RubyGems - dependabot-common - Versions diffs - 0.95.1 → 0.95.2 - Mend

dependabot-common 0.95.1 → 0.95.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
data/lib/dependabot.rb +4 -0
data/lib/dependabot/clients/bitbucket.rb +105 -0
data/lib/dependabot/clients/github_with_retries.rb +121 -0
data/lib/dependabot/clients/gitlab.rb +72 -0
data/lib/dependabot/dependency.rb +115 -0
data/lib/dependabot/dependency_file.rb +60 -0
data/lib/dependabot/errors.rb +179 -0
data/lib/dependabot/file_fetchers.rb +18 -0
data/lib/dependabot/file_fetchers/README.md +65 -0
data/lib/dependabot/file_fetchers/base.rb +368 -0
data/lib/dependabot/file_parsers.rb +18 -0
data/lib/dependabot/file_parsers/README.md +45 -0
data/lib/dependabot/file_parsers/base.rb +31 -0
data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
data/lib/dependabot/file_updaters.rb +18 -0
data/lib/dependabot/file_updaters/README.md +58 -0
data/lib/dependabot/file_updaters/base.rb +52 -0
data/lib/dependabot/git_commit_checker.rb +412 -0
data/lib/dependabot/metadata_finders.rb +18 -0
data/lib/dependabot/metadata_finders/README.md +53 -0
data/lib/dependabot/metadata_finders/base.rb +117 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +321 -0
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
data/lib/dependabot/metadata_finders/base/commits_finder.rb +221 -0
data/lib/dependabot/metadata_finders/base/release_finder.rb +255 -0
data/lib/dependabot/pull_request_creator.rb +155 -0
data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
data/lib/dependabot/pull_request_creator/github.rb +277 -0
data/lib/dependabot/pull_request_creator/gitlab.rb +162 -0
data/lib/dependabot/pull_request_creator/labeler.rb +373 -0
data/lib/dependabot/pull_request_creator/message_builder.rb +906 -0
data/lib/dependabot/pull_request_updater.rb +43 -0
data/lib/dependabot/pull_request_updater/github.rb +165 -0
data/lib/dependabot/shared_helpers.rb +224 -0
data/lib/dependabot/source.rb +120 -0
data/lib/dependabot/update_checkers.rb +18 -0
data/lib/dependabot/update_checkers/README.md +67 -0
data/lib/dependabot/update_checkers/base.rb +220 -0
data/lib/dependabot/utils.rb +33 -0
data/lib/dependabot/version.rb +5 -0
data/lib/rubygems_version_patch.rb +14 -0
metadata +44 -2

data/lib/dependabot/pull_request_creator/gitlab.rb ADDED Viewed

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+require "dependabot/clients/gitlab"
+require "dependabot/pull_request_creator"
+require "gitlab"
+module Dependabot
+  class PullRequestCreator
+    class Gitlab
+      attr_reader :source, :branch_name, :base_commit, :credentials,
+                  :files, :pr_description, :pr_name, :commit_message,
+                  :author_details, :labeler, :approvers, :assignee,
+                  :milestone
+      def initialize(source:, branch_name:, base_commit:, credentials:,
+                     files:, commit_message:, pr_description:, pr_name:,
+                     author_details:, labeler:, approvers:, assignee:,
+                     milestone:)
+        @source         = source
+        @branch_name    = branch_name
+        @base_commit    = base_commit
+        @credentials    = credentials
+        @files          = files
+        @commit_message = commit_message
+        @pr_description = pr_description
+        @pr_name        = pr_name
+        @author_details = author_details
+        @labeler        = labeler
+        @approvers      = approvers
+        @assignee       = assignee
+        @milestone      = milestone
+      end
+      def create
+        return if branch_exists? && merge_request_exists?
+        if branch_exists?
+          create_commit unless commit_exists?
+        else
+          create_branch
+          create_commit
+        end
+        labeler.create_default_labels_if_required
+        merge_request = create_merge_request
+        return unless merge_request
+        annotate_merge_request(merge_request)
+        merge_request
+      end
+      private
+      def gitlab_client_for_source
+        @gitlab_client_for_source ||= Dependabot::Clients::Gitlab.for_source(
+          source: source,
+          credentials: credentials
+        )
+      end
+      def branch_exists?
