dependabot-core 0.94.13 → 0.95.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- metadata +13 -337
- data/CHANGELOG.md +0 -7079
- data/LICENSE +0 -39
- data/README.md +0 -114
- data/helpers/test/run.rb +0 -18
- data/helpers/utils/git-credential-store-immutable +0 -10
- data/lib/dependabot/clients/bitbucket.rb +0 -105
- data/lib/dependabot/clients/github_with_retries.rb +0 -121
- data/lib/dependabot/clients/gitlab.rb +0 -72
- data/lib/dependabot/dependency.rb +0 -115
- data/lib/dependabot/dependency_file.rb +0 -60
- data/lib/dependabot/errors.rb +0 -179
- data/lib/dependabot/file_fetchers/README.md +0 -65
- data/lib/dependabot/file_fetchers/base.rb +0 -368
- data/lib/dependabot/file_fetchers.rb +0 -18
- data/lib/dependabot/file_parsers/README.md +0 -45
- data/lib/dependabot/file_parsers/base/dependency_set.rb +0 -77
- data/lib/dependabot/file_parsers/base.rb +0 -31
- data/lib/dependabot/file_parsers.rb +0 -18
- data/lib/dependabot/file_updaters/README.md +0 -58
- data/lib/dependabot/file_updaters/base.rb +0 -52
- data/lib/dependabot/file_updaters.rb +0 -18
- data/lib/dependabot/git_commit_checker.rb +0 -412
- data/lib/dependabot/metadata_finders/README.md +0 -53
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +0 -321
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +0 -177
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +0 -221
- data/lib/dependabot/metadata_finders/base/release_finder.rb +0 -255
- data/lib/dependabot/metadata_finders/base.rb +0 -117
- data/lib/dependabot/metadata_finders.rb +0 -18
- data/lib/dependabot/pull_request_creator/branch_namer.rb +0 -170
- data/lib/dependabot/pull_request_creator/commit_signer.rb +0 -63
- data/lib/dependabot/pull_request_creator/github.rb +0 -277
- data/lib/dependabot/pull_request_creator/gitlab.rb +0 -136
- data/lib/dependabot/pull_request_creator/labeler.rb +0 -373
- data/lib/dependabot/pull_request_creator/message_builder.rb +0 -906
- data/lib/dependabot/pull_request_creator.rb +0 -153
- data/lib/dependabot/pull_request_updater/github.rb +0 -165
- data/lib/dependabot/pull_request_updater.rb +0 -43
- data/lib/dependabot/shared_helpers.rb +0 -224
- data/lib/dependabot/source.rb +0 -120
- data/lib/dependabot/update_checkers/README.md +0 -67
- data/lib/dependabot/update_checkers/base.rb +0 -220
- data/lib/dependabot/update_checkers.rb +0 -18
- data/lib/dependabot/utils.rb +0 -33
- data/lib/dependabot/version.rb +0 -5
- data/lib/dependabot.rb +0 -4
- data/lib/rubygems_version_patch.rb +0 -14
|
@@ -1,221 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/clients/github_with_retries"
|
|
4
|
-
require "dependabot/clients/gitlab"
|
|
5
|
-
require "dependabot/clients/bitbucket"
|
|
6
|
-
require "dependabot/shared_helpers"
|
|
7
|
-
require "dependabot/metadata_finders/base"
|
|
8
|
-
|
|
9
|
-
module Dependabot
|
|
10
|
-
module MetadataFinders
|
|
11
|
-
class Base
|
|
12
|
-
class CommitsFinder
|
|
13
|
-
attr_reader :source, :dependency, :credentials
|
|
14
|
-
|
|
15
|
-
def initialize(source:, dependency:, credentials:)
|
|
16
|
-
@source = source
|
|
17
|
-
@dependency = dependency
|
|
18
|
-
@credentials = credentials
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def commits_url
|
|
22
|
-
return unless source
|
|
23
|
-
