dependabot-common 0.245.0 → 0.246.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fbc9b9fbba7549f6bdbb7dafec2f3d3111bd2e8263e966b3eaf1bfce19be3a01
-  data.tar.gz: 2e396338454b56410104329634792a20076533cadf2418f15e74d591612969eb
+  metadata.gz: afa14b1e2f804f1713004ae03cf9ba9ac2ed546794d736bbeedef24d18f8be7b
+  data.tar.gz: 012a72964c4ae5f6140ab6a81d101f227bd84445a2e04b77395252ae66771bc8
 SHA512:
-  metadata.gz: 2cc3166e278f88f679a7d177b74d77ba9d8cd48ac22694db65a61a36bf5386efb7fd459e430f971cad2e21f33253e67f1e264137fcfc48b57d3d41480c71f9f9
-  data.tar.gz: fc85175d8dfe6020bc3737fec46342fe529371e984d0f1d806195c697124ff6c63418edc7a1135a30c1c2ceff6caf28be2a715463c466c6bfa3267b5b0249b8a
+  metadata.gz: 367510a477d1b7a1d362f69a8a4a8bdcfb1d89f355f442291d3640c247391e924612b51bbe3393b146dcfb621d1faf53ab7dc364bf4eba134c17389a781d4ba0
+  data.tar.gz: ae0d0af76bbea879c4cf4faec7c1be85067cec9918c1c7ad2818b60c160d5da93bcb11a5c3bd9287d4b9f11256de46eb0758f56db98ef2586ec2c3d4e514ed17

data/lib/dependabot/clients/bitbucket.rb

@@ -1,12 +1,16 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
-require "dependabot/shared_helpers"
 require "excon"
+require "sorbet-runtime"
+
+require "dependabot/shared_helpers"
 
 module Dependabot
   module Clients
     class Bitbucket
+      extend T::Sig
+
       class NotFound < StandardError; end
 
       class Unauthorized < StandardError; end
@@ -19,6 +23,13 @@ module Dependabot
       # Constructor methods #
       #######################
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T::Array[Dependabot::Credential]
+        )
+          .returns(Dependabot::Clients::Bitbucket)
+      end
       def self.for_source(source:, credentials:)
         credential =
           credentials
@@ -32,11 +43,13 @@ module Dependabot
       # Client #
       ##########
 
+      sig { params(credentials: T.nilable(Dependabot::Credential)).void }
       def initialize(credentials:)
         @credentials = credentials
-        @auth_header = auth_header_for(credentials&.fetch("token", nil))
+        @auth_header = T.let(auth_header_for(credentials&.fetch("token", nil)), T::Hash[String, String])
       end
 
+      sig { params(repo: String, branch: String).returns(String) }
       def fetch_commit(repo, branch)
         path = "#{repo}/refs/branches/#{branch}"
         response = get(base_url + path)
@@ -44,12 +57,21 @@ module Dependabot
         JSON.parse(response.body).fetch("target").fetch("hash")
       end
 
+      sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
         response = get(base_url + repo)
 
         JSON.parse(response.body).fetch("mainbranch").fetch("name")
       end
 
+      sig do
+        params(
+          repo: String,
+          commit: T.nilable(String),
+          path: T.nilable(String)
+        )
+          .returns(T::Array[T::Hash[String, T.untyped]])
+      end
       def fetch_repo_contents(repo, commit = nil, path = nil)
         raise "Commit is required if path provided!" if commit.nil? && path
 
@@ -62,6 +84,14 @@ module Dependabot
         JSON.parse(response.body).fetch("values")
       end
 
+      sig do
+        params(
+          repo: String,
+          commit: String,
+          path: String
+        )
+          .returns(String)
+      end
       def fetch_file_contents(repo, commit, path)
         path = "#{repo}/src/#{commit}/#{path.gsub(%r{/+$}, '')}"
         response = get(base_url + path)
@@ -69,12 +99,26 @@ module Dependabot
         response.body
       end
 
+      sig do
+        params(
+          repo: String,
+          branch_name: T.nilable(String)
+        )
+          .returns(T::Enumerator[T::Hash[String, T.untyped]])
+      end
       def commits(repo, branch_name = nil)
         commits_path = "#{repo}/commits/#{branch_name}?pagelen=100"
         next_page_url = base_url + commits_path
         paginate({ "next" => next_page_url })
       end
 
