encoding = content_encoding
       @operation = operation
 
@@ -94,6 +96,10 @@ module Dependabot
       @support_file
     end
 
+    def vendored_file?
+      @vendored_file
+    end
+
     def deleted
       @operation == Operation::DELETE
     end

data/lib/dependabot/dependency_group.rb

@@ -14,7 +14,10 @@ module Dependabot
 
     def contains?(dependency)
       @dependencies.include?(dependency) if @dependencies.any?
-      rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
+      positive_match = rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
+      negative_match =  rules["exclude-patterns"]&.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
+
+      positive_match && !negative_match
     end
 
     def to_h

data/lib/dependabot/file_fetchers/base.rb

@@ -102,7 +102,7 @@ module Dependabot
         raise Dependabot::RepoNotFound, source
       end
 
-      def package_manager_version
+      def ecosystem_versions
         nil
       end
 

data/lib/dependabot/file_parsers/base/dependency_set.rb

@@ -91,13 +91,7 @@ module Dependabot
             @combined = if @combined
                           combined_dependency(@combined, dep)
                         else
-                          Dependency.new(
-                            name: dep.name,
-                            version: dep.version,
-                            requirements: dep.requirements,
-                            package_manager: dep.package_manager,
-                            subdependency_metadata: dep.subdependency_metadata
-                          )
+                          dep
                         end
 
             index_of_same_version =

data/lib/dependabot/file_updaters/artifact_updater.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require "dependabot/dependency_file"
+
+# This class provides a utility to check for arbitary modified files within a
+# git directory that need to be wrapped as Dependabot::DependencyFile object
+# and returned as along with anything managed by the FileUpdater itself.
+module Dependabot
+  module FileUpdaters
+    class ArtifactUpdater
+      # @param repo_contents_path [String, nil] the path we cloned the repository into
+      # @param target_directory [String, nil] the path within a project directory we should inspect for changes
+      def initialize(repo_contents_path:, target_directory:)
+        @repo_contents_path = repo_contents_path
+        @target_directory = target_directory
+      end
+
+      # Returns any files that have changed within the path composed from:
+      #   :repo_contents_path/:base_directory/:target_directory
+      #
+      # @param base_directory [String] Update config base directory
+      # @param only_paths [Array<String>, nil] An optional list of specific paths to check, if this is nil we will
+      #                                        return every change we find within the `base_directory`
+      # @return [Array<Dependabot::DependencyFile>]
+      def updated_files(base_directory:, only_paths: nil)
+        return [] unless repo_contents_path && target_directory
+
+        Dir.chdir(repo_contents_path) do
+          # rubocop:disable Performance/DeletePrefix
+          relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(target_directory)
+          # rubocop:enable Performance/DeletePrefix
+
+          status = SharedHelpers.run_shell_command(
+            "git status --untracked-files all --porcelain v1 #{relative_dir}",
+            fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
+          )
+          changed_paths = status.split("\n").map(&:split)
+          changed_paths.filter_map do |type, path|
+            project_root = Pathname.new(File.expand_path(File.join(Dir.pwd, base_directory)))
+            file_path = Pathname.new(path).expand_path.relative_path_from(project_root)
+
+            # Skip this file if we are looking for specific paths and this isn't on the list
+            next if only_paths && !only_paths.include?(file_path.to_s)
+
+            # The following types are possible to be returned:
+            # M = Modified = Default for DependencyFile
+            # D = Deleted
+            # ?? = Untracked = Created
+            operation = Dependabot::DependencyFile::Operation::UPDATE
+            operation = Dependabot::DependencyFile::Operation::DELETE if type == "D"
+            operation = Dependabot::DependencyFile::Operation::CREATE if type == "??"
+
+            encoded_content, encoding = get_encoded_file_contents(path, operation)
+
+            create_dependency_file(
+              name: file_path.to_s,
+              content: encoded_content,
+              directory: base_directory,
+              operation: operation,
+              content_encoding: encoding
+            )
+          end
+        end
+      end
+
+      private
+
+      TEXT_ENCODINGS = %w(us-ascii utf-8).freeze
+
+      attr_reader :repo_contents_path, :target_directory
+
+      def get_encoded_file_contents(path, operation)
+        encoded_content = nil
+        encoding = ""
+
+        return encoded_content, encoding if operation == Dependabot::DependencyFile::Operation::DELETE
+
+        encoded_content = File.read(path)
+
+        if binary_file?(path)
+          encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
+          encoded_content = Base64.encode64(encoded_content)
+        end
+
+        [encoded_content, encoding]
+      end
+
+      def binary_file?(path)
+        return false unless File.exist?(path)
+
+        command = SharedHelpers.escape_command("file -b --mime-encoding #{path}")
+        encoding = `#{command}`.strip
+
+        !TEXT_ENCODINGS.include?(encoding)
+      end
+
+      def create_dependency_file(parameters)
+        Dependabot::DependencyFile.new(**parameters)
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/vendor_updater.rb

