dependabot-git-submodules 0.78.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3fe0f46fd2f90b007b3acaeb678e63ea075a054925f8a827d3d2097c196f523a
+  data.tar.gz: 876aa6606115ad75d789c08fd5c426e21c44a0a1cce6a7f6a347857687094c3c
+SHA512:
+  metadata.gz: 354820c1524cd02827666e9a94f89908109ccf34d7e59116cc4dca07c5a986f47f9c24b3304be6eaa3fb9bdcc3caab9e054ef231ea32c2288ecb2cc31ca554e3
+  data.tar.gz: 173eb1fbdf1fe437fa40f1276e17f34c8836a2b74018492243d55b1913d70ab545aeaeeafb5a866c01c817c43eae0823c107399020c3ba75d7f24a48dab64e30

data/lib/dependabot/git_submodules.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/git_submodules/file_fetcher"
+require "dependabot/git_submodules/file_parser"
+require "dependabot/git_submodules/update_checker"
+require "dependabot/git_submodules/file_updater"
+require "dependabot/git_submodules/metadata_finder"

data/lib/dependabot/git_submodules/file_fetcher.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require "parseconfig"
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module GitSubmodules
+    class FileFetcher < Dependabot::FileFetchers::Base
+      def self.required_files_in?(filenames)
+        filenames.include?(".gitmodules")
+      end
+
+      def self.required_files_message
+        "Repo must contain a .gitmodules file."
+      end
+
+      private
+
+      def fetch_files
+        fetched_files = []
+        fetched_files << gitmodules_file
+        fetched_files += submodule_refs
+        fetched_files
+      end
+
+      def gitmodules_file
+        @gitmodules_file ||= fetch_file_from_host(".gitmodules")
+      end
+
+      def submodule_refs
+        submodule_paths.
+          map { |path| fetch_submodule_ref_from_host(path) }.
+          tap { |refs| refs.each { |f| f.support_file = true } }
+      end
+
+      def submodule_paths
+        Dependabot::SharedHelpers.in_a_temporary_directory do
+          File.write(".gitmodules", gitmodules_file.content)
+          ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
+        end
+      end
+
+      def fetch_submodule_ref_from_host(submodule_path)
+        path = Pathname.new(File.join(directory, submodule_path)).
+               cleanpath.to_path.gsub(%r{^/*}, "")
+        sha =  case source.provider
+               when "github"
+                 github_client_for_source.contents(
+                   repo,
+                   path: path,
+                   ref: commit
+                 ).sha
+               when "gitlab"
+                 tmp_path = path.gsub(%r{^/*}, "")
+                 gitlab_client.get_file(repo, tmp_path, commit).blob_id
+               else raise "Unsupported provider '#{source.provider}'."
+               end
+
+        DependencyFile.new(
+          name: Pathname.new(submodule_path).cleanpath.to_path,
+          content: sha,
+          directory: directory,
+          type: "submodule"
+        )
+      rescue Octokit::NotFound, Gitlab::Error::NotFound
+        raise Dependabot::DependencyFileNotFound, path
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.
+  register("submodules", Dependabot::GitSubmodules::FileFetcher)

