dependabot-common 0.244.0 → 0.246.0

data/lib/dependabot/clients/github_with_retries.rb

@@ -1,42 +1,61 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "octokit"
+require "sorbet-runtime"
+require "dependabot/credential"
 
 module Dependabot
   module Clients
     class GithubWithRetries
+      extend T::Sig
+
       DEFAULT_OPEN_TIMEOUT_IN_SECONDS = 2
       DEFAULT_READ_TIMEOUT_IN_SECONDS = 5
 
+      sig { returns(Integer) }
       def self.open_timeout_in_seconds
         ENV.fetch("DEPENDABOT_OPEN_TIMEOUT_IN_SECONDS", DEFAULT_OPEN_TIMEOUT_IN_SECONDS).to_i
       end
 
+      sig { returns(Integer) }
       def self.read_timeout_in_seconds
         ENV.fetch("DEPENDABOT_READ_TIMEOUT_IN_SECONDS", DEFAULT_READ_TIMEOUT_IN_SECONDS).to_i
       end
 
-      DEFAULT_CLIENT_ARGS = {
-        connection_options: {
-          request: {
-            open_timeout: open_timeout_in_seconds,
-            timeout: read_timeout_in_seconds
+      DEFAULT_CLIENT_ARGS = T.let(
+        {
+          connection_options: {
+            request: {
+              open_timeout: open_timeout_in_seconds,
+              timeout: read_timeout_in_seconds
+            }
           }
-        }
-      }.freeze
-
-      RETRYABLE_ERRORS = [
-        Faraday::ConnectionFailed,
-        Faraday::TimeoutError,
-        Octokit::InternalServerError,
-        Octokit::BadGateway
-      ].freeze
+        }.freeze,
+        T::Hash[Symbol, T.untyped]
+      )
+
+      RETRYABLE_ERRORS = T.let(
+        [
+          Faraday::ConnectionFailed,
+          Faraday::TimeoutError,
+          Octokit::InternalServerError,
+          Octokit::BadGateway
+        ].freeze,
+        T::Array[T.class_of(StandardError)]
+      )
 
       #######################
       # Constructor methods #
       #######################
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T::Array[Dependabot::Credential]
+        )
+          .returns(Dependabot::Clients::GithubWithRetries)
+      end
       def self.for_source(source:, credentials:)
         access_tokens =
           credentials
@@ -51,6 +70,7 @@ module Dependabot
         )
       end
 
+      sig { params(credentials: T::Array[Dependabot::Credential]).returns(Dependabot::Clients::GithubWithRetries) }
       def self.for_github_dot_com(credentials:)
         access_tokens =
           credentials
@@ -66,6 +86,7 @@ module Dependabot
       # VCS Interface #
       #################
 
+      sig { params(repo: String, branch: String).returns(String) }
       def fetch_commit(repo, branch)
         response = T.unsafe(self).ref(repo, "heads/#{branch}")
 
@@ -74,6 +95,7 @@ module Dependabot
         response.object.sha
       end
 
+      sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
         T.unsafe(self).repository(repo).default_branch
       end
@@ -82,6 +104,7 @@ module Dependabot
       # Proxying #
       ############
 
+      sig { params(max_retries: T.nilable(Integer), args: T.untyped).void }
       def initialize(max_retries: 3, **args)
         args = DEFAULT_CLIENT_ARGS.merge(args)
 
@@ -106,11 +129,23 @@ module Dependabot
           end
         end
 
-        @clients = access_tokens.map do |token|
-          Octokit::Client.new(args.merge(access_token: token))
-        end
+        @clients = T.let(
+          access_tokens.map do |token|
+            Octokit::Client.new(args.merge(access_token: token))
+          end,
+          T::Array[Octokit::Client]
+        )
       end
 
+      # TODO: Create all the methods that are called on the client
+      sig do
+        params(
+          method_name: T.any(Symbol, String),
+          args: T.untyped,
+          block: T.nilable(T.proc.returns(T.untyped))
+        )
+          .returns(T.untyped)
+      end
       def method_missing(method_name, *args, &block)
         untried_clients = @clients.dup
         client = untried_clients.pop
@@ -118,7 +153,7 @@ module Dependabot
         begin
           if client.respond_to?(method_name)
             mutatable_args = args.map(&:dup)
-            client.public_send(method_name, *mutatable_args, &block)
+            T.unsafe(client).public_send(method_name, *mutatable_args, &block)
           else
             super
           end
@@ -129,6 +164,13 @@ module Dependabot
         end
       end
 