+      sig do
+        params(
+          repo: String,
+          branch_name: String
+        )
+          .returns(T::Hash[String, T.untyped])
+      end
       def branch(repo, branch_name)
         branch_path = "#{repo}/refs/branches/#{branch_name}"
         response = get(base_url + branch_path)
@@ -82,6 +126,15 @@ module Dependabot
         JSON.parse(response.body)
       end
 
+      sig do
+        params(
+          repo: String,
+          source_branch: T.nilable(String),
+          target_branch: T.nilable(String),
+          status: T::Array[String]
+        )
+          .returns(T::Array[T::Hash[String, T.untyped]])
+      end
       def pull_requests(repo, source_branch, target_branch, status = %w(OPEN MERGED DECLINED SUPERSEDED))
         pr_path = "#{repo}/pullrequests?"
         # Get pull requests with given status
@@ -104,6 +157,17 @@ module Dependabot
       end
 
       # rubocop:disable Metrics/ParameterLists
+      sig do
+        params(
+          repo: String,
+          branch_name: String,
+          base_commit: String,
+          commit_message: String,
+          files: T::Array[Dependabot::DependencyFile],
+          author_details: T::Hash[Symbol, String]
+        )
+          .void
+      end
       def create_commit(repo, branch_name, base_commit, commit_message, files,
                         author_details)
         parameters = {
@@ -125,6 +189,18 @@ module Dependabot
       # rubocop:enable Metrics/ParameterLists
 
       # rubocop:disable Metrics/ParameterLists
+      sig do
+        params(
+          repo: String,
+          pr_name: String,
+          source_branch: String,
+          target_branch: String,
+          pr_description: String,
+          _labels: T.nilable(T::Array[String]),
+          _work_item: T.nilable(Integer)
+        )
+          .void
+      end
       def create_pull_request(repo, pr_name, source_branch, target_branch,
                               pr_description, _labels, _work_item = nil)
         reviewers = default_reviewers(repo)
@@ -151,6 +227,7 @@ module Dependabot
       end
       # rubocop:enable Metrics/ParameterLists
 
+      sig { params(repo: String, pr_id: Integer, comment: T.nilable(String)).void }
       def decline_pull_request(repo, pr_id, comment = nil)
         # https://developer.atlassian.com/cloud/bitbucket/rest/api-group-pullrequests/
         decline_path = "#{repo}/pullrequests/#{pr_id}/decline"
@@ -168,14 +245,16 @@ module Dependabot
         post(base_url + comment_path, content.to_json)
       end
 
+      sig { returns(T.nilable(String)) }
       def current_user
         base_url = "https://api.bitbucket.org/2.0/user?fields=uuid"
         response = get(base_url)
         JSON.parse(response.body).fetch("uuid")
       rescue Unauthorized
-        [nil]
+        nil
       end
 
+      sig { params(repo: String).returns(T::Array[T::Hash[String, String]]) }
       def default_reviewers(repo)
         current_uuid = current_user
         path = "#{repo}/default-reviewers?pagelen=100&fields=values.uuid,next"
@@ -192,6 +271,7 @@ module Dependabot
         reviewer_data
       end
 
+      sig { params(repo: String).returns(T::Array[T::Hash[String, String]]) }
       def tags(repo)
         path = "#{repo}/refs/tags?pagelen=100"
         response = get(base_url + path)
@@ -199,6 +279,14 @@ module Dependabot
         JSON.parse(response.body).fetch("values")
       end
 
+      sig do
+        params(
+          repo: String,
+          previous_tag: String,
+          new_tag: String
+        )
+          .returns(T::Array[T::Hash[String, T.untyped]])
+      end
       def compare(repo, previous_tag, new_tag)
         path = "#{repo}/commits/?include=#{new_tag}&exclude=#{previous_tag}"
         response = get(base_url + path)
@@ -206,6 +294,7 @@ module Dependabot
         JSON.parse(response.body).fetch("values")
       end
 
