dependabot-common 0.109.1 → 0.110.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 25f76fc899360534742de56a0ede99a7f87c544e7587fea6e0d76b3418c9ee8d
-  data.tar.gz: 7ac044317f75e41360704fb51e25dd555202dc1fdac4e110b4d7b02368f9c5c7
+  metadata.gz: f65e5de2ce518246b0ec585237c62ac0bcc0de7392f119a4b3ffeab96ea9479f
+  data.tar.gz: d200fe282d5a0c10794a80d5f11526c1665519be29e41e0cc6e788f06abe5e3a
 SHA512:
-  metadata.gz: e2e76291ffd64fd783038f274046cd10153f9952ecb285bd1c904a89f9d976225cdcdb31d1842af86dd7861d4cf029b85a5ab4d2358926839804e9aee5ee175b
-  data.tar.gz: d2617b87ed7c3d20c5b2c9d4e272548bd1bdcdf212d639004fcc8f9519b6f43be9c146732c3f33abfd6a97aefcbd901e2ba1873904056922986660e7cbd214ae
+  metadata.gz: ede7202b5774b8e2ebd919d0c90a6b0010f5c9f56332ec41de1d9396c0f7617abb03825d0c02ee487077792928d24e5fc628248a20a9846ddbc2bed6aa2e6f7e
+  data.tar.gz: 2eefd19dbb76137dd133079840918f5a1357126d0a1d182aec15b89deb38b87c4502868c01fe9ad1d855f3181fe5ad5fd4d09ad469af4086d6e3fca3e1b37b54

data/lib/dependabot/clients/azure.rb

@@ -0,0 +1,213 @@
+# frozen_string_literal: true
+
+require "dependabot/shared_helpers"
+require "excon"
+
+module Dependabot
+  module Clients
+    class Azure
+      class NotFound < StandardError; end
+
+      #######################
+      # Constructor methods #
+      #######################
+
+      def self.for_source(source:, credentials:)
+        credential =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          find { |cred| cred["host"] == source.hostname }
+
+        new(source, credential)
+      end
+
+      ##########
+      # Client #
+      ##########
+
+      def initialize(source, credentials)
+        @source = source
+        @credentials = credentials
+      end
+
+      def fetch_commit(_repo, branch)
+        response = get(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/stats/branches?name=" + branch)
+
+        JSON.parse(response.body).fetch("commit").fetch("commitId")
+      end
+
+      def fetch_default_branch(_repo)
+        response = get(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo)
+
+        JSON.parse(response.body).fetch("defaultBranch").gsub("refs/heads/", "")
+      end
+
+      def fetch_repo_contents(commit = nil, path = nil)
+        tree = fetch_repo_contents_treeroot(commit, path)
+
+        response = get(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/trees/" + tree + "?recursive=false")
+
+        JSON.parse(response.body).fetch("treeEntries")
+      end
+
+      def fetch_repo_contents_treeroot(commit = nil, path = nil)
+        actual_path = path
+        actual_path = "/" if path.to_s.empty?
+
+        tree_url = source.api_endpoint +
+                   source.organization + "/" + source.project +
+                   "/_apis/git/repositories/" + source.unscoped_repo +
+                   "/items?path=" + actual_path
+
+        unless commit.to_s.empty?
+          tree_url += "&versionDescriptor.versionType=commit" \
+                      "&versionDescriptor.version=" + commit
+        end
+
+        tree_response = get(tree_url)
+
+        JSON.parse(tree_response.body).fetch("objectId")
+      end
+
+      def fetch_file_contents(commit, path)
+        response = get(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/items?path=" + path +
+          "&versionDescriptor.versionType=commit" \
+          "&versionDescriptor.version=" + commit)
+
+        response.body
+      end
+
+      def commits(branch_name = nil)
+        commits_url = source.api_endpoint +
+                      source.organization + "/" + source.project +
+                      "/_apis/git/repositories/" + source.unscoped_repo +
+                      "/commits"
+
+        unless branch_name.to_s.empty?
+          commits_url += "?searchCriteria.itemVersion.version=" + branch_name
+        end
+
+        response = get(commits_url)
+
+        JSON.parse(response.body).fetch("value")
+      end
+
+      def branch(branch_name)
+        response = get(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/refs?filter=heads/" + branch_name)
+
+        JSON.parse(response.body).fetch("value").first
+      end
+
+      def pull_requests(source_branch, target_branch)
+        response = get(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/pullrequests?searchCriteria.status=all" \
+          "&searchCriteria.sourceRefName=refs/heads/" + source_branch +
+          "&searchCriteria.targetRefName=refs/heads/" + target_branch)
+
+        JSON.parse(response.body).fetch("value")
+      end
+
+      def create_commit(branch_name, base_commit, commit_message, files)
+        content = {
+          refUpdates: [
+            { name: "refs/heads/" + branch_name, oldObjectId: base_commit }
+          ],
+          commits: [
+            {
+              comment: commit_message,
+              changes: files.map do |file|
+                {
+                  changeType: "edit",
+                  item: { path: file.path },
+                  newContent: {
+                    content: Base64.encode64(file.content),
+                    contentType: "base64encoded"
+                  }
+                }
+              end
+            }
+          ]
+        }
+
+        post(source.api_endpoint + source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/pushes?api-version=5.0", content.to_json)
+      end
+
+      def create_pull_request(pr_name, source_branch, target_branch,
+                              pr_description, labels)
+        # Azure DevOps only support descriptions up to 4000 characters (https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html)
+        azure_max_length = 3999
+        if pr_description.length > azure_max_length
+          truncated_msg = "...\n\n_Description has been truncated_"
+          truncate_length = azure_max_length - truncated_msg.length
+          pr_description = pr_description[0..truncate_length] + truncated_msg
+        end
+
+        content = {
+          sourceRefName: "refs/heads/" + source_branch,
+          targetRefName: "refs/heads/" + target_branch,
+          title: pr_name,
+          description: pr_description,
+          labels: labels.map { |label| { name: label } }
+        }
+
+        post(source.api_endpoint +
+          source.organization + "/" + source.project +
+          "/_apis/git/repositories/" + source.unscoped_repo +
+          "/pullrequests?api-version=5.0", content.to_json)
+      end
+
+      def get(url)
+        response = Excon.get(
+          url,
+          user: credentials&.fetch("username"),
+          password: credentials&.fetch("password"),
+          idempotent: true,
+          **SharedHelpers.excon_defaults
+        )
+        raise NotFound if response.status == 404
+
+        response
+      end
+
+      def post(url, json)
+        response = Excon.post(
+          url,
+          headers: {
+            "Content-Type" => "application/json"
+          },
+          body: json,
+          user: credentials&.fetch("username"),
+          password: credentials&.fetch("password"),
+          idempotent: true,
+          **SharedHelpers.excon_defaults
+        )
+        raise NotFound if response.status == 404
+
+        response
+      end
+
+      private
+
+      attr_reader :credentials
+      attr_reader :source
+    end
+  end
+end

