dependabot-core 0.89.5 → 0.90.0

data/lib/dependabot/file_updaters/go/dep.rb

@@ -1,77 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/shared_helpers"
-require "dependabot/file_updaters/base"
-
-module Dependabot
-  module FileUpdaters
-    module Go
-      class Dep < Dependabot::FileUpdaters::Base
-        require_relative "dep/manifest_updater"
-        require_relative "dep/lockfile_updater"
-
-        def self.updated_files_regex
-          [
-            /^Gopkg\.toml$/,
-            /^Gopkg\.lock$/,
-            /^go\.mod$/,
-            /^go\.sum$/
-          ]
-        end
-
-        def updated_dependency_files
-          updated_files = []
-
-          if manifest && file_changed?(manifest)
-            updated_files <<
-              updated_file(
-                file: manifest,
-                content: updated_manifest_content
-              )
-          end
-
-          if lockfile
-            updated_files <<
-              updated_file(file: lockfile, content: updated_lockfile_content)
-          end
-
-          raise "No files changed!" if updated_files.none?
-
-          updated_files
-        end
-
-        private
-
-        def check_required_files
-          return if get_original_file("Gopkg.toml")
-          return if get_original_file("go.mod")
-
-          raise "No Gopkg.toml or go.mod!"
-        end
-
-        def manifest
-          @manifest ||= get_original_file("Gopkg.toml")
-        end
-
-        def lockfile
-          @lockfile ||= get_original_file("Gopkg.lock")
-        end
-
-        def updated_manifest_content
-          ManifestUpdater.new(
-            dependencies: dependencies,
-            manifest: manifest
-          ).updated_manifest_content
-        end
-
-        def updated_lockfile_content
-          LockfileUpdater.new(
-            dependencies: dependencies,
-            dependency_files: dependency_files,
-            credentials: credentials
-          ).updated_lockfile_content
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb

@@ -1,222 +0,0 @@
-# frozen_string_literal: true
-
-require "toml-rb"
-require "open3"
-require "dependabot/shared_helpers"
-require "dependabot/dependency_file"
-require "dependabot/file_updaters/go/dep"
-require "dependabot/file_parsers/go/dep"
-
-module Dependabot
-  module FileUpdaters
-    module Go
-      class Dep
-        class LockfileUpdater
-          def initialize(dependencies:, dependency_files:, credentials:)
-            @dependencies = dependencies
-            @dependency_files = dependency_files
-            @credentials = credentials
-          end
-
-          def updated_lockfile_content
-            deps = dependencies.select { |d| appears_in_lockfile(d) }
-            return lockfile.content if deps.none?
-
-            base_directory = File.join("src", "project",
-                                       dependency_files.first.directory)
-            base_parts = base_directory.split("/").length
-            updated_content =
-              SharedHelpers.in_a_temporary_directory(base_directory) do |dir|
-                write_temporary_dependency_files
-
-                SharedHelpers.with_git_configured(credentials: credentials) do
-                  # Shell out to dep, which handles everything for us.
-                  # Note: We are currently doing a full install here (we're not
-                  # passing no-vendor) because dep needs to generate the digests
-                  # for each project.
-                  command = "dep ensure -update #{deps.map(&:name).join(' ')}"
-                  dir_parts = dir.realpath.to_s.split("/")
-                  gopath = File.join(dir_parts[0..-(base_parts + 1)])
-                  run_shell_command(command, "GOPATH" => gopath)
-                end
-
-                File.read("Gopkg.lock")
-              end
-
-            updated_content
-          end
-
-          private
-
-          attr_reader :dependencies, :dependency_files, :credentials
-
-          def run_shell_command(command, env = {})
-            start = Time.now
-            stdout, process = Open3.capture2e(env, command)
-            time_taken = start - Time.now
-
-            # Raise an error with the output from the shell session if dep
-            # returns a non-zero status
-            return if process.success?
