dependabot-dotnet_sdk 0.284.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 15a706a053292404193686a020b0b1adbbd7b1b64224227e540ba4f7e6a59a0c
+  data.tar.gz: e08698fe639234d590f38efe79ade970060d04b5900364a3f4f51651d454e5e0
+SHA512:
+  metadata.gz: ed64acdf3bce66fc957374c4edc9892c34f69e291f0c3650dbe4a2edc0050c688d043af8ce8fb48d04af70adb8552d0d3c1c5d0bb5167ac71ec6a8173d566fa1
+  data.tar.gz: 29a61629201e766b4f744d42497305d465c98bc535c8268fd1d8e2cf5b3d0d063d17edb32a008a0ba595d597e02bc6de1391cd596083330abfb6ebc2a95a5f81

data/lib/dependabot/dotnet_sdk/file_fetcher.rb

@@ -0,0 +1,46 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+require "sorbet-runtime"
+
+module Dependabot
+  module DotnetSdk
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any? { |f| File.basename(f) == "global.json" }
+      end
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a global.json file."
+      end
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def fetch_files
+        fetched_files = []
+        fetched_files << root_file
+
+        return fetched_files if fetched_files.any?
+
+        raise Dependabot::DependencyFileNotFound.new(
+          nil,
+          "global.json not found in #{directory}"
+        )
+      end
+
+      private
+
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      def root_file
+        fetch_file_if_present("global.json")
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("dotnet_sdk", Dependabot::DotnetSdk::FileFetcher)

data/lib/dependabot/dotnet_sdk/file_parser.rb

@@ -0,0 +1,79 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "sorbet-runtime"
+
+module Dependabot
+  module DotnetSdk
+    class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
+      require "dependabot/file_parsers/base/dependency_set"
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        dependency_set = DependencySet.new
+
+        config_dependency_files.each do |config_dependency_file|
+          dependency = parse_dependency_file(config_dependency_file)
+          dependency_set << dependency if dependency
+        end
+
+        dependency_set.dependencies
+      end
+
+      private
+
+      sig { params(dependency_file: Dependabot::DependencyFile).returns(T.nilable(Dependabot::Dependency)) }
+      def parse_dependency_file(dependency_file)
+        return unless dependency_file.content
+
+        begin
+          contents = JSON.parse(T.must(dependency_file.content))
+        rescue JSON::ParserError
+          raise Dependabot::DependencyFileNotParseable, T.must(dependency_files.first).path
+        end
+
+        return unless contents["sdk"]
+
+        Dependabot::Dependency.new(
+          name: "dotnet-sdk",
+          version: contents["sdk"]["version"],
+          package_manager: "dotnet_sdk",
+          requirements: [{
+            file: dependency_file.name,
+            requirement: contents["sdk"]["version"],
+            groups: [],
+            source: nil
+          }],
+          metadata: {
+            allow_prerelease: contents["sdk"]["allowPrerelease"] || false,
+            roll_forward: contents["sdk"]["rollForward"] || "latestPatch"
+          }
+        )
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def config_dependency_files
+        @config_dependency_files ||= T.let(
+          dependency_files.select do |f|
+            f.name.end_with?("global.json")
+          end,
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
+      end
+
+      sig { override.void }
+      def check_required_files
+        return if dependency_files.any?
+
+        raise "No dependency files!"
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("dotnet_sdk", Dependabot::DotnetSdk::FileParser)

data/lib/dependabot/dotnet_sdk/file_updater.rb

@@ -0,0 +1,56 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+require "sorbet-runtime"
+
+module Dependabot
+  module DotnetSdk
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
+      sig { override.returns(T::Array[Regexp]) }
+      def self.updated_files_regex
+        [/^global\.json$/]
+      end
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        updated_files = []
+
+        contents = update
+
+        updated_files << updated_file(file: global_json, content: contents) if file_changed?(global_json)
+
+        updated_files
+      end
+
+      private
+
+      sig { returns(Dependabot::Dependency) }
+      def dependency
+        T.must(dependencies.first)
+      end
+
+      sig { override.void }
+      def check_required_files
+        return if dependency_files.any?
+
+        raise "No global.json configuration!"
+      end
+
+      sig { returns(Dependabot::DependencyFile) }
+      def global_json
+        T.must(dependency_files.find { |f| f.name == "global.json" })
+      end
+
+      sig { returns(String) }
+      def update
+        T.must(global_json.content).gsub(T.must(dependency.previous_version), T.must(dependency.version))
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("dotnet_sdk", Dependabot::DotnetSdk::FileUpdater)

