dependabot-common 0.239.0 → 0.241.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05ce845694a06ef06ec108aada0ff902b7b08a7a8fc41c23531e00b2252436ae
-  data.tar.gz: 72cc39025cf3a411bed2f82d113474dae965e57c06b15d1abe78f93794562c8c
+  metadata.gz: 5b381e33a32a95b7956fbcff6abec4736f2f190b4c8ab0eece99a2181037f52e
+  data.tar.gz: 5006821762970d60de1f3682cd1931f9e86cd0d44d8b9d5ec6eb7778a3bf329a
 SHA512:
-  metadata.gz: ee1859d83b60cf7ddeab1b98c04666198da262a86c5875ed6ff586c9637c877075d9687b3657f38e0bcbf5669584d545a790a2c68e82e9499e5c30b4353d9890
-  data.tar.gz: c4f99509fbd5846a9d07caa227cc67152933da70bea50246c1d6fe20ab9fc67cbb6d141753b89a4b7ed08bf9a73e4520a3c738fa33f4169ea5a19225db9698c6
+  metadata.gz: 4d8272f9614610836187d6a34fc20acd78b0326d8759d633afc7879492f9edffc3189d148e643750f0f47c1fec54071545ff7d2981499f82c8273addb527fc36
+  data.tar.gz: 4248ef1d9c5dce4afad397af2b557e8414a673d48351924255be59d211a0538b6f98ac73ce4f75458168379301be42c0b9a03517266ac6de8d2205346e95a8d3

data/lib/dependabot/config/file_fetcher.rb

@@ -1,30 +1,37 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
+require "sorbet-runtime"
 require "dependabot/file_fetchers/base"
 require "dependabot/config/file"
 
 module Dependabot
   module Config
     class FileFetcher < FileFetchers::Base
-      CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
+      extend T::Sig
 
+      CONFIG_FILE_PATHS = T.let(%w(.github/dependabot.yml .github/dependabot.yaml).freeze, T::Array[String])
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
       def self.required_files_in?(filenames)
         CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
       end
 
+      sig { override.returns(String) }
       def self.required_files_message
         "Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def config_file
-        @config_file ||= files.first
+        @config_file ||= T.let(files.first, T.nilable(Dependabot::DependencyFile))
       end
 
       private
 
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def fetch_files
-        fetched_files = []
+        fetched_files = T.let([], T::Array[Dependabot::DependencyFile])
 
         CONFIG_FILE_PATHS.each do |file|
           fn = Pathname.new("/#{file}").relative_path_from(directory)

data/lib/dependabot/dependency.rb

@@ -143,7 +143,7 @@ module Dependabot
     def numeric_version
       return unless version && version_class.correct?(version)
 
-      @numeric_version ||= T.let(version_class.new(version), T.nilable(Dependabot::Version))
+      @numeric_version ||= T.let(version_class.new(T.must(version)), T.nilable(Dependabot::Version))
     end
 
     sig { returns(T::Hash[String, T.untyped]) }
@@ -300,7 +300,7 @@ module Dependabot
       requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
     end
 
-    sig { returns(T.class_of(Gem::Requirement)) }
+    sig { returns(T.class_of(Dependabot::Requirement)) }
     def requirement_class
       Utils.requirement_class_for_package_manager(package_manager)
     end

data/lib/dependabot/dependency_file.rb

@@ -14,6 +14,8 @@ module Dependabot
     sig { returns(T.nilable(String)) }
     attr_accessor :content
 
+    # This is the directory of the job source, not the directory of the file itself.
+    # The name actually contains the relative path from the job directory.
     sig { returns(String) }
     attr_accessor :directory
 
@@ -38,11 +40,6 @@ module Dependabot
     sig { returns(T.nilable(String)) }
     attr_accessor :mode
 
-    # The directory that this file was fetched for. This is useful for multi-directory
-    # updates, where a set of files that are related to each other are updated together.
-    sig { returns(T.nilable(String)) }
-    attr_accessor :job_directory
-
     class ContentEncoding
       UTF_8 = "utf-8"
       BASE64 = "base64"
@@ -71,15 +68,14 @@ module Dependabot
         content_encoding: String,
         deleted: T::Boolean,
         operation: String,
-        mode: T.nilable(String),
-        job_directory: T.nilable(String)
+        mode: T.nilable(String)
       )
         .void
     end
     def initialize(name:, content:, directory: "/", type: "file",
                    support_file: false, vendored_file: false, symlink_target: nil,
                    content_encoding: ContentEncoding::UTF_8, deleted: false,
-                   operation: Operation::UPDATE, mode: nil, job_directory: nil)
+                   operation: Operation::UPDATE, mode: nil)
       @name = name
       @content = content
       @directory = T.let(clean_directory(directory), String)
@@ -88,7 +84,6 @@ module Dependabot
       @vendored_file = vendored_file
       @content_encoding = content_encoding
       @operation = operation
-      @job_directory = job_directory
 
