dependabot-common 0.245.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/bitbucket.rb +113 -5
- data/lib/dependabot/clients/codecommit.rb +107 -12
- data/lib/dependabot/clients/github_with_retries.rb +61 -19
- data/lib/dependabot/clients/gitlab_with_retries.rb +60 -7
- data/lib/dependabot/dependency.rb +1 -1
- data/lib/dependabot/errors.rb +20 -2
- data/lib/dependabot/file_fetchers/base.rb +8 -19
- data/lib/dependabot/file_updaters/base.rb +2 -0
- data/lib/dependabot/git_commit_checker.rb +3 -2
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +1 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +1 -1
- data/lib/dependabot/metadata_finders/base/release_finder.rb +1 -1
- data/lib/dependabot/pull_request_creator/azure.rb +80 -9
- data/lib/dependabot/pull_request_creator/bitbucket.rb +73 -9
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +1 -1
- data/lib/dependabot/pull_request_creator/codecommit.rb +96 -25
- data/lib/dependabot/pull_request_creator/github.rb +162 -49
- data/lib/dependabot/pull_request_creator/gitlab.rb +109 -21
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +13 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +246 -89
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +11 -9
- data/lib/dependabot/pull_request_creator.rb +32 -27
- data/lib/dependabot/pull_request_updater/azure.rb +75 -11
- data/lib/dependabot/pull_request_updater/github.rb +89 -28
- data/lib/dependabot/pull_request_updater/gitlab.rb +61 -12
- data/lib/dependabot/pull_request_updater.rb +1 -1
- data/lib/dependabot/registry_client.rb +2 -2
- data/lib/dependabot/requirements_update_strategy.rb +13 -0
- data/lib/dependabot/update_checkers/base.rb +123 -32
- data/lib/dependabot/update_checkers/version_filters.rb +15 -5
- data/lib/dependabot/version.rb +6 -43
- data/lib/dependabot.rb +1 -1
- metadata +18 -3
@@ -39,7 +39,7 @@ module Dependabot
|
|
39
39
|
dependencies: T::Array[Dependency],
|
40
40
|
credentials: T::Array[Dependabot::Credential],
|
41
41
|
security_fix: T::Boolean,
|
42
|
-
commit_message_options: T::Hash[Symbol, T.untyped]
|
42
|
+
commit_message_options: T.nilable(T::Hash[Symbol, T.untyped])
|
43
43
|
)
|
44
44
|
.void
|
45
45
|
end
|
@@ -80,7 +80,7 @@ module Dependabot
|
|
80
80
|
sig { returns(T::Array[Dependabot::Credential]) }
|
81
81
|
attr_reader :credentials
|
82
82
|
|
83
|
-
sig { returns(T::Hash[Symbol, T.untyped]) }
|
83
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
84
84
|
attr_reader :commit_message_options
|
85
85
|
|
86
86
|
sig { returns(T::Boolean) }
|
@@ -91,7 +91,7 @@ module Dependabot
|
|
91
91
|
sig { returns(T.nilable(String)) }
|
92
92
|
def commit_prefix
|
93
93
|
# If a preferred prefix has been explicitly provided, use it
|
94
|
-
return prefix_from_explicitly_provided_details if commit_message_options
|
94
|
+
return prefix_from_explicitly_provided_details if commit_message_options&.key?(:prefix)
|
95
95
|
|
96
96
|
# Otherwise, if there is a previous Dependabot commit and it used a
|
97
97
|
# known style, use that as our model for subsequent commits
|
@@ -107,24 +107,26 @@ module Dependabot
|
|
107
107
|
prefix = explicitly_provided_prefix_string
|
108
108
|
return if prefix.empty?
|
109
109
|
|
110
|
-
prefix += "(#{scope})" if commit_message_options
|
110
|
+
prefix += "(#{scope})" if commit_message_options&.dig(:include_scope)
|
111
111
|
prefix += ":" if prefix.match?(/[A-Za-z0-9\)\]]\Z/)
|
112
112
|
prefix += " " unless prefix.end_with?(" ")
|
113
113
|
prefix
|
114
114
|
end
|
115
115
|
|
116
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
116
117
|
sig { returns(String) }
|
117
118
|
def explicitly_provided_prefix_string
|
118
|
-
raise "No explicitly provided prefix!" unless commit_message_options
|
119
|
+
raise "No explicitly provided prefix!" unless commit_message_options&.key?(:prefix)
|
119
120
|
|
120
121
|
if dependencies.any?(&:production?)
|
121
|
-
commit_message_options
|
122
|
-
elsif commit_message_options
|
123
|
-
commit_message_options
|
122
|
+
commit_message_options&.dig(:prefix).to_s
|
123
|
+
elsif commit_message_options&.key?(:prefix_development)
|
124
|
+
commit_message_options&.dig(:prefix_development).to_s
|
124
125
|
else
|
125
|
-
commit_message_options
|
126
|
+
commit_message_options&.dig(:prefix).to_s
|
126
127
|
end
|
127
128
|
end
|
129
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
128
130
|
|
129
131
|
sig { returns(String) }
|
130
132
|
def prefix_for_last_dependabot_commit_style
|
@@ -101,7 +101,12 @@ module Dependabot
|
|
101
101
|
sig { returns(T::Hash[String, String]) }
|
102
102
|
attr_reader :vulnerabilities_fixed
|
103
103
|
|
104
|
-
|
104
|
+
AzureReviewers = T.type_alias { T.nilable(T::Array[String]) }
|
105
|
+
GithubReviewers = T.type_alias { T.nilable(T::Hash[String, T::Array[String]]) }
|
106
|
+
GitLabReviewers = T.type_alias { T.nilable(T::Hash[Symbol, T::Array[Integer]]) }
|
107
|
+
Reviewers = T.type_alias { T.any(AzureReviewers, GithubReviewers, GitLabReviewers) }
|
108
|
+
|
109
|
+
sig { returns(Reviewers) }
|
105
110
|
attr_reader :reviewers
|
106
111
|
|
107
112
|
sig { returns(T.nilable(T.any(T::Array[String], T::Array[Integer]))) }
|
@@ -151,7 +156,7 @@ module Dependabot
|
|
151
156
|
signature_key: T.nilable(String),
|
152
157
|
commit_message_options: T::Hash[Symbol, T.untyped],
|
153
158
|
vulnerabilities_fixed: T::Hash[String, String],
|
154
|
-
reviewers:
|
159
|
+
reviewers: Reviewers,
|
155
160
|
assignees: T.nilable(T.any(T::Array[String], T::Array[Integer])),
|
156
161
|
milestone: T.nilable(T.any(T::Array[String], Integer)),
|
157
162
|
branch_name_separator: String,
|
@@ -265,15 +270,15 @@ module Dependabot
|
|
265
270
|
base_commit: base_commit,
|
266
271
|
credentials: credentials,
|
267
272
|
files: files,
|
268
|
-
commit_message: message.commit_message,
|
269
|
-
pr_description: message.pr_message,
|
270
|
-
pr_name: message.pr_name,
|
273
|
+
commit_message: T.must(message.commit_message),
|
274
|
+
pr_description: T.must(message.pr_message),
|
275
|
+
pr_name: T.must(message.pr_name),
|
271
276
|
author_details: author_details,
|
272
277
|
signature_key: signature_key,
|
273
278
|
labeler: labeler,
|
274
|
-
reviewers: reviewers,
|
275
|
-
assignees: assignees,
|
276
|
-
milestone: milestone,
|
279
|
+
reviewers: T.cast(reviewers, GithubReviewers),
|
280
|
+
assignees: T.cast(assignees, T.nilable(T::Array[String])),
|
281
|
+
milestone: T.cast(milestone, T.nilable(Integer)),
|
277
282
|
custom_headers: custom_headers,
|
278
283
|
require_up_to_date_base: require_up_to_date_base?
|
279
284
|
)
|
@@ -287,15 +292,15 @@ module Dependabot
|
|
287
292
|
base_commit: base_commit,
|
288
293
|
credentials: credentials,
|
289
294
|
files: files,
|
290
|
-
commit_message: message.commit_message,
|
291
|
-
pr_description: message.pr_message,
|
292
|
-
pr_name: message.pr_name,
|
295
|
+
commit_message: T.must(message.commit_message),
|
296
|
+
pr_description: T.must(message.pr_message),
|
297
|
+
pr_name: T.must(message.pr_name),
|
293
298
|
author_details: author_details,
|
294
299
|
labeler: labeler,
|
295
|
-
approvers: reviewers,
|
296
|
-
assignees: assignees,
|
300
|
+
approvers: T.cast(reviewers, T.nilable(T::Hash[Symbol, T::Array[Integer]])),
|
301
|
+
assignees: T.cast(assignees, T.nilable(T::Array[Integer])),
|
297
302
|
milestone: milestone,
|
298
|
-
target_project_id: provider_metadata&.fetch(:target_project_id, nil)
|
303
|
+
target_project_id: T.cast(provider_metadata&.fetch(:target_project_id, nil), T.nilable(Integer))
|
299
304
|
)
|
300
305
|
end
|
301
306
|
|
@@ -307,14 +312,14 @@ module Dependabot
|
|
307
312
|
base_commit: base_commit,
|
308
313
|
credentials: credentials,
|
309
314
|
files: files,
|
310
|
-
commit_message: message.commit_message,
|
311
|
-
pr_description: message.pr_message,
|
312
|
-
pr_name: message.pr_name,
|
315
|
+
commit_message: T.must(message.commit_message),
|
316
|
+
pr_description: T.must(message.pr_message),
|
317
|
+
pr_name: T.must(message.pr_name),
|
313
318
|
author_details: author_details,
|
314
319
|
labeler: labeler,
|
315
|
-
reviewers: reviewers,
|
316
|
-
assignees: assignees,
|
317
|
-
work_item: provider_metadata&.fetch(:work_item, nil)
|
320
|
+
reviewers: T.cast(reviewers, AzureReviewers),
|
321
|
+
assignees: T.cast(assignees, T.nilable(T::Array[String])),
|
322
|
+
work_item: T.cast(provider_metadata&.fetch(:work_item, nil), T.nilable(Integer))
|
318
323
|
)
|
319
324
|
end
|
320
325
|
|
@@ -326,12 +331,12 @@ module Dependabot
|
|
326
331
|
base_commit: base_commit,
|
327
332
|
credentials: credentials,
|
328
333
|
files: files,
|
329
|
-
commit_message: message.commit_message,
|
330
|
-
pr_description: message.pr_message,
|
331
|
-
pr_name: message.pr_name,
|
334
|
+
commit_message: T.must(message.commit_message),
|
335
|
+
pr_description: T.must(message.pr_message),
|
336
|
+
pr_name: T.must(message.pr_name),
|
332
337
|
author_details: author_details,
|
333
338
|
labeler: nil,
|
334
|
-
work_item: provider_metadata&.fetch(:work_item, nil)
|
339
|
+
work_item: T.cast(provider_metadata&.fetch(:work_item, nil), T.nilable(Integer))
|
335
340
|
)
|
336
341
|
end
|
337
342
|
|
@@ -343,9 +348,9 @@ module Dependabot
|
|
343
348
|
base_commit: base_commit,
|
344
349
|
credentials: credentials,
|
345
350
|
files: files,
|
346
|
-
commit_message: message.commit_message,
|
347
|
-
pr_description: message.pr_message,
|
348
|
-
pr_name: message.pr_name,
|
351
|
+
commit_message: T.must(message.commit_message),
|
352
|
+
pr_description: T.must(message.pr_message),
|
353
|
+
pr_name: T.must(message.pr_name),
|
349
354
|
author_details: author_details,
|
350
355
|
labeler: labeler,
|
351
356
|
require_up_to_date_base: require_up_to_date_base?
