dependabot-git_submodules 0.80.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b84cb38ad137a64b1b7347819184e41e9f7797916d762d071ddd863d93994a88
+  data.tar.gz: 33f728ab2f939903cf7b15f5f57659e3df9543620426be3c7140cecbc529475a
+SHA512:
+  metadata.gz: 5315717bedca2a08dd2fdc90ccb177641f0d699236c7f4280d63e70dcd8c41c263ccc184003b2f93d82b7015140b117edda9acbef442f4efa0a20a0400c5a002
+  data.tar.gz: 73dad2b0b1fdd675b36b7669fa55b62768ea05935730ce616c5d57f3d7b877b199c5afaede151361efa762490a444ea91088a3f466502aa11d7c88567b86b03e

data/lib/dependabot/git_submodules.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/git_submodules/file_fetcher"
+require "dependabot/git_submodules/file_parser"
+require "dependabot/git_submodules/update_checker"
+require "dependabot/git_submodules/file_updater"
+require "dependabot/git_submodules/metadata_finder"

data/lib/dependabot/git_submodules/file_fetcher.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require "parseconfig"
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module GitSubmodules
+    class FileFetcher < Dependabot::FileFetchers::Base
+      def self.required_files_in?(filenames)
+        filenames.include?(".gitmodules")
+      end
+
+      def self.required_files_message
+        "Repo must contain a .gitmodules file."
+      end
+
+      private
+
+      def fetch_files
+        fetched_files = []
+        fetched_files << gitmodules_file
+        fetched_files += submodule_refs
+        fetched_files
+      end
+
+      def gitmodules_file
+        @gitmodules_file ||= fetch_file_from_host(".gitmodules")
+      end
+
+      def submodule_refs
+        submodule_paths.
+          map { |path| fetch_submodule_ref_from_host(path) }.
+          tap { |refs| refs.each { |f| f.support_file = true } }
+      end
+
+      def submodule_paths
+        Dependabot::SharedHelpers.in_a_temporary_directory do
+          File.write(".gitmodules", gitmodules_file.content)
+          ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
+        end
+      end
+
+      def fetch_submodule_ref_from_host(submodule_path)
+        path = Pathname.new(File.join(directory, submodule_path)).
+               cleanpath.to_path.gsub(%r{^/*}, "")
+        sha =  case source.provider
+               when "github"
+                 github_client_for_source.contents(
+                   repo,
+                   path: path,
+                   ref: commit
+                 ).sha
+               when "gitlab"
+                 tmp_path = path.gsub(%r{^/*}, "")
+                 gitlab_client.get_file(repo, tmp_path, commit).blob_id
+               else raise "Unsupported provider '#{source.provider}'."
+               end
+
+        DependencyFile.new(
+          name: Pathname.new(submodule_path).cleanpath.to_path,
+          content: sha,
+          directory: directory,
+          type: "submodule"
+        )
+      rescue Octokit::NotFound, Gitlab::Error::NotFound
+        raise Dependabot::DependencyFileNotFound, path
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.
+  register("submodules", Dependabot::GitSubmodules::FileFetcher)

data/lib/dependabot/git_submodules/file_parser.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require "parseconfig"
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module GitSubmodules
+    class FileParser < Dependabot::FileParsers::Base
+      def parse
+        Dependabot::SharedHelpers.in_a_temporary_directory do
+          File.write(".gitmodules", gitmodules_file.content)
+
+          ParseConfig.new(".gitmodules").params.map do |_, params|
+            branch = params["branch"]
+
+            Dependency.new(
+              name: params["path"],
+              version: submodule_sha(params["path"]),
+              package_manager: "submodules",
+              requirements: [{
+                requirement: nil,
+                file: ".gitmodules",
+                source: {
+                  type: "git",
+                  url: absolute_url(params["url"]),
+                  branch: branch,
+                  ref: branch
+                },
+                groups: []
+              }]
+            )
+          end
+        end
+      end
+
+      private
+
+      def absolute_url(url)
+        # Submodules can be specified with a relative URL (e.g., ../repo.git)
+        # which we want to expand out into a full URL if present.
+        return url unless url.start_with?("../", "./")
+
+        path = Pathname.new(File.join(source.repo, url))
+        "https://#{source.hostname}/#{path.cleanpath}"
+      end
+
+      def submodule_sha(path)
+        submodule = dependency_files.find { |f| f.name == path }
+        raise "Submodule not found #{path}" unless submodule
+
+        submodule.content
+      end
+
+      def gitmodules_file
+        @gitmodules_file ||= get_original_file(".gitmodules")
+      end
+
+      def check_required_files
+        %w(.gitmodules).each do |filename|
+          raise "No #{filename}!" unless get_original_file(filename)
+        end
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.
+  register("submodules", Dependabot::GitSubmodules::FileParser)

data/lib/dependabot/git_submodules/file_updater.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+
+module Dependabot
+  module GitSubmodules
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      def self.updated_files_regex
+        []
+      end
+
+      def updated_dependency_files
+        [updated_file(file: submodule, content: dependency.version)]
+      end
+
+      private
+
+      def dependency
+        # Git submodules will only ever be updating a single dependency
+        dependencies.first
+      end
+
+      def check_required_files
+        %w(.gitmodules).each do |filename|
+          raise "No #{filename}!" unless get_original_file(filename)
+        end
+      end
+
+      def submodule
+        @submodule ||= dependency_files.find do |file|
+          file.name == dependency.name
+        end
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.
+  register("submodules", Dependabot::GitSubmodules::FileUpdater)

data/lib/dependabot/git_submodules/metadata_finder.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+
+module Dependabot
+  module GitSubmodules
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      private
+
+      def look_up_source
+        url = dependency.requirements.first.fetch(:source)[:url] ||
+              dependency.requirements.first.fetch(:source).fetch("url")
+
+        Source.from_url(url)
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.
+  register("submodules", Dependabot::GitSubmodules::MetadataFinder)

data/lib/dependabot/git_submodules/update_checker.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/git_commit_checker"
+
+module Dependabot
+  module GitSubmodules
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      def latest_version
+        @latest_version ||= fetch_latest_version
+      end
+
+      def latest_resolvable_version
+        # Resolvability isn't an issue for submodules.
+        latest_version
+      end
+
+      def latest_resolvable_version_with_no_unlock
+        # No concept of "unlocking" for submodules
+        latest_version
+      end
+
+      def updated_requirements
+        # Submodule requirements are the URL and branch to use for the
+        # submodule. We never want to update either.
+        dependency.requirements
+      end
+
+      private
+
+      def latest_version_resolvable_with_full_unlock?
+        # Full unlock checks aren't relevant for submodules
+        false
+      end
+
+      def updated_dependencies_after_full_unlock
+        raise NotImplementedError
+      end
+
+      def fetch_latest_version
+        git_commit_checker = Dependabot::GitCommitChecker.new(
+          dependency: dependency,
+          credentials: credentials
+        )
+
+        git_commit_checker.head_commit_for_current_branch
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.
+  register("submodules", Dependabot::GitSubmodules::UpdateChecker)

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-git_submodules
+version: !ruby/object:Gem::Version
+  version: 0.80.0
+platform: ruby
+authors:
+- Dependabot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-12-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.80.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.80.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
+  Rust, Java, .NET, Elm and Go
+email: support@dependabot.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/git_submodules.rb
+- lib/dependabot/git_submodules/file_fetcher.rb
+- lib/dependabot/git_submodules/file_parser.rb
+- lib/dependabot/git_submodules/file_updater.rb
+- lib/dependabot/git_submodules/metadata_finder.rb
+- lib/dependabot/git_submodules/update_checker.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- Nonstandard
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Git Submodules support for dependabot-core
+test_files: []