       # Make deleted override the operation. Deleted is kept when operation
       # was introduced to keep compatibility with downstream dependants.
@@ -127,7 +122,6 @@ module Dependabot
         "mode" => mode
       }
 
-      details["job_directory"] = job_directory if job_directory
       details["symlink_target"] = symlink_target if symlink_target
       details
     end

data/lib/dependabot/file_fetchers/base.rb

@@ -52,11 +52,15 @@ module Dependabot
         /^fatal: clone of '(?<url>.*)' into submodule path '.*' failed$/
       GIT_SUBMODULE_ERROR_REGEX = /(#{GIT_SUBMODULE_INACCESSIBLE_ERROR})|(#{GIT_SUBMODULE_CLONE_ERROR})/
 
-      sig { abstract.params(filenames: T::Array[String]).returns(T::Boolean) }
-      def self.required_files_in?(filenames); end
+      sig { overridable.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any?
+      end
 
-      sig { abstract.returns(String) }
-      def self.required_files_message; end
+      sig { overridable.returns(String) }
+      def self.required_files_message
+        "Required files are missing from configured directory"
+      end
 
       # Creates a new FileFetcher for retrieving `DependencyFile`s.
       #
@@ -85,6 +89,8 @@ module Dependabot
         @linked_paths = T.let({}, T::Hash[T.untyped, T.untyped])
         @submodules = T.let([], T::Array[T.untyped])
         @options = options
+
+        @files = T.let([], T::Array[DependencyFile])
       end
 
       sig { returns(String) }
@@ -104,10 +110,16 @@ module Dependabot
 
       sig { returns(T::Array[DependencyFile]) }
       def files
-        @files ||= T.let(
-          fetch_files.each { |f| f.job_directory = directory },
-          T.nilable(T::Array[DependencyFile])
-        )
+        return @files if @files.any?
+
+        files = fetch_files.compact
+        raise Dependabot::DependencyFileNotFound.new(nil, "No files found in #{directory}") unless files.any?
+
+        unless self.class.required_files_in?(files.map(&:name))
+          raise DependencyFileNotFound.new(nil, self.class.required_files_message)
+        end
+
+        @files = files
       end
 
       sig { abstract.returns(T::Array[DependencyFile]) }

data/lib/dependabot/file_parsers/base.rb

@@ -1,12 +1,43 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 module Dependabot
   module FileParsers
     class Base
-      attr_reader :dependency_files, :repo_contents_path, :credentials, :source, :options
+      extend T::Sig
+      extend T::Helpers
+
+      abstract!
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      attr_reader :dependency_files
+
+      sig { returns(T.nilable(String)) }
+      attr_reader :repo_contents_path
+
+      sig { returns(T::Array[T::Hash[String, String]]) }
+      attr_reader :credentials
 
-      def initialize(dependency_files:, repo_contents_path: nil, source:,
+      sig { returns(T.nilable(Dependabot::Source)) }
+      attr_reader :source
+
+      sig { returns(T::Hash[Symbol, T.untyped]) }
+      attr_reader :options
+
+      sig do
+        params(
+          dependency_files: T::Array[Dependabot::DependencyFile],
+          source: T.nilable(Dependabot::Source),
+          repo_contents_path: T.nilable(String),
+          credentials: T::Array[T::Hash[String, String]],
+          reject_external_code: T::Boolean,
+          options: T::Hash[Symbol, T.untyped]
+        )
+          .void
+      end
+      def initialize(dependency_files:, source:, repo_contents_path: nil,
                      credentials: [], reject_external_code: false, options: {})
         @dependency_files = dependency_files
         @repo_contents_path = repo_contents_path
@@ -18,16 +49,15 @@ module Dependabot
         check_required_files
       end
 
-      def parse
-        raise NotImplementedError
-      end
+      sig { abstract.returns(Dependabot::DependencyFile) }
+      def parse; end
 
       private
 
-      def check_required_files
-        raise NotImplementedError
-      end
+      sig { abstract.void }
+      def check_required_files; end
 
+      sig { params(filename: String).returns(T.nilable(Dependabot::DependencyFile)) }
       def get_original_file(filename)
         dependency_files.find { |f| f.name == filename }
       end