dependabot-git_submodules 0.315.0 → 0.317.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1099ab7191ce79866f178d1718f9e543f052f1f332601775dc7c4fcd3fe2908f
|
|
4
|
+
data.tar.gz: c0e7fcac933fd87b126bc51461a2c00cd2ad83a623a316701226cd303b10b221
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: df5a16f36e7e909500429bc779c6c13d65447a4a9aefe2a136c1c1bfa9dc292acd5c251fe2c216a29f82dd6084a0b98c4c268b6fa908fa2238566e05ed47c5c9
|
|
7
|
+
data.tar.gz: db0e34225b6c31d5017d0ad32e8114c263d5eda8e798e3342eb43e649644cce93fdfacf1e5691b5790ad9160a3a74f7320ed4706403939de9a895f1fd30b94d9
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "json"
|
|
@@ -27,6 +27,8 @@ module Dependabot
|
|
|
27
27
|
def initialize(dependency:, credentials:)
|
|
28
28
|
@dependency = dependency
|
|
29
29
|
@credentials = credentials
|
|
30
|
+
|
|
31
|
+
@url = T.let(url, String)
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
sig { returns(Dependabot::Dependency) }
|
|
@@ -35,13 +37,89 @@ module Dependabot
|
|
|
35
37
|
sig { returns(T::Array[T.untyped]) }
|
|
36
38
|
attr_reader :credentials
|
|
37
39
|
|
|
38
|
-
sig { returns(T.nilable(
|
|
40
|
+
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
39
41
|
def available_versions
|
|
42
|
+
versions_metadata = T.let(fetch_tags_and_release_date, T.nilable(T::Array[GitTagWithDetail]))
|
|
43
|
+
|
|
44
|
+
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
45
|
+
pseudo_version = 1.0
|
|
46
|
+
|
|
47
|
+
# we fallback to the git based tag info if no versions metadata is available
|
|
48
|
+
if versions_metadata&.empty?
|
|
49
|
+
versions_metadata = T.let(fetch_latest_tag_info,
|
|
50
|
+
T.nilable(T::Array[GitTagWithDetail]))
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
releases = T.must(versions_metadata).map do |version_details|
|
|
54
|
+
Dependabot::Package::PackageRelease.new(
|
|
55
|
+
version: GitSubmodules::Version.new((pseudo_version += 1).to_s),
|
|
56
|
+
tag: version_details.tag,
|
|
57
|
+
released_at: version_details.release_date ? Time.parse(T.must(version_details.release_date)) : nil
|
|
58
|
+
)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
releases
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
private
|
|
65
|
+
|
|
66
|
+
sig { returns(T::Array[GitTagWithDetail]) }
|
|
67
|
+
def fetch_latest_tag_info
|
|
68
|
+
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
69
|
+
|
|
40
70
|
git_commit_checker = Dependabot::GitCommitChecker.new(
|
|
41
71
|
dependency: dependency,
|
|
42
72
|
credentials: credentials
|
|
43
73
|
)
|
|
44
|
-
|
|
74
|
+
|
|
75
|
+
parsed_results <<
|
|
76
|
+
GitTagWithDetail.new(
|
|
77
|
+
tag: T.must(git_commit_checker.head_commit_for_current_branch)
|
|
78
|
+
)
|
|
79
|
+
|
|
80
|
+
parsed_results
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
sig { returns(T::Array[GitTagWithDetail]) }
|
|
84
|
+
def fetch_tags_and_release_date
|
|
85
|
+
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
86
|
+
|
|
87
|
+
begin
|
|
88
|
+
Dependabot.logger.info("Fetching release info for Git Submodules: #{dependency.name}")
|
|
89
|
+
|
|
90
|
+
client = Dependabot::GitCommitChecker.new(
|
|
91
|
+
dependency: dependency,
|
|
92
|
+
credentials: credentials
|
|
93
|
+
)
|
|
94
|
+
|
|
95
|
+
response = client.ref_details_for_pinned_ref
|
|
96
|
+
|
|
97
|
+
unless response.status == 200
|
|
98
|
+
Dependabot.logger.error("Error while fetching details for #{dependency.name} " \
|
|
99
|
+
"Detail : #{response.body}")
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
return parsed_results unless response.status == 200
|
|
103
