dependabot-git_submodules 0.361.1 → 0.361.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/git_submodules/package/package_details_fetcher.rb +115 -40
  3. data/lib/dependabot/git_submodules/update_checker/latest_version_finder.rb +2 -2
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8343e8da01058a31c9dab63f11ec355d1d4d9d14ec0034aa48973ccafce2d677
4
- data.tar.gz: 4bae29c894a9d8e9e785281de1f86be31616a6a27c7562ba583e1a3a0916b5fb
3
+ metadata.gz: 75a02824539aee4dc3114760cb13750df7b0682d881d768ef985cd2f2007ac5a
4
+ data.tar.gz: 1c8cb74244655a987d8e19d1c3d366b3bd8488bc930bbd3b2f288d1cb21b9918
5
5
  SHA512:
6
- metadata.gz: f75c4093d8be080c1e7ffc1b45c84252eb8dcdde85e4e8630e53f5f2c27b0f9f094c8c30c47b58646172a06fe1b7f907ce62ea3eeeba006fd65695e0b3f88726
7
- data.tar.gz: e4f62b6f7cda06a91a31dc85768d56750f20c414e24c9d1cc1ed119cb185e8fba63db40d7a48003ea5cc51e269283d59afc3532433455fcfe25d3c6e3291eafc
6
+ metadata.gz: 748d7b166256bdf2fdef580eea4bb5226e17c3e282e2c852d95437a0a0b3e97956c59afa1e87c96e55c001b1006009e7135df0cb0308e2fefcefa181f5bee42d
7
+ data.tar.gz: d95c8bfcd8fb61e120cf76746ef561403fb23689e8a466992039a473187191e63d1d0324d52df0ee3ec6cde7d3b8b0066c7a4ab1c9a9edcd307f7bedfc1baca3
data/lib/dependabot/git_submodules/package/package_details_fetcher.rb CHANGED
@@ -39,11 +39,9 @@ module Dependabot
39
39
 
40
40
  sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
41
41
  def available_versions
42
+ sha_to_tags = build_sha_to_tags
42
43
  versions_metadata = T.let(fetch_tags_and_release_date, T.nilable(T::Array[GitTagWithDetail]))
43
44
 
44
- # as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
45
- pseudo_version = 1.0
46
-
47
45
  # we fallback to the git based tag info if no versions metadata is available
48
46
  if versions_metadata&.empty?
49
47
  versions_metadata = T.let(
@@ -52,15 +50,12 @@ module Dependabot
52
50
  )
53
51
  end
54
52
 
55
- releases = T.must(versions_metadata).map do |version_details|
56
- Dependabot::Package::PackageRelease.new(
57
- version: GitSubmodules::Version.new((pseudo_version += 1).to_s),
58
- tag: version_details.tag,
59
- released_at: version_details.release_date ? Time.parse(T.must(version_details.release_date)) : nil
60
- )
61
- end
53
+ # as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
54
+ pseudo_version = T.must(versions_metadata).length + 1
62
55
 
63
- releases
56
+ T.must(versions_metadata).flat_map do |version_details|
57
+ process_metadata(version_details, sha_to_tags, pseudo_version -= 1)
58
+ end
64
59
  end
65
60
 
66
61
  private
@@ -69,10 +64,7 @@ module Dependabot
69
64
  def fetch_latest_tag_info
70
65
  parsed_results = T.let([], T::Array[GitTagWithDetail])
71
66
 
72
- git_commit_checker = Dependabot::GitCommitChecker.new(
73
- dependency: dependency,
74
- credentials: credentials
75
- )
67
+ git_commit_checker = build_client
76
68
 
77
69
  parsed_results <<
78
70
  GitTagWithDetail.new(
@@ -82,38 +74,36 @@ module Dependabot
82
74
  parsed_results
83
75
  end
84
76
 
77
+ TARGET_COMMITS_TO_FETCH = 500
78
+ private_constant :TARGET_COMMITS_TO_FETCH
79
+
85
80
  sig { returns(T::Array[GitTagWithDetail]) }
86
81
  def fetch_tags_and_release_date
87
82
  parsed_results = T.let([], T::Array[GitTagWithDetail])
88
83
 
89
84
  begin
90
85
  Dependabot.logger.info("Fetching release info for Git Submodules: #{dependency.name}")
91
-
92
- client = Dependabot::GitCommitChecker.new(
93
- dependency: dependency,
94
- credentials: credentials
95
- )
96
-
97
- response = client.ref_details_for_pinned_ref
98
-
99
- unless response.status == 200
100
- Dependabot.logger.error(
101
- "Error while fetching details for #{dependency.name} " \
102
- "Detail : #{response.body}"
103
- )
86
+ client = build_client
87
+
88
+ sha = T.let(nil, T.nilable(String))
89
+ catch :found do
90
+ while parsed_results.length < TARGET_COMMITS_TO_FETCH
91
+ max_len = Dependabot::GitMetadataFetcher::MAX_COMMITS_PER_PAGE
92
+ max_len -= 1 unless sha.nil?
93
+ commits = get_commits(client, sha)
94
+ break if commits.empty?
95
+
96
+ commits.each do |commit|
97
+ sha = commit["sha"]
98
+ parsed_results << GitTagWithDetail.new(
99
+ tag: sha,
100
+ release_date: commit["commit"]["committer"]["date"]
101
+ )
102
+ throw :found if sha == dependency.version
103
+ end
104
+ break if commits.length < max_len
105
+ end
104
106
  end
105
-
106
- return parsed_results unless response.status == 200
107
-
108
- releases = JSON.parse(response.body)
109
-
110
- parsed_results = releases.map do |release|
111
- GitTagWithDetail.new(
112
- tag: release["sha"],
113
- release_date: release["commit"]["committer"]["date"]
114
- )
115
- end
116
-
117
107
  parsed_results
118
108
  rescue StandardError => e
119
109
  Dependabot.logger.error("Error while fetching package info for git submodule: #{e.message}")
@@ -121,10 +111,95 @@ module Dependabot
121
111
  end
122
112
  end
123
113
 