-
-            raise SharedHelpers::HelperSubprocessFailed.new(
-              message: stdout,
-              error_context: {
-                command: command,
-                time_taken: time_taken,
-                process_exit_value: process.to_s
-              }
-            )
-          end
-
-          def write_temporary_dependency_files
-            File.write(lockfile.name, lockfile.content)
-
-            # Overwrite the manifest with our custom prepared one
-            File.write(prepared_manifest.name, prepared_manifest.content)
-
-            File.write("hello.go", dummy_app_content)
-          end
-
-          def prepared_manifest
-            DependencyFile.new(
-              name: manifest.name,
-              content: prepared_manifest_content
-            )
-          end
-
-          def prepared_manifest_content
-            parsed_manifest = TomlRB.parse(manifest.content)
-
-            parsed_manifest["override"] =
-              add_fsnotify_override(parsed_manifest["override"])
-
-            dependencies.each do |dep|
-              req = dep.requirements.find { |r| r[:file] == manifest.name }
-              next unless appears_in_lockfile(dep)
-
-              if req
-                update_constraint!(parsed_manifest, dep)
-              else
-                create_constraint!(parsed_manifest, dep)
-              end
-            end
-
-            TomlRB.dump(parsed_manifest)
-          end
-
-          # Used to lock the version when updating a top-level dependency
-          def update_constraint!(parsed_manifest, dep)
-            details =
-              parsed_manifest.
-              values_at(*FileParsers::Go::Dep::REQUIREMENT_TYPES).
-              flatten.compact.find { |d| d["name"] == dep.name }
-
-            req = dep.requirements.find { |r| r[:file] == manifest.name }
-
-            if req.fetch(:source).fetch(:type) == "git" && !details["branch"]
-              # Note: we don't try to update to a specific revision if the
-              # branch was previously specified because the change in
-              # specification type would be persisted in the lockfile
-              details["revision"] = dep.version if details["revision"]
-              details["version"] = dep.version if details["version"]
-            elsif req.fetch(:source).fetch(:type) == "default"
-              details.delete("branch")
-              details.delete("revision")
-              details["version"] = "=#{dep.version}"
-            end
-          end
-
-          # Used to lock the version when updating a subdependency
-          def create_constraint!(parsed_manifest, dep)
-            details = { "name" => dep.name }
-
-            # Fetch the details from the lockfile to check whether this
-            # sub-dependency needs a git revision or a version.
-            original_details =
-              parsed_file(lockfile).fetch("projects").
-              find { |p| p["name"] == dep.name }
-
-            if original_details["source"]
-              details["source"] = original_details["source"]
-            end
-
-            if original_details["version"]
-              details["version"] = dep.version
-            else
-              details["revision"] = dep.version
-            end
-
-            parsed_manifest["constraint"] ||= []
-            parsed_manifest["constraint"] << details
-          end
-
-          # Work around a dep bug that results in a panic
-          def add_fsnotify_override(overrides)
-            overrides ||= []
-            dep_name = "gopkg.in/fsnotify.v1"
-
-            override = overrides.find { |s| s["name"] == dep_name }
-            if override.nil?
-              override = { "name" => dep_name }
-              overrides << override
-            end
-
-            unless override["source"]
-              override["source"] = "gopkg.in/fsnotify/fsnotify.v1"
-            end
-
-            overrides
-          end
-
-          def dummy_app_content
-            base = "package main\n\n"\
-                   "import \"fmt\"\n\n"
-
-            packages_to_import.each { |nm| base += "import \"#{nm}\"\n\n" }
-
-            base + "func main() {\n  fmt.Printf(\"hello, world\\n\")\n}"
-          end
-
-          def packages_to_import
-            parsed_lockfile = TomlRB.parse(lockfile.content)
-
-            # If the lockfile was created using dep v0.5.0+ then it will tell us
-            # exactly which packages to import
-            if parsed_lockfile.dig("solve-meta", "input-imports")
-              return parsed_lockfile.dig("solve-meta", "input-imports")
-            end
-
-            # Otherwise we have no way of knowing, so import everything in the
-            # lockfile that isn't marked as internal
-            parsed_lockfile.fetch("projects").flat_map do |dep|
-              dep["packages"].map do |package|
-                next if package.start_with?("internal")
-
-                package == "." ? dep["name"] : File.join(dep["name"], package)
-              end.compact
-            end
-          end
-
-          def appears_in_lockfile(dep)
-            !parsed_file(lockfile)["projects"]&.
-              find { |p| p["name"] == dep.name }.nil?
-          end
-
-          def parsed_file(file)
-            @parsed_file ||= {}
-            @parsed_file[file.name] ||= TomlRB.parse(file.content)
-          end
-
-          def manifest
-            @manifest ||= dependency_files.find { |f| f.name == "Gopkg.toml" }
-          end
-
-          def lockfile
-            @lockfile ||= dependency_files.find { |f| f.name == "Gopkg.lock" }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb

@@ -1,155 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/go/dep"
-
-module Dependabot
-  module FileUpdaters
-    module Go
-      class Dep
-        class ManifestUpdater
-          def initialize(dependencies:, manifest:)
-            @dependencies = dependencies
-            @manifest = manifest
-          end
-
-          def updated_manifest_content
-            dependencies.
-              select { |dep| requirement_changed?(manifest, dep) }.
-              reduce(manifest.content.dup) do |content, dep|
-                updated_content = content
-
-                updated_content = update_requirements(
-                  content: updated_content,
-                  filename: manifest.name,
-                  dependency: dep
-                )
-                updated_content = update_git_pin(
-                  content: updated_content,
-                  filename: manifest.name,
-                  dependency: dep
-                )
-
-                if content == updated_content
-                  raise "Expected content to change!"
-                end
-
-                updated_content
-              end
-          end
-
-          private
-
-          attr_reader :dependencies, :manifest
-
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-
-          def update_requirements(content:, filename:, dependency:)
-            updated_content = content.dup
-
-            # The UpdateChecker ensures the order of requirements is preserved
-            # when updating, so we can zip them together in new/old pairs.
-            reqs = dependency.requirements.
-                   zip(dependency.previous_requirements).
-                   reject { |new_req, old_req| new_req == old_req }
-
-            # Loop through each changed requirement
-            reqs.each do |new_req, old_req|
-              raise "Bad req match" unless new_req[:file] == old_req[:file]
-              next if new_req[:requirement] == old_req[:requirement]
-              next unless new_req[:file] == filename
-
-              updated_content = update_manifest_req(
-                content: updated_content,
-                dep: dependency,
-                old_req: old_req.fetch(:requirement),
-                new_req: new_req.fetch(:requirement)
-              )
-            end
-
-            updated_content
-          end
-
-          def update_git_pin(content:, filename:, dependency:)
-            updated_pin =
-              dependency.requirements.
-              find { |r| r[:file] == filename }&.
-              dig(:source, :ref)
-
-            old_pin =
-              dependency.previous_requirements.
-              find { |r| r[:file] == filename }&.
-              dig(:source, :ref)
-
-            return content unless old_pin
-
-            update_manifest_pin(
-              content: content,
-              dep: dependency,
-              old_pin: old_pin,
-              new_pin: updated_pin
-            )
-          end
-
-          # rubocop:disable Metrics/CyclomaticComplexity
-          # rubocop:disable Metrics/PerceivedComplexity
-          def update_manifest_req(content:, dep:, old_req:, new_req:)
-            declaration = content.scan(declaration_regex(dep)).
-                          find { |m| old_req.nil? || m.include?(old_req) }
-
-            return content unless declaration
-
-            if old_req && new_req
-              content.gsub(declaration) do |line|
-                line.gsub(old_req, new_req)
-              end
-            elsif old_req && new_req.nil?
-              content.gsub(declaration) do |line|
-                line.gsub(/\R+.*version\s*=.*/, "")
-              end
-            elsif old_req.nil? && new_req
-              content.gsub(declaration) do |line|
-                indent = line.match(/(?<indent>\s*)name/).
-                         named_captures.fetch("indent")
-                version_declaration = indent + "version = \"#{new_req}\""
-                line.gsub(/name\s*=.*/) { |nm_ln| nm_ln + version_declaration }
-              end
-            end
-          end
-          # rubocop:enable Metrics/CyclomaticComplexity
-          # rubocop:enable Metrics/PerceivedComplexity
-
-          def update_manifest_pin(content:, dep:, old_pin:, new_pin:)
-            declaration = content.scan(declaration_regex(dep)).
-                          find { |m| m.include?(old_pin) }
-
-            return content unless declaration
-
-            if old_pin && new_pin
-              content.gsub(declaration) do |line|
-                line.gsub(old_pin, new_pin)
-              end
-            elsif old_pin && new_pin.nil?
-              content.gsub(declaration) do |line|
-                line.gsub(/\R+.*(revision|branch)\s*=.*/, "")
-              end
-            end
-          end
-
-          def declaration_regex(dep)
-            /
-              (?<=\]\])
-              (?:(?!^\[).)*
-              name\s*=\s*["']#{Regexp.escape(dep.name)}["']
-              (?:(?!^\[).)*
-            /mx
-          end
-        end
-      end
-    end
-  end
-end