@@ -1,78 +1,32 @@
 # frozen_string_literal: true
 
 require "dependabot/dependency_file"
-
+require "dependabot/file_updaters/artifact_updater"
+
+# This class is a specialisation of the ArtifactUpdater which should be used
+# for vendored files so any DependencyFile objects it creates are properly
+# flagged.
+#
+# This flagging ensures that the Updater will handle them correctly when
+# compiling grouped updates.
 module Dependabot
   module FileUpdaters
-    class VendorUpdater
+    class VendorUpdater < ArtifactUpdater
+      # This provides backwards compatability for anyone who used this class
+      # before the base ArtifactUpdater class was introduced and aligns the
+      # method's public signatures with it's special-case domain.
       def initialize(repo_contents_path:, vendor_dir:)
         @repo_contents_path = repo_contents_path
         @vendor_dir = vendor_dir
+        super(repo_contents_path: @repo_contents_path, target_directory: @vendor_dir)
       end
 
-      # Returns changed files in the vendor/cache folder
-      #
-      # @param base_directory [String] Update config base directory
-      # @return [Array<Dependabot::DependencyFile>]
-      def updated_vendor_cache_files(base_directory:)
-        return [] unless repo_contents_path && vendor_dir
-
-        Dir.chdir(repo_contents_path) do
-          # rubocop:disable Performance/DeletePrefix
-          relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(vendor_dir)
-          # rubocop:enable Performance/DeletePrefix
-
-          status = SharedHelpers.run_shell_command(
-            "git status --untracked-files all --porcelain v1 #{relative_dir}",
-            fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
-          )
-          changed_paths = status.split("\n").map(&:split)
-          changed_paths.map do |type, path|
-            # The following types are possible to be returned:
-            # M = Modified = Default for DependencyFile
-            # D = Deleted
-            # ?? = Untracked = Created
-            operation = Dependabot::DependencyFile::Operation::UPDATE
-            operation = Dependabot::DependencyFile::Operation::DELETE if type == "D"
-            operation = Dependabot::DependencyFile::Operation::CREATE if type == "??"
-            encoding = ""
-            encoded_content = File.read(path) unless operation == Dependabot::DependencyFile::Operation::DELETE
-            if binary_file?(path)
-              encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
-              if operation != Dependabot::DependencyFile::Operation::DELETE
-                encoded_content = Base64.encode64(encoded_content)
-              end
-            end
-
-            project_root =
-              Pathname.new(File.expand_path(File.join(Dir.pwd, base_directory)))
-            file_path =
-              Pathname.new(path).expand_path.relative_path_from(project_root)
-
-            Dependabot::DependencyFile.new(
-              name: file_path.to_s,
-              content: encoded_content,
-              directory: base_directory,
-              operation: operation,
-              content_encoding: encoding
-            )
-          end
-        end
-      end
+      alias updated_vendor_cache_files updated_files
 
       private
 
-      TEXT_ENCODINGS = %w(us-ascii utf-8).freeze
-
-      attr_reader :repo_contents_path, :vendor_dir
-
-      def binary_file?(path)
-        return false unless File.exist?(path)
-
-        command = SharedHelpers.escape_command("file -b --mime-encoding #{path}")
-        encoding = `#{command}`.strip
-
-        !TEXT_ENCODINGS.include?(encoding)
+      def create_dependency_file(parameters)
+        Dependabot::DependencyFile.new(**parameters.merge({ vendored_file: true }))
       end
     end
   end

data/lib/dependabot/pull_request_creator/branch_namer/base.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class PullRequestCreator
+    class BranchNamer
+      class Base
+        attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length
+
+        def initialize(dependencies:, files:, target_branch:, separator: "/",
+                       prefix: "dependabot", max_length: nil)
+          @dependencies  = dependencies
+          @files         = files
+          @target_branch = target_branch
+          @separator     = separator
+          @prefix        = prefix
+          @max_length    = max_length
+        end
+
+        private
+
+        def sanitize_branch_name(ref_name)
+          # General git ref validation
+          sanitized_name = sanitize_ref(ref_name)
+
+          # Some users need branch names without slashes
+          sanitized_name = sanitized_name.gsub("/", separator)
+
+          # Shorten the ref in case users refs have length limits
+          if max_length && (sanitized_name.length > max_length)
+            sha = Digest::SHA1.hexdigest(sanitized_name)[0, max_length]
+            sanitized_name[[max_length - sha.size, 0].max..] = sha
+          end
+
+          sanitized_name
+        end
+
+        def sanitize_ref(ref)
+          # This isn't a complete implementation of git's ref validation, but it
+          # covers most cases that crop up. Its list of allowed characters is a
+          # bit stricter than git's, but that's for cosmetic reasons.
+          ref.
+            # Remove forbidden characters (those not already replaced elsewhere)
+            gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
+            # Slashes can't be followed by periods
+            gsub(%r{/\.}, "/dot-").squeeze(".").squeeze("/").
+            # Trailing periods are forbidden
+            sub(/\.$/, "")
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb

@@ -1,32 +1,32 @@
 # frozen_string_literal: true
 
+require "dependabot/pull_request_creator/branch_namer/base"
+
 module Dependabot
   class PullRequestCreator
     class BranchNamer
-      class DependencyGroupStrategy
+      class DependencyGroupStrategy < Base
         def initialize(dependencies:, files:, target_branch:, dependency_group:,
                        separator: "/", prefix: "dependabot", max_length: nil)
-          @dependencies     = dependencies
-          @files            = files
-          @target_branch    = target_branch
+          super(
+            dependencies: dependencies,
+            files: files,
+            target_branch: target_branch,
+            separator: separator,
+            prefix: prefix,
+            max_length: max_length
+          )
+
           @dependency_group = dependency_group
-          @separator        = separator
-          @prefix           = prefix
-          @max_length       = max_length
         end
 
-        # FIXME: Incorporate max_length truncation once we allow user config
-        #
-        # For now, we are using a placeholder DependencyGroup with a
-        # fixed-length name, so we can punt on handling truncation until
-        # we determine the strict validation rules for names
         def new_branch_name
-          File.join(prefixes, group_name_with_dependency_digest).gsub("/", separator)
+          sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
         end
 
         private
 
-        attr_reader :dependencies, :dependency_group, :files, :target_branch, :separator, :prefix, :max_length
+        attr_reader :dependency_group
 
         def prefixes
           [

data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb

@@ -3,23 +3,12 @@
 require "digest"
 
 require "dependabot/metadata_finders"
+require "dependabot/pull_request_creator/branch_namer/base"
 
 module Dependabot
   class PullRequestCreator
     class BranchNamer
-      class SoloStrategy
-        attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length
-
-        def initialize(dependencies:, files:, target_branch:, separator: "/",
-                       prefix: "dependabot", max_length: nil)
-          @dependencies  = dependencies
-          @files         = files
-          @target_branch = target_branch
-          @separator     = separator
-          @prefix        = prefix
-          @max_length    = max_length
-        end
-
+      class SoloStrategy < Base
         def new_branch_name
           @name ||=
             begin
@@ -39,16 +28,7 @@ module Dependabot
               "#{dependency_name_part}-#{branch_version_suffix}"
             end
 
-          # Some users need branch names without slashes
-          sanitized_name = sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
-
-          # Shorten the ref in case users refs have length limits
-          if @max_length && (sanitized_name.length > @max_length)
-            sha = Digest::SHA1.hexdigest(sanitized_name)[0, @max_length]
-            sanitized_name[[@max_length - sha.size, 0].max..] = sha
-          end
-
-          sanitized_name
+          sanitize_branch_name(File.join(prefixes, @name))
         end
 
         private
@@ -189,19 +169,6 @@ module Dependabot
         def requirements_changed?(dependency)
           (dependency.requirements - dependency.previous_requirements).any?
         end
-
-        def sanitize_ref(ref)
-          # This isn't a complete implementation of git's ref validation, but it
-          # covers most cases that crop up. Its list of allowed characters is a
-          # bit stricter than git's, but that's for cosmetic reasons.
-          ref.
-            # Remove forbidden characters (those not already replaced elsewhere)
-            gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
-            # Slashes can't be followed by periods
-            gsub(%r{/\.}, "/dot-").squeeze(".").squeeze("/").
-            # Trailing periods are forbidden
-            sub(/\.$/, "")
-        end
       end
     end
   end

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -315,13 +315,21 @@ module Dependabot
       def group_intro
         update_count = dependencies.map(&:name).uniq.count
 
-        msg = "Bumps the #{dependency_group.name} group#{pr_name_directory} with #{update_count} update"
-        msg += if update_count > 1
-                 "s: #{dependency_links[0..-2].join(', ')} and #{dependency_links[-1]}."
+        msg = "Bumps the #{dependency_group.name} group#{pr_name_directory} " \
+              "with #{update_count} update#{update_count > 1 ? 's' : ''}:"
+
+        msg += if update_count >= 5
+                 header = %w(Package Update)
+                 rows = dependencies.map { |dep| [dependency_link(dep), dependency_version_update(dep)] }
+                 "\n\n#{table([header] + rows)}"
+               elsif update_count > 1
+                 " #{dependency_links[0..-2].join(', ')} and #{dependency_links[-1]}."
                else
-                 ": #{dependency_links.first}."
+                 " #{dependency_links.first}."
                end
 
+        msg += "\n"
+
         msg
       end
 
@@ -389,6 +397,10 @@ module Dependabot
         end
       end
 
+      def dependency_version_update(dependency)
+        "#{dependency.humanized_previous_version} to #{dependency.humanized_version}"
+      end
+
       def metadata_links
         return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
 
@@ -413,6 +425,24 @@ module Dependabot
         msg
       end
 
+      def table(rows)
+        [
+          table_header(rows[0]),
+          rows[1..].map { |r| table_row(r) }
+        ].join("\n")
+      end
+
+      def table_header(row)
+        [
+          table_row(row),
+          table_row(["---"] * row.count)
+        ].join("\n")
+      end
+
+      def table_row(row)
+        "| #{row.join(' | ')} |"
+      end
+
       def metadata_cascades
         return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
 

data/lib/dependabot/shared_helpers.rb

@@ -12,6 +12,7 @@ require "tmpdir"
 require "dependabot/simple_instrumentor"
 require "dependabot/utils"
 require "dependabot/errors"
+require "dependabot/workspace"
 require "dependabot"
 
 module Dependabot
@@ -23,17 +24,22 @@ module Dependabot
                  "(+https://github.com/dependabot/dependabot-core)"
     SIGKILL = 9
 
-    def self.in_a_temporary_repo_directory(directory = "/",
-                                           repo_contents_path = nil,
-                                           &block)
+    def self.in_a_temporary_repo_directory(directory = "/", repo_contents_path = nil, &block)
       if repo_contents_path
-        path = Pathname.new(File.join(repo_contents_path, directory)).
-               expand_path
-        reset_git_repo(repo_contents_path)
-        # Handle missing directories by creating an empty one and relying on the
-        # file fetcher to raise a DependencyFileNotFound error
-        FileUtils.mkdir_p(path)
-        Dir.chdir(path) { yield(path) }
+        # If a workspace has been defined to allow orcestration of the git repo
+        # by the runtime we should defer to it, otherwise we prepare the folder
+        # for direct use and yield.
+        if Dependabot::Workspace.active_workspace
+          Dependabot::Workspace.active_workspace.change(&block)
+        else
+          path = Pathname.new(File.join(repo_contents_path, directory)).expand_path
+          reset_git_repo(repo_contents_path)
+          # Handle missing directories by creating an empty one and relying on the
+          # file fetcher to raise a DependencyFileNotFound error
+          FileUtils.mkdir_p(path)
+
+          Dir.chdir(path) { yield(path) }
+        end
       else
         in_a_temporary_directory(directory, &block)
       end