+      sig { params(url: String).returns(Excon::Response) }
       def get(url)
         response = Excon.get(
           URI::DEFAULT_PARSER.escape(url),
@@ -230,6 +319,14 @@ module Dependabot
         response
       end
 
+      sig do
+        params(
+          url: String,
+          body: String,
+          content_type: String
+        )
+          .returns(Excon::Response)
+      end
       def post(url, body, content_type = "application/json")
         headers = auth_header
 
@@ -259,12 +356,14 @@ module Dependabot
 
       private
 
+      sig { params(token: T.nilable(String)).returns(T::Hash[String, String]) }
       def auth_header_for(token)
         return {} unless token
 
         { "Authorization" => "Bearer #{token}" }
       end
 
+      sig { params(parameters: T::Hash[String, String]).returns(String) }
       def encode_form_parameters(parameters)
         parameters.map do |key, value|
           URI.encode_www_form_component(key.to_s) + "=" + URI.encode_www_form_component(value.to_s)
@@ -284,6 +383,11 @@ module Dependabot
       #     response = post(url, body)
       #     first_page = JSON.parse(response.body)
       #     paginate(first_page)
+      sig do
+        type_parameters(:T)
+          .params(page: T.all(T.type_parameter(:T), T::Hash[String, T.untyped]))
+          .returns(T::Enumerator[T.type_parameter(:T)])
+      end
       def paginate(page)
         Enumerator.new do |yielder|
           loop do
@@ -291,14 +395,18 @@ module Dependabot
             break unless page.key?("next")
 
             next_page_url = page.fetch("next")
-            page = JSON.parse(get(next_page_url).body)
+            page = T.cast(JSON.parse(get(next_page_url).body), T.all(T::Hash[String, T.untyped], T.type_parameter(:T)))
           end
         end
       end
 
+      sig { returns(T::Hash[String, String]) }
       attr_reader :auth_header
+
+      sig { returns(T.nilable(Dependabot::Credential)) }
       attr_reader :credentials
 
+      sig { returns(String) }
       def base_url
         # TODO: Make this configurable when we support enterprise Bitbucket
         "https://api.bitbucket.org/2.0/repositories/"

data/lib/dependabot/clients/codecommit.rb

@@ -1,7 +1,9 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "aws-sdk-codecommit"
+require "sorbet-runtime"
+
 require "dependabot/shared_helpers"
 
 module Dependabot
@@ -15,6 +17,13 @@ module Dependabot
       # Constructor methods #
       #######################
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T::Array[Dependabot::Credential]
+        )
+          .returns(Dependabot::Clients::CodeCommit)
+      end
       def self.for_source(source:, credentials:)
         credential =
           credentials
@@ -28,20 +37,32 @@ module Dependabot
       # Client #
       ##########
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T.nilable(Dependabot::Credential)
+        )
+          .void
+      end
       def initialize(source, credentials)
         @source = source
         @cc_client =
-          if credentials
-            Aws::CodeCommit::Client.new(
-              access_key_id: credentials.fetch("username"),
-              secret_access_key: credentials.fetch("password"),
-              region: credentials.fetch("region")
-            )
-          else
-            Aws::CodeCommit::Client.new
-          end
+          T.let(
+            if credentials
+              Aws::CodeCommit::Client.new(
+                access_key_id: credentials.fetch("username"),
+                secret_access_key: credentials.fetch("password"),
+                region: credentials.fetch("region")
+              )
+            else
+              Aws::CodeCommit::Client.new
+            end,
+            Aws::CodeCommit::Client
+          )
       end
 
+      # TODO: Should repo be required?
+      sig { params(repo: T.nilable(String), branch: String).returns(String) }
       def fetch_commit(repo, branch)
         cc_client.get_branch(
           branch_name: branch,
@@ -49,12 +70,20 @@ module Dependabot
         ).branch.commit_id
       end
 
+      sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
         cc_client.get_repository(
           repository_name: repo
         ).repository_metadata.default_branch
       end
 