|
@@ -1,19 +1,53 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require "dependabot/clients/azure"
|
5
4
|
require "securerandom"
|
5
|
+
require "sorbet-runtime"
|
6
|
+
|
7
|
+
require "dependabot/clients/azure"
|
6
8
|
|
7
9
|
module Dependabot
|
8
10
|
class PullRequestUpdater
|
9
11
|
class Azure
|
12
|
+
extend T::Sig
|
13
|
+
|
10
14
|
class PullRequestUpdateFailed < Dependabot::DependabotError; end
|
11
15
|
|
12
16
|
OBJECT_ID_FOR_BRANCH_DELETE = "0000000000000000000000000000000000000000"
|
13
17
|
|
14
|
-
|
15
|
-
|
18
|
+
sig { returns(Dependabot::Source) }
|
19
|
+
attr_reader :source
|
20
|
+
|
21
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
22
|
+
attr_reader :files
|
23
|
+
|
24
|
+
sig { returns(String) }
|
25
|
+
attr_reader :base_commit
|
26
|
+
|
27
|
+
sig { returns(String) }
|
28
|
+
attr_reader :old_commit
|
29
|
+
|
30
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
31
|
+
attr_reader :credentials
|
16
32
|
|
33
|
+
sig { returns(Integer) }
|
34
|
+
attr_reader :pull_request_number
|
35
|
+
|
36
|
+
sig { returns(T.nilable(T::Hash[Symbol, String])) }
|
37
|
+
attr_reader :author_details
|
38
|
+
|
39
|
+
sig do
|
40
|
+
params(
|
41
|
+
source: Dependabot::Source,
|
42
|
+
files: T::Array[Dependabot::DependencyFile],
|
43
|
+
base_commit: String,
|
44
|
+
old_commit: String,
|
45
|
+
credentials: T::Array[Dependabot::Credential],
|
46
|
+
pull_request_number: Integer,
|
47
|
+
author_details: T.nilable(T::Hash[Symbol, String])
|
48
|
+
)
|
49
|
+
.void
|
50
|
+
end
|
17
51
|
def initialize(source:, files:, base_commit:, old_commit:,
|
18
52
|
credentials:, pull_request_number:, author_details: nil)
|
19
53
|
@source = source
|
@@ -25,6 +59,7 @@ module Dependabot
|
|
25
59
|
@author_details = author_details
|
26
60
|
end
|
27
61
|
|
62
|
+
sig { returns(NilClass) }
|
28
63
|
def update
|
29
64
|
return unless pull_request_exists? && source_branch_exists?
|
30
65
|
|
@@ -33,28 +68,37 @@ module Dependabot
|
|
33
68
|
|
34
69
|
private
|
35
70
|
|
71
|
+
sig { returns(Dependabot::Clients::Azure) }
|
36
72
|
def azure_client_for_source
|
37
73
|
@azure_client_for_source ||=
|
38
|
-
|
39
|
-
|
40
|
-
|
74
|
+
T.let(
|
75
|
+
Dependabot::Clients::Azure.for_source(
|
76
|
+
source: source,
|
77
|
+
credentials: credentials
|
78
|
+
),
|
79
|
+
T.nilable(Dependabot::Clients::Azure)
|
41
80
|
)
|
42
81
|
end
|
43
82
|
|
83
|
+
sig { returns(T::Boolean) }
|
44
84
|
def pull_request_exists?
|
45
85
|
pull_request
|
86
|
+
true
|
46
87
|
rescue Dependabot::Clients::Azure::NotFound
|
47
88
|
false
|
48
89
|
end
|
49
90
|
|
91
|
+
sig { returns(T::Boolean) }
|
50
92
|
def source_branch_exists?
|
51
93
|
azure_client_for_source.branch(source_branch_name)
|
94
|
+
true
|
52
95
|
rescue Dependabot::Clients::Azure::NotFound
|
53
96
|
false
|
54
97
|
end
|
55
98
|
|
56
99
|
# Currently the PR diff in ADO shows difference in commits instead of actual diff in files.
|
57
100
|
# This workaround puts the target branch commit history on the source branch along with the file changes.
|
101
|
+
sig { returns(NilClass) }
|
58
102
|
def update_source_branch
|
59
103
|
# 1) Push the file changes to a newly created temporary branch (from base commit)
|
60
104
|
new_commit = create_temp_branch
|
@@ -66,15 +110,24 @@ module Dependabot
|
|
66
110
|
raise PullRequestUpdateFailed, response.fetch("customMessage", nil) unless response.fetch("success", false)
|
67
111
|
end
|
68
112
|
|
113
|
+
sig { returns(T.nilable(T::Hash[String, T.untyped])) }
|
69
114
|
def pull_request
|
70
115
|
@pull_request ||=
|
71
|
-
|
116
|
+
T.let(
|
117
|
+
azure_client_for_source.pull_request(pull_request_number.to_s),
|
118
|
+
T.nilable(T::Hash[String, T.untyped])
|
119
|
+
)
|
72
120
|
end
|
73
121
|
|
122
|
+
sig { returns(String) }
|
74
123
|
def source_branch_name
|
75
|
-
@source_branch_name ||=
|
124
|
+
@source_branch_name ||= T.let(
|
125
|
+
pull_request&.fetch("sourceRefName")&.gsub("refs/heads/", ""),
|
126
|
+
T.nilable(String)
|
127
|
+
)
|
76
128
|
end
|
77
129
|
|
130
|
+
sig { returns(String) }
|
78
131
|
def create_temp_branch
|
79
132
|
author = author_details&.slice(:name, :email, :date)
|
80
133
|
author = nil unless author&.any?
|
@@ -90,11 +143,16 @@ module Dependabot
|
|
90
143
|
JSON.parse(response.body).fetch("refUpdates").first.fetch("newObjectId")
|
91
144
|
end
|
92
145
|
|
146
|
+
sig { returns(String) }
|
93
147
|
def temp_branch_name
|
94
148
|
@temp_branch_name ||=
|
95
|
-
|
149
|
+
T.let(
|
150
|
+
"#{source_branch_name}-temp-#{SecureRandom.uuid[0..6]}",
|
151
|
+
T.nilable(String)
|
152
|
+
)
|
96
153
|
end
|
97
154
|
|
155
|
+
sig { params(branch_name: String, old_commit: String, new_commit: String).returns(T::Hash[String, T.untyped]) }
|
98
156
|
def update_branch(branch_name, old_commit, new_commit)
|
99
157
|
azure_client_for_source.update_ref(
|
100
158
|
branch_name,
|
@@ -104,15 +162,21 @@ module Dependabot
|
|
104
162
|
end
|
105
163
|
|
106
164
|
# For updating source branch, we require the latest commit for the source branch.
|
165
|
+
sig { returns(T::Hash[String, T.untyped]) }
|
107
166
|
def commit_being_updated
|
108
167
|
@commit_being_updated ||=
|
109
|
-
|
168
|
+
T.let(
|
169
|
+
T.must(azure_client_for_source.commits(source_branch_name).first),
|
170
|
+
T.nilable(T::Hash[String, T.untyped])
|
171
|
+
)
|
110
172
|
end
|
111
173
|
|
174
|
+
sig { returns(String) }
|
112
175
|
def old_source_branch_commit
|
113
176
|
commit_being_updated.fetch("commitId")
|
114
177
|
end
|
115
178
|
|
179
|
+
sig { returns(String) }
|
116
180
|
def commit_message
|
117
181
|
commit_being_updated.fetch("comment")
|
118
182
|
end
|
@@ -1,7 +1,9 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "octokit"
|
5
|
+
require "sorbet-runtime"
|
6
|
+
|
5
7
|
require "dependabot/clients/github_with_retries"
|
6
8
|
require "dependabot/pull_request_creator/commit_signer"
|
7
9
|
require "dependabot/pull_request_updater"
|
@@ -9,9 +11,45 @@ require "dependabot/pull_request_updater"
|
|
9
11
|
module Dependabot
|
10
12
|
class PullRequestUpdater
|
11
13
|
class Github
|
12
|
-
|
13
|
-
|
14
|
+
extend T::Sig
|
15
|
+
|
16
|
+
sig { returns(Dependabot::Source) }
|
17
|
+
attr_reader :source
|
18
|
+
|
19
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
20
|
+
attr_reader :files
|
21
|
+
|
22
|
+
sig { returns(String) }
|
23
|
+
attr_reader :base_commit
|
24
|
+
|
25
|
+
sig { returns(String) }
|
26
|
+
attr_reader :old_commit
|
27
|
+
|
28
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
29
|
+
attr_reader :credentials
|
30
|
+
|
31
|
+
sig { returns(Integer) }
|
32
|
+
attr_reader :pull_request_number
|
33
|
+
|
34
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
35
|
+
attr_reader :author_details
|
36
|
+
|
37
|
+
sig { returns(T.nilable(String)) }
|
38
|
+
attr_reader :signature_key
|
14
39
|
|
40
|
+
sig do
|
41
|
+
params(
|
42
|
+
source: Dependabot::Source,
|
43
|
+
base_commit: String,
|
44
|
+
old_commit: String,
|
45
|
+
files: T::Array[Dependabot::DependencyFile],
|
46
|
+
credentials: T::Array[Dependabot::Credential],
|
47
|
+
pull_request_number: Integer,
|
48
|
+
author_details: T.nilable(T::Hash[Symbol, T.untyped]),
|
49
|
+
signature_key: T.nilable(String)
|
50
|
+
)
|
51
|
+
.void
|
52
|
+
end
|
15
53
|
def initialize(source:, base_commit:, old_commit:, files:,
|
16
54
|
credentials:, pull_request_number:,
|
17
55
|
author_details: nil, signature_key: nil)
|
@@ -25,6 +63,7 @@ module Dependabot
|
|
25
63
|
@signature_key = signature_key
|
26
64
|
end
|
27
65
|
|
66
|
+
sig { returns(T.nilable(Sawyer::Resource)) }
|
28
67
|
def update
|
29
68
|
return unless pull_request_exists?