114
+ sig { returns(Dependabot::GitCommitChecker) }
115
+ def build_client
116
+ Dependabot::GitCommitChecker.new(
117
+ dependency: dependency,
118
+ credentials: credentials
119
+ )
120
+ end
121
+
124
122
  sig { returns(String) }
125
123
  def url
126
124
  dependency.source_details&.fetch(:url, nil)
127
125
  end
126
+
127
+ sig { returns(T::Hash[String, T::Array[String]]) }
128
+ def build_sha_to_tags
129
+ build_client.tags.each_with_object({}) do |tag, sha_to_tags|
130
+ (sha_to_tags[tag.commit_sha] ||= []) << tag.name
131
+ end
132
+ end
133
+
134
+ sig do
135
+ params(
136
+ client: Dependabot::GitCommitChecker,
137
+ sha: T.nilable(String)
138
+ ).returns(T::Array[T::Hash[String, T.untyped]])
139
+ end
140
+ def get_commits(client, sha)
141
+ response = sha.nil? ? client.ref_details_for_pinned_ref : client.ref_details(sha)
142
+
143
+ unless response.status == 200
144
+ Dependabot.logger.error(
145
+ "Error while fetching details for #{dependency.name} " \
146
+ "Detail : #{response.body}"
147
+ )
148
+ end
149
+
150
+ return [] unless response.status == 200
151
+
152
+ commits = JSON.parse(response.body)
153
+ sha.nil? || commits.empty? ? commits : commits[1..]
154
+ end
155
+
156
+ sig do
157
+ params(
158
+ version_details: GitTagWithDetail,
159
+ sha_to_tags: T::Hash[String, T::Array[String]],
160
+ pseudo_version: Integer
161
+ ).returns(T::Array[Dependabot::Package::PackageRelease])
162
+ end
163
+ def process_metadata(version_details, sha_to_tags, pseudo_version)
164
+ released_at = version_details.release_date ? Time.parse(T.must(version_details.release_date)) : nil
165
+ sha = version_details.tag
166
+
167
+ normalized_versions(sha, sha_to_tags, pseudo_version).map do |version|
168
+ Dependabot::Package::PackageRelease.new(
169
+ version: version,
170
+ tag: sha,
171
+ released_at: released_at
172
+ )
173
+ end
174
+ end
175
+
176
+ sig do
177
+ params(
178
+ sha: String,
179
+ sha_to_tags: T::Hash[String, T::Array[String]],
180
+ pseudo_version: Integer
181
+ ).returns(T::Array[Dependabot::Version])
182
+ end
183
+ def normalized_versions(sha, sha_to_tags, pseudo_version)
184
+ versions = Array(sha_to_tags[sha]).map do |tag_name|
185
+ normalized_version(tag_name, pseudo_version)
186
+ end
187
+
188
+ versions << normalized_version(sha, pseudo_version)
189
+
190
+ versions.uniq
191
+ end
192
+
193
+ sig { params(tag: String, pseudo_version: Integer).returns(Dependabot::Version) }
194
+ def normalized_version(tag, pseudo_version)
195
+ if Dependabot::Version.valid_semver?(tag)
196
+ Dependabot::Version.new(tag)
197
+ elsif tag.start_with?("v") && GitSubmodules::Version.valid_semver?(T.must(tag[1..]))
198
+ Dependabot::Version.new(tag[1..])
199
+ else
200
+ Dependabot::Version.new("0.0.0-0.#{pseudo_version}")
201
+ end
202
+ end
128
203
  end
129
204
  end
130
205
  end
data/lib/dependabot/git_submodules/update_checker/latest_version_finder.rb CHANGED
@@ -39,7 +39,7 @@ module Dependabot
39
39
 
40
40
  # if there are no releases after applying filters, we fallback to the current tag to avoid empty results
41
41
  releases = apply_post_fetch_latest_versions_filter(releases)
42
- releases.first&.tag
42
+ releases.max_by(&:version)&.tag
43
43
  end
44
44
 
45
45
  sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
@@ -109,7 +109,7 @@ module Dependabot
109
109
  end
110
110
 
111
111
  releases << Dependabot::Package::PackageRelease.new(
112
- version: GitSubmodules::Version.new("1.0.0"),
112
+ version: GitSubmodules::Version.new("0.0.0-0.0"), # Lower than versions from package_details_fetcher
113
113
  tag: dependency.version
114
114
  )
115
115
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-git_submodules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.361.1
4
+ version: 0.361.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.361.1
18
+ version: 0.361.2
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.361.1
25
+ version: 0.361.2
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: parseconfig
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
277
277
  - MIT
278
278
  metadata:
279
279
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
280
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.1
280
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.2
281
281
  rdoc_options: []
282
282
  require_paths:
283
283
  - lib