dependabot-git_submodules 0.316.0 → 0.317.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1099ab7191ce79866f178d1718f9e543f052f1f332601775dc7c4fcd3fe2908f
|
|
4
|
+
data.tar.gz: c0e7fcac933fd87b126bc51461a2c00cd2ad83a623a316701226cd303b10b221
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: df5a16f36e7e909500429bc779c6c13d65447a4a9aefe2a136c1c1bfa9dc292acd5c251fe2c216a29f82dd6084a0b98c4c268b6fa908fa2238566e05ed47c5c9
|
|
7
|
+
data.tar.gz: db0e34225b6c31d5017d0ad32e8114c263d5eda8e798e3342eb43e649644cce93fdfacf1e5691b5790ad9160a3a74f7320ed4706403939de9a895f1fd30b94d9
|
|
@@ -28,17 +28,9 @@ module Dependabot
|
|
|
28
28
|
@dependency = dependency
|
|
29
29
|
@credentials = credentials
|
|
30
30
|
|
|
31
|
-
@ref = T.let(ref, String)
|
|
32
31
|
@url = T.let(url, String)
|
|
33
32
|
end
|
|
34
33
|
|
|
35
|
-
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
36
|
-
VERSION = "1.0.0"
|
|
37
|
-
|
|
38
|
-
# we use a default release date in case we reply on fallback logic of
|
|
39
|
-
# getting refs/tags to prevent filtering out head release (greater than max cooldown period)
|
|
40
|
-
DEFAULT_RELEASE_DATE = T.let(Time.now.utc - (60 * 60 * 24 * 91), Time)
|
|
41
|
-
|
|
42
34
|
sig { returns(Dependabot::Dependency) }
|
|
43
35
|
attr_reader :dependency
|
|
44
36
|
|
|
@@ -49,6 +41,9 @@ module Dependabot
|
|
|
49
41
|
def available_versions
|
|
50
42
|
versions_metadata = T.let(fetch_tags_and_release_date, T.nilable(T::Array[GitTagWithDetail]))
|
|
51
43
|
|
|
44
|
+
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
45
|
+
pseudo_version = 1.0
|
|
46
|
+
|
|
52
47
|
# we fallback to the git based tag info if no versions metadata is available
|
|
53
48
|
if versions_metadata&.empty?
|
|
54
49
|
versions_metadata = T.let(fetch_latest_tag_info,
|
|
@@ -57,9 +52,9 @@ module Dependabot
|
|
|
57
52
|
|
|
58
53
|
releases = T.must(versions_metadata).map do |version_details|
|
|
59
54
|
Dependabot::Package::PackageRelease.new(
|
|
60
|
-
version: GitSubmodules::Version.new(
|
|
55
|
+
version: GitSubmodules::Version.new((pseudo_version += 1).to_s),
|
|
61
56
|
tag: version_details.tag,
|
|
62
|
-
released_at: Time.parse(version_details.release_date)
|
|
57
|
+
released_at: version_details.release_date ? Time.parse(T.must(version_details.release_date)) : nil
|
|
63
58
|
)
|
|
64
59
|
end
|
|
65
60
|
|
|
@@ -79,8 +74,7 @@ module Dependabot
|
|
|
79
74
|
|
|
80
75
|
parsed_results <<
|
|
81
76
|
GitTagWithDetail.new(
|
|
82
|
-
tag: T.must(git_commit_checker.head_commit_for_current_branch)
|
|
83
|
-
release_date: DEFAULT_RELEASE_DATE.to_s
|
|
77
|
+
tag: T.must(git_commit_checker.head_commit_for_current_branch)
|
|
84
78
|
)
|
|
85
79
|
|
|
86
80
|
parsed_results
|
|
@@ -93,11 +87,16 @@ module Dependabot
|
|
|
93
87
|
begin
|
|
94
88
|
Dependabot.logger.info("Fetching release info for Git Submodules: #{dependency.name}")
|
|
95
89
|
|
|
96
|
-
|
|
90
|
+
client = Dependabot::GitCommitChecker.new(
|
|
91
|
+
dependency: dependency,
|
|
92
|
+
credentials: credentials
|
|
93
|
+
)
|
|
94
|
+
|
|
95
|
+
response = client.ref_details_for_pinned_ref
|
|
97
96
|
|
|
98
97
|
unless response.status == 200
|
|
99
|
-
Dependabot.logger.error("Error while fetching details for #{dependency.name}" \
|
|
100
|
-
"
|
|
98
|
+
Dependabot.logger.error("Error while fetching details for #{dependency.name} " \
|
|
99
|
+