+      sig do
+        params(
+          repo: String, commit: T.nilable(String),
+          path: T.nilable(String)
+        )
+          .returns(Aws::CodeCommit::Types::GetFolderOutput)
+      end
       def fetch_repo_contents(repo, commit = nil, path = nil)
         actual_path = path
         actual_path = "/" if path.to_s.empty?
@@ -66,6 +95,14 @@ module Dependabot
         )
       end
 
+      sig do
+        params(
+          repo: String,
+          commit: String,
+          path: String
+        )
+          .returns(String)
+      end
       def fetch_file_contents(repo, commit, path)
         cc_client.get_file(
           repository_name: repo,
@@ -76,6 +113,12 @@ module Dependabot
           raise NotFound
       end
 
+      sig do
+        params(
+          branch_name: String
+        )
+          .returns(String)
+      end
       def branch(branch_name)
         cc_client.get_branch(
           repository_name: source.unscoped_repo,
@@ -84,6 +127,14 @@ module Dependabot
       end
 
       # work around b/c codecommit doesn't have a 'get all commits' api..
+      sig do
+        params(
+          repo: String,
+          branch_name: String,
+          result_count: Integer
+        )
+          .returns(T::Array[String])
+      end
       def fetch_commits(repo, branch_name, result_count)
         top_commit = fetch_commit(repo, branch_name)
         retrieved_commits = []
@@ -123,7 +174,14 @@ module Dependabot
         result
       end
 
-      def commits(repo, branch_name = source.branch)
+      sig do
+        params(
+          repo: String,
+          branch_name: String
+        )
+          .returns(Aws::CodeCommit::Types::Commit)
+      end
+      def commits(repo, branch_name = T.must(source.branch))
         retrieved_commits = fetch_commits(repo, branch_name, 5)
 
         result = @cc_client.batch_get_commits(
@@ -136,6 +194,14 @@ module Dependabot
         result
       end
 
+      sig do
+        params(
+          repo: String,
+          state: String,
+          branch: String
+        )
+          .returns(T::Array[Aws::CodeCommit::Types::PullRequest])
+      end
       def pull_requests(repo, state, branch)
         pull_request_ids = @cc_client.list_pull_requests(
           repository_name: repo,
@@ -158,6 +224,14 @@ module Dependabot
         result
       end
 
+      sig do
+        params(
+          repo: String,
+          branch_name: String,
+          commit_id: String
+        )
+          .returns(Aws::CodeCommit::Types::BranchInfo)
+      end
       def create_branch(repo, branch_name, commit_id)
         cc_client.create_branch(
           repository_name: repo,
@@ -166,6 +240,16 @@ module Dependabot
         )
       end
 
+      sig do
+        params(
+          branch_name: String,
+          author_name: String,
+          base_commit: String,
+          commit_message: String,
+          files: T::Array[Dependabot::DependencyFile]
+        )
+          .returns(Aws::CodeCommit::Types::CreateCommitOutput)
+      end
       def create_commit(branch_name, author_name, base_commit, commit_message,
                         files)
         cc_client.create_commit(
@@ -184,6 +268,15 @@ module Dependabot
         )
       end
 
+      sig do
+        params(
+          pr_name: String,
+          target_branch: String,
+          source_branch: String,
+          pr_description: String
+        )
+          .returns(T.nilable(Aws::CodeCommit::Types::CreatePullRequestOutput))
+      end
       def create_pull_request(pr_name, target_branch, source_branch,
                               pr_description)
         cc_client.create_pull_request(
@@ -199,8 +292,10 @@ module Dependabot
 
       private
 
-      attr_reader :credentials
+      sig { returns(Dependabot::Source) }
       attr_reader :source
+
+      sig { returns(Aws::CodeCommit::Client) }
       attr_reader :cc_client
     end
   end

data/lib/dependabot/clients/github_with_retries.rb

@@ -1,42 +1,61 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "octokit"
+require "sorbet-runtime"
+require "dependabot/credential"
 
 module Dependabot
   module Clients
     class GithubWithRetries
+      extend T::Sig
+
       DEFAULT_OPEN_TIMEOUT_IN_SECONDS = 2
       DEFAULT_READ_TIMEOUT_IN_SECONDS = 5
 
