dependabot-git_submodules 0.314.0 → 0.316.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9667cdfa37aaa6e90bba941f1b653fb5f8f158e6ca251728fedb387134a4d5f8
|
|
4
|
+
data.tar.gz: 49c4e869e2baad8f0e7af43eb19cab762abcce32581d1eaf4cb55058039e1838
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e800f9531b77938d70e90e2acb9b9c41caaea92ec0f362d6b500c37298c0213fcf8ccd0d1302a935e919a2dc5420fcb4ee36942f8c15daee07c293ecb6cbf49c
|
|
7
|
+
data.tar.gz: 266c229f93ef4d8cfe09542d1b85151d3b76e1c89f6f8bb7c6f3c8aaa652ccdd4517690c5866656eea7b05dda2aaaf06ab6907fb6d2c7eb76b6c19a844be1b43
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "json"
|
|
5
|
+
require "time"
|
|
6
|
+
require "cgi"
|
|
7
|
+
require "excon"
|
|
8
|
+
require "nokogiri"
|
|
9
|
+
require "sorbet-runtime"
|
|
10
|
+
require "dependabot/registry_client"
|
|
11
|
+
require "dependabot/git_submodules"
|
|
12
|
+
require "dependabot/package/package_release"
|
|
13
|
+
require "dependabot/package/package_details"
|
|
14
|
+
|
|
15
|
+
module Dependabot
|
|
16
|
+
module GitSubmodules
|
|
17
|
+
module Package
|
|
18
|
+
class PackageDetailsFetcher
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
21
|
+
sig do
|
|
22
|
+
params(
|
|
23
|
+
dependency: Dependabot::Dependency,
|
|
24
|
+
credentials: T::Array[Dependabot::Credential]
|
|
25
|
+
).void
|
|
26
|
+
end
|
|
27
|
+
def initialize(dependency:, credentials:)
|
|
28
|
+
@dependency = dependency
|
|
29
|
+
@credentials = credentials
|
|
30
|
+
|
|
31
|
+
@ref = T.let(ref, String)
|
|
32
|
+
@url = T.let(url, String)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
36
|
+
VERSION = "1.0.0"
|
|
37
|
+
|
|
38
|
+
# we use a default release date in case we reply on fallback logic of
|
|
39
|
+
# getting refs/tags to prevent filtering out head release (greater than max cooldown period)
|
|
40
|
+
DEFAULT_RELEASE_DATE = T.let(Time.now.utc - (60 * 60 * 24 * 91), Time)
|
|
41
|
+
|
|
42
|
+
sig { returns(Dependabot::Dependency) }
|
|
43
|
+
attr_reader :dependency
|
|
44
|
+
|
|
45
|
+
sig { returns(T::Array[T.untyped]) }
|
|
46
|
+
attr_reader :credentials
|
|
47
|
+
|
|
48
|
+
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
49
|
+
def available_versions
|
|
50
|
+
versions_metadata = T.let(fetch_tags_and_release_date, T.nilable(T::Array[GitTagWithDetail]))
|
|
51
|
+
|
|
52
|
+
# we fallback to the git based tag info if no versions metadata is available
|
|
53
|
+
if versions_metadata&.empty?
