dependabot-common 0.239.0 → 0.240.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05ce845694a06ef06ec108aada0ff902b7b08a7a8fc41c23531e00b2252436ae
-  data.tar.gz: 72cc39025cf3a411bed2f82d113474dae965e57c06b15d1abe78f93794562c8c
+  metadata.gz: c5411b63b39f43e2f41b430d63a0c105d3c8db50e355d3e0fb7b95c37350acc0
+  data.tar.gz: 1dc6db6e42d21fd8626dd06b46b355230db571d061940b358be515804987dec9
 SHA512:
-  metadata.gz: ee1859d83b60cf7ddeab1b98c04666198da262a86c5875ed6ff586c9637c877075d9687b3657f38e0bcbf5669584d545a790a2c68e82e9499e5c30b4353d9890
-  data.tar.gz: c4f99509fbd5846a9d07caa227cc67152933da70bea50246c1d6fe20ab9fc67cbb6d141753b89a4b7ed08bf9a73e4520a3c738fa33f4169ea5a19225db9698c6
+  metadata.gz: 52447502758cd700e913e169bfadb0ad92587e988b5a2086ae77fe01e4ae7a09a985ad2c07b91c6a8ac09f5b2016d15c256f67d698f32bbc45a9b9d271dee489
+  data.tar.gz: 325168ff256723e4d503dcba9818bdf11a969e778edccbbf28882cc560ea67f7eeeb68b5e54e843409abaa19d5f9010f027e929c4f1c827619ca8efd50257093

data/lib/dependabot/config/file_fetcher.rb

@@ -1,30 +1,37 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
+require "sorbet-runtime"
 require "dependabot/file_fetchers/base"
 require "dependabot/config/file"
 
 module Dependabot
   module Config
     class FileFetcher < FileFetchers::Base
-      CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
+      extend T::Sig
 
+      CONFIG_FILE_PATHS = T.let(%w(.github/dependabot.yml .github/dependabot.yaml).freeze, T::Array[String])
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
       def self.required_files_in?(filenames)
         CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
       end
 
+      sig { override.returns(String) }
       def self.required_files_message
         "Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def config_file
-        @config_file ||= files.first
+        @config_file ||= T.let(files.first, T.nilable(Dependabot::DependencyFile))
       end
 
       private
 
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def fetch_files
-        fetched_files = []
+        fetched_files = T.let([], T::Array[Dependabot::DependencyFile])
 
         CONFIG_FILE_PATHS.each do |file|
           fn = Pathname.new("/#{file}").relative_path_from(directory)

data/lib/dependabot/dependency.rb

@@ -143,7 +143,7 @@ module Dependabot
     def numeric_version
       return unless version && version_class.correct?(version)
 
-      @numeric_version ||= T.let(version_class.new(version), T.nilable(Dependabot::Version))
+      @numeric_version ||= T.let(version_class.new(T.must(version)), T.nilable(Dependabot::Version))
     end
 
     sig { returns(T::Hash[String, T.untyped]) }
@@ -300,7 +300,7 @@ module Dependabot
       requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
     end
 
-    sig { returns(T.class_of(Gem::Requirement)) }
+    sig { returns(T.class_of(Dependabot::Requirement)) }
     def requirement_class
       Utils.requirement_class_for_package_manager(package_manager)
     end

data/lib/dependabot/dependency_file.rb

@@ -14,6 +14,8 @@ module Dependabot
     sig { returns(T.nilable(String)) }
     attr_accessor :content
 
+    # This is the directory of the job source, not the directory of the file itself.
+    # The name actually contains the relative path from the job directory.
     sig { returns(String) }
     attr_accessor :directory
 
@@ -38,11 +40,6 @@ module Dependabot
     sig { returns(T.nilable(String)) }
     attr_accessor :mode
 
-    # The directory that this file was fetched for. This is useful for multi-directory
-    # updates, where a set of files that are related to each other are updated together.
-    sig { returns(T.nilable(String)) }
-    attr_accessor :job_directory
-
     class ContentEncoding
       UTF_8 = "utf-8"
       BASE64 = "base64"
@@ -71,15 +68,14 @@ module Dependabot
         content_encoding: String,
         deleted: T::Boolean,
         operation: String,
-        mode: T.nilable(String),
-        job_directory: T.nilable(String)
+        mode: T.nilable(String)
       )
         .void
     end
     def initialize(name:, content:, directory: "/", type: "file",
                    support_file: false, vendored_file: false, symlink_target: nil,
                    content_encoding: ContentEncoding::UTF_8, deleted: false,
-                   operation: Operation::UPDATE, mode: nil, job_directory: nil)
+                   operation: Operation::UPDATE, mode: nil)
       @name = name
       @content = content
       @directory = T.let(clean_directory(directory), String)
@@ -88,7 +84,6 @@ module Dependabot
       @vendored_file = vendored_file
       @content_encoding = content_encoding
       @operation = operation
-      @job_directory = job_directory
 
       # Make deleted override the operation. Deleted is kept when operation
       # was introduced to keep compatibility with downstream dependants.
@@ -127,7 +122,6 @@ module Dependabot
         "mode" => mode
       }
 
-      details["job_directory"] = job_directory if job_directory
       details["symlink_target"] = symlink_target if symlink_target
       details
     end

data/lib/dependabot/file_fetchers/base.rb

@@ -52,11 +52,15 @@ module Dependabot
         /^fatal: clone of '(?<url>.*)' into submodule path '.*' failed$/
       GIT_SUBMODULE_ERROR_REGEX = /(#{GIT_SUBMODULE_INACCESSIBLE_ERROR})|(#{GIT_SUBMODULE_CLONE_ERROR})/
 
-      sig { abstract.params(filenames: T::Array[String]).returns(T::Boolean) }
-      def self.required_files_in?(filenames); end
+      sig { overridable.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any?
+      end
 
-      sig { abstract.returns(String) }
-      def self.required_files_message; end
+      sig { overridable.returns(String) }
+      def self.required_files_message
+        "Required files are missing from configured directory"
+      end
 
       # Creates a new FileFetcher for retrieving `DependencyFile`s.
       #
@@ -85,6 +89,8 @@ module Dependabot
         @linked_paths = T.let({}, T::Hash[T.untyped, T.untyped])
         @submodules = T.let([], T::Array[T.untyped])
         @options = options
+
+        @files = T.let([], T::Array[DependencyFile])
       end
 
       sig { returns(String) }
@@ -104,10 +110,16 @@ module Dependabot
 
       sig { returns(T::Array[DependencyFile]) }
       def files
-        @files ||= T.let(
-          fetch_files.each { |f| f.job_directory = directory },
-          T.nilable(T::Array[DependencyFile])
-        )
+        return @files if @files.any?
+
+        files = fetch_files.compact
+        raise Dependabot::DependencyFileNotFound.new(nil, "No files found in #{directory}") unless files.any?
+
+        unless self.class.required_files_in?(files.map(&:name))
+          raise DependencyFileNotFound.new(nil, self.class.required_files_message)
+        end
+
+        @files = files
       end
 
       sig { abstract.returns(T::Array[DependencyFile]) }

data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb

@@ -1,14 +1,30 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
+require "sorbet-runtime"
 require "dependabot/pull_request_creator/branch_namer/base"
 
 module Dependabot
   class PullRequestCreator
     class BranchNamer
       class DependencyGroupStrategy < Base
-        def initialize(dependencies:, files:, target_branch:, dependency_group:,
-                       separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes:)
+        extend T::Sig
+
+        sig do
+          params(
+            dependencies: T::Array[Dependabot::Dependency],
+            files: T::Array[Dependabot::DependencyFile],
+            target_branch: String,
+            dependency_group: Dependabot::DependencyGroup,
+            includes_security_fixes: T::Boolean,
+            separator: String,
+            prefix: String,
+            max_length: T.nilable(Integer)
+          )
+            .void
+        end
+        def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
+                       separator: "/", prefix: "dependabot", max_length: nil)
           super(
             dependencies: dependencies,
             files: files,
@@ -22,14 +38,17 @@ module Dependabot
           @includes_security_fixes = includes_security_fixes
         end
 
+        sig { returns(String) }
         def new_branch_name
           sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
         end
 
         private
 
+        sig { returns(Dependabot::DependencyGroup) }
         attr_reader :dependency_group
 
+        sig { returns(T::Array[String]) }
         def prefixes
           [
             prefix,
@@ -45,6 +64,7 @@ module Dependabot
         #
         # Let's append a short hash digest of the dependency changes so that we can
         # meet this guarantee.
+        sig { returns(String) }
         def group_name_with_dependency_digest
           if @includes_security_fixes
             "group-security-#{package_manager}-#{dependency_digest}"
@@ -53,16 +73,22 @@ module Dependabot
           end
         end
 
+        sig { returns(T.nilable(String)) }
         def dependency_digest
-          @dependency_digest ||= Digest::MD5.hexdigest(dependencies.map do |dependency|
-            "#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
-          end.sort.join(",")).slice(0, 10)
+          @dependency_digest ||= T.let(
+            Digest::MD5.hexdigest(dependencies.map do |dependency|
+                                    "#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
+                                  end.sort.join(",")).slice(0, 10),
+            T.nilable(String)
+          )
         end
 
+        sig { returns(String) }
         def package_manager
           T.must(dependencies.first).package_manager
         end
 
+        sig { returns(String) }
         def directory
           T.must(files.first).directory.tr(" ", "-")
         end

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -49,10 +49,10 @@ module Dependabot
               files: files,
               target_branch: target_branch,
               dependency_group: dependency_group,
+              includes_security_fixes: includes_security_fixes,
               separator: separator,
               prefix: prefix,
-              max_length: max_length,
-              includes_security_fixes: includes_security_fixes
+              max_length: max_length
             )
           end
       end