dependabot-github_actions 0.209.0 → 0.212.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_parser.rb +1 -1
  3. data/lib/dependabot/github_actions/metadata_finder.rb +1 -1
  4. data/lib/dependabot/github_actions/update_checker.rb +46 -10
  5. data/lib/dependabot/github_actions/version.rb +1 -1
  6. data/lib/dependabot/github_actions.rb +3 -0
  7. metadata +34 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 95383a0b46d57e16120c3f9ca4b15b77d860fa6c24da4060e432fd9a268314fd
4
- data.tar.gz: bad06cf26e78be9c5f35cad2533968bd427132d49a964bd83f05463ebd3c91fd
3
+ metadata.gz: b99470ea707631aca82d807b49067151dfcae50d66c60edc46d745c9616a0d74
4
+ data.tar.gz: 199d27e6b67a81fe6f6728ab6a88800851788388b419b0b2df1ca6568c38b71b
5
5
  SHA512:
6
- metadata.gz: 15ebf9cabe2fab309c9de7713941971acde38167c61f470cfd36b28de965039f43f97cea06d21638fe2bd118681ca8705ad61d3f650ce52469848e68dd5ee611
7
- data.tar.gz: d310c382ed24f57f1bce4e75a8fafa94bd8eaf0207ecd55f9fe89a61cb735279db3ffb75fdb86c1ca27d6b72b880ded7cf7499879cbdcfd2a33c984a1561376c
6
+ metadata.gz: 3a39a5301c8164912dca155d1f76237ee7023c332dd39d1aee61f9d57bfb222e8b67f41604a25806f9aca6bd8862bcbeff21243e54a3afac416e9027afd42ae1
7
+ data.tar.gz: 9ea44575276134e6b20f23ac77db0d91b6e2b7d5bba7f52006ed7715cd6864825e53933ae9559bfeb3d2e317c2e8b652d3709247ea203f14e635fc047fdb939f
data/lib/dependabot/github_actions/file_parser.rb CHANGED
@@ -109,7 +109,7 @@ module Dependabot
109
109
  steps = json_object.fetch("steps", [])
110
110
 
111
111
  uses_strings =
112
- if steps.is_a?(Array) && steps.all? { |s| s.is_a?(Hash) }
112
+ if steps.is_a?(Array) && steps.all?(Hash)
113
113
  steps.
114
114
  map { |step| step.fetch("uses", nil) }.
115
115
  select { |use| use.is_a?(String) }
data/lib/dependabot/github_actions/metadata_finder.rb CHANGED
@@ -9,7 +9,7 @@ module Dependabot
9
9
  private
10
10
 
11
11
  def look_up_source
12
- info = dependency.requirements.map { |r| r[:source] }.compact.first
12
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
13
13
 
14
14
  url =
15
15
  if info.nil?
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -59,7 +59,7 @@ module Dependabot
59
59
  end
60
60
 
61
61
  def fetch_latest_version_for_git_dependency
62
- return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
62
+ return current_commit unless git_commit_checker.pinned?
63
63
 
64
64
  # If the dependency is pinned to a tag that looks like a version then
65
65
  # we want to update that tag.
@@ -70,11 +70,11 @@ module Dependabot
70
70
  return latest_version
71
71
  end
72
72
 
73
- # If the dependency is pinned to a commit SHA, we return a *version* so
74
- # that we get nice behaviour in PullRequestCreator::MessageBuilder
75
- if git_commit_checker.pinned_ref_looks_like_commit_sha?
76
- latest_tag = git_commit_checker.local_tag_for_latest_version
77
- return latest_tag.fetch(:version)
73
+ if git_commit_checker.pinned_ref_looks_like_commit_sha? && latest_version_tag
74
+ latest_version = latest_version_tag.fetch(:version)
75
+ return latest_commit_for_pinned_ref unless git_commit_checker.branch_or_ref_in_release?(latest_version)
76
+
77
+ return latest_version
78
78
  end
79
79
 
80
80
  # If the dependency is pinned to a tag that doesn't look like a
@@ -82,6 +82,15 @@ module Dependabot
82
82
  nil
83
83
  end
84
84
 