|
30
69
|
return unless branch_exists?(pull_request.head.ref)
|
@@ -37,11 +76,12 @@ module Dependabot
|
|
37
76
|
|
38
77
|
private
|
39
78
|
|
79
|
+
sig { void }
|
40
80
|
def update_pull_request_target_branch
|
41
81
|
target_branch = source.branch || pull_request.base.repo.default_branch
|
42
82
|
return if target_branch == pull_request.base.ref
|
43
83
|
|
44
|
-
github_client_for_source.update_pull_request(
|
84
|
+
T.unsafe(github_client_for_source).update_pull_request(
|
45
85
|
source.repo,
|
46
86
|
pull_request_number,
|
47
87
|
base: target_branch
|
@@ -50,6 +90,7 @@ module Dependabot
|
|
50
90
|
handle_pr_update_error(e)
|
51
91
|
end
|
52
92
|
|
93
|
+
sig { params(error: Octokit::Error).void }
|
53
94
|
def handle_pr_update_error(error)
|
54
95
|
# Return quietly if the PR has been closed
|
55
96
|
return if error.message.match?(/closed pull request/i)
|
@@ -57,19 +98,24 @@ module Dependabot
|
|
57
98
|
# Ignore cases where the target branch has been deleted
|
58
99
|
return if error.message.include?("field: base") &&
|
59
100
|
source.branch &&
|
60
|
-
!branch_exists?(source.branch)
|
101
|
+
!branch_exists?(T.must(source.branch))
|
61
102
|
|
62
103
|
raise error
|
63
104
|
end
|
64
105
|
|
106
|
+
sig { returns(Dependabot::Clients::GithubWithRetries) }
|
65
107
|
def github_client_for_source
|
66
108
|
@github_client_for_source ||=
|
67
|
-
|
68
|
-
|
69
|
-
|
109
|
+
T.let(
|
110
|
+
Dependabot::Clients::GithubWithRetries.for_source(
|
111
|
+
source: source,
|
112
|
+
credentials: credentials
|
113
|
+
),
|
114
|
+
T.nilable(Dependabot::Clients::GithubWithRetries)
|
70
115
|
)
|
71
116
|
end
|
72
117
|
|
118
|
+
sig { returns(T::Boolean) }
|
73
119
|
def pull_request_exists?
|
74
120
|
pull_request
|
75
121
|
true
|
@@ -77,20 +123,27 @@ module Dependabot
|
|
77
123
|
false
|
78
124
|
end
|
79
125
|
|
126
|
+
sig { returns(T.untyped) }
|
80
127
|
def pull_request
|
81
128
|
@pull_request ||=
|
82
|
-
|
83
|
-
|
84
|
-
|
129
|
+
T.let(
|
130
|
+
T.unsafe(github_client_for_source).pull_request(
|
131
|
+
source.repo,
|
132
|
+
pull_request_number
|
133
|
+
),
|
134
|
+
T.untyped
|
85
135
|
)
|
86
136
|
end
|
87
137
|
|
138
|
+
sig { params(name: String).returns(T::Boolean) }
|
88
139
|
def branch_exists?(name)
|
89
|
-
github_client_for_source.branch(source.repo, name)
|
140
|
+
T.unsafe(github_client_for_source).branch(source.repo, name)
|
141
|
+
true
|
90
142
|
rescue Octokit::NotFound
|
91
143
|
false
|
92
144
|
end
|
93
145
|
|
146
|
+
sig { returns(T.untyped) }
|
94
147
|
def create_commit
|
95
148
|
tree = create_tree
|
96
149
|
|
@@ -102,7 +155,7 @@ module Dependabot
|
|
102
155
|
end
|
103
156
|
|
104
157
|
begin
|
105
|
-
github_client_for_source.create_commit(
|
158
|
+
T.unsafe(github_client_for_source).create_commit(
|
106
159
|
source.repo,
|
107
160
|
commit_message,
|
108
161
|
tree.sha,
|
@@ -123,6 +176,7 @@ module Dependabot
|
|
123
176
|
end
|
124
177
|
end
|
125
178
|
|
179
|
+
sig { returns(T.untyped) }
|
126
180
|
def create_tree
|
127
181
|
file_trees = files.map do |file|
|
128
182
|
if file.type == "submodule"
|
@@ -136,7 +190,7 @@ module Dependabot
|
|
136
190
|
content = if file.operation == Dependabot::DependencyFile::Operation::DELETE
|
137
191
|
{ sha: nil }
|
138
192
|
elsif file.binary?
