dependabot-core 0.88.3 → 0.89.0

data/lib/dependabot/file_parsers/php/composer.rb

@@ -1,177 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/dependency"
-require "dependabot/file_parsers/base"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-
-module Dependabot
-  module FileParsers
-    module Php
-      class Composer < Dependabot::FileParsers::Base
-        require "dependabot/file_parsers/base/dependency_set"
-
-        DEPENDENCY_GROUP_KEYS = [
-          {
-            manifest: "require",
-            lockfile: "packages",
-            group: "runtime"
-          },
-          {
-            manifest: "require-dev",
-            lockfile: "packages-dev",
-            group: "development"
-          }
-        ].freeze
-
-        def parse
-          dependency_set = DependencySet.new
-          dependency_set += manifest_dependencies
-          dependency_set += lockfile_dependencies
-          dependency_set.dependencies
-        end
-
-        private
-
-        def manifest_dependencies
-          dependencies = DependencySet.new
-
-          DEPENDENCY_GROUP_KEYS.each do |keys|
-            next unless parsed_composer_json[keys[:manifest]]
-
-            parsed_composer_json[keys[:manifest]].each do |name, req|
-              next unless package?(name)
-
-              if lockfile
-                version = dependency_version(name: name, type: keys[:group])
-
-                # Ignore dependencies which appear in the composer.json but not
-                # the composer.lock.
-                next if version.nil?
-
-                # Ignore dependency versions which are non-numeric, since they
-                # can't be compared later in the process.
-                next unless version.match?(/^\d/)
-              end
-
-              dependencies <<
-                Dependency.new(
-                  name: name,
-                  version: dependency_version(name: name, type: keys[:group]),
-                  requirements: [{
-                    requirement: req,
-                    file: "composer.json",
-                    source: dependency_source(name: name, type: keys[:group]),
-                    groups: [keys[:group]]
-                  }],
-                  package_manager: "composer"
-                )
-            end
-          end
-
-          dependencies
-        end
-
-        def lockfile_dependencies
-          dependencies = DependencySet.new
-
-          return dependencies unless lockfile
-
-          DEPENDENCY_GROUP_KEYS.map { |h| h.fetch(:lockfile) }.each do |key|
-            next unless parsed_lockfile[key]
-
-            parsed_lockfile[key].each do |details|
-              name = details["name"]
-              next unless package?(name)
-
-              version = details["version"]&.sub(/^v?/, "")
-              next if version.nil?
-              next unless version.match?(/^\d/)
-
-              dependencies <<
-                Dependency.new(
-                  name: name,
-                  version: version,
-                  requirements: [],
-                  package_manager: "composer"
-                )
-            end
-          end
-
-          dependencies
-        end
-
-        def dependency_version(name:, type:)
-          return unless lockfile
-
-          key = lockfile_key(type)
-
-          parsed_lockfile.
-            fetch(key, []).
-            find { |d| d["name"] == name }&.
-            fetch("version")&.sub(/^v?/, "")
-        end
-
-        def dependency_source(name:, type:)
-          return unless lockfile
-
-          key = lockfile_key(type)
-          package = parsed_lockfile.fetch(key).find { |d| d["name"] == name }
-
-          return unless package
-
-          if package["source"].nil? && package.dig("dist", "type") == "path"
-            return { type: "path" }
-          end
-
-          return unless package.dig("source", "type") == "git"
-
-          {
-            type: "git",
-            url: package.dig("source", "url")
-          }
-        end
-
-        def lockfile_key(type)
-          case type
-          when "runtime" then "packages"
-          when "development" then "packages-dev"
-          else raise "unknown type #{type}"
-          end
-        end
-
-        def package?(name)
-          # Filter out php, ext-, composer-plugin-api, and other special
-          # packages which don't behave as normal
-          name.split("/").count == 2
-        end
-
-        def check_required_files
-          raise "No composer.json!" unless get_original_file("composer.json")
-        end
-
-        def parsed_lockfile
-          return unless lockfile
-
-          @parsed_lockfile ||= JSON.parse(lockfile.content)
-        rescue JSON::ParserError
-          raise Dependabot::DependencyFileNotParseable, lockfile.path
-        end
-
-        def parsed_composer_json
-          @parsed_composer_json ||= JSON.parse(composer_json.content)
-        rescue JSON::ParserError
-          raise Dependabot::DependencyFileNotParseable, composer_json.path
-        end
-
-        def composer_json
-          @composer_json ||= get_original_file("composer.json")
-        end
-
-        def lockfile
-          @lockfile ||= get_original_file("composer.lock")
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/php/composer.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/base"
-require "dependabot/utils/php/version"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-
-module Dependabot
-  module FileUpdaters
-    module Php
-      class Composer < Base
-        require_relative "composer/manifest_updater"
-        require_relative "composer/lockfile_updater"
-
-        def self.updated_files_regex
-          [
-            /^composer\.json$/,
-            /^composer\.lock$/
-          ]
-        end
-
-        def updated_dependency_files
-          updated_files = []
-
-          if file_changed?(composer_json)
-            updated_files <<
-              updated_file(
-                file: composer_json,
-                content: updated_composer_json_content
-              )
-          end
-
-          if lockfile
-            updated_files <<
-              updated_file(file: lockfile, content: updated_lockfile_content)
-          end
-
-          if updated_files.none? ||
-             updated_files.sort_by(&:name) == dependency_files.sort_by(&:name)
-            raise "No files have changed!"
-          end
-
-          updated_files
-        end
-
-        private
-
-        def check_required_files
-          raise "No composer.json!" unless get_original_file("composer.json")
-        end
-
-        def updated_composer_json_content
-          ManifestUpdater.new(
-            dependencies: dependencies,
-            manifest: composer_json
-          ).updated_manifest_content
-        end
-
-        def updated_lockfile_content
-          @updated_lockfile_content ||=
-            LockfileUpdater.new(
-              dependencies: dependencies,
-              dependency_files: dependency_files,
-              credentials: credentials
-            ).updated_lockfile_content
-        end
-
-        def composer_json
-          @composer_json ||= get_original_file("composer.json")
-        end
-
-        def lockfile
-          @lockfile ||= get_original_file("composer.lock")
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb

@@ -1,269 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/php/composer"
-require "dependabot/utils/php/version"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-
-module Dependabot
-  module FileUpdaters
-    module Php
-      class Composer
-        class LockfileUpdater
-          require_relative "manifest_updater"
-
-          def initialize(dependencies:, dependency_files:, credentials:)
-            @dependencies = dependencies
-            @dependency_files = dependency_files
-            @credentials = credentials
-          end
-
-          def updated_lockfile_content
-            base_directory = dependency_files.first.directory
-            @updated_lockfile_content ||=
-              SharedHelpers.in_a_temporary_directory(base_directory) do
-                write_temporary_dependency_files
-
-                updated_content = run_update_helper.fetch("composer.lock")
-
-                updated_content = post_process_lockfile(updated_content)
-                if lockfile.content == updated_content
-                  raise "Expected content to change!"
-                end
-
-                updated_content
-              end
-          rescue SharedHelpers::HelperSubprocessFailed => error
-            handle_composer_errors(error)
-          end
-
-          private
-
-          attr_reader :dependencies, :dependency_files, :credentials
-
-          def dependency
-            # For now, we'll only ever be updating a single dependency for PHP
-            dependencies.first
-          end
-
-          def run_update_helper
-            SharedHelpers.with_git_configured(credentials: credentials) do
-              SharedHelpers.run_helper_subprocess(
-                command: "php #{php_helper_path}",
-                function: "update",
-                env: credentials_env,
-                args: [
-                  Dir.pwd,
-                  dependency.name,
-                  dependency.version,
-                  git_credentials,
-                  registry_credentials
-                ]
-              )
-            end
-          end
-
-          def updated_composer_json_content
-            ManifestUpdater.new(
-              dependencies: dependencies,
-              manifest: composer_json
-            ).updated_manifest_content
-          end
-
-          # rubocop:disable Metrics/PerceivedComplexity
-          # rubocop:disable Metrics/AbcSize
-          # rubocop:disable Metrics/CyclomaticComplexity
-          # rubocop:disable Metrics/MethodLength
-          def handle_composer_errors(error)
-            if error.message.start_with?("Failed to execute git checkout")
-              raise git_dependency_reference_error(error)
-            end
-
-            if error.message.start_with?("Failed to execute git clone")
-              dependency_url =
-                error.message.match(/(?:mirror|checkout) '(?<url>.*?)'/).
-                named_captures.fetch("url")
-              raise GitDependenciesNotReachable, dependency_url
-            end
-
-            if error.message.start_with?("Failed to clone")
-              dependency_url =
-                error.message.match(/Failed to clone (?<url>.*?) via/).
-                named_captures.fetch("url")
-              raise GitDependenciesNotReachable, dependency_url
-            end
-
-            if error.message.start_with?("Could not find a key for ACF PRO")
-              raise MissingEnvironmentVariable, "ACF_PRO_KEY"
-            end
-
-            if error.message.start_with?("Unknown downloader type: npm-sign") ||
-               error.message.include?("file could not be downloaded") ||
-               error.message.include?("configuration does not allow connect")
-              raise DependencyFileNotResolvable, error.message
-            end
-
-            if error.message.start_with?("Allowed memory size")
-              raise Dependabot::OutOfMemory
-            end
-
-            if error.message.include?("403 Forbidden")
-              source = error.message.match(%r{https?://(?<source>[^/]+)/}).
-                       named_captures.fetch("source")
-              raise PrivateSourceAuthenticationFailure, source
-            end
-
-            if error.message.include?("Argument 1 passed to Composer")
-              msg = "One of your Composer plugins is not compatible with the "\
-                    "latest version of Composer. Please update Composer and "\
-                    "try running `composer update` to debug further."
-              raise DependencyFileNotResolvable, msg
-            end
-
-            raise error
-          end
-          # rubocop:enable Metrics/PerceivedComplexity
-          # rubocop:enable Metrics/AbcSize
-          # rubocop:enable Metrics/CyclomaticComplexity
-          # rubocop:enable Metrics/MethodLength
-
-          def write_temporary_dependency_files
-            path_dependencies.each do |file|
-              path = file.name
-              FileUtils.mkdir_p(Pathname.new(path).dirname)
-              File.write(file.name, file.content)
-            end
-
-            File.write("composer.json", locked_composer_json_content)
-            File.write("composer.lock", lockfile.content)
-          end
-
-          def locked_composer_json_content
-            dependencies.
-              reduce(updated_composer_json_content) do |content, dep|
-                updated_req = dep.version
-                next content unless Utils::Php::Version.correct?(updated_req)
-
-                old_req =
-                  dep.requirements.find { |r| r[:file] == "composer.json" }&.
-                  fetch(:requirement)
-
-                # When updating a subdep there won't be an old requirement
-                next content unless old_req
-
-                regex =
-                  /
-                    "#{Regexp.escape(dep.name)}"\s*:\s*
-                    "#{Regexp.escape(old_req)}"
-                  /x
-
-                content.gsub(regex) do |declaration|
-                  declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
-                end
-              end
-          end
-
-          def git_dependency_reference_error(error)
-            ref = error.message.match(/checkout '(?<ref>.*?)'/).
-                  named_captures.fetch("ref")
-            dependency_name =
-              JSON.parse(lockfile.content).
-              values_at("packages", "packages-dev").flatten(1).
-              find { |dep| dep.dig("source", "reference") == ref }&.
-              fetch("name")
-
-            raise unless dependency_name
-
-            raise GitDependencyReferenceNotFound, dependency_name
-          end
-
-          def post_process_lockfile(content)
-            content = replace_patches(content)
-            replace_content_hash(content)
-          end
-
-          def replace_patches(updated_content)
-            content = updated_content
-            %w(packages packages-dev).each do |package_type|
-              JSON.parse(lockfile.content).fetch(package_type).each do |details|
-                next unless details["extra"].is_a?(Hash)
-                next unless (patches = details.dig("extra", "patches_applied"))
-
-                updated_object = JSON.parse(content)
-                updated_object_package =
-                  updated_object.
-                  fetch(package_type).
-                  find { |d| d["name"] == details["name"] }
-
-                next unless updated_object_package
-
-                updated_object_package["extra"] ||= {}
-                updated_object_package["extra"]["patches_applied"] = patches
-
-                content =
-                  JSON.pretty_generate(updated_object, indent: "    ").
-                  gsub(/\[\n\n\s*\]/, "[]").
-                  gsub(/\}\z/, "}\n")
-              end
-            end
-            content
-          end
-
-          def replace_content_hash(content)
-            existing_hash = JSON.parse(content).fetch("content-hash")
-            SharedHelpers.in_a_temporary_directory do
-              File.write("composer.json", updated_composer_json_content)
-
-              content_hash =
-                SharedHelpers.run_helper_subprocess(
-                  command: "php #{php_helper_path}",
-                  function: "get_content_hash",
-                  env: credentials_env,
-                  args: [Dir.pwd]
-                )
-
-              content.gsub(existing_hash, content_hash)
-            end
-          end
-
-          def php_helper_path
-            project_root = File.join(File.dirname(__FILE__), "../../../../..")
-            File.join(project_root, "helpers/php/bin/run.php")
-          end
-
-          def credentials_env
-            credentials.
-              select { |c| c.fetch("type") == "php_environment_variable" }.
-              map { |cred| [cred["env-key"], cred["env-value"]] }.
-              to_h
-          end
-
-          def git_credentials
-            credentials.
-              select { |cred| cred.fetch("type") == "git_source" }
-          end
-
-          def registry_credentials
-            credentials.
-              select { |cred| cred.fetch("type") == "composer_repository" }
-          end
-
-          def composer_json
-            @composer_json ||=
-              dependency_files.find { |f| f.name == "composer.json" }
-          end
-
-          def lockfile
-            @lockfile ||=
-              dependency_files.find { |f| f.name == "composer.lock" }
-          end
-
-          def path_dependencies
-            @path_dependencies ||=
-              dependency_files.select { |f| f.name.end_with?("/composer.json") }
-          end
-        end
-      end
-    end
-  end
-end