dependabot-github_actions 0.112.9 → 0.112.10
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bd802eec01e7fb3b79b785b35ebe85c47afca182003e6d02de2a46afc1eab05b
|
4
|
+
data.tar.gz: 42419c95b244858e55af5021ea27087df8c9afe99bc2b184998019316dc14f8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3abe1c916fca6d4f7d2a5580a3692849f9ccfd958ce221c9a9e605ef18bb5ceea890ba62cb19011b93b6bd0f293ea7919bf96ae42c974303ca3bfafd1f109328
|
7
|
+
data.tar.gz: 89463e1a79e362b6c23ea1697ffd63c6a7ca8b8704e82653cd1ecdfb11aa038381839b026cc62335a73fb0608d44788bd0de4439f99621bfb7ca19eaa2c81a7c
|
@@ -9,6 +9,7 @@ require "dependabot/errors"
|
|
9
9
|
|
10
10
|
# For docs, see
|
11
11
|
# https://help.github.com/en/articles/configuring-a-workflow#referencing-actions-in-your-workflow
|
12
|
+
# https://help.github.com/en/articles/workflow-syntax-for-github-actions#example-using-versioned-actions
|
12
13
|
module Dependabot
|
13
14
|
module GithubActions
|
14
15
|
class FileParser < Dependabot::FileParsers::Base
|
@@ -11,7 +11,12 @@ module Dependabot
|
|
11
11
|
def look_up_source
|
12
12
|
info = dependency.requirements.map { |r| r[:source] }.compact.first
|
13
13
|
|
14
|
-
url =
|
14
|
+
url =
|
15
|
+
if info.nil?
|
16
|
+
"https://github.com/#{dependency.name}"
|
17
|
+
else
|
18
|
+
info[:url] || info.fetch("url")
|
19
|
+
end
|
15
20
|
Source.from_url(url)
|
16
21
|
end
|
17
22
|
end
|
@@ -63,13 +63,23 @@ module Dependabot
|
|
63
63
|
return latest_tag.fetch(:commit_sha)
|
64
64
|
end
|
65
65
|
|
66
|
+
# If the dependency is pinned to a commit SHA and the latest
|
67
|
+
# version-like tag includes that commit then we want to update to that
|
68
|
+
# version-like tag. We return a version (not a commit SHA) so that we
|
69
|
+
# get nice behaviour in PullRequestCreator::MessageBuilder
|
70
|
+
if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
71
|
+
(latest_tag = git_commit_checker.local_tag_for_latest_version) &&
|
72
|
+
git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
|
73
|
+
return latest_tag.fetch(:version)
|
74
|
+
end
|
75
|
+
|
66
76
|
# If the dependency is pinned to a tag that doesn't look like a
|
67
|
-
# version then there's nothing we can do.
|
68
|
-
#
|
69
|
-
# TODO: Treat refs that look like SHAs differently
|
77
|
+
# version or a commit SHA then there's nothing we can do.
|
70
78
|
dependency.version
|
71
79
|
end
|
72
80
|
|
81
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
82
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
73
83
|
def updated_source
|
74
84
|
# TODO: Support Docker sources
|
75
85
|
return dependency_source_details unless git_dependency?
|
@@ -81,9 +91,18 @@ module Dependabot
|
|
81
91
|
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
82
92
|
end
|
83
93
|
|
94
|
+
# Update the git tag if updating a pinned commit
|
95
|
+
if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
96
|
+
(latest_tag = git_commit_checker.local_tag_for_latest_version) &&
|
97
|
+
git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
|
98
|
+
return dependency_source_details.merge(ref: latest_tag.fetch(:tag))
|
99
|
+
end
|
100
|
+
|
84
101
|
# Otherwise return the original source
|
85
102
|
dependency_source_details
|
86
103
|
end
|
104
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
105
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
87
106
|
|
88
107
|
def dependency_source_details
|
89
108
|
sources =
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-github_actions
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.112.
|
4
|
+
version: 0.112.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-08-
|
11
|
+
date: 2019-08-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.112.
|
19
|
+
version: 0.112.10
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.112.
|
26
|
+
version: 0.112.10
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|