|
139
|
-
sha = github_client_for_source.create_blob(
|
193
|
+
sha = T.unsafe(github_client_for_source).create_blob(
|
140
194
|
source.repo, file.content, "base64"
|
141
195
|
)
|
142
196
|
{ sha: sha }
|
@@ -152,15 +206,16 @@ module Dependabot
|
|
152
206
|
end
|
153
207
|
end
|
154
208
|
|
155
|
-
github_client_for_source.create_tree(
|
209
|
+
T.unsafe(github_client_for_source).create_tree(
|
156
210
|
source.repo,
|
157
211
|
file_trees,
|
158
212
|
base_tree: base_commit
|
159
213
|
)
|
160
214
|
end
|
161
215
|
|
216
|
+
sig { params(commit: T.untyped).returns(T.untyped) }
|
162
217
|
def update_branch(commit)
|
163
|
-
github_client_for_source.update_ref(
|
218
|
+
T.unsafe(github_client_for_source).update_ref(
|
164
219
|
source.repo,
|
165
220
|
"heads/" + pull_request.head.ref,
|
166
221
|
commit.sha,
|
@@ -181,6 +236,7 @@ module Dependabot
|
|
181
236
|
raise
|
182
237
|
end
|
183
238
|
|
239
|
+
sig { returns(String) }
|
184
240
|
def commit_message
|
185
241
|
fallback_message =
|
186
242
|
"#{pull_request.title}" \
|
@@ -193,30 +249,35 @@ module Dependabot
|
|
193
249
|
commit_being_updated&.message || fallback_message
|
194
250
|
end
|
195
251
|
|
252
|
+
sig { returns(T.untyped) }
|
196
253
|
def commit_being_updated
|
197
254
|
return @commit_being_updated if defined?(@commit_being_updated)
|
198
255
|
|
199
256
|
@commit_being_updated =
|
200
|
-
|
201
|
-
|
202
|
-
.
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
257
|
+
T.let(
|
258
|
+
if pull_request.commits == 1
|
259
|
+
T.unsafe(github_client_for_source)
|
260
|
+
.git_commit(source.repo, pull_request.head.sha)
|
261
|
+
else
|
262
|
+
commits =
|
263
|
+
T.unsafe(github_client_for_source)
|
264
|
+
.pull_request_commits(source.repo, pull_request_number)
|
265
|
+
|
266
|
+
commit = commits.find { |c| c.sha == old_commit }
|
267
|
+
commit&.commit
|
268
|
+
end,
|
269
|
+
T.untyped
|
270
|
+
)
|
211
271
|
end
|
212
272
|
|
273
|
+
sig { params(tree: T.untyped, author_details_with_date: T::Hash[Symbol, T.untyped]).returns(String) }
|
213
274
|
def commit_signature(tree, author_details_with_date)
|
214
275
|
PullRequestCreator::CommitSigner.new(
|
215
276
|
author_details: author_details_with_date,
|
216
277
|
commit_message: commit_message,
|
217
278
|
tree_sha: tree.sha,
|
218
279
|
parent_sha: base_commit,
|
219
|
-
signature_key: signature_key
|
280
|
+
signature_key: T.must(signature_key)
|
220
281
|
).signature
|
221
282
|
end
|
222
283
|
end
|