dependabot-common 0.111.57 → 0.111.58
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 823dd4e3b7b8fdb04ac96fdcf4f409a78a3ef7ca7220388f83d647d98954047f
|
4
|
+
data.tar.gz: 56353fc85227d7cf54336db0911f01e96e0ff2362881a28e22f3da4558cd570c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 40223aa2e2fa9e1262536a6023ec2158afdc41add6f469a6eb9eb7f114f7c59bcd6a760408ba54f95d348361fc849e0a8287e890a18cace1e0aabc07ad39c5bc
|
7
|
+
data.tar.gz: 836c97980460705fb93e16d3241b9536ea8f45839dae38b643079c06c61cb34576c4c8f28fc142484c21ea95f1ea61879f25d121c33897a1400a8c79d0db8438
|
@@ -59,16 +59,9 @@ module Dependabot
|
|
59
59
|
def head_commit_for_current_branch
|
60
60
|
return dependency.version if pinned?
|
61
61
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
# followed by a line break. When it isn't (e.g., with Bitbucket) it causes
|
66
|
-
# problems for our `sha_for_update_pack_line` logic
|
67
|
-
line = local_upload_pack.
|
68
|
-
gsub(/.*git-upload-pack/, "").
|
69
|
-
lines.find { |l| l.include?(" #{branch_ref}") }
|
70
|
-
|
71
|
-
return sha_for_update_pack_line(line) if line
|
62
|
+
ref = ref_or_branch || "HEAD"
|
63
|
+
sha = local_repo_git_metadata_fetcher.head_commit_for_ref(ref)
|
64
|
+
return sha if sha
|
72
65
|
|
73
66
|
raise Dependabot::GitDependencyReferenceNotFound, dependency.name
|
74
67
|
end
|
@@ -332,10 +325,6 @@ module Dependabot
|
|
332
325
|
Utils.requirement_class_for_package_manager(dependency.package_manager)
|
333
326
|
end
|
334
327
|
|
335
|
-
def sha_for_update_pack_line(line)
|
336
|
-
line.split(" ").first.chars.last(40).join
|
337
|
-
end
|
338
|
-
|
339
328
|
def local_repo_git_metadata_fetcher
|
340
329
|
@local_repo_git_metadata_fetcher ||=
|
341
330
|
GitMetadataFetcher.new(
|
@@ -21,15 +21,26 @@ module Dependabot
|
|
21
21
|
def tags
|
22
22
|
return [] unless upload_pack
|
23
23
|
|
24
|
-
@tags ||= tags_for_upload_pack
|
24
|
+
@tags ||= tags_for_upload_pack
|
25
25
|
end
|
26
26
|
|
27
27
|
def ref_names
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
28
|
+
refs_for_upload_pack.map(&:name)
|
29
|
+
end
|
30
|
+
|
31
|
+
def head_commit_for_ref(ref)
|
32
|
+
if ref == "HEAD"
|
33
|
+
# Remove the opening clause of the upload pack as this isn't always
|
34
|
+
# followed by a line break. When it isn't (e.g., with Bitbucket) it
|
35
|
+
# causes problems for our `sha_for_update_pack_line` logic
|
36
|
+
line = upload_pack.gsub(/.*git-upload-pack/, "").
|
37
|
+
lines.find { |l| l.include?(" HEAD") }
|
38
|
+
return sha_for_update_pack_line(line) if line
|
39
|
+
end
|
40
|
+
|
41
|
+
refs_for_upload_pack.
|
42
|
+
find { |r| r.name == ref }&.
|
43
|
+
commit_sha
|
33
44
|
end
|
34
45
|
|
35
46
|
private
|
@@ -81,28 +92,50 @@ module Dependabot
|
|
81
92
|
)
|
82
93
|
end
|
83
94
|
|
84
|
-
def tags_for_upload_pack
|
95
|
+
def tags_for_upload_pack
|
96
|
+
refs_for_upload_pack.
|
97
|
+
select { |ref| ref.ref_type == :tag }.
|
98
|
+
map do |ref|
|
99
|
+
OpenStruct.new(
|
100
|
+
name: ref.name,
|
101
|
+
tag_sha: ref.ref_sha,
|
102
|
+
commit_sha: ref.commit_sha
|
103
|
+
)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def refs_for_upload_pack
|
108
|
+
@refs_for_upload_pack ||= parse_refs_for_upload_pack
|
109
|
+
end
|
110
|
+
|
111
|
+
def parse_refs_for_upload_pack
|
85
112
|
peeled_lines = []
|
86
113
|
|
87
114
|
result = upload_pack.lines.each_with_object({}) do |line, res|
|
88
|
-
|
115
|
+
full_ref_name = line.split(" ").last
|
116
|
+
next unless full_ref_name.start_with?("refs/tags", "refs/heads")
|
89
117
|
|
90
118
|
peeled_lines << line && next if line.strip.end_with?("^{}")
|
91
119
|
|
92
|
-
|
120
|
+
ref_name = full_ref_name.sub(%r{^refs/(tags|heads)/}, "").strip
|
93
121
|
sha = sha_for_update_pack_line(line)
|
94
122
|
|
95
|
-
res[
|
96
|
-
|
123
|
+
res[ref_name] = OpenStruct.new(
|
124
|
+
name: ref_name,
|
125
|
+
ref_sha: sha,
|
126
|
+
ref_type: full_ref_name.start_with?("refs/tags") ? :tag : :head,
|
127
|
+
commit_sha: sha
|
128
|
+
)
|
97
129
|
end
|
98
130
|
|
99
|
-
# Loop through the peeled lines, updating the commit_sha for any
|
100
|
-
# tags in our results hash
|
131
|
+
# Loop through the peeled lines, updating the commit_sha for any
|
132
|
+
# matching tags in our results hash
|
101
133
|
peeled_lines.each do |line|
|
102
|
-
|
103
|
-
|
134
|
+
ref_name = line.split(%r{ refs/(tags|heads)/}).
|
135
|
+
last.strip.gsub(/\^{}$/, "")
|
136
|
+
next unless result[ref_name]
|
104
137
|
|
105
|
-
result[
|
138
|
+
result[ref_name].commit_sha = sha_for_update_pack_line(line)
|
106
139
|
end
|
107
140
|
|
108
141
|
result.values
|
@@ -32,7 +32,7 @@ module Dependabot
|
|
32
32
|
branch_name_separator: "/", branch_name_prefix: "dependabot",
|
33
33
|
label_language: false, automerge_candidate: false,
|
34
34
|
github_redirection_service: "github-redirect.dependabot.com",
|
35
|
-
custom_headers: nil)
|
35
|
+
custom_headers: nil, require_up_to_date_base: false)
|
36
36
|
@dependencies = dependencies
|
37
37
|
@source = source
|
38
38
|
@base_commit = base_commit
|
@@ -53,6 +53,7 @@ module Dependabot
|
|
53
53
|
@automerge_candidate = automerge_candidate
|
54
54
|
@github_redirection_service = github_redirection_service
|
55
55
|
@custom_headers = custom_headers
|
56
|
+
@require_up_to_date_base = require_up_to_date_base
|
56
57
|
|
57
58
|
check_dependencies_have_previous_version
|
58
59
|
end
|
@@ -84,6 +85,10 @@ module Dependabot
|
|
84
85
|
@automerge_candidate
|
85
86
|
end
|
86
87
|
|
88
|
+
def require_up_to_date_base?
|
89
|
+
@require_up_to_date_base
|
90
|
+
end
|
91
|
+
|
87
92
|
def github_creator
|
88
93
|
Github.new(
|
89
94
|
source: source,
|
@@ -100,7 +105,8 @@ module Dependabot
|
|
100
105
|
reviewers: reviewers,
|
101
106
|
assignees: assignees,
|
102
107
|
milestone: milestone,
|
103
|
-
custom_headers: custom_headers
|
108
|
+
custom_headers: custom_headers,
|
109
|
+
require_up_to_date_base: require_up_to_date_base?
|
104
110
|
)
|
105
111
|
end
|
106
112
|
|
@@ -18,49 +18,39 @@ module Dependabot
|
|
18
18
|
def initialize(source:, branch_name:, base_commit:, credentials:,
|
19
19
|
files:, commit_message:, pr_description:, pr_name:,
|
20
20
|
author_details:, signature_key:, custom_headers:,
|
21
|
-
labeler:, reviewers:, assignees:, milestone
|
22
|
-
|
23
|
-
@
|
24
|
-
@
|
25
|
-
@
|
26
|
-
@
|
27
|
-
@
|
28
|
-
@
|
29
|
-
@
|
30
|
-
@
|
31
|
-
@
|
32
|
-
@
|
33
|
-
@
|
34
|
-
@
|
35
|
-
@
|
36
|
-
@
|
21
|
+
labeler:, reviewers:, assignees:, milestone:,
|
22
|
+
require_up_to_date_base:)
|
23
|
+
@source = source
|
24
|
+
@branch_name = branch_name
|
25
|
+
@base_commit = base_commit
|
26
|
+
@credentials = credentials
|
27
|
+
@files = files
|
28
|
+
@commit_message = commit_message
|
29
|
+
@pr_description = pr_description
|
30
|
+
@pr_name = pr_name
|
31
|
+
@author_details = author_details
|
32
|
+
@signature_key = signature_key
|
33
|
+
@custom_headers = custom_headers
|
34
|
+
@labeler = labeler
|
35
|
+
@reviewers = reviewers
|
36
|
+
@assignees = assignees
|
37
|
+
@milestone = milestone
|
38
|
+
@require_up_to_date_base = require_up_to_date_base
|
37
39
|
end
|
38
40
|
|
39
41
|
def create
|
40
|
-
return if branch_exists?(branch_name) &&
|
42
|
+
return if branch_exists?(branch_name) && unmerged_pull_request_exists?
|
43
|
+
return if require_up_to_date_base? && !base_commit_is_up_to_date?
|
41
44
|
|
42
|
-
|
43
|
-
branch = create_or_update_branch(commit)
|
44
|
-
return unless branch
|
45
|
-
|
46
|
-
pull_request = create_pull_request
|
47
|
-
return unless pull_request
|
48
|
-
|
49
|
-
annotate_pull_request(pull_request)
|
50
|
-
|
51
|
-
pull_request
|
45
|
+
create_annotated_pull_request
|
52
46
|
rescue Octokit::Error => e
|
53
47
|
handle_error(e)
|
54
48
|
end
|
55
49
|
|
56
50
|
private
|
57
51
|
|
58
|
-
def
|
59
|
-
@
|
60
|
-
Dependabot::Clients::GithubWithRetries.for_source(
|
61
|
-
source: source,
|
62
|
-
credentials: credentials
|
63
|
-
)
|
52
|
+
def require_up_to_date_base?
|
53
|
+
@require_up_to_date_base
|
64
54
|
end
|
65
55
|
|
66
56
|
def branch_exists?(name)
|
@@ -77,11 +67,12 @@ module Dependabot
|
|
77
67
|
retry
|
78
68
|
end
|
79
69
|
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
70
|
+
def unmerged_pull_request_exists?
|
71
|
+
pull_requests_for_branch.reject(&:merged).any?
|
72
|
+
end
|
73
|
+
|
74
|
+
def pull_requests_for_branch
|
75
|
+
@pull_requests_for_branch ||=
|
85
76
|
begin
|
86
77
|
github_client_for_source.pull_requests(
|
87
78
|
source.repo,
|
@@ -104,8 +95,23 @@ module Dependabot
|
|
104
95
|
)
|
105
96
|
[*open_prs, *closed_prs]
|
106
97
|
end
|
98
|
+
end
|
107
99
|
|
108
|
-
|
100
|
+
def base_commit_is_up_to_date?
|
101
|
+
git_metadata_fetcher.head_commit_for_ref(target_branch) == base_commit
|
102
|
+
end
|
103
|
+
|
104
|
+
def create_annotated_pull_request
|
105
|
+
commit = create_commit
|
106
|
+
branch = create_or_update_branch(commit)
|
107
|
+
return unless branch
|
108
|
+
|
109
|
+
pull_request = create_pull_request
|
110
|
+
return unless pull_request
|
111
|
+
|
112
|
+
annotate_pull_request(pull_request)
|
113
|
+
|
114
|
+
pull_request
|
109
115
|
end
|
110
116
|
|
111
117
|
def repo_exists?
|
@@ -289,7 +295,7 @@ module Dependabot
|
|
289
295
|
def create_pull_request
|
290
296
|
github_client_for_source.create_pull_request(
|
291
297
|
source.repo,
|
292
|
-
|
298
|
+
target_branch,
|
293
299
|
branch_name,
|
294
300
|
pr_name,
|
295
301
|
pr_description,
|
@@ -320,6 +326,10 @@ module Dependabot
|
|
320
326
|
raise
|
321
327
|
end
|
322
328
|
|
329
|
+
def target_branch
|
330
|
+
source.branch || default_branch
|
331
|
+
end
|
332
|
+
|
323
333
|
def default_branch
|
324
334
|
@default_branch ||=
|
325
335
|
github_client_for_source.repository(source.repo).default_branch
|
@@ -349,6 +359,14 @@ module Dependabot
|
|
349
359
|
raise if counter > limit
|
350
360
|
end
|
351
361
|
|
362
|
+
def github_client_for_source
|
363
|
+
@github_client_for_source ||=
|
364
|
+
Dependabot::Clients::GithubWithRetries.for_source(
|
365
|
+
source: source,
|
366
|
+
credentials: credentials
|
367
|
+
)
|
368
|
+
end
|
369
|
+
|
352
370
|
# rubocop:disable Metrics/CyclomaticComplexity
|
353
371
|
def handle_error(err)
|
354
372
|
case err
|
data/lib/dependabot/version.rb
CHANGED