dependabot-common 0.238.0 → 0.240.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +3 -3
- data/lib/dependabot/config/file_fetcher.rb +11 -4
- data/lib/dependabot/dependency.rb +2 -2
- data/lib/dependabot/dependency_file.rb +4 -10
- data/lib/dependabot/errors.rb +20 -9
- data/lib/dependabot/experiments.rb +9 -2
- data/lib/dependabot/file_fetchers/base.rb +20 -8
- data/lib/dependabot/metadata_finders.rb +9 -2
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +38 -5
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +40 -9
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +15 -15
- data/lib/dependabot/pull_request_creator/branch_namer.rb +5 -2
- data/lib/dependabot/pull_request_creator/github.rb +1 -1
- data/lib/dependabot/pull_request_creator/labeler.rb +116 -36
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +1 -2
- data/lib/dependabot/pull_request_creator/message_builder.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +153 -18
- data/lib/dependabot/pull_request_updater.rb +50 -3
- data/lib/dependabot/registry_client.rb +26 -4
- data/lib/dependabot/requirement.rb +20 -0
- data/lib/dependabot/utils.rb +5 -3
- data/lib/dependabot/version.rb +57 -3
- data/lib/dependabot/workspace/git.rb +27 -7
- data/lib/dependabot.rb +1 -1
- metadata +22 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c5411b63b39f43e2f41b430d63a0c105d3c8db50e355d3e0fb7b95c37350acc0
|
|
4
|
+
data.tar.gz: 1dc6db6e42d21fd8626dd06b46b355230db571d061940b358be515804987dec9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 52447502758cd700e913e169bfadb0ad92587e988b5a2086ae77fe01e4ae7a09a985ad2c07b91c6a8ac09f5b2016d15c256f67d698f32bbc45a9b9d271dee489
|
|
7
|
+
data.tar.gz: 325168ff256723e4d503dcba9818bdf11a969e778edccbbf28882cc560ea67f7eeeb68b5e54e843409abaa19d5f9010f027e929c4f1c827619ca8efd50257093
|
|
@@ -13,19 +13,19 @@ module Dependabot
|
|
|
13
13
|
sig { returns(T::Array[T::Hash[Symbol, String]]) }
|
|
14
14
|
attr_reader :updates
|
|
15
15
|
|
|
16
|
-
sig { returns T::
|
|
16
|
+
sig { returns(T::Hash[Symbol, T::Hash[Symbol, String]]) }
|
|
17
17
|
attr_reader :registries
|
|
18
18
|
|
|
19
19
|
sig do
|
|
20
20
|
params(
|
|
21
21
|
updates: T.nilable(T::Array[T::Hash[Symbol, String]]),
|
|
22
|
-
registries: T.nilable(T::
|
|
22
|
+
registries: T.nilable(T::Hash[Symbol, T::Hash[Symbol, String]])
|
|
23
23
|
)
|
|
24
24
|
.void
|
|
25
25
|
end
|
|
26
26
|
def initialize(updates:, registries: nil)
|
|
27
27
|
@updates = T.let(updates || [], T::Array[T::Hash[Symbol, String]])
|
|
28
|
-
@registries = T.let(registries || [
|
|
28
|
+
@registries = T.let(registries || {}, T::Hash[Symbol, T::Hash[Symbol, String]])
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
sig do
|
|
@@ -1,30 +1,37 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/file_fetchers/base"
|
|
5
6
|
require "dependabot/config/file"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module Config
|
|
9
10
|
class FileFetcher < FileFetchers::Base
|
|
10
|
-
|
|
11
|
+
extend T::Sig
|
|
11
12
|
|
|
13
|
+
CONFIG_FILE_PATHS = T.let(%w(.github/dependabot.yml .github/dependabot.yaml).freeze, T::Array[String])
|
|
14
|
+
|
|
15
|
+
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
|
12
16
|
def self.required_files_in?(filenames)
|
|
13
17
|
CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
|
|
14
18
|
end
|
|
15
19
|
|
|
20
|
+
sig { override.returns(String) }
|
|
16
21
|
def self.required_files_message
|
|
17
22
|
"Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
|
|
18
23
|
end
|
|
19
24
|
|
|
25
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
20
26
|
def config_file
|
|
21
|
-
@config_file ||= files.first
|
|
27
|
+
@config_file ||= T.let(files.first, T.nilable(Dependabot::DependencyFile))
|
|
22
28
|
end
|
|
23
29
|
|
|
24
30
|
private
|
|
25
31
|
|
|
32
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
26
33
|
def fetch_files
|
|
27
|
-
fetched_files = []
|
|
34
|
+
fetched_files = T.let([], T::Array[Dependabot::DependencyFile])
|
|
28
35
|
|
|
29
36
|
CONFIG_FILE_PATHS.each do |file|
|
|
30
37
|
fn = Pathname.new("/#{file}").relative_path_from(directory)
|
|
@@ -143,7 +143,7 @@ module Dependabot
|
|
|
143
143
|
def numeric_version
|
|
144
144
|
return unless version && version_class.correct?(version)
|
|
145
145
|
|
|
146
|
-
@numeric_version ||= T.let(version_class.new(version), T.nilable(Dependabot::Version))
|
|
146
|
+
@numeric_version ||= T.let(version_class.new(T.must(version)), T.nilable(Dependabot::Version))
|
|
147
147
|
end
|
|
148
148
|
|
|
149
149
|
sig { returns(T::Hash[String, T.untyped]) }
|
|
@@ -300,7 +300,7 @@ module Dependabot
|
|
|
300
300
|
requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
|
|
301
301
|
end
|
|
302
302
|
|
|
303
|
-
sig { returns(T.class_of(
|
|
303
|
+
sig { returns(T.class_of(Dependabot::Requirement)) }
|
|
304
304
|
def requirement_class
|
|
305
305
|
Utils.requirement_class_for_package_manager(package_manager)
|
|
306
306
|
end
|
|
@@ -14,6 +14,8 @@ module Dependabot
|
|
|
14
14
|
sig { returns(T.nilable(String)) }
|
|
15
15
|
attr_accessor :content
|
|
16
16
|
|
|
17
|
+
# This is the directory of the job source, not the directory of the file itself.
|
|
18
|
+
# The name actually contains the relative path from the job directory.
|
|
17
19
|
sig { returns(String) }
|
|
18
20
|
attr_accessor :directory
|
|
19
21
|
|
|
@@ -38,11 +40,6 @@ module Dependabot
|
|
|
38
40
|
sig { returns(T.nilable(String)) }
|
|
39
41
|
attr_accessor :mode
|
|
40
42
|
|
|
41
|
-
# The directory that this file was fetched for. This is useful for multi-directory
|
|
42
|
-
# updates, where a set of files that are related to each other are updated together.
|
|
43
|
-
sig { returns(T.nilable(String)) }
|
|
44
|
-
attr_accessor :job_directory
|
|
45
|
-
|
|
46
43
|
class ContentEncoding
|
|
47
44
|
UTF_8 = "utf-8"
|
|
48
45
|
BASE64 = "base64"
|
|
@@ -71,15 +68,14 @@ module Dependabot
|
|
|
71
68
|
content_encoding: String,
|
|
72
69
|
deleted: T::Boolean,
|
|
73
70
|
operation: String,
|
|
74
|
-
mode: T.nilable(String)
|
|
75
|
-
job_directory: T.nilable(String)
|
|
71
|
+
mode: T.nilable(String)
|
|
76
72
|
)
|
|
77
73
|
.void
|
|
78
74
|
end
|
|
79
75
|
def initialize(name:, content:, directory: "/", type: "file",
|
|
80
76
|
support_file: false, vendored_file: false, symlink_target: nil,
|
|
81
77
|
content_encoding: ContentEncoding::UTF_8, deleted: false,
|
|
82
|
-
operation: Operation::UPDATE, mode: nil
|
|
78
|
+
operation: Operation::UPDATE, mode: nil)
|
|
83
79
|
@name = name
|
|
84
80
|
@content = content
|
|
85
81
|
@directory = T.let(clean_directory(directory), String)
|
|
@@ -88,7 +84,6 @@ module Dependabot
|
|
|
88
84
|
@vendored_file = vendored_file
|
|
89
85
|
@content_encoding = content_encoding
|
|
90
86
|
@operation = operation
|
|
91
|
-
@job_directory = job_directory
|
|
92
87
|
|
|
93
88
|
# Make deleted override the operation. Deleted is kept when operation
|
|
94
89
|
# was introduced to keep compatibility with downstream dependants.
|
|
@@ -127,7 +122,6 @@ module Dependabot
|
|
|
127
122
|
"mode" => mode
|
|
128
123
|
}
|
|
129
124
|
|
|
130
|
-
details["job_directory"] = job_directory if job_directory
|
|
131
125
|
details["symlink_target"] = symlink_target if symlink_target
|
|
132
126
|
details
|
|
133
127
|
end
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/utils"
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
8
10
|
# rubocop:disable Metrics/MethodLength
|
|
11
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
9
12
|
def self.fetcher_error_details(error)
|
|
10
13
|
case error
|
|
11
14
|
when Dependabot::ToolVersionNotSupported
|
|
@@ -70,12 +73,13 @@ module Dependabot
|
|
|
70
73
|
{
|
|
71
74
|
"error-type": "octokit_rate_limited",
|
|
72
75
|
"error-detail": {
|
|
73
|
-
"rate-limit-reset": error.response_headers["X-RateLimit-Reset"]
|
|
76
|
+
"rate-limit-reset": T.cast(error, Octokit::Error).response_headers["X-RateLimit-Reset"]
|
|
74
77
|
}
|
|
75
78
|
}
|
|
76
79
|
end
|
|
77
80
|
end
|
|
78
81
|
|
|
82
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
79
83
|
def self.parser_error_details(error)
|
|
80
84
|
case error
|
|
81
85
|
when Dependabot::DependencyFileNotEvaluatable
|
|
@@ -136,6 +140,7 @@ module Dependabot
|
|
|
136
140
|
end
|
|
137
141
|
end
|
|
138
142
|
|
|
143
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
139
144
|
def self.updater_error_details(error)
|
|
140
145
|
case error
|
|
141
146
|
when Dependabot::DependencyFileNotResolvable
|
|
@@ -207,7 +212,7 @@ module Dependabot
|
|
|
207
212
|
{
|
|
208
213
|
"error-type": "octokit_rate_limited",
|
|
209
214
|
"error-detail": {
|
|
210
|
-
"rate-limit-reset": error.response_headers["X-RateLimit-Reset"]
|
|
215
|
+
"rate-limit-reset": T.cast(error, Octokit::Error).response_headers["X-RateLimit-Reset"]
|
|
211
216
|
}
|
|
212
217
|
}
|
|
213
218
|
end
|
|
@@ -376,23 +381,28 @@ module Dependabot
|
|
|
376
381
|
class DependencyFileNotFound < DependabotError
|
|
377
382
|
extend T::Sig
|
|
378
383
|
|
|
379
|
-
sig { returns(String) }
|
|
384
|
+
sig { returns(T.nilable(String)) }
|
|
380
385
|
attr_reader :file_path
|
|
381
386
|
|
|
387
|
+
sig { params(file_path: T.nilable(String), msg: T.nilable(String)).void }
|
|
382
388
|
def initialize(file_path, msg = nil)
|
|
383
389
|
@file_path = file_path
|
|
384
390
|
super(msg || "#{file_path} not found")
|
|
385
391
|
end
|
|
386
392
|
|
|
387
|
-
sig { returns(String) }
|
|
393
|
+
sig { returns(T.nilable(String)) }
|
|
388
394
|
def file_name
|
|
389
|
-
|
|
395
|
+
return unless file_path
|
|
396
|
+
|
|
397
|
+
T.must(file_path).split("/").last
|
|
390
398
|
end
|
|
391
399
|
|
|
392
|
-
sig { returns(String) }
|
|
400
|
+
sig { returns(T.nilable(String)) }
|
|
393
401
|
def directory
|
|
394
402
|
# Directory should always start with a `/`
|
|
395
|
-
|
|
403
|
+
return unless file_path
|
|
404
|
+
|
|
405
|
+
T.must(T.must(file_path).split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
396
406
|
end
|
|
397
407
|
end
|
|
398
408
|
|
|
@@ -434,8 +444,9 @@ module Dependabot
|
|
|
434
444
|
sig { returns(String) }
|
|
435
445
|
attr_reader :source
|
|
436
446
|
|
|
447
|
+
sig { params(source: T.nilable(String)).void }
|
|
437
448
|
def initialize(source)
|
|
438
|
-
@source = T.let(sanitize_source(source), String)
|
|
449
|
+
@source = T.let(sanitize_source(T.must(source)), String)
|
|
439
450
|
msg = "The following source could not be reached as it requires " \
|
|
440
451
|
"authentication (and any provided details were invalid or lacked " \
|
|
441
452
|
"the required permissions): #{@source}"
|
|
@@ -1,18 +1,25 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
module Experiments
|
|
6
|
-
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
10
|
+
@experiments = T.let({}, T::Hash[T.any(String, Symbol), T.untyped])
|
|
7
11
|
|
|
12
|
+
sig { returns(T::Hash[T.any(String, Symbol), T.untyped]) }
|
|
8
13
|
def self.reset!
|
|
9
14
|
@experiments = {}
|
|
10
15
|
end
|
|
11
16
|
|
|
17
|
+
sig { params(name: T.any(String, Symbol), value: T.untyped).void }
|
|
12
18
|
def self.register(name, value)
|
|
13
19
|
@experiments[name.to_sym] = value
|
|
14
20
|
end
|
|
15
21
|
|
|
22
|
+
sig { params(name: T.any(String, Symbol)).returns(T::Boolean) }
|
|
16
23
|
def self.enabled?(name)
|
|
17
24
|
!!@experiments[name.to_sym]
|
|
18
25
|
end
|
|
@@ -52,11 +52,15 @@ module Dependabot
|
|
|
52
52
|
/^fatal: clone of '(?<url>.*)' into submodule path '.*' failed$/
|
|
53
53
|
GIT_SUBMODULE_ERROR_REGEX = /(#{GIT_SUBMODULE_INACCESSIBLE_ERROR})|(#{GIT_SUBMODULE_CLONE_ERROR})/
|
|
54
54
|
|
|
55
|
-
sig {
|
|
56
|
-
def self.required_files_in?(filenames)
|
|
55
|
+
sig { overridable.params(filenames: T::Array[String]).returns(T::Boolean) }
|
|
56
|
+
def self.required_files_in?(filenames)
|
|
57
|
+
filenames.any?
|
|
58
|
+
end
|
|
57
59
|
|
|
58
|
-
sig {
|
|
59
|
-
def self.required_files_message
|
|
60
|
+
sig { overridable.returns(String) }
|
|
61
|
+
def self.required_files_message
|
|
62
|
+
"Required files are missing from configured directory"
|
|
63
|
+
end
|
|
60
64
|
|
|
61
65
|
# Creates a new FileFetcher for retrieving `DependencyFile`s.
|
|
62
66
|
#
|
|
@@ -85,6 +89,8 @@ module Dependabot
|
|
|
85
89
|
@linked_paths = T.let({}, T::Hash[T.untyped, T.untyped])
|
|
86
90
|
@submodules = T.let([], T::Array[T.untyped])
|
|
87
91
|
@options = options
|
|
92
|
+
|
|
93
|
+
@files = T.let([], T::Array[DependencyFile])
|
|
88
94
|
end
|
|
89
95
|
|
|
90
96
|
sig { returns(String) }
|
|
@@ -104,10 +110,16 @@ module Dependabot
|
|
|
104
110
|
|
|
105
111
|
sig { returns(T::Array[DependencyFile]) }
|
|
106
112
|
def files
|
|
107
|
-
@files
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
)
|
|
113
|
+
return @files if @files.any?
|
|
114
|
+
|
|
115
|
+
files = fetch_files.compact
|
|
116
|
+
raise Dependabot::DependencyFileNotFound.new(nil, "No files found in #{directory}") unless files.any?
|
|
117
|
+
|
|
118
|
+
unless self.class.required_files_in?(files.map(&:name))
|
|
119
|
+
raise DependencyFileNotFound.new(nil, self.class.required_files_message)
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
@files = files
|
|
111
123
|
end
|
|
112
124
|
|
|
113
125
|
sig { abstract.returns(T::Array[DependencyFile]) }
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/metadata_finders/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module MetadataFinders
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@metadata_finders = T.let({}, T::Hash[String, T.class_of(Dependabot::MetadataFinders::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::MetadataFinders::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
metadata_finder = @metadata_finders[package_manager]
|
|
10
16
|
return metadata_finder if metadata_finder
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, metadata_finder: T.class_of(Dependabot::MetadataFinders::Base)).void }
|
|
15
22
|
def self.register(package_manager, metadata_finder)
|
|
16
23
|
@metadata_finders[package_manager] = metadata_finder
|
|
17
24
|
end
|
|
@@ -1,12 +1,43 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
class PullRequestCreator
|
|
6
8
|
class BranchNamer
|
|
7
9
|
class Base
|
|
8
|
-
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
12
|
+
sig { returns(T::Array[Dependency]) }
|
|
13
|
+
attr_reader :dependencies
|
|
14
|
+
|
|
15
|
+
sig { returns(T::Array[DependencyFile]) }
|
|
16
|
+
attr_reader :files
|
|
17
|
+
|
|
18
|
+
sig { returns(T.nilable(String)) }
|
|
19
|
+
attr_reader :target_branch
|
|
9
20
|
|
|
21
|
+
sig { returns(String) }
|
|
22
|
+
attr_reader :separator
|
|
23
|
+
|
|
24
|
+
sig { returns(String) }
|
|
25
|
+
attr_reader :prefix
|
|
26
|
+
|
|
27
|
+
sig { returns(T.nilable(Integer)) }
|
|
28
|
+
attr_reader :max_length
|
|
29
|
+
|
|
30
|
+
sig do
|
|
31
|
+
params(
|
|
32
|
+
dependencies: T::Array[Dependency],
|
|
33
|
+
files: T::Array[DependencyFile],
|
|
34
|
+
target_branch: T.nilable(String),
|
|
35
|
+
separator: String,
|
|
36
|
+
prefix: String,
|
|
37
|
+
max_length: T.nilable(Integer)
|
|
38
|
+
)
|
|
39
|
+
.void
|
|
40
|
+
end
|
|
10
41
|
def initialize(dependencies:, files:, target_branch:, separator: "/",
|
|
11
42
|
prefix: "dependabot", max_length: nil)
|
|
12
43
|
@dependencies = dependencies
|
|
@@ -19,6 +50,7 @@ module Dependabot
|
|
|
19
50
|
|
|
20
51
|
private
|
|
21
52
|
|
|
53
|
+
sig { params(ref_name: String).returns(String) }
|
|
22
54
|
def sanitize_branch_name(ref_name)
|
|
23
55
|
# General git ref validation
|
|
24
56
|
sanitized_name = sanitize_ref(ref_name)
|
|
@@ -27,14 +59,15 @@ module Dependabot
|
|
|
27
59
|
sanitized_name = sanitized_name.gsub("/", separator)
|
|
28
60
|
|
|
29
61
|
# Shorten the ref in case users refs have length limits
|
|
30
|
-
if max_length && (sanitized_name.length > max_length)
|
|
31
|
-
sha = Digest::SHA1.hexdigest(sanitized_name)[0, max_length]
|
|
32
|
-
sanitized_name[[max_length - sha.size, 0].max..] = sha
|
|
62
|
+
if max_length && (sanitized_name.length > T.must(max_length))
|
|
63
|
+
sha = T.must(Digest::SHA1.hexdigest(sanitized_name)[0, T.must(max_length)])
|
|
64
|
+
sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
|
|
33
65
|
end
|
|
34
66
|
|
|
35
67
|
sanitized_name
|
|
36
68
|
end
|
|
37
69
|
|
|
70
|
+
sig { params(ref: String).returns(String) }
|
|
38
71
|
def sanitize_ref(ref)
|
|
39
72
|
# This isn't a complete implementation of git's ref validation, but it
|
|
40
73
|
# covers most cases that crop up. Its list of allowed characters is a
|
|
@@ -1,13 +1,29 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/pull_request_creator/branch_namer/base"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
class PullRequestCreator
|
|
8
9
|
class BranchNamer
|
|
9
10
|
class DependencyGroupStrategy < Base
|
|
10
|
-
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
sig do
|
|
14
|
+
params(
|
|
15
|
+
dependencies: T::Array[Dependabot::Dependency],
|
|
16
|
+
files: T::Array[Dependabot::DependencyFile],
|
|
17
|
+
target_branch: String,
|
|
18
|
+
dependency_group: Dependabot::DependencyGroup,
|
|
19
|
+
includes_security_fixes: T::Boolean,
|
|
20
|
+
separator: String,
|
|
21
|
+
prefix: String,
|
|
22
|
+
max_length: T.nilable(Integer)
|
|
23
|
+
)
|
|
24
|
+
.void
|
|
25
|
+
end
|
|
26
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
|
|
11
27
|
separator: "/", prefix: "dependabot", max_length: nil)
|
|
12
28
|
super(
|
|
13
29
|
dependencies: dependencies,
|
|
@@ -15,20 +31,24 @@ module Dependabot
|
|
|
15
31
|
target_branch: target_branch,
|
|
16
32
|
separator: separator,
|
|
17
33
|
prefix: prefix,
|
|
18
|
-
max_length: max_length
|
|
34
|
+
max_length: max_length,
|
|
19
35
|
)
|
|
20
36
|
|
|
21
37
|
@dependency_group = dependency_group
|
|
38
|
+
@includes_security_fixes = includes_security_fixes
|
|
22
39
|
end
|
|
23
40
|
|
|
41
|
+
sig { returns(String) }
|
|
24
42
|
def new_branch_name
|
|
25
43
|
sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
|
|
26
44
|
end
|
|
27
45
|
|
|
28
46
|
private
|
|
29
47
|
|
|
48
|
+
sig { returns(Dependabot::DependencyGroup) }
|
|
30
49
|
attr_reader :dependency_group
|
|
31
50
|
|
|
51
|
+
sig { returns(T::Array[String]) }
|
|
32
52
|
def prefixes
|
|
33
53
|
[
|
|
34
54
|
prefix,
|
|
@@ -44,22 +64,33 @@ module Dependabot
|
|
|
44
64
|
#
|
|
45
65
|
# Let's append a short hash digest of the dependency changes so that we can
|
|
46
66
|
# meet this guarantee.
|
|
67
|
+
sig { returns(String) }
|
|
47
68
|
def group_name_with_dependency_digest
|
|
48
|
-
|
|
69
|
+
if @includes_security_fixes
|
|
70
|
+
"group-security-#{package_manager}-#{dependency_digest}"
|
|
71
|
+
else
|
|
72
|
+
"#{dependency_group.name}-#{dependency_digest}"
|
|
73
|
+
end
|
|
49
74
|
end
|
|
50
75
|
|
|
76
|
+
sig { returns(T.nilable(String)) }
|
|
51
77
|
def dependency_digest
|
|
52
|
-
@dependency_digest ||=
|
|
53
|
-
|
|
54
|
-
|
|
78
|
+
@dependency_digest ||= T.let(
|
|
79
|
+
Digest::MD5.hexdigest(dependencies.map do |dependency|
|
|
80
|
+
"#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
|
|
81
|
+
end.sort.join(",")).slice(0, 10),
|
|
82
|
+
T.nilable(String)
|
|
83
|
+
)
|
|
55
84
|
end
|
|
56
85
|
|
|
86
|
+
sig { returns(String) }
|
|
57
87
|
def package_manager
|
|
58
|
-
dependencies.first.package_manager
|
|
88
|
+
T.must(dependencies.first).package_manager
|
|
59
89
|
end
|
|
60
90
|
|
|
91
|
+
sig { returns(String) }
|
|
61
92
|
def directory
|
|
62
|
-
files.first.directory.tr(" ", "-")
|
|
93
|
+
T.must(files.first).directory.tr(" ", "-")
|
|
63
94
|
end
|
|
64
95
|
end
|
|
65
96
|
end
|
|
@@ -38,31 +38,31 @@ module Dependabot
|
|
|
38
38
|
[
|
|
39
39
|
prefix,
|
|
40
40
|
package_manager,
|
|
41
|
-
files.first.directory.tr(" ", "-"),
|
|
41
|
+
T.must(files.first).directory.tr(" ", "-"),
|
|
42
42
|
target_branch
|
|
43
43
|
].compact
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def package_manager
|
|
47
|
-
dependencies.first.package_manager
|
|
47
|
+
T.must(dependencies.first).package_manager
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
def updating_a_property?
|
|
51
|
-
dependencies.first
|
|
52
|
-
|
|
53
|
-
|
|
51
|
+
T.must(dependencies.first)
|
|
52
|
+
.requirements
|
|
53
|
+
.any? { |r| r.dig(:metadata, :property_name) }
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def updating_a_dependency_set?
|
|
57
|
-
dependencies.first
|
|
58
|
-
|
|
59
|
-
|
|
57
|
+
T.must(dependencies.first)
|
|
58
|
+
.requirements
|
|
59
|
+
.any? { |r| r.dig(:metadata, :dependency_set) }
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
def property_name
|
|
63
|
-
@property_name ||= dependencies.first.requirements
|
|
64
|
-
|
|
65
|
-
|
|
63
|
+
@property_name ||= T.must(dependencies.first).requirements
|
|
64
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
|
65
|
+
&.dig(:metadata, :property_name)
|
|
66
66
|
|
|
67
67
|
raise "No property name!" unless @property_name
|
|
68
68
|
|
|
@@ -70,9 +70,9 @@ module Dependabot
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
def dependency_set
|
|
73
|
-
@dependency_set ||= dependencies.first.requirements
|
|
74
|
-
|
|
75
|
-
|
|
73
|
+
@dependency_set ||= T.must(dependencies.first).requirements
|
|
74
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
75
|
+
&.dig(:metadata, :dependency_set)
|
|
76
76
|
|
|
77
77
|
raise "No dependency set!" unless @dependency_set
|
|
78
78
|
|
|
@@ -82,7 +82,7 @@ module Dependabot
|
|
|
82
82
|
def branch_version_suffix
|
|
83
83
|
dep = dependencies.first
|
|
84
84
|
|
|
85
|
-
if dep.removed?
|
|
85
|
+
if T.must(dep).removed?
|
|
86
86
|
"-removed"
|
|
87
87
|
elsif library? && ref_changed?(dep) && new_ref(dep)
|
|
88
88
|
new_ref(dep)
|
|
@@ -11,10 +11,11 @@ require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
|
|
|
11
11
|
module Dependabot
|
|
12
12
|
class PullRequestCreator
|
|
13
13
|
class BranchNamer
|
|
14
|
-
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group
|
|
14
|
+
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group,
|
|
15
|
+
:includes_security_fixes
|
|
15
16
|
|
|
16
17
|
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
|
17
|
-
separator: "/", prefix: "dependabot", max_length: nil)
|
|
18
|
+
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
|
18
19
|
@dependencies = dependencies
|
|
19
20
|
@files = files
|
|
20
21
|
@target_branch = target_branch
|
|
@@ -22,6 +23,7 @@ module Dependabot
|
|
|
22
23
|
@separator = separator
|
|
23
24
|
@prefix = prefix
|
|
24
25
|
@max_length = max_length
|
|
26
|
+
@includes_security_fixes = includes_security_fixes
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def new_branch_name
|
|
@@ -47,6 +49,7 @@ module Dependabot
|
|
|
47
49
|
files: files,
|
|
48
50
|
target_branch: target_branch,
|
|
49
51
|
dependency_group: dependency_group,
|
|
52
|
+
includes_security_fixes: includes_security_fixes,
|
|
50
53
|
separator: separator,
|
|
51
54
|
prefix: prefix,
|
|
52
55
|
max_length: max_length
|