data/lib/dependabot/file_fetchers/base.rb

@@ -3,6 +3,7 @@
 require "dependabot/dependency_file"
 require "dependabot/source"
 require "dependabot/errors"
+require "dependabot/clients/azure"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/bitbucket_with_retries"
 require "dependabot/clients/gitlab_with_retries"
@@ -17,6 +18,7 @@ module Dependabot
       CLIENT_NOT_FOUND_ERRORS = [
         Octokit::NotFound,
         Gitlab::Error::NotFound,
+        Dependabot::Clients::Azure::NotFound,
         Dependabot::Clients::Bitbucket::NotFound
       ].freeze
 
@@ -144,6 +146,8 @@ module Dependabot
           _github_repo_contents(repo, path, commit)
         when "gitlab"
           _gitlab_repo_contents(repo, path, commit)
+        when "azure"
+          _azure_repo_contents(path, commit)
         when "bitbucket"
           _bitbucket_repo_contents(repo, path, commit)
         else raise "Unsupported provider '#{provider}'."
@@ -214,6 +218,25 @@ module Dependabot
           end
       end
 
+      def _azure_repo_contents(path, commit)
+        response = azure_client.fetch_repo_contents(commit, path)
+
+        response.map do |entry|
+          type = case entry.fetch("gitObjectType")
+                 when "blob" then "file"
+                 when "tree" then "dir"
+                 else entry.fetch("gitObjectType")
+                 end
+
+          OpenStruct.new(
+            name: File.basename(entry.fetch("relativePath")),
+            path: entry.fetch("relativePath"),
+            type: type,
+            size: entry.fetch("size")
+          )
+        end
+      end
+
       def _bitbucket_repo_contents(repo, path, commit)
         response = bitbucket_client.fetch_repo_contents(
           repo,
@@ -289,6 +312,8 @@ module Dependabot
         when "gitlab"
           tmp = gitlab_client.get_file(repo, path, commit).content
           Base64.decode64(tmp).force_encoding("UTF-8").encode
+        when "azure"
+          azure_client.fetch_file_contents(commit, path)
         when "bitbucket"
           bitbucket_client.fetch_file_contents(repo, commit, path)
         else raise "Unsupported provider '#{source.provider}'."
@@ -362,6 +387,7 @@ module Dependabot
         case source.provider
         when "github" then github_client
         when "gitlab" then gitlab_client
+        when "azure" then azure_client
         when "bitbucket" then bitbucket_client
         else raise "Unsupported provider '#{source.provider}'."
         end
@@ -383,6 +409,12 @@ module Dependabot
           )
       end
 