+      sig { returns(Integer) }
       def self.open_timeout_in_seconds
         ENV.fetch("DEPENDABOT_OPEN_TIMEOUT_IN_SECONDS", DEFAULT_OPEN_TIMEOUT_IN_SECONDS).to_i
       end
 
+      sig { returns(Integer) }
       def self.read_timeout_in_seconds
         ENV.fetch("DEPENDABOT_READ_TIMEOUT_IN_SECONDS", DEFAULT_READ_TIMEOUT_IN_SECONDS).to_i
       end
 
-      DEFAULT_CLIENT_ARGS = {
-        connection_options: {
-          request: {
-            open_timeout: open_timeout_in_seconds,
-            timeout: read_timeout_in_seconds
+      DEFAULT_CLIENT_ARGS = T.let(
+        {
+          connection_options: {
+            request: {
+              open_timeout: open_timeout_in_seconds,
+              timeout: read_timeout_in_seconds
+            }
           }
-        }
-      }.freeze
-
-      RETRYABLE_ERRORS = [
-        Faraday::ConnectionFailed,
-        Faraday::TimeoutError,
-        Octokit::InternalServerError,
-        Octokit::BadGateway
-      ].freeze
+        }.freeze,
+        T::Hash[Symbol, T.untyped]
+      )
+
+      RETRYABLE_ERRORS = T.let(
+        [
+          Faraday::ConnectionFailed,
+          Faraday::TimeoutError,
+          Octokit::InternalServerError,
+          Octokit::BadGateway
+        ].freeze,
+        T::Array[T.class_of(StandardError)]
+      )
 
       #######################
       # Constructor methods #
       #######################
 
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T::Array[Dependabot::Credential]
+        )
+          .returns(Dependabot::Clients::GithubWithRetries)
+      end
       def self.for_source(source:, credentials:)
         access_tokens =
           credentials
@@ -51,6 +70,7 @@ module Dependabot
         )
       end
 
+      sig { params(credentials: T::Array[Dependabot::Credential]).returns(Dependabot::Clients::GithubWithRetries) }
       def self.for_github_dot_com(credentials:)
         access_tokens =
           credentials
@@ -66,6 +86,7 @@ module Dependabot
       # VCS Interface #
       #################
 
+      sig { params(repo: String, branch: String).returns(String) }
       def fetch_commit(repo, branch)
         response = T.unsafe(self).ref(repo, "heads/#{branch}")
 
@@ -74,6 +95,7 @@ module Dependabot
         response.object.sha
       end
 
+      sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
         T.unsafe(self).repository(repo).default_branch
       end
@@ -82,6 +104,7 @@ module Dependabot
       # Proxying #
       ############
 
+      sig { params(max_retries: T.nilable(Integer), args: T.untyped).void }
       def initialize(max_retries: 3, **args)
         args = DEFAULT_CLIENT_ARGS.merge(args)
 
@@ -106,11 +129,23 @@ module Dependabot
           end
         end
 
-        @clients = access_tokens.map do |token|
-          Octokit::Client.new(args.merge(access_token: token))
-        end
+        @clients = T.let(
+          access_tokens.map do |token|
+            Octokit::Client.new(args.merge(access_token: token))
+          end,
+          T::Array[Octokit::Client]
+        )
       end
 
+      # TODO: Create all the methods that are called on the client
+      sig do
+        params(
+          method_name: T.any(Symbol, String),
+          args: T.untyped,
+          block: T.nilable(T.proc.returns(T.untyped))
+        )
+          .returns(T.untyped)
+      end
       def method_missing(method_name, *args, &block)
         untried_clients = @clients.dup
         client = untried_clients.pop
@@ -118,7 +153,7 @@ module Dependabot
         begin
           if client.respond_to?(method_name)
             mutatable_args = args.map(&:dup)
-            client.public_send(method_name, *mutatable_args, &block)
+            T.unsafe(client).public_send(method_name, *mutatable_args, &block)
           else
             super
           end
@@ -129,6 +164,13 @@ module Dependabot
         end
       end
 
+      sig do
+        params(
+          method_name: Symbol,
+          include_private: T::Boolean
+        )
+          .returns(T::Boolean)
+      end
       def respond_to_missing?(method_name, include_private = false)
         @clients.first.respond_to?(method_name) || super
       end