dependabot-elm 0.82.0

data/lib/dependabot/elm/update_checker.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require "excon"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/shared_helpers"
+require "dependabot/errors"
+
+module Dependabot
+  module Elm
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      require_relative "update_checker/requirements_updater"
+      require_relative "update_checker/elm_18_version_resolver"
+      require_relative "update_checker/elm_19_version_resolver"
+
+      def latest_version
+        @latest_version ||= candidate_versions.max
+      end
+
+      # Overwrite the base class to allow multi-dependency update PRs for
+      # dependencies for which we don't have a version.
+      def can_update?(requirements_to_unlock:)
+        if dependency.appears_in_lockfile?
+          version_can_update?(requirements_to_unlock: requirements_to_unlock)
+        elsif requirements_to_unlock == :none
+          false
+        elsif requirements_to_unlock == :own
+          requirements_can_update?
+        elsif requirements_to_unlock == :all
+          updated_dependencies_after_full_unlock.any?
+        end
+      end
+
+      def latest_resolvable_version
+        @latest_resolvable_version ||=
+          version_resolver.
+          latest_resolvable_version(unlock_requirement: :own)
+      end
+
+      def latest_resolvable_version_with_no_unlock
+        # Irrelevant, since Elm has a single dependency file (well, there's
+        # also `exact-dependencies.json`, but it's not recommended that that
+        # is committed).
+        nil
+      end
+
+      def updated_requirements
+        RequirementsUpdater.new(
+          requirements: dependency.requirements,
+          latest_resolvable_version: latest_resolvable_version
+        ).updated_requirements
+      end
+
+      private
+
+      def version_resolver
+        @version_resolver ||=
+          if dependency.requirements.any? { |r| r.fetch(:file) == "elm.json" }
+            Elm19VersionResolver.new(
+              dependency: dependency,
+              dependency_files: dependency_files
+            )
+          else
+            Elm18VersionResolver.new(
+              dependency: dependency,
+              dependency_files: dependency_files,
+              candidate_versions: candidate_versions
+            )
+          end
+      end
+
+      def updated_dependencies_after_full_unlock
+        version_resolver.updated_dependencies_after_full_unlock
+      end
+
+      def latest_version_resolvable_with_full_unlock?
+        latest_version == version_resolver.
+                          latest_resolvable_version(unlock_requirement: :all)
+      end
+
+      def candidate_versions
+        all_versions.
+          reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
+      end
+
+      def all_versions
+        return @all_versions if @version_lookup_attempted
+
+        @version_lookup_attempted = true
+
+        response = Excon.get(
+          "https://package.elm-lang.org/packages/#{dependency.name}/"\
+          "releases.json",
+          idempotent: true,
+          **Dependabot::SharedHelpers.excon_defaults
+        )
+
+        return @all_versions = [] unless response.status == 200
+
+        @all_versions =
+          JSON.parse(response.body).
+          keys.
+          map { |v| version_class.new(v) }.
+          sort
+      end
+
+      # Overwrite the base class's requirements_up_to_date? method to instead
+      # check whether the latest version is allowed
+      def requirements_up_to_date?
+        return false unless latest_version
+
+        dependency.requirements.
+          map { |r| r.fetch(:requirement) }.
+          map { |r| requirement_class.new(r) }.
+          all? { |r| r.satisfied_by?(latest_version) }
+      end
+
+      def ignore_reqs
+        # Note: we use Gem::Requirement here because ignore conditions will
+        # be passed as Ruby ranges
+        ignored_versions.map { |req| Gem::Requirement.new(req.split(",")) }
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.
+  register("elm-package", Dependabot::Elm::UpdateChecker)

data/lib/dependabot/elm/update_checker/cli_parser.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require "dependabot/elm/version"
+require "dependabot/elm/update_checker"
+
+module Dependabot
+  module Elm
+    class UpdateChecker
+      class CliParser
+        INSTALL_DEPENDENCY_REGEX =
+          %r{([^\s]+\/[^\s]+)\s+(\d+\.\d+\.\d+)}.freeze
+        UPGRADE_DEPENDENCY_REGEX =
+          %r{([^\s]+\/[^\s]+) \(\d+\.\d+\.\d+ => (\d+\.\d+\.\d+)\)}.freeze
+
+        def self.decode_install_preview(text)
+          installs = {}
+
+          # Parse new installs
+          text.scan(INSTALL_DEPENDENCY_REGEX).