|
|
54
|
+
versions_metadata = T.let(fetch_latest_tag_info,
|
|
55
|
+
T.nilable(T::Array[GitTagWithDetail]))
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
releases = T.must(versions_metadata).map do |version_details|
|
|
59
|
+
Dependabot::Package::PackageRelease.new(
|
|
60
|
+
version: GitSubmodules::Version.new(VERSION),
|
|
61
|
+
tag: version_details.tag,
|
|
62
|
+
released_at: Time.parse(version_details.release_date)
|
|
63
|
+
)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
releases
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
private
|
|
70
|
+
|
|
71
|
+
sig { returns(T::Array[GitTagWithDetail]) }
|
|
72
|
+
def fetch_latest_tag_info
|
|
73
|
+
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
74
|
+
|
|
75
|
+
git_commit_checker = Dependabot::GitCommitChecker.new(
|
|
76
|
+
dependency: dependency,
|
|
77
|
+
credentials: credentials
|
|
78
|
+
)
|
|
79
|
+
|
|
80
|
+
parsed_results <<
|
|
81
|
+
GitTagWithDetail.new(
|
|
82
|
+
tag: T.must(git_commit_checker.head_commit_for_current_branch),
|
|
83
|
+
release_date: DEFAULT_RELEASE_DATE.to_s
|
|
84
|
+
)
|
|
85
|
+
|
|
86
|
+
parsed_results
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
sig { returns(T::Array[GitTagWithDetail]) }
|
|
90
|
+
def fetch_tags_and_release_date
|
|
91
|
+
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
92
|
+
|
|
93
|
+
begin
|
|
94
|
+
Dependabot.logger.info("Fetching release info for Git Submodules: #{dependency.name}")
|
|
95
|
+
|
|
96
|
+
response = Excon.get(provider_url)
|
|
97
|
+
|
|
98
|
+
unless response.status == 200
|
|
99
|
+
Dependabot.logger.error("Error while fetching details for #{dependency.name}" \
|
|
100
|
+
" Detail : #{response.body}")
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
return parsed_results unless response.status == 200
|
|
104
|
+
|
|
105
|
+
releases = JSON.parse(response.body)
|
|
106
|
+
|
|
107
|
+
parsed_results = releases.map do |release|
|
|
108
|
+
GitTagWithDetail.new(
|
|
109
|
+
tag: release["sha"],
|
|
110
|
+
release_date: release["commit"]["committer"]["date"]
|
|
111
|
+
)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
parsed_results
|
|
115
|
+
rescue StandardError => e
|
|
116
|
+
Dependabot.logger.error("Error while fetching package info for Git Submodules: #{e.message}")
|
|
117
|
+
parsed_results
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
sig { returns(String) }
|
|
122
|
+
def provider_url
|
|
123
|
+
provider_url = @url.gsub(/\.git$/, "")
|
|
124
|
+
|
|
125
|
+
api_url = {
|
|
126
|
+
github: provider_url.gsub("github.com", "api.github.com/repos")
|
|
127
|
+
}.freeze
|
|
128
|
+
|
|
129
|
+
"#{api_url[:github]}/commits?sha=#{@ref}"
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
sig { returns(String) }
|
|
133
|
+
def ref
|
|
134
|
+
dependency.source_details&.fetch(:ref, nil) ||
|
|
135
|
+
dependency.source_details&.fetch(:branch, nil) || "HEAD"
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
sig { returns(String) }
|
|
139
|
+
def url
|
|
140
|
+
dependency.source_details&.fetch(:url, nil)
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "excon"
|
|
5
|
+
require "json"
|
|
6
|
+
require "sorbet-runtime"
|
|
7
|
+
|
|
8
|
+
require "dependabot/errors"
|
|
9
|
+
require "dependabot/shared_helpers"
|
|
10
|
+
require "dependabot/update_checkers/version_filters"
|
|
11
|
+
require "dependabot/package/package_latest_version_finder"
|
|
12
|
+
require "dependabot/git_submodules/update_checker"
|
|
13
|
+
require "dependabot/git_submodules/package/package_details_fetcher"
|
|
14
|
+
|
|
15
|
+
module Dependabot
|
|
16
|
+
module GitSubmodules
|
|
17
|
+
class UpdateChecker
|
|
18
|
+
class LatestVersionFinder
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
21
|
+
sig do
|
|
22
|
+
params(
|
|
23
|
+
dependency: Dependabot::Dependency,
|
|
