dependabot-github_actions 0.209.0 → 0.212.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 95383a0b46d57e16120c3f9ca4b15b77d860fa6c24da4060e432fd9a268314fd
4
- data.tar.gz: bad06cf26e78be9c5f35cad2533968bd427132d49a964bd83f05463ebd3c91fd
3
+ metadata.gz: b99470ea707631aca82d807b49067151dfcae50d66c60edc46d745c9616a0d74
4
+ data.tar.gz: 199d27e6b67a81fe6f6728ab6a88800851788388b419b0b2df1ca6568c38b71b
5
5
  SHA512:
6
- metadata.gz: 15ebf9cabe2fab309c9de7713941971acde38167c61f470cfd36b28de965039f43f97cea06d21638fe2bd118681ca8705ad61d3f650ce52469848e68dd5ee611
7
- data.tar.gz: d310c382ed24f57f1bce4e75a8fafa94bd8eaf0207ecd55f9fe89a61cb735279db3ffb75fdb86c1ca27d6b72b880ded7cf7499879cbdcfd2a33c984a1561376c
6
+ metadata.gz: 3a39a5301c8164912dca155d1f76237ee7023c332dd39d1aee61f9d57bfb222e8b67f41604a25806f9aca6bd8862bcbeff21243e54a3afac416e9027afd42ae1
7
+ data.tar.gz: 9ea44575276134e6b20f23ac77db0d91b6e2b7d5bba7f52006ed7715cd6864825e53933ae9559bfeb3d2e317c2e8b652d3709247ea203f14e635fc047fdb939f
@@ -109,7 +109,7 @@ module Dependabot
109
109
  steps = json_object.fetch("steps", [])
110
110
 
111
111
  uses_strings =
112
- if steps.is_a?(Array) && steps.all? { |s| s.is_a?(Hash) }
112
+ if steps.is_a?(Array) && steps.all?(Hash)
113
113
  steps.
114
114
  map { |step| step.fetch("uses", nil) }.
115
115
  select { |use| use.is_a?(String) }
@@ -9,7 +9,7 @@ module Dependabot
9
9
  private
10
10
 
11
11
  def look_up_source
12
- info = dependency.requirements.map { |r| r[:source] }.compact.first
12
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
13
13
 
14
14
  url =
15
15
  if info.nil?
@@ -59,7 +59,7 @@ module Dependabot
59
59
  end
60
60
 
61
61
  def fetch_latest_version_for_git_dependency
62
- return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
62
+ return current_commit unless git_commit_checker.pinned?
63
63
 
64
64
  # If the dependency is pinned to a tag that looks like a version then
65
65
  # we want to update that tag.
@@ -70,11 +70,11 @@ module Dependabot
70
70
  return latest_version
71
71
  end
72
72
 
73
- # If the dependency is pinned to a commit SHA, we return a *version* so
74
- # that we get nice behaviour in PullRequestCreator::MessageBuilder
75
- if git_commit_checker.pinned_ref_looks_like_commit_sha?
76
- latest_tag = git_commit_checker.local_tag_for_latest_version
77
- return latest_tag.fetch(:version)
73
+ if git_commit_checker.pinned_ref_looks_like_commit_sha? && latest_version_tag
74
+ latest_version = latest_version_tag.fetch(:version)
75
+ return latest_commit_for_pinned_ref unless git_commit_checker.branch_or_ref_in_release?(latest_version)
76
+
77
+ return latest_version
78
78
  end
79
79
 
80
80
  # If the dependency is pinned to a tag that doesn't look like a
@@ -82,6 +82,15 @@ module Dependabot
82
82
  nil
83
83
  end
84
84
 
85
+ def latest_commit_for_pinned_ref
86
+ @latest_commit_for_pinned_ref ||=
87
+ SharedHelpers.in_a_temporary_repo_directory("/", repo_contents_path) do
88
+ ref_branch = find_container_branch(current_commit)
89
+
90
+ git_commit_checker.head_commit_for_local_branch(ref_branch)
91
+ end
92
+ end
93
+
85
94
  def latest_version_tag
86
95
  @latest_version_tag ||= begin
87
96
  return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
@@ -119,18 +128,28 @@ module Dependabot
119
128
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
120
129
  end
121
130
 