data/lib/dependabot/dotnet_sdk/metadata_finder.rb

@@ -0,0 +1,22 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+
+module Dependabot
+  module DotnetSdk
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      extend T::Sig
+
+      private
+
+      sig { override.returns(T.nilable(Dependabot::Source)) }
+      def look_up_source
+        Source.from_url("https://github.com/dotnet/sdk")
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.register("dotnet_sdk", Dependabot::DotnetSdk::MetadataFinder)

data/lib/dependabot/dotnet_sdk/requirement.rb

@@ -0,0 +1,24 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/requirement"
+require "dependabot/utils"
+
+module Dependabot
+  module DotnetSdk
+    class Requirement < Dependabot::Requirement
+      AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
+
+      # For consistency with other languages, we define a requirements array.
+      # global.json don't have an `OR` separator for requirements, so it
+      # always contains a single element.
+      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Dependabot::Requirement]) }
+      def self.requirements_array(requirement_string)
+        [new(requirement_string)]
+      end
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_requirement_class("dotnet_sdk", Dependabot::DotnetSdk::Requirement)

data/lib/dependabot/dotnet_sdk/update_checker/latest_version_finder.rb

@@ -0,0 +1,140 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "excon"
+require "sorbet-runtime"
+
+require "dependabot/dotnet_sdk/requirement"
+require "dependabot/dotnet_sdk/version"
+require "dependabot/registry_client"
+require "dependabot/update_checkers/base"
+
+module Dependabot
+  module DotnetSdk
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      class LatestVersionFinder
+        extend T::Sig
+
+        RELEASES_INDEX_URL = "https://dotnetcli.blob.core.windows.net/dotnet/release-metadata/releases-index.json"
+
+        sig { params(dependency: Dependabot::Dependency, ignored_versions: T::Array[String]).void }
+        def initialize(dependency:, ignored_versions:)
+          @dependency = dependency
+          @ignored_versions = ignored_versions
+        end
+
+        sig { returns(T.nilable(Dependabot::Version)) }
+        def latest_version
+          @latest_version ||= T.let(
+            fetch_latest_version,
+            T.nilable(Dependabot::Version)
+          )
+        end
+
+        private
+
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+
+        sig { returns(T.nilable(Dependabot::Version)) }
+        def fetch_latest_version
+          versions = available_versions
+          versions = filter_prerelease_versions(versions)
+          versions = filter_ignored_versions(versions)
+          versions.max
+        end
+
+        sig { returns(T::Array[Dependabot::Version]) }
+        def available_versions
+          releases.map { |v| version_class.new(v) }
+        end
+
+        sig { params(versions: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
+        def filter_prerelease_versions(versions)
+          return versions if wants_prerelease?
+
+          # This isn't entirely accurate. .NET considers release candidates to NOT be pre-releases.
+          # However, we want to be conservative.
+          # See https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
+          versions.reject(&:prerelease?)
+        end
+
+        sig { params(versions: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
+        def filter_ignored_versions(versions)
+          versions.reject do |version|
+            ignore_requirements.any? { |r| r.satisfied_by?(version) }
+          end
+        end
+
+        sig { returns(T::Array[String]) }
+        def releases
+          response = releases_response
+          return [] unless response.status == 200
+
+          parsed = JSON.parse(response.body)
+          parsed["releases-index"].flat_map do |release|
+            release_channel(release["releases.json"])
+          end
+        end
+
+        sig { returns(Excon::Response) }
+        def releases_response
+          Dependabot::RegistryClient.get(
+            url: RELEASES_INDEX_URL,
+            headers: { "Accept" => "application/json" }
+          )
+        end
+
+        sig { params(url: String).returns(T::Array[String]) }
+        def release_channel(url)
+          response = release_channel_response(url)
+          begin
+            parsed = JSON.parse(T.must(response).body)
+          rescue JSON::ParserError
+            raise Dependabot::DependencyFileNotResolvable, "Invalid JSON response from #{url}"
+          end
+
+          parsed["releases"].map do |release|
+            if release["sdks"].nil?
+              release["sdk"]["version"]
+            else
+              release["sdks"].flat_map { |sdk| sdk["version"] }
+            end
+          end
+        .flatten
+        end
+
+        sig { params(url: String).returns(T.nilable(Excon::Response)) }
+        def release_channel_response(url)
+          Dependabot::RegistryClient.get(
+            url: url,
+            headers: { "Accept" => "application/json" }
+          )
+        end
+
+        sig { returns(T::Boolean) }
+        def wants_prerelease?
+          dependency.metadata[:allow_prerelease]
+        end
+
+        sig { returns(T::Array[Dependabot::Requirement]) }
+        def ignore_requirements
+          ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
+        end
+
+        sig { returns(T.class_of(Dependabot::Version)) }
+        def version_class
+          dependency.version_class
+        end
+
+        sig { returns(T.class_of(Dependabot::Requirement)) }
+        def requirement_class
+          dependency.requirement_class
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/dotnet_sdk/update_checker.rb

@@ -0,0 +1,67 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/errors"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+
+module Dependabot
+  module DotnetSdk
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+
+      require_relative "update_checker/latest_version_finder"
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_version
+        latest_version_finder.latest_version
+      end
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_resolvable_version
+        latest_version
+      end
+
+      sig { override.returns(T.nilable(Dependabot::Version)) }
+      def latest_resolvable_version_with_no_unlock
+        raise NotImplementedError
+      end
+
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        dependency.requirements.map do |requirement|
+          {
+            file: requirement[:file],
+            requirement: latest_version,
+            groups: requirement[:groups],
+            source: requirement[:source]
+          }
+        end
+      end
+
+      private
+
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock?
+        false
+      end
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def updated_dependencies_after_full_unlock
+        raise NotImplementedError
+      end
+
+      sig { returns(LatestVersionFinder) }
+      def latest_version_finder
+        @latest_version_finder ||= T.let(
+          LatestVersionFinder.new(dependency: dependency, ignored_versions: ignored_versions),
+          T.nilable(LatestVersionFinder)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("dotnet_sdk", Dependabot::DotnetSdk::UpdateChecker)

data/lib/dependabot/dotnet_sdk/version.rb

@@ -0,0 +1,18 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/version"
+require "dependabot/utils"
+
+module Dependabot
+  module DotnetSdk
+    # The .NET SDK versioning scheme is not semver compliant.
+    # However, for simpliticy, we will treat it as semver.
+    # See: https://learn.microsoft.com/en-us/dotnet/core/versions/#versioning-details
+    class Version < Dependabot::Version
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_version_class("dotnet_sdk", Dependabot::DotnetSdk::Version)

data/lib/dependabot/dotnet_sdk.rb

@@ -0,0 +1,20 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/dotnet_sdk/file_fetcher"
+require "dependabot/dotnet_sdk/file_parser"
+require "dependabot/dotnet_sdk/update_checker"
+require "dependabot/dotnet_sdk/file_updater"
+require "dependabot/dotnet_sdk/metadata_finder"
+require "dependabot/dotnet_sdk/requirement"
+require "dependabot/dotnet_sdk/version"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("dotnet_sdk", name: "dotnet_sdk_package_manager", colour: "512BD4")
+
+require "dependabot/dependency"
+Dependabot::Dependency
+  .register_production_check("dotnet_sdk", ->(_) { true })

metadata

@@ -0,0 +1,278 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-dotnet_sdk
+version: !ruby/object:Gem::Version
+  version: 0.284.0
+platform: ruby
+authors:
+- Dependabot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-11-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.284.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.284.0
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.67.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.67.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.22.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.22.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.29.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.29.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.5
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: dependabot-dotnet_sdk provides support for managing .NET SDK versioning
+  via Dependabot.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/dotnet_sdk.rb
+- lib/dependabot/dotnet_sdk/file_fetcher.rb
+- lib/dependabot/dotnet_sdk/file_parser.rb
+- lib/dependabot/dotnet_sdk/file_updater.rb
+- lib/dependabot/dotnet_sdk/metadata_finder.rb
+- lib/dependabot/dotnet_sdk/requirement.rb
+- lib/dependabot/dotnet_sdk/update_checker.rb
+- lib/dependabot/dotnet_sdk/update_checker/latest_version_finder.rb
+- lib/dependabot/dotnet_sdk/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+requirements: []
+rubygems_version: 3.5.9
+signing_key: 
+specification_version: 4
+summary: Provides Dependabot support for .NET SDK
+test_files: []