24
|
+
credentials: T::Array[Dependabot::Credential]
|
|
25
|
+
).void
|
|
26
|
+
end
|
|
27
|
+
def initialize(dependency:, credentials:)
|
|
28
|
+
@dependency = dependency
|
|
29
|
+
@credentials = credentials
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
sig { returns(Dependabot::Dependency) }
|
|
33
|
+
attr_reader :dependency
|
|
34
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
35
|
+
attr_reader :credentials
|
|
36
|
+
|
|
37
|
+
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
38
|
+
def version_list
|
|
39
|
+
@version_list ||=
|
|
40
|
+
T.let(Package::PackageDetailsFetcher.new(
|
|
41
|
+
dependency: dependency,
|
|
42
|
+
credentials: credentials
|
|
43
|
+
).available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
sig { returns(T.nilable(String)) }
|
|
47
|
+
def latest_version
|
|
48
|
+
latest_version = version_list
|
|
49
|
+
latest_version = latest_version&.first&.tag.to_s
|
|
50
|
+
latest_version
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -13,6 +13,7 @@ module Dependabot
|
|
|
13
13
|
module GitSubmodules
|
|
14
14
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
15
15
|
extend T::Sig
|
|
16
|
+
require_relative "update_checker/latest_version_finder"
|
|
16
17
|
|
|
17
18
|
sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
|
|
18
19
|
def latest_version
|
|
@@ -57,12 +58,10 @@ module Dependabot
|
|
|
57
58
|
|
|
58
59
|
sig { returns(T.nilable(String)) }
|
|
59
60
|
def fetch_latest_version
|
|
60
|
-
|
|
61
|
+
T.let(LatestVersionFinder.new(
|
|
61
62
|
dependency: dependency,
|
|
62
63
|
credentials: credentials
|
|
63
|
-
)
|
|
64
|
-
|
|
65
|
-
git_commit_checker.head_commit_for_current_branch
|
|
64
|
+
).latest_version, T.nilable(String))
|
|
66
65
|
end
|
|
67
66
|
end
|
|
68
67
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-git_submodules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.316.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: dependabot-common
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.316.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.316.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parseconfig
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,16 +266,18 @@ files:
|
|
|
266
266
|
- lib/dependabot/git_submodules/file_parser.rb
|
|
267
267
|
- lib/dependabot/git_submodules/file_updater.rb
|
|
268
268
|
- lib/dependabot/git_submodules/metadata_finder.rb
|
|
269
|
+
- lib/dependabot/git_submodules/package/package_details_fetcher.rb
|
|
269
270
|
- lib/dependabot/git_submodules/package_manager.rb
|
|
270
271
|
- lib/dependabot/git_submodules/requirement.rb
|
|
271
272
|
- lib/dependabot/git_submodules/update_checker.rb
|
|
273
|
+
- lib/dependabot/git_submodules/update_checker/latest_version_finder.rb
|
|
272
274
|
- lib/dependabot/git_submodules/version.rb
|
|
273
275
|
homepage: https://github.com/dependabot/dependabot-core
|
|
274
276
|
licenses:
|
|
275
277
|
- MIT
|
|
276
278
|
metadata:
|
|
277
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
278
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.316.0
|
|
279
281
|
rdoc_options: []
|
|
280
282
|
require_paths:
|
|
281
283
|
- lib
|
|
@@ -283,14 +285,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
283
285
|
requirements:
|
|
284
286
|
- - ">="
|
|
285
287
|
- !ruby/object:Gem::Version
|
|
286
|
-
version: 3.
|
|
288
|
+
version: 3.3.0
|
|
287
289
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
288
290
|
requirements:
|
|
289
291
|
- - ">="
|
|
290
292
|
- !ruby/object:Gem::Version
|
|
291
|
-
version: 3.
|
|
293
|
+
version: 3.3.0
|
|
292
294
|
requirements: []
|
|
293
|
-
rubygems_version: 3.6.
|
|
295
|
+
rubygems_version: 3.6.9
|
|
294
296
|
specification_version: 4
|
|
295
297
|
summary: Provides Dependabot support for Git Submodules
|
|
296
298
|
test_files: []
|