+        @branch_ref ||=
+          gitlab_client_for_source.branch(source.repo, branch_name)
+        true
+      rescue ::Gitlab::Error::NotFound
+        false
+      end
+      def commit_exists?
+        @commits ||=
+          gitlab_client_for_source.commits(source.repo, ref_name: branch_name)
+        @commits.first.message == commit_message
+      end
+      def merge_request_exists?
+        gitlab_client_for_source.merge_requests(
+          source.repo,
+          source_branch: branch_name,
+          target_branch: source.branch || default_branch,
+          state: "all"
+        ).any?
+      end
+      def create_branch
+        gitlab_client_for_source.create_branch(
+          source.repo,
+          branch_name,
+          base_commit
+        )
+      end
+      def create_commit
+        if files.count == 1 && files.first.type == "submodule"
+          return create_submodule_update_commit
+        end
+        actions = files.map do |file|
+          {
+            action: "update",
+            file_path: file.path,
+            content: file.content
+          }
+        end
+        gitlab_client_for_source.create_commit(
+          source.repo,
+          branch_name,
+          commit_message,
+          actions
+        )
+      end
+      def create_submodule_update_commit
+        file = files.first
+        gitlab_client_for_source.edit_submodule(
+          source.repo,
+          file.path.gsub(%r{^/}, ""),
+          branch: branch_name,
+          commit_sha: file.content,
+          commit_message: commit_message
+        )
+      end
+      def create_merge_request
+        gitlab_client_for_source.create_merge_request(
+          source.repo,
+          pr_name,
+          source_branch: branch_name,
+          target_branch: source.branch || default_branch,
+          description: pr_description,
+          remove_source_branch: true,
+          assignee_id: assignee,
+          labels: labeler.labels_for_pr.join(","),
+          milestone_id: milestone
+        )
+      end
+      def annotate_merge_request(merge_request)
+        add_approvers_to_merge_request(merge_request) if approvers&.any?
+      end
+      def add_approvers_to_merge_request(merge_request)
+        approvers_hash =
+          Hash[approvers.keys.map { |k| [k.to_sym, approvers[k]] }]
+        gitlab_client_for_source.edit_merge_request_approvers(
+          source.repo,
+          merge_request.iid,
+          approver_ids: approvers_hash[:approvers] || [],
+          approver_group_ids: approvers_hash[:group_approvers] || []
+        )
+      end
+      def default_branch
+        @default_branch ||=
+          gitlab_client_for_source.project(source.repo).default_branch
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/labeler.rb ADDED Viewed

@@ -0,0 +1,373 @@
+# frozen_string_literal: true
+require "gitlab"
+require "octokit"
+require "dependabot/pull_request_creator"
+# rubocop:disable Metrics/ClassLength
+module Dependabot
+  class PullRequestCreator
+    class Labeler
+      DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
+      @package_manager_labels = {}
+      class << self
+        attr_reader :package_manager_labels
+        def label_details_for_package_manager(package_manager)
+          label_details = @package_manager_labels[package_manager]
+          return label_details if label_details
+          raise "Unsupported package_manager #{package_manager}"
+        end
+        def register_label_details(package_manager, label_details)
+          @package_manager_labels[package_manager] = label_details
+        end
+      end
+      def initialize(source:, custom_labels:, credentials:, dependencies:,
+                     includes_security_fixes:, label_language:)
+        @source                  = source
+        @custom_labels           = custom_labels
+        @credentials             = credentials
+        @dependencies            = dependencies
+        @includes_security_fixes = includes_security_fixes
+        @label_language          = label_language
+      end
+      def create_default_labels_if_required
+        create_default_dependencies_label_if_required
+        create_default_security_label_if_required
+        create_default_language_label_if_required
+      end
+      def labels_for_pr
+        [
+          *default_labels_for_pr,
+          includes_security_fixes? ? security_label : nil,
+          semver_labels_exist? ? semver_label : nil
+        ].compact.uniq
+      end
+      def label_pull_request(pull_request_number)
+        create_default_labels_if_required
+        return if labels_for_pr.none?
