dependabot-core 0.94.13 → 0.95.0

data/lib/dependabot/pull_request_creator.rb

@@ -1,153 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/metadata_finders"
-
-module Dependabot
-  class PullRequestCreator
-    require "dependabot/pull_request_creator/github"
-    require "dependabot/pull_request_creator/gitlab"
-    require "dependabot/pull_request_creator/message_builder"
-    require "dependabot/pull_request_creator/branch_namer"
-    require "dependabot/pull_request_creator/labeler"
-
-    class RepoNotFound < StandardError; end
-    class RepoArchived < StandardError; end
-    class NoHistoryInCommon < StandardError; end
-
-    attr_reader :source, :dependencies, :files, :base_commit,
-                :credentials, :pr_message_footer, :custom_labels,
-                :author_details, :signature_key, :vulnerabilities_fixed,
-                :reviewers, :assignees, :milestone, :branch_name_separator
-
-    def initialize(source:, base_commit:, dependencies:, files:, credentials:,
-                   pr_message_footer: nil, custom_labels: nil,
-                   author_details: nil, signature_key: nil,
-                   reviewers: nil, assignees: nil, milestone: nil,
-                   vulnerabilities_fixed: {}, branch_name_separator: "/",
-                   label_language: false)
-      @dependencies          = dependencies
-      @source                = source
-      @base_commit           = base_commit
-      @files                 = files
-      @credentials           = credentials
-      @pr_message_footer     = pr_message_footer
-      @author_details        = author_details
-      @signature_key         = signature_key
-      @custom_labels         = custom_labels
-      @reviewers             = reviewers
-      @assignees             = assignees
-      @milestone             = milestone
-      @vulnerabilities_fixed = vulnerabilities_fixed
-      @branch_name_separator = branch_name_separator
-      @label_language        = label_language
-
-      check_dependencies_have_previous_version
-    end
-
-    def check_dependencies_have_previous_version
-      return if library? && dependencies.all? { |d| requirements_changed?(d) }
-      return if dependencies.all?(&:previous_version)
-
-      raise "Dependencies must have a previous version or changed " \
-            "requirement to have a pull request created for them!"
-    end
-
-    def create
-      case source.provider
-      when "github" then github_creator.create
-      when "gitlab" then gitlab_creator.create
-      else raise "Unsupported provider #{source.provider}"
-      end
-    end
-
-    private
-
-    def label_language?
-      @label_language
-    end
-
-    def github_creator
-      Github.new(
-        source: source,
-        branch_name: branch_namer.new_branch_name,
-        base_commit: base_commit,
-        credentials: credentials,
-        files: files,
-        commit_message: message_builder.commit_message,
-        pr_description: message_builder.pr_message,
-        pr_name: message_builder.pr_name,
-        author_details: author_details,
-        signature_key: signature_key,
-        labeler: labeler,
-        reviewers: reviewers,
-        assignees: assignees,
-        milestone: milestone
-      )
-    end
-
-    def gitlab_creator
-      Gitlab.new(
-        source: source,
-        branch_name: branch_namer.new_branch_name,
-        base_commit: base_commit,
-        credentials: credentials,
-        files: files,
-        commit_message: message_builder.commit_message,
-        pr_description: message_builder.pr_message,
-        pr_name: message_builder.pr_name,
-        author_details: author_details,
-        labeler: labeler,
-        assignee: assignees&.first
-      )
-    end
-
-    def message_builder
-      @message_builder ||
-        MessageBuilder.new(
-          source: source,
-          dependencies: dependencies,
-          files: files,
-          credentials: credentials,
-          author_details: author_details,
-          pr_message_footer: pr_message_footer,
-          vulnerabilities_fixed: vulnerabilities_fixed
-        )
-    end
-
-    def branch_namer
-      @branch_namer ||=
-        BranchNamer.new(
-          dependencies: dependencies,
-          files: files,
-          target_branch: source.branch,
-          separator: branch_name_separator
-        )
-    end
-
-    def labeler
-      @labeler ||=
-        Labeler.new(
-          source: source,
-          custom_labels: custom_labels,
-          credentials: credentials,
-          includes_security_fixes: includes_security_fixes?,
-          dependencies: dependencies,
-          label_language: label_language?
-        )
-    end
-
-    def library?
-      return true if files.any? { |file| file.name.end_with?(".gemspec") }
-
-      dependencies.none?(&:appears_in_lockfile?)
-    end
-
-    def includes_security_fixes?
-      vulnerabilities_fixed.values.flatten.any?
-    end
-
-    def requirements_changed?(dependency)
-      (dependency.requirements - dependency.previous_requirements).any?
-    end
-  end
-end

data/lib/dependabot/pull_request_updater/github.rb

@@ -1,165 +0,0 @@
-# frozen_string_literal: true
-
-require "octokit"
-require "dependabot/clients/github_with_retries"
-require "dependabot/pull_request_creator/commit_signer"
-require "dependabot/pull_request_updater"
-
-module Dependabot
-  class PullRequestUpdater
-    class Github
-      attr_reader :source, :files, :base_commit, :credentials,
-                  :pull_request_number, :author_details, :signature_key
-
-      def initialize(source:, base_commit:, files:, credentials:,
-                     pull_request_number:, author_details: nil,
-                     signature_key: nil)
-        @source              = source
-        @base_commit         = base_commit
-        @files               = files
-        @credentials         = credentials
-        @pull_request_number = pull_request_number
-        @author_details      = author_details
-        @signature_key       = signature_key
-      end
-
-      def update
-        return unless branch_exists?
-
-        commit = create_commit
-        branch = update_branch(commit)
-        update_pull_request_target_branch
-        branch
-      end
-
-      private
-
-      def update_pull_request_target_branch
-        target_branch = source.branch || pull_request.base.repo.default_branch
-        return if target_branch == pull_request.base.ref
-
-        github_client_for_source.update_pull_request(
-          source.repo,
-          pull_request_number,
-          base: target_branch
-        )
-      end
-
-      def github_client_for_source
-        @github_client_for_source ||=
-          Dependabot::Clients::GithubWithRetries.for_source(
-            source: source,
-            credentials: credentials
-          )
-      end
-
-      def pull_request
-        @pull_request ||=
-          github_client_for_source.pull_request(
-            source.repo,
-            pull_request_number
-          )
-      end
-
-      def branch_exists?
-        github_client_for_source.branch(source.repo, pull_request.head.ref)
-      rescue Octokit::NotFound
-        false
-      end
-
-      def create_commit
-        tree = create_tree
-
-        options = author_details&.any? ? { author: author_details } : {}
-
-        if options[:author]&.any? && signature_key
-          options[:author][:date] = Time.now.utc.iso8601
-          options[:signature] = commit_signature(tree, options[:author])
-        end
-
-        github_client_for_source.create_commit(
-          source.repo,
-          commit_message,
-          tree.sha,
-          base_commit,
-          options
-        )
-      end
-
-      def create_tree
-        file_trees = files.map do |file|
-          if file.type == "file"
-            {
-              path: file.path.sub(%r{^/}, ""),
-              mode: "100644",
-              type: "blob",
-              content: file.content
-            }
-          elsif file.type == "submodule"
-            {
-              path: file.path.sub(%r{^/}, ""),
-              mode: "160000",
-              type: "commit",
-              sha: file.content
-            }
-          else
-            raise "Unknown file type #{file.type}"
-          end
-        end
-
-        github_client_for_source.create_tree(
-          source.repo,
-          file_trees,
-          base_tree: base_commit
-        )
-      end
-
-      def update_branch(commit)
-        github_client_for_source.update_ref(
-          source.repo,
-          "heads/" + pull_request.head.ref,
-          commit.sha,
-          true
-        )
-      rescue Octokit::UnprocessableEntity => error
-        # Return quietly if the branch has been deleted
-        return nil if error.message.match?(/Reference does not exist/i)
-
-        # Return quietly if the branch has been merged
-        return nil if error.message.match?(/Reference cannot be updated/i)
-
-        raise
-      end
-
-      def commit_message
-        @commit_message ||=
-          if pull_request.commits == 1
-            github_client_for_source.
-              git_commit(source.repo, pull_request.head.sha).
-              message
-          else
-            author_name = author_details&.fetch(:name, nil) || "dependabot[bot]"
-            commits =
-              github_client_for_source.
-              pull_request_commits(source.repo, pull_request_number)
-
-            commit =
-              commits.find { |c| c.commit.author.name == author_name } ||
-              commits.first
-
-            commit.commit.message
-          end
-      end
-
-      def commit_signature(tree, author_details_with_date)
-        PullRequestCreator::CommitSigner.new(
-          author_details: author_details_with_date,
-          commit_message: commit_message,
-          tree_sha: tree.sha,
-          parent_sha: base_commit,
-          signature_key: signature_key
-        ).signature
-      end
-    end
-  end
-end