+            each { |n, v| installs[n] = Elm::Version.new(v) }
+
+          # Parse upgrades
+          text.scan(UPGRADE_DEPENDENCY_REGEX).
+            each { |n, v| installs[n] = Elm::Version.new(v) }
+
+          installs
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/elm/update_checker/elm_18_version_resolver.rb

@@ -0,0 +1,232 @@
+# frozen_string_literal: true
+
+require "dependabot/shared_helpers"
+require "dependabot/errors"
+require "dependabot/elm/file_parser"
+require "dependabot/elm/update_checker"
+require "dependabot/elm/update_checker/cli_parser"
+require "dependabot/elm/update_checker/requirements_updater"
+require "dependabot/elm/requirement"
+
+module Dependabot
+  module Elm
+    class UpdateChecker
+      class Elm18VersionResolver
+        class UnrecoverableState < StandardError; end
+
+        def initialize(dependency:, dependency_files:, candidate_versions:)
+          @dependency = dependency
+          @dependency_files = dependency_files
+          @candidate_versions = candidate_versions
+        end
+
+        def latest_resolvable_version(unlock_requirement:)
+          unless %i(none own all).include?(unlock_requirement)
+            raise "Invalid unlock setting: #{unlock_requirement}"
+          end
+
+          # Elm has no lockfile, so we will never create an update PR if
+          # unlock requirements are `none`. Just return the current version.
+          return current_version if unlock_requirement == :none
+
+          # Otherwise, we gotta check a few conditions to see if bumping
+          # wouldn't also bump other deps in elm-package.json
+          candidate_versions.sort.reverse_each do |version|
+            return version if can_update?(version, unlock_requirement)
+          end
+
+          # Fall back to returning the dependency's current version, which is
+          # presumed to be resolvable
+          current_version
+        end
+
+        def updated_dependencies_after_full_unlock
+          version = latest_resolvable_version(unlock_requirement: :all)
+          deps_after_install = fetch_install_metadata(target_version: version)
+
+          original_dependency_details.map do |original_dep|
+            new_version = deps_after_install.fetch(original_dep.name)
+
+            old_reqs = original_dep.requirements.map do |req|
+              requirement_class.new(req[:requirement])
+            end
+
+            next if old_reqs.all? { |req| req.satisfied_by?(new_version) }
+
+            new_requirements =
+              RequirementsUpdater.new(
+                requirements: original_dep.requirements,
+                latest_resolvable_version: new_version.to_s
+              ).updated_requirements
+
+            Dependency.new(
+              name: original_dep.name,
+              version: new_version.to_s,
+              requirements: new_requirements,
+              previous_version: original_dep.version,
+              previous_requirements: original_dep.requirements,
+              package_manager: original_dep.package_manager
+            )
+          end.compact
+        end
+
+        private
+
+        attr_reader :dependency, :dependency_files, :candidate_versions
+
+        def can_update?(version, unlock_requirement)
+          deps_after_install = fetch_install_metadata(target_version: version)
+
+          result = check_install_result(deps_after_install, version)
+
+          # If the install was clean then we can definitely update
+          return true if result == :clean_bump
+
+          # Otherwise, we can still update if the result was a forced full
+          # unlock and we're allowed to unlock other requirements
+          return false unless unlock_requirement == :all
+
+          result == :forced_full_unlock_bump
+        end
+
+        def check_install_result(deps_after_install, target_version)
+          # This can go one of 5 ways:
+          # 1) We bump our dep and no other dep is bumped
+          # 2) We bump our dep and another dep is bumped too
+          #    Scenario: NoRedInk/datetimepicker bump to 3.0.2 also
+          #              bumps elm-css to 14
+          # 3) We bump our dep but actually elm-package doesn't bump it
+          #    Scenario: elm-css bump to 14 but datetimepicker is at 3.0.1
+          # 4) We bump our dep but elm-package just says
+          #    "Packages configured successfully!"
+          #    Narrator: they weren't
+          #    Scenario: impossible dependency (i.e. elm-css 999.999.999)
+          #              a <= v < b where a is greater than latest version
+          # 5) We bump our dep but elm-package blows up (not handled here)
+          #    Scenario: rtfeldman/elm-css 14 && rtfeldman/hashed-class 1.0.0
+          #              I'm not sure what's different from this scenario
+          #              to 3), why it blows up instead of just rolling
+          #              elm-css back to version 9 which is what
+          #              hashed-class requires
+
+          # 4) We bump our dep but elm-package just says
+          #    "Packages configured successfully!"
+          return :empty_elm_stuff_bug if deps_after_install.empty?