|
+
|
|
104
|
+
releases = JSON.parse(response.body)
|
|
105
|
+
|
|
106
|
+
parsed_results = releases.map do |release|
|
|
107
|
+
GitTagWithDetail.new(
|
|
108
|
+
tag: release["sha"],
|
|
109
|
+
release_date: release["commit"]["committer"]["date"]
|
|
110
|
+
)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
parsed_results
|
|
114
|
+
rescue StandardError => e
|
|
115
|
+
Dependabot.logger.error("Error while fetching package info for git submodule: #{e.message}")
|
|
116
|
+
parsed_results
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
sig { returns(String) }
|
|
121
|
+
def url
|
|
122
|
+
dependency.source_details&.fetch(:url, nil)
|
|
45
123
|
end
|
|
46
124
|
end
|
|
47
125
|
end
|
|
@@ -15,38 +15,110 @@ require "dependabot/git_submodules/package/package_details_fetcher"
|
|
|
15
15
|
module Dependabot
|
|
16
16
|
module GitSubmodules
|
|
17
17
|
class UpdateChecker
|
|
18
|
-
class LatestVersionFinder
|
|
18
|
+
class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
|
|
19
19
|
extend T::Sig
|
|
20
20
|
|
|
21
21
|
sig do
|
|
22
22
|
params(
|
|
23
23
|
dependency: Dependabot::Dependency,
|
|
24
|
-
credentials: T::Array[Dependabot::Credential]
|
|
24
|
+
credentials: T::Array[Dependabot::Credential],
|
|
25
|
+
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
25
26
|
).void
|
|
26
27
|
end
|
|
27
|
-
def initialize(dependency:, credentials:)
|
|
28
|
+
def initialize(dependency:, credentials:, cooldown_options:)
|
|
28
29
|
@dependency = dependency
|
|
29
30
|
@credentials = credentials
|
|
31
|
+
@cooldown_options = cooldown_options
|
|
30
32
|
end
|
|
31
33
|
|
|
32
|
-
sig { returns(Dependabot::Dependency) }
|
|
33
|
-
attr_reader :dependency
|
|
34
|
-
sig { returns(T::Array[Dependabot::Credential]) }
|
|
35
|
-
attr_reader :credentials
|
|
36
|
-
|
|
37
34
|
sig { returns(T.nilable(String)) }
|
|
35
|
+
def latest_tag
|
|
36
|
+
releases = version_list
|
|
37
|
+
|
|
38
|
+
releases = filter_by_cooldown(T.must(releases))
|
|
39
|
+
|
|
40
|
+
# if there are no releases after applying filters, we fallback to the current tag to avoid empty results
|
|
41
|
+
releases = apply_post_fetch_latest_versions_filter(releases)
|
|
42
|
+
releases.first&.tag
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
38
46
|
def version_list
|
|
39
47
|
@version_list ||=
|
|
40
48
|
T.let(Package::PackageDetailsFetcher.new(
|
|
41
49
|
dependency: dependency,
|
|
42
50
|
credentials: credentials
|
|
43
|
-
).available_versions, T.nilable(
|
|
51
|
+
).available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
55
|
+
def in_cooldown_period?(release)
|
|
56
|
+
unless release.released_at
|
|
57
|
+
Dependabot.logger.info("Release date not available for ref tag #{release.tag}")
|
|
58
|
+
return false
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
days = cooldown_days
|
|
62
|
+
passed_seconds = Time.now.to_i - release.released_at.to_i
|
|
63
|
+
passed_days = passed_seconds / DAY_IN_SECONDS
|
|
64
|
+
|
|
65
|
+
if passed_days < days
|
|
66
|
+
Dependabot.logger.info("Filtered #{release.tag}, Released on: " \
|
|
67
|
+
"#{T.must(release.released_at).strftime('%Y-%m-%d')} " \
|
|
68
|
+
"(#{passed_days}/#{days} cooldown days)")
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
passed_seconds < days * DAY_IN_SECONDS
|
|
44
72
|
end
|
|
45
73
|
|
|
46
|
-
sig
|
|
47
|
-
|
|
48
|
-
@latest_version ||= T.let(version_list, T.nilable(String))
|
|
74
|
+
sig do
|
|
75
|
+
returns(Integer)
|
|
49
76
|
end
|
|
77
|
+
def cooldown_days
|
|
78
|
+
cooldown = @cooldown_options
|
|
79
|
+
return 0 if cooldown.nil?
|
|
80
|
+
return 0 unless cooldown_enabled?
|
|
81
|
+
return 0 unless cooldown.included?(dependency.name)
|
|
82
|
+
|
|
83
|
+
return cooldown.default_days if cooldown.default_days.positive?
|
|
84
|
+
return cooldown.semver_major_days if cooldown.semver_major_days.positive?
|
|
85
|
+
return cooldown.semver_minor_days if cooldown.semver_minor_days.positive?
|
|
86
|
+
return cooldown.semver_patch_days if cooldown.semver_patch_days.positive?
|
|
87
|
+
|
|
88
|
+
cooldown.default_days
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
sig { returns(T::Boolean) }
|
|
92
|
+
def cooldown_enabled?
|
|
93
|
+
Dependabot::Experiments.enabled?(:enable_cooldown_for_gitsubmodules)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
sig do
|
|
97
|
+
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
98
|
+
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
99
|
+
end
|
|
100
|
+
def apply_post_fetch_latest_versions_filter(releases)
|
|
101
|
+
if releases.empty?
|
|
102
|
+
Dependabot.logger.info("No releases found for #{dependency.name} after applying filters.")
|
|
103
|
+
return releases
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
releases << Dependabot::Package::PackageRelease.new(
|
|
107
|
+
version: GitSubmodules::Version.new("1.0.0"),
|
|
108
|
+
tag: dependency.version
|
|
109
|
+
)
|
|
110
|
+
|
|
111
|
+
releases
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
sig { returns(Dependabot::Dependency) }
|
|
115
|
+
attr_reader :dependency
|
|
116
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
117
|
+
attr_reader :credentials
|
|
118
|
+
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
119
|
+
attr_reader :cooldown_options
|
|
120
|
+
sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
|
|
121
|
+
def package_details; end
|
|
50
122
|
end
|
|
51
123
|
end
|
|
52
124
|
end
|
|
@@ -58,10 +58,11 @@ module Dependabot
|
|
|
58
58
|
|
|
59
59
|
sig { returns(T.nilable(String)) }
|
|
60
60
|
def fetch_latest_version
|
|
61
|
-
LatestVersionFinder.new(
|
|
61
|
+
T.let(LatestVersionFinder.new(
|
|
62
62
|
dependency: dependency,
|
|
63
|
-
credentials: credentials
|
|
64
|
-
|
|
63
|
+
credentials: credentials,
|
|
64
|
+
cooldown_options: update_cooldown
|
|
65
|
+
).latest_tag, T.nilable(String))
|
|
65
66
|
end
|
|
66
67
|
end
|
|
67
68
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-git_submodules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.317.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.317.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.317.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parseconfig
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,7 +277,7 @@ licenses:
|
|
|
277
277
|
- MIT
|
|
278
278
|
metadata:
|
|
279
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
280
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.317.0
|
|
281
281
|
rdoc_options: []
|
|
282
282
|
require_paths:
|
|
283
283
|
- lib
|