+      sig do
+        params(
+          method_name: Symbol,
+          include_private: T::Boolean
+        )
+          .returns(T::Boolean)
+      end
       def respond_to_missing?(method_name, include_private = false)
         @clients.first.respond_to?(method_name) || super
       end

data/lib/dependabot/clients/gitlab_with_retries.rb

@@ -1,12 +1,20 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "gitlab"
+require "sorbet-runtime"
+
+require "dependabot/credential"
 
 module Dependabot
   module Clients
     class GitlabWithRetries
-      RETRYABLE_ERRORS = [Gitlab::Error::BadGateway].freeze
+      extend T::Sig
+
+      RETRYABLE_ERRORS = T.let(
+        [Gitlab::Error::BadGateway].freeze,
+        T::Array[T.class_of(Gitlab::Error::ResponseError)]
+      )
 
       class ContentEncoding
         BASE64 = "base64"
@@ -17,6 +25,13 @@ module Dependabot
       # Constructor methods #
       #######################
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T::Array[Dependabot::Credential]
+        )
+          .returns(Dependabot::Clients::GitlabWithRetries)
+      end
       def self.for_source(source:, credentials:)
         access_token =
           credentials
@@ -31,6 +46,7 @@ module Dependabot
         )
       end
 
+      sig { params(credentials: T::Array[Dependabot::Credential]).returns(Dependabot::Clients::GitlabWithRetries) }
       def self.for_gitlab_dot_com(credentials:)
         access_token =
           credentials
@@ -49,10 +65,12 @@ module Dependabot
       # VCS Interface #
       #################
 
+      sig { params(repo: String, branch: String).returns(String) }
       def fetch_commit(repo, branch)
         T.unsafe(self).branch(repo, branch).commit.id
       end
 
+      sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
         T.unsafe(self).project(repo).default_branch
       end
@@ -61,9 +79,10 @@ module Dependabot
       # Proxying #
       ############
 
+      sig { params(max_retries: T.nilable(Integer), args: T.untyped).void }
       def initialize(max_retries: 3, **args)
-        @max_retries = max_retries || 3
-        @client = ::Gitlab::Client.new(args)
+        @max_retries = T.let(max_retries || 3, Integer)
+        @client = T.let(::Gitlab::Client.new(args), ::Gitlab::Client)
       end
 
       # Create commit in gitlab repo with correctly mapped file actions
@@ -74,32 +93,63 @@ module Dependabot
       # @param [Array<Dependabot::DependencyFile>] files
       # @param [Hash] options
       # @return [Gitlab::ObjectifiedHash]
+      sig do
+        params(
+          repo: String,
+          branch_name: String,
+          commit_message: String,
+          files: T::Array[Dependabot::DependencyFile],
+          options: T.untyped
+        )
+          .returns(Gitlab::ObjectifiedHash)
+      end
       def create_commit(repo, branch_name, commit_message, files, **options)
         @client.create_commit(
           repo,
           branch_name,
           commit_message,
           file_actions(files),
-          **options
+          options
         )
       end
 
+      # TODO: Create all the methods that are called on the client
+      sig do
+        params(
+          method_name: T.any(Symbol, String),
+          args: T.untyped,
+          block: T.nilable(T.proc.returns(T.untyped))
+        )
+          .returns(T.untyped)
+      end
       def method_missing(method_name, *args, &block)
         retry_connection_failures do
           if @client.respond_to?(method_name)
             mutatable_args = args.map(&:dup)
-            @client.public_send(method_name, *mutatable_args, &block)
+            T.unsafe(@client).public_send(method_name, *mutatable_args, &block)
           else
             super
           end
         end
       end
 
+      sig do
+        params(
+          method_name: Symbol,
+          include_private: T::Boolean
+        )
+          .returns(T::Boolean)
+      end
       def respond_to_missing?(method_name, include_private = false)
         @client.respond_to?(method_name) || super
       end
 
