dependabot-github_actions 0.180.2 → 0.180.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/update_checker.rb +36 -5
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 47df0e6ab6b350f25020dffc64e7dbcdfdb4472f6cdfa8acafe6fca3bcadc3f4
4
- data.tar.gz: 8ed75892e2b85d882b7643ebb7a822548b4a6473da31eb44059fa0754faa83d6
3
+ metadata.gz: 4b56802e6e38052d84c01c6168a5a3ded0c8c61d5bfc7c37a3132614447d4dbc
4
+ data.tar.gz: fb499111d0042cc2076a1c0f4afe620e7e85c2710e7b808153139a3bf9132f3e
5
5
  SHA512:
6
- metadata.gz: 29c94b9ce62b6c1b658379cff715358bec133b766a8af51899c4a77b8a0dffaeab8a158b3ecf33aae7e0d544f2248ac6902fed53dbb3524aed25b8f8cbfcb397
7
- data.tar.gz: 510200ec1cba74366b9ee9a7fa7e8c1d9a61e0d6fb9a7ed41161c5142a2524aff63ccee378afec1345f3413ee824ebe566fc5bc64f6a3595a4f040c97feacf1f
6
+ metadata.gz: 9c3334add80237cea07d6c5d6c391cd61f7f9e5d7912d9eadad6846c8268e95b8fa271a3173e2533cf723684fca9bcee33a0bec4907e17d6850d74c3ef7d8c4f
7
+ data.tar.gz: 33a9b983fa584f7ba8fb82000b7ff6dcac9c7062f681f48df02a9f41903e01aadb744e26e0d22d64a4c655f1e5604c0abded54af8fef8c966dfccd0b1ed18a89
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -63,10 +63,8 @@ module Dependabot
63
63
 
64
64
  # If the dependency is pinned to a tag that looks like a version then
65
65
  # we want to update that tag.
66
- if git_commit_checker.pinned_ref_looks_like_version? &&
67
- git_commit_checker.local_tag_for_latest_version
68
- latest_tag = git_commit_checker.local_tag_for_latest_version
69
- latest_version = latest_tag.fetch(:version)
66
+ if git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
67
+ latest_version = latest_version_tag.fetch(:version)
70
68
  return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s)
71
69
 
72
70
  return latest_version
@@ -87,13 +85,39 @@ module Dependabot
87
85
  nil
88
86
  end
89
87
 
88
+ def latest_version_tag
89
+ @latest_version_tag ||= begin
90
+ return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
91
+
92
+ latest_tags = git_commit_checker.local_tags_for_latest_version_commit_sha
93
+
94
+ # Find the latest version with the same precision as the pinned version.
95
+ # Falls back to a version with the closest precision if no exact match.
96
+ current_dots = dependency.version.split(".").length
97
+ latest_tags.max do |a, b|
98
+ next a[:version] <=> b[:version] unless shortened_semver_version_eq?(a[:version], b[:version])
99
+
100
+ a_dots = a[:version].to_s.split(".").length
101
+ b_dots = b[:version].to_s.split(".").length
102
+ a_diff = (a_dots - current_dots).abs
103
+ b_diff = (b_dots - current_dots).abs
104
+ next -(a_diff <=> b_diff) unless a_diff == b_diff
105
+
106
+ # preference to a less specific version if we have a tie
107
+ next 1 if a_dots < current_dots
108
+
109
+ -1
110
+ end
111
+ end
112
+ end
113
+
90
114
  def updated_source
91
115
  # TODO: Support Docker sources
92
116
  return dependency_source_details unless git_dependency?
93
117
 
94
118
  # Update the git tag if updating a pinned version
95
119
  if git_commit_checker.pinned_ref_looks_like_version? &&
96
- (new_tag = git_commit_checker.local_tag_for_latest_version) &&
120
+ (new_tag = latest_version_tag) &&
97
121
  new_tag.fetch(:commit_sha) != current_commit
98
122
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
99
123
  end
@@ -152,6 +176,13 @@ module Dependabot
152
176
 
153
177
  other_split[0..base_split.length - 1] == base_split
154
178
  end
179
+
180
+ def shortened_semver_version_eq?(base_version, other_version)
181
+ base = base_version.to_s
182
+ other = other_version.to_s
183
+
184
+ shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
185
+ end
155
186
  end
156
187
  end
157
188
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.180.2
4
+ version: 0.180.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-28 00:00:00.000000000 Z
11
+ date: 2022-04-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.180.2
19
+ version: 0.180.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.180.2
26
+ version: 0.180.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement