dependabot-git_submodules 0.315.0 → 0.316.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9667cdfa37aaa6e90bba941f1b653fb5f8f158e6ca251728fedb387134a4d5f8
|
|
4
|
+
data.tar.gz: 49c4e869e2baad8f0e7af43eb19cab762abcce32581d1eaf4cb55058039e1838
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e800f9531b77938d70e90e2acb9b9c41caaea92ec0f362d6b500c37298c0213fcf8ccd0d1302a935e919a2dc5420fcb4ee36942f8c15daee07c293ecb6cbf49c
|
|
7
|
+
data.tar.gz: 266c229f93ef4d8cfe09542d1b85151d3b76e1c89f6f8bb7c6f3c8aaa652ccdd4517690c5866656eea7b05dda2aaaf06ab6907fb6d2c7eb76b6c19a844be1b43
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "json"
|
|
@@ -27,21 +27,117 @@ module Dependabot
|
|
|
27
27
|
def initialize(dependency:, credentials:)
|
|
28
28
|
@dependency = dependency
|
|
29
29
|
@credentials = credentials
|
|
30
|
+
|
|
31
|
+
@ref = T.let(ref, String)
|
|
32
|
+
@url = T.let(url, String)
|
|
30
33
|
end
|
|
31
34
|
|
|
35
|
+
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
36
|
+
VERSION = "1.0.0"
|
|
37
|
+
|
|
38
|
+
# we use a default release date in case we reply on fallback logic of
|
|
39
|
+
# getting refs/tags to prevent filtering out head release (greater than max cooldown period)
|
|
40
|
+
DEFAULT_RELEASE_DATE = T.let(Time.now.utc - (60 * 60 * 24 * 91), Time)
|
|
41
|
+
|
|
32
42
|
sig { returns(Dependabot::Dependency) }
|
|
33
43
|
attr_reader :dependency
|
|
34
44
|
|
|
35
45
|
sig { returns(T::Array[T.untyped]) }
|
|
36
46
|
attr_reader :credentials
|
|
37
47
|
|
|
38
|
-
sig { returns(T.nilable(
|
|
48
|
+
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
39
49
|
def available_versions
|
|
50
|
+
versions_metadata = T.let(fetch_tags_and_release_date, T.nilable(T::Array[GitTagWithDetail]))
|
|
51
|
+
|
|
52
|
+
# we fallback to the git based tag info if no versions metadata is available
|
|
53
|
+
if versions_metadata&.empty?
|
|
54
|
+
versions_metadata = T.let(fetch_latest_tag_info,
|
|
55
|
+
T.nilable(T::Array[GitTagWithDetail]))
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
releases = T.must(versions_metadata).map do |version_details|
|
|
59
|
+
Dependabot::Package::PackageRelease.new(
|
|
60
|
+
version: GitSubmodules::Version.new(VERSION),
|
|
61
|
+
tag: version_details.tag,
|
|
62
|
+
released_at: Time.parse(version_details.release_date)
|
|
63
|
+
)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
releases
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
private
|
|
70
|
+
|
|
71
|
+
sig { returns(T::Array[GitTagWithDetail]) }
|
|
72
|
+
def fetch_latest_tag_info
|
|
73
|
+
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
74
|
+
|
|
40
75
|
git_commit_checker = Dependabot::GitCommitChecker.new(
|
|
41
76
|
dependency: dependency,
|
|
42
77
|
credentials: credentials
|
|
43
78
|
)
|
|
44
|
-
|
|
79
|
+
|
|
80
|
+
parsed_results <<
|
|
81
|
+
GitTagWithDetail.new(
|
|
82
|
+
tag: T.must(git_commit_checker.head_commit_for_current_branch),
|
|
83
|
+
release_date: DEFAULT_RELEASE_DATE.to_s
|
|
84
|
+
)
|
|
85
|
+
|
|
86
|
+
parsed_results
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
sig { returns(T::Array[GitTagWithDetail]) }
|
|
90
|
+
def fetch_tags_and_release_date
|
|
91
|
+
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
92
|
+
|
|
93
|
+
begin
|
|
94
|
+
Dependabot.logger.info("Fetching release info for Git Submodules: #{dependency.name}")
|
|
95
|
+
|
|
96
|
+
response = Excon.get(provider_url)
|
|
97
|
+
|
|
98
|
+
unless response.status == 200
|
|
99
|
+
Dependabot.logger.error("Error while fetching details for #{dependency.name}" \
|
|
100
|
+
" Detail : #{response.body}")
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
return parsed_results unless response.status == 200
|
|
104
|
+
|
|
105
|
+
releases = JSON.parse(response.body)
|
|
106
|
+
|
|
107
|
+
parsed_results = releases.map do |release|
|
|
108
|
+
GitTagWithDetail.new(
|
|
109
|
+
tag: release["sha"],
|
|
110
|
+
release_date: release["commit"]["committer"]["date"]
|
|
111
|
+
)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
parsed_results
|
|
115
|
+
rescue StandardError => e
|
|
116
|
+
Dependabot.logger.error("Error while fetching package info for Git Submodules: #{e.message}")
|
|
117
|
+
parsed_results
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
sig { returns(String) }
|
|
122
|
+
def provider_url
|
|
123
|
+
provider_url = @url.gsub(/\.git$/, "")
|
|
124
|
+
|
|
125
|
+
api_url = {
|
|
126
|
+
github: provider_url.gsub("github.com", "api.github.com/repos")
|
|
127
|
+
}.freeze
|
|
128
|
+
|
|
129
|
+
"#{api_url[:github]}/commits?sha=#{@ref}"
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
sig { returns(String) }
|
|
133
|
+
def ref
|
|
134
|
+
dependency.source_details&.fetch(:ref, nil) ||
|
|
135
|
+
dependency.source_details&.fetch(:branch, nil) || "HEAD"
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
sig { returns(String) }
|
|
139
|
+
def url
|
|
140
|
+
dependency.source_details&.fetch(:url, nil)
|
|
45
141
|
end
|
|
46
142
|
end
|
|
47
143
|
end
|
|
@@ -34,18 +34,20 @@ module Dependabot
|
|
|
34
34
|
sig { returns(T::Array[Dependabot::Credential]) }
|
|
35
35
|
attr_reader :credentials
|
|
36
36
|
|
|
37
|
-
sig { returns(T.nilable(
|
|
37
|
+
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
38
38
|
def version_list
|
|
39
39
|
@version_list ||=
|
|
40
40
|
T.let(Package::PackageDetailsFetcher.new(
|
|
41
41
|
dependency: dependency,
|
|
42
42
|
credentials: credentials
|
|
43
|
-
).available_versions, T.nilable(
|
|
43
|
+
).available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
-
sig { returns(T.nilable(
|
|
46
|
+
sig { returns(T.nilable(String)) }
|
|
47
47
|
def latest_version
|
|
48
|
-
|
|
48
|
+
latest_version = version_list
|
|
49
|
+
latest_version = latest_version&.first&.tag.to_s
|
|
50
|
+
latest_version
|
|
49
51
|
end
|
|
50
52
|
end
|
|
51
53
|
end
|
|
@@ -58,10 +58,10 @@ module Dependabot
|
|
|
58
58
|
|
|
59
59
|
sig { returns(T.nilable(String)) }
|
|
60
60
|
def fetch_latest_version
|
|
61
|
-
LatestVersionFinder.new(
|
|
61
|
+
T.let(LatestVersionFinder.new(
|
|
62
62
|
dependency: dependency,
|
|
63
63
|
credentials: credentials
|
|
64
|
-
).
|
|
64
|
+
).latest_version, T.nilable(String))
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-git_submodules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.316.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.316.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.316.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parseconfig
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,7 +277,7 @@ licenses:
|
|
|
277
277
|
- MIT
|
|
278
278
|
metadata:
|
|
279
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
280
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.316.0
|
|
281
281
|
rdoc_options: []
|
|
282
282
|
require_paths:
|
|
283
283
|
- lib
|