data/lib/dependabot/workspace/base.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Workspace
+    class Base
+      attr_reader :change_attempts, :path
+
+      def initialize(path)
+        @path = path
+        @change_attempts = []
+      end
+
+      def changed?
+        changes.any?
+      end
+
+      def changes
+        change_attempts.select(&:success?)
+      end
+
+      def failed_change_attempts
+        change_attempts.select(&:error?)
+      end
+
+      def change(memo = nil)
+        Dir.chdir(path) { yield(path) }
+      rescue StandardError => e
+        capture_failed_change_attempt(memo, e)
+        clean # clean up any failed changes
+        raise e
+      end
+
+      def store_change(memo = nil); end
+
+      def to_patch
+        ""
+      end
+
+      def reset!; end
+
+      protected
+
+      def capture_failed_change_attempt(memo = nil, error = nil); end
+    end
+  end
+end

data/lib/dependabot/workspace/change_attempt.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Workspace
+    class ChangeAttempt
+      attr_reader :diff, :error, :id, :memo, :workspace
+
+      def initialize(workspace, id:, memo:, diff: nil, error: nil)
+        @workspace = workspace
+        @id = id
+        @memo = memo
+        @diff = diff
+        @error = error
+      end
+
+      def success?
+        error.nil?
+      end
+
+      def error?
+        error
+      end
+    end
+  end
+end

data/lib/dependabot/workspace/git.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require "dependabot/workspace/base"
+require "dependabot/workspace/change_attempt"
+
+module Dependabot
+  module Workspace
+    class Git < Base
+      USER = "dependabot[bot]"
+      EMAIL = "#{USER}@users.noreply.github.com"
+
+      attr_reader :initial_head_sha
+
+      def initialize(path)
+        super(path)
+        @initial_head_sha = head_sha
+        configure_git
+      end
+
+      def changed?
+        changes.any? || !changed_files.empty?
+      end
+
+      def to_patch
+        run_shell_command("git diff --patch #{@initial_head_sha}.. .")
+      end
+
+      def reset!
+        reset(initial_head_sha)
+        clean
+        run_shell_command("git stash clear")
+        @change_attempts = []
+
+        nil
+      end
+
+      def store_change(memo = nil)
+        return nil if changed_files.empty?
+
+        debug("store_change - before: #{current_commit}")
+        sha, diff = commit(memo)
+
+        change_attempts << ChangeAttempt.new(self, id: sha, memo: memo, diff: diff)
+      ensure
+        debug("store_change - after: #{current_commit}")
+      end
+
+      protected
+
+      def capture_failed_change_attempt(memo = nil, error = nil)
+        return nil if changed_files(ignored_mode: "matching").empty? && error.nil?
+
+        sha, diff = stash(memo)
+        change_attempts << ChangeAttempt.new(self, id: sha, memo: memo, diff: diff, error: error)
+      end
+
+      private
+
+      def configure_git
+        run_shell_command(%(git config user.name "#{USER}"), allow_unsafe_shell_command: true)
+        run_shell_command(%(git config user.email "#{EMAIL}"), allow_unsafe_shell_command: true)
+      end
+
+      def head_sha
+        run_shell_command("git rev-parse HEAD").strip
+      end
+
+      def last_stash_sha
+        run_shell_command("git rev-parse refs/stash").strip
+      end
+
+      def current_commit
+        # Avoid emiting the user's commit message to logs if Dependabot hasn't made any changes
+        return "Initial SHA: #{initial_head_sha}" if changes.empty?
+
+        # Prints out the last commit in the format "<short-ref> <commit-message>"
+        run_shell_command(%(git log -1 --pretty="%h% B"), allow_unsafe_shell_command: true).strip
+      end
+
+      def changed_files(ignored_mode: "traditional")
+        run_shell_command("git status --untracked-files=all --ignored=#{ignored_mode} --short .").strip
+      end
+
+      def stash(memo = nil)
+        msg = memo || "workspace change attempt"
+        run_shell_command("git add --all --force .")
+        run_shell_command(%(git stash push --all -m "#{msg}"), allow_unsafe_shell_command: true)
+
+        sha = last_stash_sha
+        diff = run_shell_command("git stash show --patch #{sha}")
+
+        [sha, diff]
+      end
+
+      def commit(memo = nil)
+        run_shell_command("git add #{path}")
+        diff = run_shell_command("git diff --cached .")
+
+        msg = memo || "workspace change"
+        run_shell_command(%(git commit -m "#{msg}"), allow_unsafe_shell_command: true)
+
+        [head_sha, diff]
+      end
+
+      def reset(sha)
+        run_shell_command("git reset --hard #{sha}")
+      end
+
+      def clean
+        run_shell_command("git clean -fx .")
+      end
+
+      def run_shell_command(*args, **kwargs)
+        Dir.chdir(path) { SharedHelpers.run_shell_command(*args, **kwargs) }
+      end
+
+      def debug(message)
+        Dependabot.logger.debug("[workspace] #{message}")
+      end
+    end
+  end
+end