122
- latest_tag = git_commit_checker.local_tag_for_latest_version
123
-
124
131
  # Update the pinned git commit if one is available
125
132
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
126
- latest_tag.fetch(:commit_sha) != current_commit
127
- return dependency_source_details.merge(ref: latest_tag.fetch(:commit_sha))
133
+ (new_commit_sha = latest_commit_sha) &&
134
+ new_commit_sha != current_commit
135
+ return dependency_source_details.merge(ref: new_commit_sha)
128
136
  end
129
137
 
130
138
  # Otherwise return the original source
131
139
  dependency_source_details
132
140
  end
133
141
 
142
+ def latest_commit_sha
143
+ new_tag = latest_version_tag
144
+ return unless new_tag
145
+
146
+ if git_commit_checker.branch_or_ref_in_release?(new_tag.fetch(:version))
147
+ new_tag.fetch(:commit_sha)
148
+ else
149
+ latest_commit_for_pinned_ref
150
+ end
151
+ end
152
+
134
153
  def dependency_source_details
135
154
  sources =
136
155
  dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
@@ -180,6 +199,23 @@ module Dependabot
180
199
 
181
200
  shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
182
201
  end
202
+
203
+ def find_container_branch(sha)
204
+ SharedHelpers.run_shell_command("git fetch #{current_commit}")
205
+
206
+ branches_including_ref = SharedHelpers.run_shell_command("git branch --contains #{sha}").split("\n")
207
+
208
+ current_branch = branches_including_ref.find { |line| line.start_with?("* ") }
209
+
210
+ if current_branch
211
+ current_branch.delete_prefix("* ")
212
+ elsif branches_including_ref.size > 1
213
+ # If there are multiple non default branches including the pinned SHA, then it's unclear how we should proceed
214
+ raise "Multiple ambiguous branches (#{branches_including_ref.join(', ')}) include #{current_commit}!"
215
+ else
216
+ branches_including_ref.first
217
+ end
218
+ end
183
219
  end
184
220
  end
185
221
  end
@@ -13,7 +13,7 @@ module Dependabot
13
13
  def self.remove_leading_v(version)
14
14
  return version unless version.to_s.match?(/\Av([0-9])/)
15
15
 
16
- version.to_s.gsub(/\Av/, "")
16
+ version.to_s.delete_prefix("v")
17
17
  end
18
18
 
19
19
  def self.correct?(version)
@@ -22,3 +22,6 @@ Dependabot::PullRequestCreator::Labeler.
22
22
  require "dependabot/dependency"
23
23
  Dependabot::Dependency.
24
24
  register_production_check("github_actions", ->(_) { true })
25
+
26
+ require "dependabot/utils"
27
+ Dependabot::Utils.register_always_clone("github_actions")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.209.0
4
+ version: 0.212.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-17 00:00:00.000000000 Z
11
+ date: 2022-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.209.0
19
+ version: 0.212.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.209.0
26
+ version: 0.212.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '2.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: parallel_tests
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: 3.12.0
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: 3.12.0
83
97
  - !ruby/object:Gem::Dependency
84
98
  name: rake
85
99
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +142,28 @@ dependencies:
128
142
  requirements:
129
143
  - - "~>"
130
144
  - !ruby/object:Gem::Version
131
- version: 1.33.0
145
+ version: 1.36.0
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 1.36.0
153
+ - !ruby/object:Gem::Dependency
154
+ name: rubocop-performance
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: 1.14.2
132
160
  type: :development
133
161
  prerelease: false
134
162
  version_requirements: !ruby/object:Gem::Requirement
135
163
  requirements:
136
164
  - - "~>"
137
165
  - !ruby/object:Gem::Version
138
- version: 1.33.0
166
+ version: 1.14.2
139
167
  - !ruby/object:Gem::Dependency
140
168
  name: ruby-debug-ide
141
169
  requirement: !ruby/object:Gem::Requirement