dependabot-common 0.111.57 → 0.111.58

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7ab991abc236a08994dfa0afc763f368e2dd2b612c7f0b4f9841a1f794a1df6
-  data.tar.gz: 9f97e3bc043110feb2669f5a549bb596a0bdf7dda4ee6b678fe81d8024ce68f6
+  metadata.gz: 823dd4e3b7b8fdb04ac96fdcf4f409a78a3ef7ca7220388f83d647d98954047f
+  data.tar.gz: 56353fc85227d7cf54336db0911f01e96e0ff2362881a28e22f3da4558cd570c
 SHA512:
-  metadata.gz: 2b8c5d7d2c20392dce373888a7334170fae02efcb4f387368d56da74aed4910d69bc8a31bfdf3b3fa81bc5e33d2c584a3a06584906abe0a58d4748d58a7f647e
-  data.tar.gz: 845c6e9dd4dd3a0e898f4756b3f99dc62957580870611f88b05eb48d50c8091af55897f56f42d0725a325fbdb122572dcdbb7c036d6b478f46076f81a748b06f
+  metadata.gz: 40223aa2e2fa9e1262536a6023ec2158afdc41add6f469a6eb9eb7f114f7c59bcd6a760408ba54f95d348361fc849e0a8287e890a18cace1e0aabc07ad39c5bc
+  data.tar.gz: 836c97980460705fb93e16d3241b9536ea8f45839dae38b643079c06c61cb34576c4c8f28fc142484c21ea95f1ea61879f25d121c33897a1400a8c79d0db8438

data/lib/dependabot/git_commit_checker.rb

@@ -59,16 +59,9 @@ module Dependabot
     def head_commit_for_current_branch
       return dependency.version if pinned?
 
-      branch_ref = ref_or_branch ? "refs/heads/#{ref_or_branch}" : "HEAD"
-
-      # Remove the opening clause of the upload pack as this isn't always
-      # followed by a line break. When it isn't (e.g., with Bitbucket) it causes
-      # problems for our `sha_for_update_pack_line` logic
-      line = local_upload_pack.
-             gsub(/.*git-upload-pack/, "").
-             lines.find { |l| l.include?(" #{branch_ref}") }
-
-      return sha_for_update_pack_line(line) if line
+      ref = ref_or_branch || "HEAD"
+      sha = local_repo_git_metadata_fetcher.head_commit_for_ref(ref)
+      return sha if sha
 
       raise Dependabot::GitDependencyReferenceNotFound, dependency.name
     end
@@ -332,10 +325,6 @@ module Dependabot
       Utils.requirement_class_for_package_manager(dependency.package_manager)
     end
 
-    def sha_for_update_pack_line(line)
-      line.split(" ").first.chars.last(40).join
-    end
-
     def local_repo_git_metadata_fetcher
       @local_repo_git_metadata_fetcher ||=
         GitMetadataFetcher.new(

data/lib/dependabot/git_metadata_fetcher.rb

@@ -21,15 +21,26 @@ module Dependabot
     def tags
       return [] unless upload_pack
 
-      @tags ||= tags_for_upload_pack(upload_pack)
+      @tags ||= tags_for_upload_pack
     end
 
     def ref_names
-      @ref_names ||=
-        upload_pack.lines.
-        select { |l| l.split(" ")[-1].start_with?("refs/tags", "refs/heads") }.
-        map { |line| line.split(%r{ refs/(tags|heads)/}).last.strip }.
-        reject { |l| l.end_with?("^{}") }
+      refs_for_upload_pack.map(&:name)
+    end
+
+    def head_commit_for_ref(ref)
+      if ref == "HEAD"
+        # Remove the opening clause of the upload pack as this isn't always
+        # followed by a line break. When it isn't (e.g., with Bitbucket) it
+        # causes problems for our `sha_for_update_pack_line` logic
+        line = upload_pack.gsub(/.*git-upload-pack/, "").
+               lines.find { |l| l.include?(" HEAD") }
+        return sha_for_update_pack_line(line) if line
+      end
+
+      refs_for_upload_pack.
+        find { |r| r.name == ref }&.
+        commit_sha
     end
 