-      def retry_connection_failures
+      sig do
+        type_parameters(:T)
+          .params(_blk: T.proc.returns(T.type_parameter(:T)))
+          .returns(T.type_parameter(:T))
+      end
+      def retry_connection_failures(&_blk)
         retry_attempt = 0
 
         begin
@@ -116,6 +166,7 @@ module Dependabot
       #
       # @param [Array<Dependabot::DependencyFile>] files
       # @return [Array<Hash>]
+      sig { params(files: T::Array[Dependabot::DependencyFile]).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def file_actions(files)
         files.map do |file|
           {
@@ -131,6 +182,7 @@ module Dependabot
       #
       # @param [Dependabot::DependencyFile] file
       # @return [String]
+      sig { params(file: Dependabot::DependencyFile).returns(String) }
       def file_action(file)
         if file.operation == Dependabot::DependencyFile::Operation::DELETE
           "delete"
@@ -145,6 +197,7 @@ module Dependabot
       #
       # @param [Dependabot::DependencyFile] file
       # @return [String]
+      sig { params(file: Dependabot::DependencyFile).returns(String) }
       def file_encoding(file)
         return ContentEncoding::BASE64 if file.content_encoding == Dependabot::DependencyFile::ContentEncoding::BASE64
 

data/lib/dependabot/dependency.rb

@@ -93,7 +93,7 @@ module Dependabot
         # TODO: Make version a Dependabot::Version everywhere
         version: T.nilable(T.any(String, Dependabot::Version)),
         previous_version: T.nilable(String),
-        previous_requirements: T.nilable(T::Array[T::Hash[String, String]]),
+        previous_requirements: T.nilable(T::Array[T::Hash[T.any(Symbol, String), T.untyped]]),
         subdependency_metadata: T.nilable(T::Array[T::Hash[T.any(Symbol, String), String]]),
         removed: T::Boolean,
         metadata: T.nilable(T::Hash[T.any(Symbol, String), String])

data/lib/dependabot/errors.rb

@@ -48,7 +48,10 @@ module Dependabot
     when Dependabot::DependencyFileNotFound
       {
         "error-type": "dependency_file_not_found",
-        "error-detail": { "file-path": error.file_path }
+        "error-detail": {
+          message: error.message,
+          "file-path": error.file_path
+        }
       }
     when Dependabot::OutOfDisk
       {
@@ -108,7 +111,10 @@ module Dependabot
     when Dependabot::DependencyFileNotFound
       {
         "error-type": "dependency_file_not_found",
-        "error-detail": { "file-path": error.file_path }
+        "error-detail": {
+          message: error.message,
+          "file-path": error.file_path
+        }
       }
     when Dependabot::PathDependenciesNotReachable
       {

data/lib/dependabot/git_commit_checker.rb

@@ -367,7 +367,8 @@ module Dependabot
       client = Clients::GithubWithRetries
                .for_github_dot_com(credentials: credentials)
 
-      client.compare(listing_source_repo, ref1, ref2).status
+      # TODO: create this method instead of relying on method_missing
+      T.unsafe(client).compare(listing_source_repo, ref1, ref2).status
     end
 
     sig { params(ref1: String, ref2: String).returns(String) }
@@ -375,7 +376,7 @@ module Dependabot
       client = Clients::GitlabWithRetries
                .for_gitlab_dot_com(credentials: credentials)
 
-      comparison = client.compare(listing_source_repo, ref1, ref2)
+      comparison = T.unsafe(client).compare(listing_source_repo, ref1, ref2)
 
       if comparison.commits.none? then "behind"
       elsif comparison.compare_same_ref then "identical"
@@ -393,7 +394,7 @@ module Dependabot
       client = Clients::BitbucketWithRetries
                .for_bitbucket_dot_org(credentials: credentials)
 
-      response = client.get(url)
+      response = T.unsafe(client).get(url)
 
       # Conservatively assume that ref2 is ahead in the equality case, of
       # if we get an unexpected format (e.g., due to a 404)

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -460,7 +460,7 @@ module Dependabot
         def github_client
           @github_client ||=
             T.let(
-              Dependabot::Clients::GithubWithRetries.for_source(source: source, credentials: credentials),
+              Dependabot::Clients::GithubWithRetries.for_source(source: T.must(source), credentials: credentials),
               T.nilable(Dependabot::Clients::GithubWithRetries)
             )
         end

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -373,7 +373,7 @@ module Dependabot
         def github_client
           @github_client ||=
             T.let(
-              Dependabot::Clients::GithubWithRetries.for_source(source: source, credentials: credentials),
+              Dependabot::Clients::GithubWithRetries.for_source(source: T.must(source), credentials: credentials),
               T.nilable(Dependabot::Clients::GithubWithRetries)
             )
         end