+        raise "Only GitHub!" unless source.provider == "github"
+        github_client_for_source.add_labels_to_an_issue(
+          source.repo,
+          pull_request_number,
+          labels_for_pr
+        )
+      rescue Octokit::UnprocessableEntity
+        retrying ||= false
+        raise if retrying
+        retrying = true
+        retry
+      end
+      private
+      attr_reader :source, :custom_labels, :credentials, :dependencies
+      def label_language?
+        @label_language
+      end
+      def includes_security_fixes?
+        @includes_security_fixes
+      end
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+      def update_type
+        return unless dependencies.any?(&:previous_version)
+        precison = dependencies.map do |dep|
+          new_version_parts = version(dep).split(".")
+          old_version_parts = previous_version(dep)&.split(".") || []
+          all_parts = new_version_parts.first(3) + old_version_parts.first(3)
+          next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
+          next 1 if new_version_parts[0] != old_version_parts[0]
+          next 2 if new_version_parts[1] != old_version_parts[1]
+          3
+        end.min
+        case precison
+        when 0 then "non-semver"
+        when 1 then "major"
+        when 2 then "minor"
+        when 3 then "patch"
+        end
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
+      def version(dep)
+        return dep.version if version_class.correct?(dep.version)
+        source = dep.requirements.find { |r| r.fetch(:source) }&.fetch(:source)
+        type = source&.fetch("type", nil) || source&.fetch(:type)
+        return dep.version unless type == "git"
+        ref = source.fetch("ref", nil) || source.fetch(:ref)
+        version_from_ref = ref&.gsub(/^v/, "")
+        return dep.version unless version_from_ref
+        return dep.version unless version_class.correct?(version_from_ref)
+        version_from_ref
+      end
+      def previous_version(dep)
+        version_str = dep.previous_version
+        return version_str if version_class.correct?(version_str)
+        source = dep.previous_requirements.
+                 find { |r| r.fetch(:source) }&.fetch(:source)
+        type = source&.fetch("type", nil) || source&.fetch(:type)
+        return version_str unless type == "git"
+        ref = source.fetch("ref", nil) || source.fetch(:ref)
+        version_from_ref = ref&.gsub(/^v/, "")
+        return version_str unless version_from_ref
+        return version_str unless version_class.correct?(version_from_ref)
+        version_from_ref
+      end
+      def create_default_dependencies_label_if_required
+        return if custom_labels
+        return if dependencies_label_exists?
+        create_dependencies_label
+      end
+      def create_default_security_label_if_required
+        return unless includes_security_fixes?
+        return if security_label_exists?
+        create_security_label
+      end
+      def create_default_language_label_if_required
+        return unless label_language?
+        return if custom_labels
+        return if language_label_exists?
+        create_language_label
+      end
+      def default_labels_for_pr
+        if custom_labels then custom_labels & labels
+        else
+          [
+            labels.find { |l| l.match?(DEPENDENCIES_LABEL_REGEX) },
+            label_language? ? language_label : nil
+          ].compact
+        end
+      end
+      def dependencies_label_exists?
+        labels.any? { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
+      end
+      def security_label_exists?
+        !security_label.nil?
+      end
+      def security_label
+        labels.find { |l| l.match?(/security/i) }
+      end
+      def semver_labels_exist?
+        (%w(major minor patch) - labels.map(&:downcase)).empty?
+      end
+      def semver_label
+        return unless update_type
+        labels.find { |l| l.downcase == update_type.to_s }
+      end
+      def language_label_exists?
+        !language_label.nil?
+      end
+      def language_label
+        label_name =
+          self.class.label_details_for_package_manager(package_manager).
+          fetch(:name)
+        labels.find { |l| l.casecmp(label_name).zero? }
+      end
+      def labels
+        @labels ||=
+          case source.provider
+          when "github" then fetch_github_labels
+          when "gitlab" then fetch_gitlab_labels
+          else raise "Unsupported provider #{source.provider}"
+          end
+      end
+      def fetch_github_labels
+        client = github_client_for_source
+        labels =
+          client.
+          labels(source.repo, per_page: 100).