     private
@@ -81,28 +92,50 @@ module Dependabot
       )
     end
 
-    def tags_for_upload_pack(upload_pack)
+    def tags_for_upload_pack
+      refs_for_upload_pack.
+        select { |ref| ref.ref_type == :tag }.
+        map do |ref|
+          OpenStruct.new(
+            name: ref.name,
+            tag_sha: ref.ref_sha,
+            commit_sha: ref.commit_sha
+          )
+        end
+    end
+
+    def refs_for_upload_pack
+      @refs_for_upload_pack ||= parse_refs_for_upload_pack
+    end
+
+    def parse_refs_for_upload_pack
       peeled_lines = []
 
       result = upload_pack.lines.each_with_object({}) do |line, res|
-        next unless line.split(" ").last.start_with?("refs/tags")
+        full_ref_name = line.split(" ").last
+        next unless full_ref_name.start_with?("refs/tags", "refs/heads")
 
         peeled_lines << line && next if line.strip.end_with?("^{}")
 
-        tag_name = line.split(" refs/tags/").last.strip
+        ref_name = full_ref_name.sub(%r{^refs/(tags|heads)/}, "").strip
         sha = sha_for_update_pack_line(line)
 
-        res[tag_name] =
-          OpenStruct.new(name: tag_name, tag_sha: sha, commit_sha: sha)
+        res[ref_name] = OpenStruct.new(
+          name: ref_name,
+          ref_sha: sha,
+          ref_type: full_ref_name.start_with?("refs/tags") ? :tag : :head,
+          commit_sha: sha
+        )
       end
 
-      # Loop through the peeled lines, updating the commit_sha for any matching
-      # tags in our results hash
+      # Loop through the peeled lines, updating the commit_sha for any
+      # matching tags in our results hash
       peeled_lines.each do |line|
-        tag_name = line.split(" refs/tags/").last.strip.gsub(/\^{}$/, "")
-        next unless result[tag_name]
+        ref_name = line.split(%r{ refs/(tags|heads)/}).
+                   last.strip.gsub(/\^{}$/, "")
+        next unless result[ref_name]
 
-        result[tag_name].commit_sha = sha_for_update_pack_line(line)
+        result[ref_name].commit_sha = sha_for_update_pack_line(line)
       end
 
       result.values

data/lib/dependabot/pull_request_creator.rb

@@ -32,7 +32,7 @@ module Dependabot
                    branch_name_separator: "/", branch_name_prefix: "dependabot",
                    label_language: false, automerge_candidate: false,
                    github_redirection_service: "github-redirect.dependabot.com",
-                   custom_headers: nil)
+                   custom_headers: nil, require_up_to_date_base: false)
       @dependencies               = dependencies
       @source                     = source
       @base_commit                = base_commit
@@ -53,6 +53,7 @@ module Dependabot
       @automerge_candidate        = automerge_candidate
       @github_redirection_service = github_redirection_service
       @custom_headers             = custom_headers
+      @require_up_to_date_base    = require_up_to_date_base
 
       check_dependencies_have_previous_version
     end
@@ -84,6 +85,10 @@ module Dependabot
       @automerge_candidate
     end
 
+    def require_up_to_date_base?
+      @require_up_to_date_base
+    end
+
     def github_creator
       Github.new(
         source: source,
@@ -100,7 +105,8 @@ module Dependabot
         reviewers: reviewers,
         assignees: assignees,
         milestone: milestone,
-        custom_headers: custom_headers
+        custom_headers: custom_headers,
+        require_up_to_date_base: require_up_to_date_base?
       )
     end
 

data/lib/dependabot/pull_request_creator/github.rb

@@ -18,49 +18,39 @@ module Dependabot
       def initialize(source:, branch_name:, base_commit:, credentials:,
                      files:, commit_message:, pr_description:, pr_name:,
                      author_details:, signature_key:, custom_headers:,
-                     labeler:, reviewers:, assignees:, milestone:)
-        @source         = source
-        @branch_name    = branch_name
-        @base_commit    = base_commit
-        @credentials    = credentials
-        @files          = files
-        @commit_message = commit_message
-        @pr_description = pr_description
-        @pr_name        = pr_name
-        @author_details = author_details
-        @signature_key  = signature_key
-        @custom_headers = custom_headers
-        @labeler        = labeler
-        @reviewers      = reviewers
-        @assignees      = assignees
-        @milestone      = milestone
+                     labeler:, reviewers:, assignees:, milestone:,
+                     require_up_to_date_base:)
+        @source                  = source
+        @branch_name             = branch_name
+        @base_commit             = base_commit
+        @credentials             = credentials
+        @files                   = files
+        @commit_message          = commit_message
+        @pr_description          = pr_description
+        @pr_name                 = pr_name
+        @author_details          = author_details
+        @signature_key           = signature_key
+        @custom_headers          = custom_headers
+        @labeler                 = labeler
+        @reviewers               = reviewers
+        @assignees               = assignees
+        @milestone               = milestone
+        @require_up_to_date_base = require_up_to_date_base
       end
 
       def create
-        return if branch_exists?(branch_name) && pull_request_exists?
+        return if branch_exists?(branch_name) && unmerged_pull_request_exists?
+        return if require_up_to_date_base? && !base_commit_is_up_to_date?
 
-        commit = create_commit
-        branch = create_or_update_branch(commit)
-        return unless branch
-
-        pull_request = create_pull_request
-        return unless pull_request
-
-        annotate_pull_request(pull_request)
-
-        pull_request
+        create_annotated_pull_request
       rescue Octokit::Error => e
         handle_error(e)
       end
 
       private
 
-      def github_client_for_source
-        @github_client_for_source ||=
-          Dependabot::Clients::GithubWithRetries.for_source(
-            source: source,
-            credentials: credentials
-          )
+      def require_up_to_date_base?
+        @require_up_to_date_base
       end
 
       def branch_exists?(name)
@@ -77,11 +67,12 @@ module Dependabot
         retry
       end
 
-      # Existing pull requests with this branch name that are open or closed.
-      # Note: we ignore *merged* pull requests for the branch name as we want
-      # to recreate them if the dependency version has regressed.
-      def pull_request_exists?
-        pull_requests =
+      def unmerged_pull_request_exists?
+        pull_requests_for_branch.reject(&:merged).any?
+      end
+
+      def pull_requests_for_branch
+        @pull_requests_for_branch ||=
           begin
             github_client_for_source.pull_requests(
               source.repo,
@@ -104,8 +95,23 @@ module Dependabot
             )
             [*open_prs, *closed_prs]
           end
+      end
 
-        pull_requests.reject(&:merged).any?
+      def base_commit_is_up_to_date?
+        git_metadata_fetcher.head_commit_for_ref(target_branch) == base_commit
+      end
+
+      def create_annotated_pull_request
+        commit = create_commit
+        branch = create_or_update_branch(commit)
+        return unless branch
+
+        pull_request = create_pull_request
+        return unless pull_request
+
+        annotate_pull_request(pull_request)
+
+        pull_request
       end
 
       def repo_exists?
@@ -289,7 +295,7 @@ module Dependabot
       def create_pull_request
         github_client_for_source.create_pull_request(
           source.repo,
-          source.branch || default_branch,
+          target_branch,
           branch_name,
           pr_name,
           pr_description,
@@ -320,6 +326,10 @@ module Dependabot
         raise
       end
 
+      def target_branch
+        source.branch || default_branch
+      end
+
       def default_branch
         @default_branch ||=
           github_client_for_source.repository(source.repo).default_branch
@@ -349,6 +359,14 @@ module Dependabot
         raise if counter > limit
       end
 
+      def github_client_for_source
+        @github_client_for_source ||=
+          Dependabot::Clients::GithubWithRetries.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+
       # rubocop:disable Metrics/CyclomaticComplexity
       def handle_error(err)
         case err

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.111.57"
+  VERSION = "0.111.58"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.111.57
+  version: 0.111.58
 platform: ruby
 authors:
 - Dependabot