return if source.provider == "azure" # TODO: Fetch Azure commits
|
|
24
|
-
|
|
25
|
-
path =
|
|
26
|
-
case source.provider
|
|
27
|
-
when "github" then github_compare_path(new_tag, previous_tag)
|
|
28
|
-
when "bitbucket" then bitbucket_compare_path(new_tag, previous_tag)
|
|
29
|
-
when "gitlab" then gitlab_compare_path(new_tag, previous_tag)
|
|
30
|
-
else raise "Unexpected source provider '#{source.provider}'"
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
"#{source.url}/#{path}"
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
# rubocop:disable Metrics/CyclomaticComplexity
|
|
37
|
-
def commits
|
|
38
|
-
return [] unless source
|
|
39
|
-
return [] unless new_tag && previous_tag
|
|
40
|
-
|
|
41
|
-
case source.provider
|
|
42
|
-
when "github" then fetch_github_commits
|
|
43
|
-
when "bitbucket" then fetch_bitbucket_commits
|
|
44
|
-
when "gitlab" then fetch_gitlab_commits
|
|
45
|
-
when "azure" then [] # TODO: Fetch Azure commits
|
|
46
|
-
else raise "Unexpected source provider '#{source.provider}'"
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
|
50
|
-
|
|
51
|
-
def new_tag
|
|
52
|
-
new_version = dependency.version
|
|
53
|
-
|
|
54
|
-
if git_source?(dependency.requirements) then new_version
|
|
55
|
-
else
|
|
56
|
-
tags = dependency_tags.
|
|
57
|
-
select { |t| t =~ version_regex(new_version) }
|
|
58
|
-
tags.find { |t| t.include?(dependency.name) } || tags.first
|
|
59
|
-
end
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
private
|
|
63
|
-
|
|
64
|
-
def previous_tag
|
|
65
|
-
previous_version = dependency.previous_version
|
|
66
|
-
|
|
67
|
-
if git_source?(dependency.previous_requirements)
|
|
68
|
-
previous_version || previous_ref
|
|
69
|
-
else
|
|
70
|
-
tags = dependency_tags.
|
|
71
|
-
select { |t| t =~ version_regex(previous_version) }
|
|
72
|
-
tags.find { |t| t.include?(dependency.name) } || tags.first
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
# TODO: Refactor me so that Composer doesn't need to be special cased
|
|
77
|
-
def git_source?(requirements)
|
|
78
|
-
# Special case Composer, which uses git as a source but handles tags
|
|
79
|
-
# internally
|
|
80
|
-
return false if dependency.package_manager == "composer"
|
|
81
|
-
|
|
82
|
-
sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
|
|
83
|
-
return false if sources.empty?
|
|
84
|
-
raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
|
|
85
|
-
|
|
86
|
-
source_type = sources.first[:type] || sources.first.fetch("type")
|
|
87
|
-
source_type == "git"
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
def previous_ref
|
|
91
|
-
return unless git_source?(dependency.previous_requirements)
|
|
92
|
-
|
|
93
|
-
dependency.previous_requirements.map do |r|
|
|
94
|
-
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
95
|
-
end.compact.first
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
def version_regex(version)
|
|
99
|
-
/(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
def dependency_tags
|
|
103
|
-
@dependency_tags ||= fetch_dependency_tags
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
def fetch_dependency_tags
|
|
107
|
-
return [] unless source
|
|
108
|
-
|
|
109
|
-
case source.provider
|
|
110
|
-
when "github"
|
|
111
|
-
github_client.tags(source.repo, per_page: 100).map(&:name)
|
|
112
|
-
when "bitbucket"
|
|
113
|
-
bitbucket_client.tags(source.repo).map { |tag| tag["name"] }
|
|
114
|
-
when "gitlab"
|
|
115
|
-
gitlab_client.tags(source.repo).map(&:name)
|
|
116
|
-
when "azure"
|
|
117
|
-
[] # TODO: Fetch Azure tags
|
|
118
|
-
else raise "Unexpected source provider '#{source.provider}'"
|
|
119
|
-
end
|
|
120
|
-
rescue Octokit::NotFound, Gitlab::Error::NotFound,
|
|
121
|
-
Dependabot::Clients::Bitbucket::NotFound,
|
|
122
|
-
Dependabot::Clients::Bitbucket::Unauthorized,
|
|
123
|
-
Dependabot::Clients::Bitbucket::Forbidden
|
|
124
|
-
[]
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
def github_compare_path(new_tag, previous_tag)
|
|
128
|
-
if new_tag && previous_tag
|
|
129
|
-
"compare/#{previous_tag}...#{new_tag}"
|
|
130
|
-
elsif new_tag
|
|
131
|
-
"commits/#{new_tag}"
|
|
132
|
-
else
|
|
133
|
-
"commits"
|
|
134
|
-
end
|
|
135
|
-
end
|
|
136
|
-
|
|
137
|
-
def bitbucket_compare_path(new_tag, previous_tag)
|
|
138
|
-
if new_tag && previous_tag
|
|
139
|
-
"branches/compare/#{new_tag}..#{previous_tag}"
|
|
140
|
-
elsif new_tag
|
|
141
|
-
"commits/tag/#{new_tag}"
|
|
142
|
-
else
|
|
143
|
-
"commits"
|
|
144
|
-
end
|
|
145
|
-
end
|
|
146
|
-
|
|
147
|
-
def gitlab_compare_path(new_tag, previous_tag)
|
|
148
|
-
if new_tag && previous_tag
|
|
149
|
-
"compare/#{previous_tag}...#{new_tag}"
|
|
150
|
-
elsif new_tag
|
|
151
|
-
"commits/#{new_tag}"
|
|
152
|
-
else
|
|
153
|
-
"commits/master"
|
|
154
|
-
end
|
|
155
|
-
end
|
|
156
|
-
|
|
157
|
-
def fetch_github_commits
|
|
158
|
-
commits =
|
|
159
|
-
github_client.compare(source.repo, previous_tag, new_tag).commits
|
|
160
|
-
return [] unless commits
|
|
161
|
-
|
|
162
|
-
commits.map do |commit|
|
|
163
|
-
{
|
|
164
|
-
message: commit.commit.message,
|
|
165
|
-
sha: commit.sha,
|
|
166
|
-
html_url: commit.html_url
|
|
167
|
-
}
|
|
168
|
-
end
|
|
169
|
-
rescue Octokit::NotFound
|
|
170
|
-
[]
|
|
171
|
-
end
|
|
172
|
-
|
|
173
|
-
def fetch_bitbucket_commits
|
|
174
|
-
bitbucket_client.
|
|
175
|
-
compare(source.repo, previous_tag, new_tag).
|
|
176
|
-
map do |commit|
|
|
177
|
-
{
|
|
178
|
-
message: commit.dig("summary", "raw"),
|
|
179
|
-
sha: commit["hash"],
|
|
180
|
-
html_url: commit.dig("links", "html", "href")
|
|
181
|
-
}
|
|
182
|
-
end
|
|
183
|
-
rescue Dependabot::Clients::Bitbucket::NotFound,
|
|
184
|
-
Dependabot::Clients::Bitbucket::Unauthorized,
|
|
185
|
-
Dependabot::Clients::Bitbucket::Forbidden
|
|
186
|
-
[]
|
|
187
|
-
end
|
|
188
|
-
|
|
189
|
-
def fetch_gitlab_commits
|
|
190
|
-
gitlab_client.
|
|
191
|
-
compare(source.repo, previous_tag, new_tag).
|
|
192
|
-
commits.
|
|
193
|
-
map do |commit|
|
|
194
|
-
{
|
|
195
|
-
message: commit["message"],
|
|
196
|
-
sha: commit["id"],
|
|
197
|
-
html_url: "#{source.url}/commit/#{commit['id']}"
|
|
198
|
-
}
|
|
199
|
-
end
|
|
200
|
-
rescue Gitlab::Error::NotFound
|
|
201
|
-
[]
|
|
202
|
-
end
|
|
203
|
-
|
|
204
|
-
def gitlab_client
|
|
205
|
-
@gitlab_client ||= Dependabot::Clients::Gitlab.
|
|
206
|
-
for_gitlab_dot_com(credentials: credentials)
|
|
207
|
-
end
|
|
208
|
-
|
|
209
|
-
def github_client
|
|
210
|
-
@github_client ||= Dependabot::Clients::GithubWithRetries.
|
|
211
|
-
for_github_dot_com(credentials: credentials)
|
|
212
|
-
end
|
|
213
|
-
|
|
214
|
-
def bitbucket_client
|
|
215
|
-
@bitbucket_client ||= Dependabot::Clients::Bitbucket.
|
|
216
|
-
for_bitbucket_dot_org(credentials: credentials)
|
|
217
|
-
end
|
|
218
|
-
end
|
|
219
|
-
end
|
|
220
|
-
end
|
|
221
|
-
end
|
|
@@ -1,255 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/clients/github_with_retries"
|
|
4
|
-
require "dependabot/clients/gitlab"
|
|
5
|
-
require "dependabot/metadata_finders/base"
|
|
6
|
-
require "dependabot/utils"
|
|
7
|
-
|
|
8
|
-
module Dependabot
|
|
9
|
-
module MetadataFinders
|
|
10
|
-
class Base
|
|
11
|
-
class ReleaseFinder
|
|
12
|
-
attr_reader :dependency, :credentials, :source
|
|
13
|
-
|
|
14
|
-
def initialize(source:, dependency:, credentials:)
|
|
15
|
-
@source = source
|
|
16
|
-
@dependency = dependency
|
|
17
|
-
@credentials = credentials
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def releases_url
|
|
21
|
-
return unless source
|
|
22
|
-
|
|
23
|
-
case source.provider
|
|
24
|
-
when "github" then "#{source.url}/releases"
|
|
25
|
-
when "gitlab" then "#{source.url}/tags"
|
|
26
|
-
when "bitbucket" then nil
|
|
27
|
-
when "azure" then "#{source.url}/tags"
|
|
28
|
-
else raise "Unexpected repo provider '#{source.provider}'"
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
def releases_text
|
|
33
|
-
return unless relevant_releases.any?
|
|
34
|
-
return if relevant_releases.all? { |r| r.body.nil? || r.body == "" }
|
|
35
|
-
|
|
36
|
-
relevant_releases.map { |r| serialize_release(r) }.join("\n\n")
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
private
|
|
40
|
-
|
|
41
|
-
def all_dep_releases
|
|
42
|
-
releases = all_releases
|
|
43
|
-
dep_prefix = dependency.name.downcase
|
|
44
|
-
|
|
45
|
-
releases_with_dependency_name =
|
|
46
|
-
releases.
|
|
47
|
-
reject { |r| r.tag_name.nil? }.
|
|
48
|
-
select { |r| r.tag_name.downcase.include?(dep_prefix) }
|
|
49
|
-
|
|
50
|
-
return releases unless releases_with_dependency_name.any?
|
|
51
|
-
|
|
52
|
-
releases_with_dependency_name
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
def all_releases
|
|
56
|
-
@all_releases ||= fetch_dependency_releases
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def relevant_releases
|
|
60
|
-
releases = releases_since_previous_version
|
|
61
|
-
|
|
62
|
-
# Sometimes we can't filter the releases properly (if they're
|
|
63
|
-
# prefixed by a number that gets confused with the version). In this
|
|
64
|
-
# case, the best we can do is return nil.
|
|
65
|
-
return [] unless releases.any?
|
|
66
|
-
|
|
67
|
-
if updated_release && version_class.correct?(dependency.version)
|
|
68
|
-
releases = filter_releases_using_updated_release(releases)
|
|
69
|
-
filter_releases_using_updated_version(releases, conservative: true)
|
|
70
|
-
elsif updated_release
|
|
71
|
-
filter_releases_using_updated_release(releases)
|
|
72
|
-
elsif version_class.correct?(dependency.version)
|
|
73
|
-
filter_releases_using_updated_version(releases, conservative: false)
|
|
74
|
-
else
|
|
75
|
-
[updated_release].compact
|
|
76
|
-
end
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
def releases_since_previous_version
|
|
80
|
-
previous_version = dependency.previous_version
|
|
81
|
-
return [updated_release].compact unless previous_version
|
|
82
|
-
|
|
83
|
-
if previous_release && version_class.correct?(previous_version)
|
|
84
|
-
releases = filter_releases_using_previous_release(all_dep_releases)
|
|
85
|
-
filter_releases_using_previous_version(releases, conservative: true)
|
|
86
|
-
elsif previous_release
|
|
87
|
-
filter_releases_using_previous_release(all_dep_releases)
|
|
88
|
-
elsif version_class.correct?(previous_version)
|
|
89
|
-
filter_releases_using_previous_version(
|
|
90
|
-
all_dep_releases,
|
|
91
|
-
conservative: false
|
|
92
|
-
)
|
|
93
|
-
else
|
|
94
|
-
[updated_release].compact
|
|
95
|
-
end
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
def filter_releases_using_previous_release(releases)
|
|
99
|
-
return releases if releases.index(previous_release).nil?
|
|
100
|
-
|
|
101
|
-
releases.first(releases.index(previous_release))
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
def filter_releases_using_updated_release(releases)
|
|
105
|
-
return releases if releases.index(updated_release).nil?
|
|
106
|
-
|
|
107
|
-
releases[releases.index(updated_release)..-1]
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
def filter_releases_using_previous_version(releases, conservative:)
|
|
111
|
-
previous_version = version_class.new(dependency.previous_version)
|
|
112
|
-
|
|
113
|
-
releases.reject do |release|
|
|
114
|
-
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
|
115
|
-
cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
|
|
116
|
-
|
|
117
|
-
tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
|
|
118
|
-
select { |nm| version_class.correct?(nm) }.
|
|
119
|
-
map { |nm| version_class.new(nm) }.max
|
|
120
|
-
|
|
121
|
-
next conservative unless tag_version
|
|
122
|
-
|
|
123
|
-
# Reject any releases that are less than the previous version
|
|
124
|
-
# (e.g., if two major versions are being maintained)
|
|
125
|
-
tag_version <= previous_version
|
|
126
|
-
end
|
|
127
|
-
end
|
|
128
|
-
|
|
129
|
-
def filter_releases_using_updated_version(releases, conservative:)
|
|
130
|
-
updated_version = version_class.new(dependency.version)
|
|
131
|
-
|
|
132
|
-
releases.reject do |release|
|
|
133
|
-
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
|
134
|
-
cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
|
|
135
|
-
|
|
136
|
-
tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
|
|
137
|
-
select { |nm| version_class.correct?(nm) }.
|
|
138
|
-
map { |nm| version_class.new(nm) }.min
|
|
139
|
-
|
|
140
|
-
next conservative unless tag_version
|
|
141
|
-
|
|
142
|
-
# Reject any releases that are greater than the updated version
|
|
143
|
-
# (e.g., if two major versions are being maintained)
|
|
144
|
-
tag_version > updated_version
|
|
145
|
-
end
|
|
146
|
-
end
|
|
147
|
-
|
|
148
|
-
def updated_release
|
|
149
|
-
release_for_version(dependency.version)
|
|
150
|
-
end
|
|
151
|
-
|
|
152
|
-
def previous_release
|
|
153
|
-
release_for_version(dependency.previous_version)
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
def release_for_version(version)
|
|
157
|
-
return nil unless version
|
|
158
|
-
|
|
159
|
-
release_regex = version_regex(version)
|
|
160
|
-
# Doing two loops looks inefficient, but it ensures consistency
|
|
161
|
-
all_dep_releases.find { |r| release_regex.match?(r.tag_name.to_s) } ||
|
|
162
|
-
all_dep_releases.find { |r| release_regex.match?(r.name.to_s) }
|
|
163
|
-
end
|
|
164
|
-
|
|
165
|
-
def serialize_release(release)
|
|
166
|
-
rel = release
|
|
167
|
-
title = "## #{rel.name.to_s != '' ? rel.name : rel.tag_name}\n"
|
|
168
|
-
body = if rel.body.to_s.gsub(/\n*\z/m, "") == ""
|
|
169
|
-
"No release notes provided."
|
|
170
|
-
else
|
|
171
|
-
rel.body.gsub(/\n*\z/m, "")
|
|
172
|
-
end
|
|
173
|
-
|
|
174
|
-
release_body_includes_title?(rel) ? body : title + body
|
|
175
|
-
end
|
|
176
|
-
|
|
177
|
-
def release_body_includes_title?(release)
|
|
178
|
-
title = release.name.to_s != "" ? release.name : release.tag_name
|
|
179
|
-
release.body.to_s.match?(/\A\s*\#*\s*#{Regexp.quote(title)}/m)
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
def version_regex(version)
|
|
183
|
-
/(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
|
|
184
|
-
end
|
|
185
|
-
|
|
186
|
-
def version_class
|
|
187
|
-
Utils.version_class_for_package_manager(dependency.package_manager)
|
|
188
|
-
end
|
|
189
|
-
|
|
190
|
-
def fetch_dependency_releases
|
|
191
|
-
return [] unless source
|
|
192
|
-
|
|
193
|
-
case source.provider
|
|
194
|
-
when "github" then fetch_github_releases
|
|
195
|
-
when "bitbucket" then [] # Bitbucket doesn't support releases
|
|
196
|
-
when "gitlab" then fetch_gitlab_releases
|
|
197
|
-
when "azure" then [] # Azure can't list API for annotated tags
|
|
198
|
-
else raise "Unexpected repo provider '#{source.provider}'"
|
|
199
|
-
end
|
|
200
|
-
end
|
|
201
|
-
|
|
202
|
-
def fetch_github_releases
|
|
203
|
-
releases = github_client.releases(source.repo, per_page: 100)
|
|
204
|
-
|
|
205
|
-
# Remove any releases without a tag name. These are draft releases and
|
|
206
|
-
# aren't yet associated with a tag, so shouldn't be used.
|
|
207
|
-
releases = releases.reject { |r| r.tag_name.nil? }
|
|
208
|
-
|
|
209
|
-
clean_release_names =
|
|
210
|
-
releases.map { |r| r.tag_name.gsub(/^[^0-9\.]*/, "") }
|
|
211
|
-
|
|
212
|
-
if clean_release_names.all? { |nm| version_class.correct?(nm) }
|
|
213
|
-
releases.sort_by do |r|
|
|
214
|
-
version_class.new(r.tag_name.gsub(/^[^0-9\.]*/, ""))
|
|
215
|
-
end.reverse
|
|
216
|
-
else
|
|
217
|
-
releases.sort_by(&:id).reverse
|
|
218
|
-
end
|
|
219
|
-
rescue Octokit::NotFound
|
|
220
|
-
[]
|
|
221
|
-
end
|
|
222
|
-
|
|
223
|
-
def fetch_gitlab_releases
|
|
224
|
-
releases =
|
|
225
|
-
gitlab_client.
|
|
226
|
-
tags(source.repo).
|
|
227
|
-
select(&:release).
|
|
228
|
-
sort_by { |r| r.commit.authored_date }.
|
|
229
|
-
reverse
|
|
230
|
-
|
|
231
|
-
releases.map do |tag|
|
|
232
|
-
OpenStruct.new(
|
|
233
|
-
name: tag.name,
|
|
234
|
-
tag_name: tag.release.tag_name,
|
|
235
|
-
body: tag.release.description,
|
|
236
|
-
html_url: "#{source.url}/tags/#{tag.name}"
|
|
237
|
-
)
|
|
238
|
-
end
|
|
239
|
-
rescue Gitlab::Error::NotFound
|
|
240
|
-
[]
|
|
241
|
-
end
|
|
242
|
-
|
|
243
|
-
def gitlab_client
|
|
244
|
-
@gitlab_client ||= Dependabot::Clients::Gitlab.
|
|
245
|
-
for_gitlab_dot_com(credentials: credentials)
|
|
246
|
-
end
|
|
247
|
-
|
|
248
|
-
def github_client
|
|
249
|
-
@github_client ||= Dependabot::Clients::GithubWithRetries.
|
|
250
|
-
for_github_dot_com(credentials: credentials)
|
|
251
|
-
end
|
|
252
|
-
end
|
|
253
|
-
end
|
|
254
|
-
end
|
|
255
|
-
end
|
|
@@ -1,117 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/source"
|
|
4
|
-
|
|
5
|
-
module Dependabot
|
|
6
|
-
module MetadataFinders
|
|
7
|
-
class Base
|
|
8
|
-
require "dependabot/metadata_finders/base/changelog_finder"
|
|
9
|
-
require "dependabot/metadata_finders/base/release_finder"
|
|
10
|
-
require "dependabot/metadata_finders/base/commits_finder"
|
|
11
|
-
|
|
12
|
-
attr_reader :dependency, :credentials
|
|
13
|
-
|
|
14
|
-
def initialize(dependency:, credentials:)
|
|
15
|
-
@dependency = dependency
|
|
16
|
-
@credentials = credentials
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def source_url
|
|
20
|
-
source&.url
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def homepage_url
|
|
24
|
-
source_url
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def changelog_url
|
|
28
|
-
@changelog_finder ||= ChangelogFinder.new(
|
|
29
|
-
dependency: dependency,
|
|
30
|
-
source: source,
|
|
31
|
-
credentials: credentials
|
|
32
|
-
)
|
|
33
|
-
@changelog_finder.changelog_url
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def changelog_text
|
|
37
|
-
@changelog_finder ||= ChangelogFinder.new(
|
|
38
|
-
dependency: dependency,
|
|
39
|
-
source: source,
|
|
40
|
-
credentials: credentials
|
|
41
|
-
)
|
|
42
|
-
@changelog_finder.changelog_text
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
def upgrade_guide_url
|
|
46
|
-
@changelog_finder ||= ChangelogFinder.new(
|
|
47
|
-
dependency: dependency,
|
|
48
|
-
source: source,
|
|
49
|
-
credentials: credentials
|
|
50
|
-
)
|
|
51
|
-
@changelog_finder.upgrade_guide_url
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
def upgrade_guide_text
|
|
55
|
-
@changelog_finder ||= ChangelogFinder.new(
|
|
56
|
-
dependency: dependency,
|
|
57
|
-
source: source,
|
|
58
|
-
credentials: credentials
|
|
59
|
-
)
|
|
60
|
-
@changelog_finder.upgrade_guide_text
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
def releases_url
|
|
64
|
-
@release_finder ||= ReleaseFinder.new(
|
|
65
|
-
dependency: dependency,
|
|
66
|
-
source: source,
|
|
67
|
-
credentials: credentials
|
|
68
|
-
)
|
|
69
|
-
@release_finder.releases_url
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
def releases_text
|
|
73
|
-
@release_finder ||= ReleaseFinder.new(
|
|
74
|
-
dependency: dependency,
|
|
75
|
-
source: source,
|
|
76
|
-
credentials: credentials
|
|
77
|
-
)
|
|
78
|
-
@release_finder.releases_text
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
def commits_url
|
|
82
|
-
@commits_finder ||= CommitsFinder.new(
|
|
83
|
-
dependency: dependency,
|
|
84
|
-
source: source,
|
|
85
|
-
credentials: credentials
|
|
86
|
-
)
|
|
87
|
-
@commits_finder.commits_url
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
def commits
|
|
91
|
-
@commits_finder ||= CommitsFinder.new(
|
|
92
|
-
dependency: dependency,
|
|
93
|
-
source: source,
|
|
94
|
-
credentials: credentials
|
|
95
|
-
)
|
|
96
|
-
@commits_finder.commits
|
|
97
|
-
end
|
|
98
|
-
|
|
99
|
-
def maintainer_changes
|
|
100
|
-
nil
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
private
|
|
104
|
-
|
|
105
|
-
def source
|
|
106
|
-
return @source if @source_lookup_attempted
|
|
107
|
-
|
|
108
|
-
@source_lookup_attempted = true
|
|
109
|
-
@source = look_up_source
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
def look_up_source
|
|
113
|
-
raise NotImplementedError
|
|
114
|
-
end
|
|
115
|
-
end
|
|
116
|
-
end
|
|
117
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Dependabot
|
|
4
|
-
module MetadataFinders
|
|
5
|
-
@metadata_finders = {}
|
|
6
|
-
|
|
7
|
-
def self.for_package_manager(package_manager)
|
|
8
|
-
metadata_finder = @metadata_finders[package_manager]
|
|
9
|
-
return metadata_finder if metadata_finder
|
|
10
|
-
|
|
11
|
-
raise "Unsupported package_manager #{package_manager}"
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def self.register(package_manager, metadata_finder)
|
|
15
|
-
@metadata_finders[package_manager] = metadata_finder
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
end
|