data/lib/dependabot/pull_request_updater.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/pull_request_updater/github"
-
-module Dependabot
-  class PullRequestUpdater
-    attr_reader :source, :files, :base_commit, :credentials,
-                :pull_request_number, :author_details, :signature_key
-
-    def initialize(source:, base_commit:, files:, credentials:,
-                   pull_request_number:, author_details: nil,
-                   signature_key: nil)
-      @source              = source
-      @base_commit         = base_commit
-      @files               = files
-      @credentials         = credentials
-      @pull_request_number = pull_request_number
-      @author_details      = author_details
-      @signature_key       = signature_key
-    end
-
-    def update
-      case source.provider
-      when "github" then github_updater.update
-      else raise "Unsupported provider #{source.provider}"
-      end
-    end
-
-    private
-
-    def github_updater
-      Github.new(
-        source: source,
-        base_commit: base_commit,
-        files: files,
-        credentials: credentials,
-        pull_request_number: pull_request_number,
-        author_details: author_details,
-        signature_key: signature_key
-      )
-    end
-  end
-end

data/lib/dependabot/shared_helpers.rb

@@ -1,224 +0,0 @@
-# frozen_string_literal: true
-
-require "json"
-require "tmpdir"
-require "excon"
-require "English"
-require "digest"
-require "open3"
-
-module Dependabot
-  module SharedHelpers
-    BUMP_TMP_FILE_PREFIX = "dependabot_"
-    BUMP_TMP_DIR_PATH = "tmp"
-    GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
-
-    class ChildProcessFailed < StandardError
-      attr_reader :error_class, :error_message, :error_backtrace
-
-      def initialize(error_class:, error_message:, error_backtrace:)
-        @error_class = error_class
-        @error_message = error_message
-        @error_backtrace = error_backtrace
-
-        msg = "Child process raised #{error_class} with message: "\
-              "#{error_message}"
-        super(msg)
-        set_backtrace(error_backtrace)
-      end
-    end
-
-    def self.in_a_temporary_directory(directory = "/")
-      Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
-      Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
-        path = Pathname.new(File.join(dir, directory)).expand_path
-        FileUtils.mkpath(path)
-        Dir.chdir(path) { yield(path) }
-      end
-    end
-
-    def self.in_a_forked_process
-      read, write = IO.pipe
-
-      pid = fork do
-        read.close
-        result = yield
-      rescue Exception => error # rubocop:disable Lint/RescueException
-        result = { _error_details: { error_class: error.class.to_s,
-                                     error_message: error.message,
-                                     error_backtrace: error.backtrace } }
-      ensure
-        Marshal.dump(result, write)
-        exit!(0)
-      end
-
-      write.close
-      result = read.read
-      Process.wait(pid)
-      result = Marshal.load(result) # rubocop:disable Security/MarshalLoad
-
-      return result unless result.is_a?(Hash) && result[:_error_details]
-
-      raise ChildProcessFailed, result[:_error_details]
-    end
-
-    class HelperSubprocessFailed < StandardError
-      def initialize(message:, error_context:)
-        super(message)
-        @error_context = error_context
-        @command = error_context[:command]
-      end
-
-      def raven_context
-        { fingerprint: [@command], extra: @error_context }
-      end
-    end
-
-    def self.run_helper_subprocess(command:, function:, args:, env: nil,
-                                   stderr_to_stdout: false)
-      start = Time.now
-      stdin_data = JSON.dump(function: function, args: args)
-      env_cmd = [env, command].compact
-      stdout, stderr, process = Open3.capture3(*env_cmd, stdin_data: stdin_data)
-      time_taken = Time.now - start
-
-      # Some package managers output useful stuff to stderr instead of stdout so
-      # we want to parse this, most package manager will output garbage here so
-      # would mess up json response from stdout
-      stdout = "#{stderr}\n#{stdout}" if stderr_to_stdout
-
-      error_context = {
-        command: command,
-        function: function,
-        args: args,
-        time_taken: time_taken,
-        stderr_output: stderr ? stderr[0..50_000] : "", # Truncate to ~100kb
-        process_exit_value: process.to_s
-      }
-
-      response = JSON.parse(stdout)
-      return response["result"] if process.success?
-
-      raise HelperSubprocessFailed.new(
-        message: response["error"],
-        error_context: error_context
-      )
-    rescue JSON::ParserError
-      raise HelperSubprocessFailed.new(
-        message: stdout || "No output from command",
-        error_context: error_context
-      )
-    end
-
-    def self.excon_middleware
-      Excon.defaults[:middlewares] + [Excon::Middleware::RedirectFollower]
-    end
-
-    def self.excon_defaults
-      {
-        connect_timeout: 5,
-        write_timeout: 5,
-        read_timeout: 5,
-        omit_default_port: true,
-        middlewares: excon_middleware
-      }
-    end
-
-    def self.with_git_configured(credentials:)
-      backup_git_config_path = stash_global_git_config
-      configure_git_to_use_https_with_credentials(credentials)
-      yield
-    ensure
-      reset_global_git_config(backup_git_config_path)
-    end
-
-    def self.configure_git_to_use_https_with_credentials(credentials)
-      configure_git_to_use_https
-      configure_git_credentials(credentials)
-    end
-
-    def self.configure_git_to_use_https
-      # Note: we use --global here (rather than --system) so that Dependabot
-      # can be run without privileged access
-      run_shell_command(
-        'git config --global --replace-all url."https://github.com/".'\
-        "insteadOf ssh://git@github.com/ && "\
-        'git config --global --add url."https://github.com/".'\
-        "insteadOf ssh://git@github.com: && "\
-        'git config --global --add url."https://github.com/".'\
-        "insteadOf git@github.com: && "\
-        'git config --global --add url."https://github.com/".'\
-        "insteadOf git@github.com/ && "\
-        'git config --global --add url."https://github.com/".'\
-        "insteadOf git://github.com/"
-      )
-    end
-
-    def self.configure_git_credentials(credentials)
-      # Then add a file-based credential store that loads a file in this repo.
-      # Under the hood this uses git credential-store, but it's invoked through
-      # an wrapper binary that only allows non-mutative commands. Without this,
-      # whenever the credentials are deemed to be invalid, they're erased.
-      credential_helper_path =
-        File.join(__dir__, "../../helpers/utils/git-credential-store-immutable")
-      run_shell_command(
-        "git config --global credential.helper "\
-        "'#{credential_helper_path} --file=#{Dir.pwd}/git.store'"
-      )
-
-      # Build the content for our credentials file
-      git_store_content = ""
-      credentials.each do |cred|
-        next unless cred["type"] == "git_source"
-
-        authenticated_url =
-          "https://#{cred.fetch('username')}:#{cred.fetch('password')}"\
-          "@#{cred.fetch('host')}"
-
-        git_store_content += authenticated_url + "\n"
-      end
-
-      # Save the file
-      File.write("git.store", git_store_content)
-    end
-
-    def self.stash_global_git_config
-      return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
-
-      contents = File.read(GIT_CONFIG_GLOBAL_PATH)
-      digest = Digest::SHA2.hexdigest(contents)[0...10]
-      backup_path = GIT_CONFIG_GLOBAL_PATH + ".backup-#{digest}"
-
-      FileUtils.mv(GIT_CONFIG_GLOBAL_PATH, backup_path)
-      backup_path
-    end
-
-    def self.reset_global_git_config(backup_path)
-      return if backup_path.nil?
-      return unless File.exist?(backup_path)
-
-      FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
-    end
-
-    def self.run_shell_command(command)
-      start = Time.now
-      stdout, process = Open3.capture2e(command)
-      time_taken = start - Time.now
-
-      # Raise an error with the output from the shell session if the
-      # command returns a non-zero status
-      return if process.success?
-
-      error_context = {
-        command: command,
-        time_taken: time_taken,
-        process_exit_value: process.to_s
-      }
-
-      raise SharedHelpers::HelperSubprocessFailed.new(
-        message: stdout,
-        error_context: error_context
-      )
-    end
-  end
-end

data/lib/dependabot/source.rb

@@ -1,120 +0,0 @@
-# frozen_string_literal: true
-
-module Dependabot
-  class Source
-    GITHUB_SOURCE = %r{
-      (?<provider>github)
-      (?:\.com)[/:]
-      (?<repo>[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)
-      (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
-    }x.freeze
-
-    GITLAB_SOURCE = %r{
-      (?<provider>gitlab)
-      (?:\.com)[/:]
-      (?<repo>[^/\s]+/(?:(?!\.git|\.\s)[^/\s#"',])+)
-      (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
-    }x.freeze
-
-    BITBUCKET_SOURCE = %r{
-      (?<provider>bitbucket)
-      (?:\.org)[/:]
-      (?<repo>[^/\s]+/(?:(?!\.git|\.\s)[^/\s#"',])+)
-      (?:(?:/src)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
-    }x.freeze
-
-    AZURE_SOURCE = %r{
-      (?<provider>azure)
-      (?:\.com)[/:]
-      (?<repo>[^/\s]+/([^/\s]+/)?(?:_git/)(?:(?!\.git|\.\s)[^/\s#?"',])+)
-    }x.freeze
-
-    SOURCE_REGEX = /
-      (?:#{GITHUB_SOURCE})|
-      (?:#{GITLAB_SOURCE})|
-      (?:#{BITBUCKET_SOURCE})|
-      (?:#{AZURE_SOURCE})
-    /x.freeze
-
-    attr_reader :provider, :repo, :directory, :branch, :hostname, :api_endpoint
-
-    def self.from_url(url_string)
-      return unless url_string&.match?(SOURCE_REGEX)
-
-      captures = url_string.match(SOURCE_REGEX).named_captures
-
-      new(
-        provider: captures.fetch("provider"),
-        repo: captures.fetch("repo"),
-        directory: captures.fetch("directory"),
-        branch: captures.fetch("branch")
-      )
-    end
-
-    def initialize(provider:, repo:, directory: nil, branch: nil, hostname: nil,
-                   api_endpoint: nil)
-      if hostname.nil? ^ api_endpoint.nil?
-        msg = "Both hostname and api_endpoint must be specified if either "\
-              "are. Alternatively, both may be left blank to use the "\
-              "provider's defaults."
-        raise msg
-      end
-
-      @provider = provider
-      @repo = repo
-      @directory = directory
-      @branch = branch
-      @hostname = hostname || default_hostname(provider)
-      @api_endpoint = api_endpoint || default_api_endpoint(provider)
-    end
-
-    def url
-      case provider
-      when "github" then "https://github.com/" + repo
-      when "bitbucket" then "https://bitbucket.org/" + repo
-      when "gitlab" then "https://gitlab.com/" + repo
-      when "azure" then "https://dev.azure.com/" + repo
-      else raise "Unexpected repo provider '#{provider}'"
-      end
-    end
-
-    def organization
-      repo.split("/").first
-    end
-
-    def project
-      raise "Project is an Azure DevOps concept only" unless provider == "azure"
-
-      parts = repo.split("/_git/")
-      return parts.first.split("/").last if parts.first.split("/").count == 2
-
-      parts.last
-    end
-
-    def unscoped_repo
-      repo.split("/").last
-    end
-
-    private
-
-    def default_hostname(provider)
-      case provider
-      when "github" then "github.com"
-      when "bitbucket" then "bitbucket.org"
-      when "gitlab" then "gitlab.com"
-      when "azure" then "dev.azure.com"
-      else raise "Unexpected provider '#{provider}'"
-      end
-    end
-
-    def default_api_endpoint(provider)
-      case provider
-      when "github" then "https://api.github.com/"
-      when "bitbucket" then "https://api.bitbucket.org/2.0/"
-      when "gitlab" then "https://gitlab.com/api/v4"
-      when "azure" then "https://dev.azure.com/"
-      else raise "Unexpected provider '#{provider}'"
-      end
-    end
-  end
-end