RubyGems - dependabot-docker - Versions diffs - 0.306.0 → 0.308.0 - Mend

dependabot-docker 0.306.0 → 0.308.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/docker/update_checker.rb +112 -0
metadata +6 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1542dcfc93d68ebe05d07e758a04988ba3cc07fa9a61ad17555da5c2f18c3291
-  data.tar.gz: a5e56d32f9d7692035ff693a5d72197bb7b9939758daa0abe74dd1224fcce80d
+  metadata.gz: 91305dc401bd3afc8f829a37c60abe141dc034bf720640090986efcf7a99c8e3
+  data.tar.gz: c4da5e91b24ce38fa2408102f7f30e0b78a5e20ba6b350c531539491cb38973e
 SHA512:
-  metadata.gz: 99dd835ac8187035f36b6f5d348b8bc095a221638b31a4dccb80e864c3c5584a4a1703812876be827bd5979a9db9fc4580ae341ac142cd5701139634655e8c2d
-  data.tar.gz: 8675326c09190974033b61f0abc0c7bfebf36618f128b26e21eb9057d898ed04aac9e2f4af9a1f23adec27508e10f85dc82030378152656b11b5d706f62d0db0
+  metadata.gz: 100288bd6be2aab9f25fff01b257b96f9bf29225d818fba03aba0cd9ef2fe02e5a1700ac1320f1f63fea6faf157c24ea1da4c9b68ba3fa0b990c6ebe19b89d75
+  data.tar.gz: cffb4955d7b470eb0eecbfe138816ccc8d09a816d8b1843638644ad593ebc4b573ec057ae2ad0497337b454a85dbdc04f4461898738a97eab8f81c1f0009e153

data/lib/dependabot/docker/update_checker.rb CHANGED Viewed

@@ -12,6 +12,8 @@ require "dependabot/docker/file_parser"
 require "dependabot/docker/version"
 require "dependabot/docker/requirement"
 require "dependabot/shared/utils/credentials_finder"
+require "dependabot/package/release_cooldown_options"
+require "dependabot/package/package_release"
 module Dependabot
   module Docker
@@ -135,6 +137,7 @@ module Dependabot
         candidate_tags = remove_prereleases(candidate_tags, version_tag)
         candidate_tags = filter_ignored(candidate_tags)
         candidate_tags = sort_tags(candidate_tags, version_tag)
+        candidate_tags = apply_cooldown(candidate_tags)
         latest_tag = candidate_tags.last
         return version_tag unless latest_tag
@@ -179,6 +182,90 @@ module Dependabot
         end
       end
+      sig do
+        params(candidate_tags: T::Array[Dependabot::Docker::Tag])
+          .returns(T::Array[Dependabot::Docker::Tag])
+      end
+      def apply_cooldown(candidate_tags)
+        return candidate_tags if should_skip_cooldown?
+        candidate_tags.reverse_each do |tag|
+          details = publication_detail(tag)
+          next if !details || !details.released_at
+          return [tag] unless cooldown_period?(details.released_at)
+          Dependabot.logger.info("Skipping tag #{tag.name} due to cooldown period")
+        end
+        []
+      end
+      sig { params(candidate_tag: Dependabot::Docker::Tag).returns(T.nilable(Dependabot::Package::PackageRelease)) }
+      def publication_detail(candidate_tag)
+        return publication_details[candidate_tag.name] if publication_details.key?(candidate_tag.name)
+        details = get_tag_publication_details(candidate_tag)
+        publication_details[candidate_tag.name] = T.cast(details, Dependabot::Package::PackageRelease)
+        details
+      end
+      sig { params(tag: Dependabot::Docker::Tag).returns(T.nilable(Dependabot::Package::PackageRelease)) }
+      def get_tag_publication_details(tag)
+        digest_info = with_retries(max_attempts: 3, errors: transient_docker_errors) do
+          client = docker_registry_client
+          client.digest(docker_repo_name, tag.name)
+        end
+        first_digest = digest_info.first&.fetch("digest")
+        return nil unless first_digest
+        blob_info = with_retries(max_attempts: 3, errors: transient_docker_errors) do
+          client = docker_registry_client
+          client.blob(docker_repo_name, first_digest)
+        end
+        last_modified = blob_info.headers[:last_modified]
+        published_date = last_modified ? Time.parse(last_modified) : nil
+        Dependabot::Package::PackageRelease.new(
+          version: Dependabot::Version.new(tag.name),
+          released_at: published_date,
+          latest: false,
+          yanked: false,
+          url: nil,
+          package_type: "docker"
+        )
+      end
+      sig do
+        params(
+          max_attempts: Integer,
+          errors: T::Array[T.class_of(StandardError)],
+          _blk: T.proc.returns(T.untyped)
+        ).returns(T.untyped)
+      end
+      def with_retries(max_attempts: 3, errors: [], &_blk)
+        attempt = 0
+        begin
+          attempt += 1
+          yield
+        rescue *errors
+          raise if attempt >= max_attempts
+          retry
+        end
+      end
+      sig { returns(T::Hash[String, T.nilable(Dependabot::Package::PackageRelease)]) }
+      def publication_details
+        @publication_details ||= T.let({}, T.nilable(
+                                             T::Hash[String, T.nilable(Dependabot::Package::PackageRelease)]
+                                           ))
+      end
       sig { params(tags: T::Array[Dependabot::Docker::Tag]).returns(T::Array[String]) }
       def identify_common_components(tags)
         tag_parts = tags.map do |tag|
@@ -522,6 +609,31 @@ module Dependabot
           T.nilable(Dependabot::Docker::Tag)
         )
       end
+      sig { returns(T::Boolean) }
+      def should_skip_cooldown?
+        @update_cooldown.nil? || !cooldown_enabled? || !@update_cooldown.included?(dependency.name)
+      end
+      sig { returns(T::Boolean) }
+      def cooldown_enabled?
+        Dependabot::Experiments.enabled?(:enable_cooldown_for_docker)
+      end
+      sig do
+        returns(Integer)
+      end
+      def cooldown_days_for
+        cooldown = @update_cooldown
+        T.must(cooldown).default_days
+      end
+      sig { params(release_date: T.untyped).returns(T::Boolean) }
+      def cooldown_period?(release_date)
+        days = cooldown_days_for
+        (Time.now.to_i - release_date.to_i) < (days * 24 * 60 * 60)
+      end
     end
     # rubocop:enable Metrics/ClassLength
   end

metadata CHANGED Viewed

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-docker
 version: !ruby/object:Gem::Version
-  version: 0.306.0
+  version: 0.308.0
 platform: ruby
 authors:
 - Dependabot
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-10 00:00:00.000000000 Z
+date: 2025-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.306.0
+        version: 0.308.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.306.0
+        version: 0.308.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -262,8 +261,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.306.0
-post_install_message:
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.308.0
 rdoc_options: []
 require_paths:
 - lib
@@ -278,8 +276,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.1.0
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.3
 specification_version: 4
 summary: Provides Dependabot support for Docker
 test_files: []