85
+ def latest_commit_for_pinned_ref
86
+ @latest_commit_for_pinned_ref ||=
87
+ SharedHelpers.in_a_temporary_repo_directory("/", repo_contents_path) do
88
+ ref_branch = find_container_branch(current_commit)
89
+
90
+ git_commit_checker.head_commit_for_local_branch(ref_branch)
91
+ end
92
+ end
93
+
85
94
  def latest_version_tag
86
95
  @latest_version_tag ||= begin
87
96
  return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
@@ -119,18 +128,28 @@ module Dependabot
119
128
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
120
129
  end
121
130
 
122
- latest_tag = git_commit_checker.local_tag_for_latest_version
123
-
124
131
  # Update the pinned git commit if one is available
125
132
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
126
- latest_tag.fetch(:commit_sha) != current_commit
127
- return dependency_source_details.merge(ref: latest_tag.fetch(:commit_sha))
133
+ (new_commit_sha = latest_commit_sha) &&
134
+ new_commit_sha != current_commit
135
+ return dependency_source_details.merge(ref: new_commit_sha)
128
136
  end
129
137
 
130
138
  # Otherwise return the original source
131
139
  dependency_source_details
132
140
  end
133
141
 
142
+ def latest_commit_sha
143
+ new_tag = latest_version_tag
144
+ return unless new_tag
145
+
146
+ if git_commit_checker.branch_or_ref_in_release?(new_tag.fetch(:version))
147
+ new_tag.fetch(:commit_sha)
148
+ else
149
+ latest_commit_for_pinned_ref
150
+ end
151
+ end
152
+
134
153
  def dependency_source_details
135
154
  sources =
136
155
  dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
@@ -180,6 +199,23 @@ module Dependabot
180
199
 
181
200
  shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
182
201
  end
202
+
203
+ def find_container_branch(sha)
204
+ SharedHelpers.run_shell_command("git fetch #{current_commit}")
205
+
206
+ branches_including_ref = SharedHelpers.run_shell_command("git branch --contains #{sha}").split("\n")
207
+
208
+ current_branch = branches_including_ref.find { |line| line.start_with?("* ") }
209
+
210
+ if current_branch
211
+ current_branch.delete_prefix("* ")
212
+ elsif branches_including_ref.size > 1
213
+ # If there are multiple non default branches including the pinned SHA, then it's unclear how we should proceed
214
+ raise "Multiple ambiguous branches (#{branches_including_ref.join(', ')}) include #{current_commit}!"
215
+ else
216
+ branches_including_ref.first
217
+ end
218
+ end
183
219
  end
184
220
  end
185
221
  end
data/lib/dependabot/github_actions/version.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  def self.remove_leading_v(version)
14
14
  return version unless version.to_s.match?(/\Av([0-9])/)
15
15
 
16
- version.to_s.gsub(/\Av/, "")
16
+ version.to_s.delete_prefix("v")
17
17
  end
18
18
 
19
19
  def self.correct?(version)
data/lib/dependabot/github_actions.rb CHANGED
@@ -22,3 +22,6 @@ Dependabot::PullRequestCreator::Labeler.
22
22
  require "dependabot/dependency"
23
23
  Dependabot::Dependency.
24
24
  register_production_check("github_actions", ->(_) { true })
25
+
26
+ require "dependabot/utils"
27
+ Dependabot::Utils.register_always_clone("github_actions")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.209.0
4
+ version: 0.212.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-17 00:00:00.000000000 Z
11
+ date: 2022-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.209.0
19
+ version: 0.212.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.209.0
26
+ version: 0.212.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '2.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: parallel_tests
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: 3.12.0
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: 3.12.0
83
97
  - !ruby/object:Gem::Dependency
84
98
  name: rake
85
99
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +142,28 @@ dependencies:
128
142
  requirements:
129
143
  - - "~>"
130
144
  - !ruby/object:Gem::Version
131
- version: 1.33.0
145
+ version: 1.36.0
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 1.36.0
153
+ - !ruby/object:Gem::Dependency
154
+ name: rubocop-performance
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: 1.14.2
132
160
  type: :development
133
161
  prerelease: false
134
162
  version_requirements: !ruby/object:Gem::Requirement
135
163
  requirements:
136
164
  - - "~>"
137
165
  - !ruby/object:Gem::Version
138
- version: 1.33.0
166
+ version: 1.14.2
139
167
  - !ruby/object:Gem::Dependency
140
168
  name: ruby-debug-ide
141
169
  requirement: !ruby/object:Gem::Requirement