+      def azure_client
+        @azure_client ||=
+          Dependabot::Clients::Azure.
+          for_source(source: source, credentials: credentials)
+      end
+
       def bitbucket_client
         # TODO: When self-hosted Bitbucket is supported this should use
         # `Bitbucket.for_source`

data/lib/dependabot/pull_request_creator.rb

@@ -4,6 +4,7 @@ require "dependabot/metadata_finders"
 
 module Dependabot
   class PullRequestCreator
+    require "dependabot/pull_request_creator/azure"
     require "dependabot/pull_request_creator/github"
     require "dependabot/pull_request_creator/gitlab"
     require "dependabot/pull_request_creator/message_builder"
@@ -68,6 +69,7 @@ module Dependabot
       case source.provider
       when "github" then github_creator.create
       when "gitlab" then gitlab_creator.create
+      when "azure" then azure_creator.create
       else raise "Unsupported provider #{source.provider}"
       end
     end
@@ -120,6 +122,20 @@ module Dependabot
       )
     end
 
+    def azure_creator
+      Azure.new(
+        source: source,
+        branch_name: branch_namer.new_branch_name,
+        base_commit: base_commit,
+        credentials: credentials,
+        files: files,
+        commit_message: message_builder.commit_message,
+        pr_description: message_builder.pr_message,
+        pr_name: message_builder.pr_name,
+        labeler: labeler
+      )
+    end
+
     def message_builder
       @message_builder ||
         MessageBuilder.new(

data/lib/dependabot/pull_request_creator/azure.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require "dependabot/clients/azure"
+require "dependabot/pull_request_creator"
+
+module Dependabot
+  class PullRequestCreator
+    class Azure
+      attr_reader :source, :branch_name, :base_commit, :credentials,
+                  :files, :commit_message, :pr_description, :pr_name,
+                  :labeler
+
+      def initialize(source:, branch_name:, base_commit:, credentials:,
+                     files:, commit_message:, pr_description:, pr_name:,
+                     labeler:)
+        @source         = source
+        @branch_name    = branch_name
+        @base_commit    = base_commit
+        @credentials    = credentials
+        @files          = files
+        @commit_message = commit_message
+        @pr_description = pr_description
+        @pr_name        = pr_name
+        @labeler        = labeler
+      end
+
+      def create
+        return if branch_exists? && pull_request_exists?
+
+        create_commit unless branch_exists? && commit_exists?
+
+        create_pull_request
+      end
+
+      private
+
+      def azure_client_for_source
+        @azure_client_for_source ||=
+          Dependabot::Clients::Azure.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+
+      def branch_exists?
+        @branch_ref ||=
+          azure_client_for_source.branch(branch_name)
+
+        @branch_ref
+      rescue ::Azure::Error::NotFound
+        false
+      end
+
+      def commit_exists?
+        @commits ||=
+          azure_client_for_source.commits(branch_name)
+        commit_message.start_with?(@commits.first.fetch("comment"))
+      end
+
+      def pull_request_exists?
+        azure_client_for_source.pull_requests(
+          branch_name,
+          source.branch || default_branch
+        ).any?
+      end
+
+      def create_commit
+        azure_client_for_source.create_commit(
+          branch_name,
+          base_commit,
+          commit_message,
+          files
+        )
+      end
+
+      def create_pull_request
+        azure_client_for_source.create_pull_request(
+          pr_name,
+          branch_name,
+          source.branch || default_branch,
+          pr_description,
+          labeler.labels_for_pr
+        )
+      end
+
+      def default_branch
+        @default_branch ||=
+          azure_client_for_source.fetch_default_branch(source.repo)
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -221,6 +221,7 @@ module Dependabot
           case source.provider
           when "github" then fetch_github_labels
           when "gitlab" then fetch_gitlab_labels
+          when "azure" then fetch_azure_labels
           else raise "Unsupported provider #{source.provider}"
           end
       end
@@ -251,10 +252,19 @@ module Dependabot
           map(&:name)
       end
 
+      def fetch_azure_labels
+        langauge_name =
+          self.class.label_details_for_package_manager(package_manager).
+          fetch(:name)
+
+        @labels = [*@labels, "dependencies", "security", langauge_name].uniq
+      end
+
       def create_dependencies_label
         case source.provider
         when "github" then create_github_dependencies_label
         when "gitlab" then create_gitlab_dependencies_label
+        when "azure" then @labels # Azure does not have centralised labels
         else raise "Unsupported provider #{source.provider}"
         end
       end
@@ -263,6 +273,7 @@ module Dependabot
         case source.provider
         when "github" then create_github_security_label
         when "gitlab" then create_gitlab_security_label
+        when "azure" then @labels # Azure does not have centralised labels
         else raise "Unsupported provider #{source.provider}"
         end
       end
@@ -271,6 +282,7 @@ module Dependabot
         case source.provider
         when "github" then create_github_language_label
         when "gitlab" then create_gitlab_language_label
+        when "azure" then @labels # Azure does not have centralised labels
         else raise "Unsupported provider #{source.provider}"
         end
       end