data/lib/dependabot/workspace.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "dependabot/workspace/git"
+
+module Dependabot
+  module Workspace
+    @active_workspace = nil
+
+    class << self
+      attr_accessor :active_workspace
+    end
+
+    def self.setup(repo_contents_path:, directory:)
+      Dependabot.logger.debug("Setting up workspace in #{repo_contents_path}")
+
+      full_path = Pathname.new(File.join(repo_contents_path, directory)).expand_path
+      # Handle missing directories by creating an empty one and relying on the
+      # file fetcher to raise a DependencyFileNotFound error
+      FileUtils.mkdir_p(full_path)
+
+      @active_workspace = Dependabot::Workspace::Git.new(full_path)
+    end
+
+    def self.store_change(memo:)
+      return unless @active_workspace
+
+      Dependabot.logger.debug("Storing change to workspace: #{memo}")
+
+      @active_workspace.store_change(memo)
+    end
+
+    def self.cleanup!
+      return unless @active_workspace
+
+      Dependabot.logger.debug("Cleaning up current workspace")
+
+      @active_workspace.reset!
+      @active_workspace = nil
+    end
+  end
+end

data/lib/dependabot.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.220.0"
+  VERSION = "0.221.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.220.0
+  version: 0.221.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-12 00:00:00.000000000 Z
+date: 2023-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -248,14 +248,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement
@@ -354,34 +354,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.17.1
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.22.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.22.0
-- !ruby/object:Gem::Dependency
-  name: simplecov-console
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.9.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.9.1
 - !ruby/object:Gem::Dependency
   name: stackprof
   requirement: !ruby/object:Gem::Requirement
@@ -458,6 +430,7 @@ files:
 - lib/dependabot/file_parsers/base/dependency_set.rb
 - lib/dependabot/file_updaters.rb
 - lib/dependabot/file_updaters/README.md
+- lib/dependabot/file_updaters/artifact_updater.rb
 - lib/dependabot/file_updaters/base.rb
 - lib/dependabot/file_updaters/vendor_updater.rb
 - lib/dependabot/git_commit_checker.rb
@@ -474,6 +447,7 @@ files:
 - lib/dependabot/pull_request_creator/azure.rb
 - lib/dependabot/pull_request_creator/bitbucket.rb
 - lib/dependabot/pull_request_creator/branch_namer.rb
+- lib/dependabot/pull_request_creator/branch_namer/base.rb
 - lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb
 - lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb
 - lib/dependabot/pull_request_creator/codecommit.rb
@@ -502,13 +476,17 @@ files:
 - lib/dependabot/update_checkers/version_filters.rb
 - lib/dependabot/utils.rb
 - lib/dependabot/version.rb
+- lib/dependabot/workspace.rb
+- lib/dependabot/workspace/base.rb
+- lib/dependabot/workspace/change_attempt.rb
+- lib/dependabot/workspace/git.rb
 - lib/wildcard_matcher.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.220.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.221.0
 post_install_message: 
 rdoc_options: []
 require_paths: