dependabot-common 0.315.0 → 0.316.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68238b0440934d660fcb680bd94b21397bf3396c0e4467fbd88fd21a23453a6f
-  data.tar.gz: d263bcc8392bbad1168f031af2bdbf243190ab91ab1f019a7206c1af76f95652
+  metadata.gz: 96bdb5c59d32f26540da409a5dc9052431575832324c353ecb5b6f385962ff8c
+  data.tar.gz: 17ee865c4fe6825bb6e01b3f42e7255e1a283b35bf495a55d570977f529970c8
 SHA512:
-  metadata.gz: 3165f873c2ff8492dc8f7ee6cfe0a136d664cf35653f9856ebc80f6c5c0fce35e287950be698263f62152affc82859d8808edb0bd2355d12f481193e9c463cb2
-  data.tar.gz: 5692d5ad262572fc9cc91095010ed4b2381335d98d1064ee078c845cb9b17a060be52dd48d0ff72dc82526fd9bd1ed8c5dcd1551822be4c1e5c7f763df46c69e
+  metadata.gz: 326849c6620a3a1c87c6f32005010ccfb4bb8dad03bce1edc5c1944f19630a5c2c10119d965055f5c94327dcfec3fab22a09968675c9c4889c38a1f67857c960
+  data.tar.gz: 445ea4329399825e8637a325f2e41e7515732a480a80dd4961c4571ef22469bc361c29c0720a9907a24d661da507eef24f0e515c511290e49386f8b144893dcb

data/lib/dependabot/git_metadata_fetcher.rb

@@ -5,7 +5,7 @@ require "excon"
 require "open3"
 require "ostruct"
 require "sorbet-runtime"
-
+require "tmpdir"
 require "dependabot/errors"
 require "dependabot/git_ref"
 require "dependabot/git_tag_with_detail"
@@ -118,6 +118,32 @@ module Dependabot
       result_lines
     end
 
+    sig { params(uri: String).returns(String) }
+    def fetch_tags_with_detail(uri)
+      response_with_git = fetch_tags_with_detail_from_git_for(uri)
+      return response_with_git.body if response_with_git.status == 200
+
+      raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
+
+      if response_with_git.status < 400
+        raise "Unexpected response: #{response_with_git.status} - #{response_with_git.body}"
+      end
+
+      if uri.match?(/github\.com/i)
+        response = response_with_git.data
+        response[:response_headers] = response[:headers] unless response.nil?
+        raise Octokit::Error.from_response(response)
+      end
+
+      raise "Server error at #{uri}: #{response_with_git.body}" if response_with_git.status >= 500
+
+      raise Dependabot::GitDependenciesNotReachable, [uri]
+    rescue Excon::Error::Socket, Excon::Error::Timeout
+      raise if uri.match?(KNOWN_HOSTS)
+
+      raise Dependabot::GitDependenciesNotReachable, [uri]
+    end
+
     private
 
     sig { returns(String) }
@@ -293,54 +319,44 @@ module Dependabot
       raise Dependabot::GitDependenciesNotReachable, [url]
     end
 