+
+          version_after_install = deps_after_install.fetch(dependency.name)
+
+          # 3) We bump our dep but actually elm-package doesn't bump it
+          return :downgrade_bug if version_after_install < target_version
+
+          other_top_level_deps_bumped =
+            original_dependency_details.
+            reject { |dep| dep.name == dependency.name }.
+            select do |dep|
+              reqs = dep.requirements.map { |r| r.fetch(:requirement) }
+              reqs = reqs.map { |r| requirement_class.new(r) }
+              reqs.any? { |r| !r.satisfied_by?(deps_after_install[dep.name]) }
+            end
+
+          # 2) We bump our dep and another dep is bumped
+          return :forced_full_unlock_bump if other_top_level_deps_bumped.any?
+
+          # 1) We bump our dep and no other dep is bumped
+          :clean_bump
+        end
+
+        def fetch_install_metadata(target_version:)
+          @install_cache ||= {}
+          @install_cache[target_version.to_s] ||=
+            SharedHelpers.in_a_temporary_directory do
+              write_temporary_dependency_files(target_version: target_version)
+
+              # Elm package install outputs a preview of the actions to be
+              # performed. We can use this preview to calculate whether it
+              # would do anything funny
+              command = "yes n | elm-package install"
+              response = run_shell_command(command)
+
+              deps_after_install = CliParser.decode_install_preview(response)
+
+              deps_after_install
+            rescue SharedHelpers::HelperSubprocessFailed => error
+              # 5) We bump our dep but elm-package blows up
+              handle_elm_package_errors(error)
+            end
+        end
+
+        def run_shell_command(command)
+          raw_response = nil
+          IO.popen(command, err: %i(child out)) do |process|
+            raw_response = process.read
+          end
+
+          # Raise an error with the output from the shell session if Elm
+          # returns a non-zero status
+          return raw_response if $CHILD_STATUS.success?
+
+          raise SharedHelpers::HelperSubprocessFailed.new(
+            raw_response,
+            command
+          )
+        end
+
+        def handle_elm_package_errors(error)
+          if error.message.include?("I cannot find a set of packages that " \
+                                    "works with your constraints")
+            raise Dependabot::DependencyFileNotResolvable, error.message
+          end
+
+          # I don't know any other errors
+          raise error
+        end
+
+        def write_temporary_dependency_files(target_version:)
+          dependency_files.each do |file|
+            path = file.name
+            FileUtils.mkdir_p(Pathname.new(path).dirname)
+
+            File.write(
+              path,
+              updated_elm_package_content(file.content, target_version)
+            )
+          end
+        end
+
+        def updated_elm_package_content(content, version)
+          json = JSON.parse(content)
+
+          new_requirement = RequirementsUpdater.new(
+            requirements: dependency.requirements,
+            latest_resolvable_version: version.to_s
+          ).updated_requirements.first[:requirement]
+
+          json["dependencies"][dependency.name] = new_requirement
+          JSON.dump(json)
+        end
+
+        def original_dependency_details
+          @original_dependency_details ||=
+            Elm::FileParser.new(
+              dependency_files: dependency_files,
+              source: nil
+            ).parse
+        end
+
+        def current_version
+          return unless dependency.version
+
+          version_class.new(dependency.version)
+        end
+
+        def version_class
+          Elm::Version
+        end
+
+        def requirement_class
+          Elm::Requirement
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/elm/update_checker/elm_19_version_resolver.rb

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require "dependabot/shared_helpers"
+require "dependabot/errors"
+require "dependabot/elm/file_parser"
+require "dependabot/elm/update_checker"
+require "dependabot/elm/update_checker/cli_parser"
+require "dependabot/elm/update_checker/requirements_updater"
+require "dependabot/elm/requirement"
+
+module Dependabot
+  module Elm
+    class UpdateChecker
+      class Elm19VersionResolver
+        class UnrecoverableState < StandardError; end
+
+        def initialize(dependency:, dependency_files:)
+          @dependency = dependency
+          @dependency_files = dependency_files
+        end
+
+        def latest_resolvable_version(unlock_requirement:)
+          unless %i(none own all).include?(unlock_requirement)
+            raise "Invalid unlock setting: #{unlock_requirement}"
+          end
+
+          # Elm has no lockfile, so we will never create an update PR if
+          # unlock requirements are `none`. Just return the current version.
+          return current_version if unlock_requirement == :none
+
+          # Otherwise, we gotta check a few conditions to see if bumping
+          # wouldn't also bump other deps in elm-package.json
+          fetch_latest_resolvable_version(unlock_requirement)
+        end
+
+        def updated_dependencies_after_full_unlock
+          changed_deps = install_metadata
+
+          original_dependency_details.map do |original_dep|
+            new_version = changed_deps.fetch(original_dep.name, nil)
+            next unless new_version
+
+            old_reqs = original_dep.requirements.map do |req|
+              requirement_class.new(req[:requirement])
+            end
+
+            next if old_reqs.all? { |req| req.satisfied_by?(new_version) }
+
+            new_requirements =
+              RequirementsUpdater.new(
+                requirements: original_dep.requirements,
+                latest_resolvable_version: new_version.to_s
+              ).updated_requirements
+
+            Dependency.new(
+              name: original_dep.name,
+              version: new_version.to_s,
+              requirements: new_requirements,
+              previous_version: original_dep.version,
+              previous_requirements: original_dep.requirements,
+              package_manager: original_dep.package_manager
+            )
+          end.compact
+        end
+
+        private
+
+        attr_reader :dependency, :dependency_files
+
+        def fetch_latest_resolvable_version(unlock_requirement)
+          changed_deps = install_metadata
+
+          result = check_install_result(changed_deps)
+          version_after_install = changed_deps.fetch(dependency.name)
+
+          # If the install was clean then we can definitely update
+          return version_after_install if result == :clean_bump
+
+          # Otherwise, we can still update if the result was a forced full
+          # unlock and we're allowed to unlock other requirements
+          return version_after_install if unlock_requirement == :all
+
+          current_version
+        end
+
+        def check_install_result(changed_deps)
+          other_deps_bumped =
+            changed_deps.
+            keys.
+            reject { |name| name == dependency.name }
+
+          return :forced_full_unlock_bump if other_deps_bumped.any?
+
+          :clean_bump
+        end
+
+        def install_metadata
+          @install_metadata ||=
+            SharedHelpers.in_a_temporary_directory do
+              write_temporary_dependency_files
+
+              # Elm package install outputs a preview of the actions to be
+              # performed. We can use this preview to calculate whether it
+              # would do anything funny
+              command = "yes n | elm19 install #{dependency.name}"
+              response = run_shell_command(command)
+
+              CliParser.decode_install_preview(response)
+            rescue SharedHelpers::HelperSubprocessFailed => error
+              # 5) We bump our dep but elm blows up
+              handle_elm_errors(error)
+            end
+        end
+
+        def run_shell_command(command)
+          raw_response = nil
+          IO.popen(command, err: %i(child out)) do |process|
+            raw_response = process.read
+          end
+
+          # Raise an error with the output from the shell session if Elm
+          # returns a non-zero status
+          return raw_response if $CHILD_STATUS.success?
+
+          raise SharedHelpers::HelperSubprocessFailed.new(
+            raw_response,
+            command
+          )
+        end
+
+        def handle_elm_errors(error)
+          if error.message.include?("OLD DEPENDENCIES") ||
+             error.message.include?("BAD JSON")
+            raise Dependabot::DependencyFileNotResolvable, error.message
+          end
+
+          # Raise any unrecognised errors
+          raise error
+        end
+
+        def write_temporary_dependency_files
+          dependency_files.each do |file|
+            path = file.name
+            FileUtils.mkdir_p(Pathname.new(path).dirname)
+
+            File.write(path, updated_elm_json_content(file.content))
+          end
+        end
+
+        def updated_elm_json_content(content)
+          json = JSON.parse(content)
+
+          # Delete the dependency from the elm.json, so that we can use
+          # `elm install <dependency_name>` to generate the install plan
+          %w(dependencies test-dependencies).each do |type|
+            if json.dig(type, dependency.name)
+              json[type].delete(dependency.name)
+            end
+
+            %w(direct indirect).each do |category|
+              if json.dig(type, category, dependency.name)
+                json[type][category].delete(dependency.name)
+              end
+            end
+          end
+
+          json["source-directories"] = []
+
+          JSON.dump(json)
+        end
+
+        def original_dependency_details
+          @original_dependency_details ||=
+            Elm::FileParser.new(
+              dependency_files: dependency_files,
+              source: nil
+            ).parse
+        end
+
+        def current_version
+          return unless dependency.version
+
+          version_class.new(dependency.version)
+        end
+
+        def version_class
+          Elm::Version
+        end
+
+        def requirement_class
+          Elm::Requirement
+        end
+      end
+    end
+  end
+end