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -359,7 +359,7 @@ module Dependabot
         def github_client
           @github_client ||=
             T.let(
-              Dependabot::Clients::GithubWithRetries.for_source(source: source, credentials: credentials),
+              Dependabot::Clients::GithubWithRetries.for_source(source: T.must(source), credentials: credentials),
               T.nilable(Dependabot::Clients::GithubWithRetries)
             )
         end

data/lib/dependabot/pull_request_creator/azure.rb

@@ -1,21 +1,79 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
+require "dependabot/credential"
 require "dependabot/clients/azure"
 require "dependabot/pull_request_creator"
 
 module Dependabot
   class PullRequestCreator
     class Azure
-      attr_reader :source, :branch_name, :base_commit, :credentials,
-                  :files, :commit_message, :pr_description, :pr_name,
-                  :author_details, :labeler, :reviewers, :assignees, :work_item
+      extend T::Sig
+
+      sig { returns(Dependabot::Source) }
+      attr_reader :source
+
+      sig { returns(String) }
+      attr_reader :branch_name
+
+      sig { returns(String) }
+      attr_reader :base_commit
+
+      sig { returns(T::Array[Dependabot::Credential]) }
+      attr_reader :credentials
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      attr_reader :files
+
+      sig { returns(String) }
+      attr_reader :commit_message
+
+      sig { returns(String) }
+      attr_reader :pr_description
+
+      sig { returns(String) }
+      attr_reader :pr_name
+
+      sig { returns(T.nilable(T::Hash[Symbol, String])) }
+      attr_reader :author_details
+
+      sig { returns(Dependabot::PullRequestCreator::Labeler) }
+      attr_reader :labeler
+
+      sig { returns(T.nilable(T::Array[String])) }
+      attr_reader :reviewers
+
+      sig { returns(T.nilable(T::Array[String])) }
+      attr_reader :assignees
+
+      sig { returns(T.nilable(Integer)) }
+      attr_reader :work_item
 
       # Azure DevOps limits PR descriptions to a max of 4,000 characters in UTF-16 encoding:
       # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
       PR_DESCRIPTION_MAX_LENGTH = 3_999 # 0 based count
       PR_DESCRIPTION_ENCODING = Encoding::UTF_16
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          branch_name: String,
+          base_commit: String,
+          credentials: T::Array[Dependabot::Credential],
+          files: T::Array[Dependabot::DependencyFile],
+          commit_message: String,
+          pr_description: String,
+          pr_name: String,
+          author_details: T.nilable(T::Hash[Symbol, String]),
+          labeler: Dependabot::PullRequestCreator::Labeler,
+          reviewers: T.nilable(T::Array[String]),
+          assignees: T.nilable(T::Array[String]),
+          work_item: T.nilable(Integer)
+        )
+          .void
+      end
       def initialize(source:, branch_name:, base_commit:, credentials:,
                      files:, commit_message:, pr_description:, pr_name:,
                      author_details:, labeler:, reviewers: nil, assignees: nil, work_item: nil)
@@ -34,6 +92,7 @@ module Dependabot
         @work_item      = work_item
       end
 
+      sig { returns(T.nilable(Excon::Response)) }
       def create
         return if branch_exists? && pull_request_exists?
 
@@ -46,20 +105,26 @@ module Dependabot
 
       private
 
+      sig { returns(Dependabot::Clients::Azure) }
       def azure_client_for_source
         @azure_client_for_source ||=
-          Dependabot::Clients::Azure.for_source(
-            source: source,
-            credentials: credentials
+          T.let(
+            Dependabot::Clients::Azure.for_source(
+              source: source,
+              credentials: credentials
+            ),
+            T.nilable(Dependabot::Clients::Azure)
           )
       end
 
+      sig { returns(T::Boolean) }
       def branch_exists?
-        azure_client_for_source.branch(branch_name)
+        !azure_client_for_source.branch(branch_name).nil?
       rescue ::Dependabot::Clients::Azure::NotFound
         false
       end
 
+      sig { returns(T::Boolean) }
       def pull_request_exists?
         azure_client_for_source.pull_requests(
           branch_name,
@@ -67,6 +132,7 @@ module Dependabot
         ).any?
       end
 
+      sig { void }
       def create_commit
         author = author_details&.slice(:name, :email, :date)
         author = nil unless author&.any?
@@ -80,6 +146,7 @@ module Dependabot
         )
       end
 
+      sig { returns(Excon::Response) }
       def create_pull_request
         azure_client_for_source.create_pull_request(
           pr_name,
@@ -93,9 +160,13 @@ module Dependabot
         )
       end
 
+      sig { returns(String) }
       def default_branch
         @default_branch ||=
-          azure_client_for_source.fetch_default_branch(source.repo)
+          T.let(
+            azure_client_for_source.fetch_default_branch(source.repo),
+            T.nilable(String)
+          )
       end
     end
   end