"Detail : #{response.body}")
|
|
101
100
|
end
|
|
102
101
|
|
|
103
102
|
return parsed_results unless response.status == 200
|
|
@@ -113,28 +112,11 @@ module Dependabot
|
|
|
113
112
|
|
|
114
113
|
parsed_results
|
|
115
114
|
rescue StandardError => e
|
|
116
|
-
Dependabot.logger.error("Error while fetching package info for
|
|
115
|
+
Dependabot.logger.error("Error while fetching package info for git submodule: #{e.message}")
|
|
117
116
|
parsed_results
|
|
118
117
|
end
|
|
119
118
|
end
|
|
120
119
|
|
|
121
|
-
sig { returns(String) }
|
|
122
|
-
def provider_url
|
|
123
|
-
provider_url = @url.gsub(/\.git$/, "")
|
|
124
|
-
|
|
125
|
-
api_url = {
|
|
126
|
-
github: provider_url.gsub("github.com", "api.github.com/repos")
|
|
127
|
-
}.freeze
|
|
128
|
-
|
|
129
|
-
"#{api_url[:github]}/commits?sha=#{@ref}"
|
|
130
|
-
end
|
|
131
|
-
|
|
132
|
-
sig { returns(String) }
|
|
133
|
-
def ref
|
|
134
|
-
dependency.source_details&.fetch(:ref, nil) ||
|
|
135
|
-
dependency.source_details&.fetch(:branch, nil) || "HEAD"
|
|
136
|
-
end
|
|
137
|
-
|
|
138
120
|
sig { returns(String) }
|
|
139
121
|
def url
|
|
140
122
|
dependency.source_details&.fetch(:url, nil)
|
|
@@ -15,24 +15,32 @@ require "dependabot/git_submodules/package/package_details_fetcher"
|
|
|
15
15
|
module Dependabot
|
|
16
16
|
module GitSubmodules
|
|
17
17
|
class UpdateChecker
|
|
18
|
-
class LatestVersionFinder
|
|
18
|
+
class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
|
|
19
19
|
extend T::Sig
|
|
20
20
|
|
|
21
21
|
sig do
|
|
22
22
|
params(
|
|
23
23
|
dependency: Dependabot::Dependency,
|
|
24
|
-
credentials: T::Array[Dependabot::Credential]
|
|
24
|
+
credentials: T::Array[Dependabot::Credential],
|
|
25
|
+
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
25
26
|
).void
|
|
26
27
|
end
|
|
27
|
-
def initialize(dependency:, credentials:)
|
|
28
|
+
def initialize(dependency:, credentials:, cooldown_options:)
|
|
28
29
|
@dependency = dependency
|
|
29
30
|
@credentials = credentials
|
|
31
|
+
@cooldown_options = cooldown_options
|
|
30
32
|
end
|
|
31
33
|
|
|
32
|
-
sig { returns(
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
34
|
+
sig { returns(T.nilable(String)) }
|
|
35
|
+
def latest_tag
|
|
36
|
+
releases = version_list
|
|
37
|
+
|
|
38
|
+
releases = filter_by_cooldown(T.must(releases))
|
|
39
|
+
|
|
40
|
+
# if there are no releases after applying filters, we fallback to the current tag to avoid empty results
|
|
41
|
+
releases = apply_post_fetch_latest_versions_filter(releases)
|
|
42
|
+
releases.first&.tag
|
|
43
|
+
end
|
|
36
44
|
|
|
37
45
|
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
38
46
|
def version_list
|
|
@@ -43,12 +51,74 @@ module Dependabot
|
|
|
43
51
|
).available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
44
52
|
end
|
|
45
53
|
|
|
46
|
-
sig { returns(T
|
|
47
|
-
def
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
54
|
+
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
55
|
+
def in_cooldown_period?(release)
|
|
56
|
+
unless release.released_at
|
|
57
|
+
Dependabot.logger.info("Release date not available for ref tag #{release.tag}")
|
|
58
|
+
return false
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
days = cooldown_days
|
|
62
|
+
passed_seconds = Time.now.to_i - release.released_at.to_i
|
|
63
|
+
passed_days = passed_seconds / DAY_IN_SECONDS
|