data/lib/dependabot/git_submodules/file_parser.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require "parseconfig"
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module GitSubmodules
+    class FileParser < Dependabot::FileParsers::Base
+      def parse
+        Dependabot::SharedHelpers.in_a_temporary_directory do
+          File.write(".gitmodules", gitmodules_file.content)
+
+          ParseConfig.new(".gitmodules").params.map do |_, params|
+            branch = params["branch"]
+
+            Dependency.new(
+              name: params["path"],
+              version: submodule_sha(params["path"]),
+              package_manager: "submodules",
+              requirements: [{
+                requirement: nil,
+                file: ".gitmodules",
+                source: {
+                  type: "git",
+                  url: absolute_url(params["url"]),
+                  branch: branch,
+                  ref: branch
+                },
+                groups: []
+              }]
+            )
+          end
+        end
+      end
+
+      private
+
+      def absolute_url(url)
+        # Submodules can be specified with a relative URL (e.g., ../repo.git)
+        # which we want to expand out into a full URL if present.
+        return url unless url.start_with?("../", "./")
+
+        path = Pathname.new(File.join(source.repo, url))
+        "https://#{source.hostname}/#{path.cleanpath}"
+      end
+
+      def submodule_sha(path)
+        submodule = dependency_files.find { |f| f.name == path }
+        raise "Submodule not found #{path}" unless submodule
+
+        submodule.content
+      end
+
+      def gitmodules_file
+        @gitmodules_file ||= get_original_file(".gitmodules")
+      end
+
+      def check_required_files
+        %w(.gitmodules).each do |filename|
+          raise "No #{filename}!" unless get_original_file(filename)
+        end
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.
+  register("submodules", Dependabot::GitSubmodules::FileParser)

data/lib/dependabot/git_submodules/file_updater.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+
+module Dependabot
+  module GitSubmodules
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      def self.updated_files_regex
+        []
+      end
+
+      def updated_dependency_files
+        [updated_file(file: submodule, content: dependency.version)]
+      end
+
+      private
+
+      def dependency
+        # Git submodules will only ever be updating a single dependency
+        dependencies.first
+      end
+
+      def check_required_files
+        %w(.gitmodules).each do |filename|
+          raise "No #{filename}!" unless get_original_file(filename)
+        end
+      end
+
+      def submodule
+        @submodule ||= dependency_files.find do |file|
+          file.name == dependency.name
+        end
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.
+  register("submodules", Dependabot::GitSubmodules::FileUpdater)

data/lib/dependabot/git_submodules/metadata_finder.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+
+module Dependabot
+  module GitSubmodules
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      private
+
+      def look_up_source
+        url = dependency.requirements.first.fetch(:source)[:url] ||
+              dependency.requirements.first.fetch(:source).fetch("url")
+
+        Source.from_url(url)
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.
+  register("submodules", Dependabot::GitSubmodules::MetadataFinder)

data/lib/dependabot/git_submodules/update_checker.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/git_commit_checker"
+
+module Dependabot
+  module GitSubmodules
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      def latest_version
+        @latest_version ||= fetch_latest_version
+      end
+
+      def latest_resolvable_version
+        # Resolvability isn't an issue for submodules.
+        latest_version
+      end
+
+      def latest_resolvable_version_with_no_unlock
+        # No concept of "unlocking" for submodules
+        latest_version
+      end
+
+      def updated_requirements
+        # Submodule requirements are the URL and branch to use for the
+        # submodule. We never want to update either.
+        dependency.requirements
+      end
+
+      private
+
+      def latest_version_resolvable_with_full_unlock?
+        # Full unlock checks aren't relevant for submodules
+        false
+      end
+
+      def updated_dependencies_after_full_unlock
+        raise NotImplementedError
+      end
+
+      def fetch_latest_version
+        git_commit_checker = Dependabot::GitCommitChecker.new(
+          dependency: dependency,
+          credentials: credentials
+        )
+
+        git_commit_checker.head_commit_for_current_branch
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.
+  register("submodules", Dependabot::GitSubmodules::UpdateChecker)

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-git-submodules
+version: !ruby/object:Gem::Version
+  version: 0.78.0
+platform: ruby
+authors:
+- Dependabot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-12-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.78.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.78.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
+  Rust, Java, .NET, Elm and Go
+email: support@dependabot.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/git_submodules.rb
+- lib/dependabot/git_submodules/file_fetcher.rb
+- lib/dependabot/git_submodules/file_parser.rb
+- lib/dependabot/git_submodules/file_updater.rb
+- lib/dependabot/git_submodules/metadata_finder.rb
+- lib/dependabot/git_submodules/update_checker.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- Nonstandard
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.8
+signing_key: 
+specification_version: 4
+summary: Git Submodules support for dependabot-core
+test_files: []