+          map(&:name)
+        next_link = client.last_response.rels[:next]
+        while next_link
+          next_page = next_link.get
+          labels += next_page.data.map(&:name)
+          next_link = next_page.rels[:next]
+        end
+        labels
+      end
+      def fetch_gitlab_labels
+        gitlab_client_for_source.
+          labels(source.repo).
+          map(&:name)
+      end
+      def create_dependencies_label
+        case source.provider
+        when "github" then create_github_dependencies_label
+        when "gitlab" then create_gitlab_dependencies_label
+        else raise "Unsupported provider #{source.provider}"
+        end
+      end
+      def create_security_label
+        case source.provider
+        when "github" then create_github_security_label
+        when "gitlab" then create_gitlab_security_label
+        else raise "Unsupported provider #{source.provider}"
+        end
+      end
+      def create_language_label
+        case source.provider
+        when "github" then create_github_language_label
+        when "gitlab" then create_gitlab_language_label
+        else raise "Unsupported provider #{source.provider}"
+        end
+      end
+      def create_github_dependencies_label
+        github_client_for_source.add_label(
+          source.repo, "dependencies", "0025ff",
+          description: "Pull requests that update a dependency file",
+          accept: "application/vnd.github.symmetra-preview+json"
+        )
+        @labels = [*@labels, "dependencies"].uniq
+      rescue Octokit::UnprocessableEntity => error
+        raise unless error.errors.first.fetch(:code) == "already_exists"
+        @labels = [*@labels, "dependencies"].uniq
+      end
+      def create_gitlab_dependencies_label
+        gitlab_client_for_source.create_label(
+          source.repo, "dependencies", "#0025ff",
+          description: "Pull requests that update a dependency file"
+        )
+        @labels = [*@labels, "dependencies"].uniq
+      end
+      def create_github_security_label
+        github_client_for_source.add_label(
+          source.repo, "security", "ee0701",
+          description: "Pull requests that address a security vulnerability",
+          accept: "application/vnd.github.symmetra-preview+json"
+        )
+        @labels = [*@labels, "security"].uniq
+      rescue Octokit::UnprocessableEntity => error
+        raise unless error.errors.first.fetch(:code) == "already_exists"
+        @labels = [*@labels, "security"].uniq
+      end
+      def create_gitlab_security_label
+        gitlab_client_for_source.create_label(
+          source.repo, "security", "#ee0701",
+          description: "Pull requests that address a security vulnerability"
+        )
+        @labels = [*@labels, "security"].uniq
+      end
+      def create_github_language_label
+        langauge_name =
+          self.class.label_details_for_package_manager(package_manager).
+          fetch(:name)
+        github_client_for_source.add_label(
+          source.repo,
+          langauge_name,
+          self.class.label_details_for_package_manager(package_manager).
+            fetch(:colour),
+          description: "Pull requests that update #{langauge_name.capitalize} "\
+                       "code",
+          accept: "application/vnd.github.symmetra-preview+json"
+        )
+        @labels = [*@labels, langauge_name].uniq
+      rescue Octokit::UnprocessableEntity => error
+        raise unless error.errors.first.fetch(:code) == "already_exists"
+        @labels = [*@labels, langauge_name].uniq
+      end
+      def create_gitlab_language_label
+        langauge_name =
+          self.class.label_details_for_package_manager(package_manager).
+          fetch(:name)
+        gitlab_client_for_source.create_label(
+          source.repo,
+          langauge_name,
+          "#" + self.class.label_details_for_package_manager(package_manager).
+                fetch(:colour)
+        )
+        @labels = [*@labels, langauge_name].uniq
+      end
+      def github_client_for_source
+        @github_client_for_source ||=
+          Dependabot::Clients::GithubWithRetries.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+      def gitlab_client_for_source
+        access_token =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          find { |cred| cred["host"] == source.hostname }&.
+          fetch("password")
+        @gitlab_client_for_source ||=
+          ::Gitlab.client(
+            endpoint: source.api_endpoint,
+            private_token: access_token || ""
+          )
+      end
+      def package_manager
+        @package_manager ||= dependencies.first.package_manager
+      end
+      def version_class
+        Utils.version_class_for_package_manager(package_manager)
+      end
+    end
+  end
+end
+# rubocop:enable Metrics/ClassLength