-    sig { params(uri: String).returns(String) }
-    def fetch_tags_with_detail(uri)
-      response = fetch_raw_upload_pack_for(uri)
-      return response.body if response.status == 200
-
-      response_with_git = fetch_tags_with_detail_from_git_for(uri)
-      return response_with_git.body if response_with_git.status == 200
-
-      raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
-
-      raise "Unexpected response: #{response.status} - #{response.body}" if response.status < 400
-
-      if uri.match?(/github\.com/i)
-        response = response.data
-        response[:response_headers] = response[:headers]
-        raise Octokit::Error.from_response(response)
-      end
-
-      raise "Server error at #{uri}: #{response.body}" if response.status >= 500
-
-      raise Dependabot::GitDependenciesNotReachable, [uri]
-    rescue Excon::Error::Socket, Excon::Error::Timeout
-      raise if uri.match?(KNOWN_HOSTS)
-
-      raise Dependabot::GitDependenciesNotReachable, [uri]
-    end
-
+    # Added method to fetch tags with their creation dates from a git repository. In case
+    # private registry is used, it will clone the repository and fetch tags with their creation dates.
     sig { params(uri: String).returns(T.untyped) }
     def fetch_tags_with_detail_from_git_for(uri)
-      complete_uri = uri
-      complete_uri += ".git" unless complete_uri.end_with?(".git") || skip_git_suffix(uri)
-
-      env = { "PATH" => ENV.fetch("PATH", nil), "GIT_TERMINAL_PROMPT" => "0" }
-      command = "git for-each-ref --format=\"%(refname:short) %(creatordate:short)\" refs/tags #{complete_uri}"
-      command = SharedHelpers.escape_command(command)
-
-      begin
-        stdout, stderr, process = Open3.capture3(env, command)
-        # package the command response like a HTTP response so error handling remains unchanged
-      rescue Errno::ENOENT => e # thrown when `git` isn't installed...
-        OpenStruct.new(body: e.message, status: 500)
-      else
-        if process.success?
-          OpenStruct.new(body: stdout, status: 200)
-        else
-          OpenStruct.new(body: stderr, status: 500)
+      uri_ending_with_git = uri
+      uri_ending_with_git += ".git" unless uri_ending_with_git.end_with?(".git") || skip_git_suffix(uri)
+
+      Dir.mktmpdir do |dir|
+        # Clone the repository into a temporary directory
+        clone_command = "git clone --bare #{uri_ending_with_git} #{dir}"
+        env = { "PATH" => ENV.fetch("PATH", nil), "GIT_TERMINAL_PROMPT" => "0" }
+        clone_command = SharedHelpers.escape_command(clone_command)
+
+        _stdout, stderr, process = Open3.capture3(env, clone_command)
+        return OpenStruct.new(body: stderr, status: 500) unless process.success?
+
+        # Change to the cloned repository directory
+        Dir.chdir(dir) do
+          # Fetch tags and their creation dates
+          tags_command = 'git for-each-ref --format="%(refname:short) %(creatordate:short)" refs/tags'
+          tags_stdout, stderr, process = Open3.capture3(env, tags_command)
+
+          return OpenStruct.new(body: stderr, status: 500) unless process.success?
+
+          # Parse and sort tags by creation date
+          tags = tags_stdout.lines.map do |line|
+            tag, date = line.strip.split(" ", 2)
+            { tag: tag, date: date }
+          end
+          sorted_tags = tags.sort_by { |tag| tag[:date] }
+
+          # Format the output as a string
+          formatted_output = sorted_tags.map { |tag| "#{tag[:tag]} #{tag[:date]}" }.join("\n")
+          return OpenStruct.new(body: formatted_output, status: 200)
         end
       end
+    rescue Errno::ENOENT => e # Thrown when `git` isn't installed
+      OpenStruct.new(body: e.message, status: 500)
     end
   end
 end

data/lib/dependabot/package/package_release.rb

@@ -23,6 +23,7 @@ module Dependabot
           url: T.nilable(String),
           package_type: T.nilable(String),
           language: T.nilable(Dependabot::Package::PackageLanguage),
+          tag: T.nilable(String),
           details: T::Hash[String, T.untyped]
         ).void
       end
@@ -36,6 +37,7 @@ module Dependabot
         url: nil,
         package_type: nil,
         language: nil,
+        tag: nil,
         details: {}
       )
         @version = T.let(version, Dependabot::Version)
@@ -47,6 +49,7 @@ module Dependabot
         @url = T.let(url, T.nilable(String))
         @package_type = T.let(package_type, T.nilable(String))
         @language = T.let(language, T.nilable(Dependabot::Package::PackageLanguage))
+        @tag = T.let(tag, T.nilable(String))
         @details = T.let(details, T::Hash[String, T.untyped])
       end
 
@@ -77,6 +80,9 @@ module Dependabot
       sig { returns(T.nilable(Dependabot::Package::PackageLanguage)) }
       attr_reader :language
 
+      sig { returns(T.nilable(String)) }
+      attr_reader :tag
+
       sig { returns(T::Hash[String, T.untyped]) }
       attr_reader :details
 

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.315.0"
+  VERSION = "0.316.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.315.0
+  version: 0.316.0
 platform: ruby
 authors:
 - Dependabot
@@ -625,7 +625,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.315.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.316.0
 rdoc_options: []
 require_paths:
 - lib