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -417,9 +417,14 @@ module Dependabot
       end
 
       def build_details_tag(summary:, body:)
-        msg = "\n<details>\n<summary>#{summary}</summary>\n\n"
-        msg += body
-        msg + "</details>"
+        # Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
+        if source.provider == "azure"
+          "\n\##{summary}\n\n#{body}"
+        else
+          msg = "\n<details>\n<summary>#{summary}</summary>\n\n"
+          msg += body
+          msg + "</details>"
+        end
       end
 
       def serialized_vulnerability_details(details)

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "dependabot/clients/azure"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
 require "dependabot/pull_request_creator"
@@ -267,10 +268,15 @@ module Dependabot
         case source.provider
         when "github" then recent_github_commit_messages
         when "gitlab" then recent_gitlab_commit_messages
+        when "azure" then recent_azure_commit_messages
         else raise "Unsupported provider: #{source.provider}"
         end
       end
 
+      def dependabot_email
+        "support@dependabot.com"
+      end
+
       def recent_github_commit_messages
         recent_github_commits.
           reject { |c| c.author&.type == "Bot" }.
@@ -286,18 +292,31 @@ module Dependabot
           gitlab_client_for_source.commits(source.repo)
 
         @recent_gitlab_commit_messages.
-          reject { |c| c.author_email == "support@dependabot.com" }.
+          reject { |c| c.author_email == dependabot_email }.
           reject { |c| c.message&.start_with?("merge !") }.
           map(&:message).
           compact.
           map(&:strip)
       end
 
+      def recent_azure_commit_messages
+        @recent_azure_commit_messages ||=
+          azure_client_for_source.commits
+
+        @recent_azure_commit_messages.
+          reject { |c| c.fetch("author").fetch("email") == dependabot_email }.
+          reject { |c| c.fetch("comment")&.start_with?("Merge") }.
+          map { |c| c.fetch("comment") }.
+          compact.
+          map(&:strip)
+      end
+
       def last_dependabot_commit_message
         @last_dependabot_commit_message ||=
           case source.provider
           when "github" then last_github_dependabot_commit_message
           when "gitlab" then last_gitlab_dependabot_commit_message
+          when "azure" then last_azure_dependabot_commit_message
           else raise "Unsupported provider: #{source.provider}"
           end
       end
@@ -323,7 +342,17 @@ module Dependabot
           gitlab_client_for_source.commits(source.repo)
 
         @recent_gitlab_commit_messages.
-          find { |c| c.author_email == "support@dependabot.com" }&.
+          find { |c| c.author_email == dependabot_email }&.
+          message&.
+          strip
+      end
+
+      def last_azure_dependabot_commit_message
+        @recent_azure_commit_messages ||=
+          azure_client_for_source.commits
+
+        @recent_azure_commit_messages.
+          find { |c| c.fetch("author").fetch("email") == dependabot_email }&.
           message&.
           strip
       end
@@ -344,6 +373,14 @@ module Dependabot
           )
       end
 
+      def azure_client_for_source
+        @azure_client_for_source ||=
+          Dependabot::Clients::Azure.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+
       def package_manager
         @package_manager ||= dependencies.first.package_manager
       end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.109.1"
+  VERSION = "0.110.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.109.1
+  version: 0.110.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-26 00:00:00.000000000 Z
+date: 2019-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr
@@ -311,6 +311,7 @@ extra_rdoc_files: []
 files:
 - bin/git-credential-store-immutable
 - lib/dependabot.rb
+- lib/dependabot/clients/azure.rb
 - lib/dependabot/clients/bitbucket.rb
 - lib/dependabot/clients/bitbucket_with_retries.rb
 - lib/dependabot/clients/github_with_retries.rb
@@ -338,6 +339,7 @@ files:
 - lib/dependabot/metadata_finders/base/commits_finder.rb
 - lib/dependabot/metadata_finders/base/release_finder.rb
 - lib/dependabot/pull_request_creator.rb
+- lib/dependabot/pull_request_creator/azure.rb
 - lib/dependabot/pull_request_creator/branch_namer.rb
 - lib/dependabot/pull_request_creator/commit_signer.rb
 - lib/dependabot/pull_request_creator/github.rb