|
64
|
+
|
|
65
|
+
if passed_days < days
|
|
66
|
+
Dependabot.logger.info("Filtered #{release.tag}, Released on: " \
|
|
67
|
+
"#{T.must(release.released_at).strftime('%Y-%m-%d')} " \
|
|
68
|
+
"(#{passed_days}/#{days} cooldown days)")
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
passed_seconds < days * DAY_IN_SECONDS
|
|
51
72
|
end
|
|
73
|
+
|
|
74
|
+
sig do
|
|
75
|
+
returns(Integer)
|
|
76
|
+
end
|
|
77
|
+
def cooldown_days
|
|
78
|
+
cooldown = @cooldown_options
|
|
79
|
+
return 0 if cooldown.nil?
|
|
80
|
+
return 0 unless cooldown_enabled?
|
|
81
|
+
return 0 unless cooldown.included?(dependency.name)
|
|
82
|
+
|
|
83
|
+
return cooldown.default_days if cooldown.default_days.positive?
|
|
84
|
+
return cooldown.semver_major_days if cooldown.semver_major_days.positive?
|
|
85
|
+
return cooldown.semver_minor_days if cooldown.semver_minor_days.positive?
|
|
86
|
+
return cooldown.semver_patch_days if cooldown.semver_patch_days.positive?
|
|
87
|
+
|
|
88
|
+
cooldown.default_days
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
sig { returns(T::Boolean) }
|
|
92
|
+
def cooldown_enabled?
|
|
93
|
+
Dependabot::Experiments.enabled?(:enable_cooldown_for_gitsubmodules)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
sig do
|
|
97
|
+
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
98
|
+
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
99
|
+
end
|
|
100
|
+
def apply_post_fetch_latest_versions_filter(releases)
|
|
101
|
+
if releases.empty?
|
|
102
|
+
Dependabot.logger.info("No releases found for #{dependency.name} after applying filters.")
|
|
103
|
+
return releases
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
releases << Dependabot::Package::PackageRelease.new(
|
|
107
|
+
version: GitSubmodules::Version.new("1.0.0"),
|
|
108
|
+
tag: dependency.version
|
|
109
|
+
)
|
|
110
|
+
|
|
111
|
+
releases
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
sig { returns(Dependabot::Dependency) }
|
|
115
|
+
attr_reader :dependency
|
|
116
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
117
|
+
attr_reader :credentials
|
|
118
|
+
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
119
|
+
attr_reader :cooldown_options
|
|
120
|
+
sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
|
|
121
|
+
def package_details; end
|
|
52
122
|
end
|
|
53
123
|
end
|
|
54
124
|
end
|
|
@@ -60,8 +60,9 @@ module Dependabot
|
|
|
60
60
|
def fetch_latest_version
|
|
61
61
|
T.let(LatestVersionFinder.new(
|
|
62
62
|
dependency: dependency,
|
|
63
|
-
credentials: credentials
|
|
64
|
-
|
|
63
|
+
credentials: credentials,
|
|
64
|
+
cooldown_options: update_cooldown
|
|
65
|
+
).latest_tag, T.nilable(String))
|
|
65
66
|
end
|
|
66
67
|
end
|
|
67
68
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-git_submodules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.317.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.317.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.317.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parseconfig
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,7 +277,7 @@ licenses:
|
|
|
277
277
|
- MIT
|
|
278
278
|
metadata:
|
|
279
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
280
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.317.0
|
|
281
281
|
rdoc_options: []
|
|
282
282
|
require_paths:
|
|
283
283
|
- lib
|