dependabot-github_actions 0.211.0 → 0.212.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_parser.rb +1 -1
  3. data/lib/dependabot/github_actions/metadata_finder.rb +1 -1
  4. data/lib/dependabot/github_actions/update_checker.rb +46 -10
  5. data/lib/dependabot/github_actions/version.rb +1 -1
  6. data/lib/dependabot/github_actions.rb +3 -0
  7. metadata +22 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a755f2e216dc49388866fbceae4209313b2272d243691b331793313ab8842b8
4
- data.tar.gz: 15b4dec7f68b942709c3c260ffaeea6dd3fad49bf90e88b4189fca41da4bdc9e
3
+ metadata.gz: b99470ea707631aca82d807b49067151dfcae50d66c60edc46d745c9616a0d74
4
+ data.tar.gz: 199d27e6b67a81fe6f6728ab6a88800851788388b419b0b2df1ca6568c38b71b
5
5
  SHA512:
6
- metadata.gz: 775c9fdb7b9090cd939ac0f23610403abe2cfd6da3bf8f602f2e5069d83ce532d68546af2571d31725b50c8736bfa966aeb363f160c4e1fddd224337fe021b53
7
- data.tar.gz: c972c2410a628a3a1a83c114652096a1112bd1e0aa830cbed9302a79322e4728b6a2a5d351bce5f224cea9e88dfa3719d5e9953d44f44d3f9e45f2978fb65355
6
+ metadata.gz: 3a39a5301c8164912dca155d1f76237ee7023c332dd39d1aee61f9d57bfb222e8b67f41604a25806f9aca6bd8862bcbeff21243e54a3afac416e9027afd42ae1
7
+ data.tar.gz: 9ea44575276134e6b20f23ac77db0d91b6e2b7d5bba7f52006ed7715cd6864825e53933ae9559bfeb3d2e317c2e8b652d3709247ea203f14e635fc047fdb939f
data/lib/dependabot/github_actions/file_parser.rb CHANGED
@@ -109,7 +109,7 @@ module Dependabot
109
109
  steps = json_object.fetch("steps", [])
110
110
 
111
111
  uses_strings =
112
- if steps.is_a?(Array) && steps.all? { |s| s.is_a?(Hash) }
112
+ if steps.is_a?(Array) && steps.all?(Hash)
113
113
  steps.
114
114
  map { |step| step.fetch("uses", nil) }.
115
115
  select { |use| use.is_a?(String) }
data/lib/dependabot/github_actions/metadata_finder.rb CHANGED
@@ -9,7 +9,7 @@ module Dependabot
9
9
  private
10
10
 
11
11
  def look_up_source
12
- info = dependency.requirements.map { |r| r[:source] }.compact.first
12
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
13
13
 
14
14
  url =
15
15
  if info.nil?
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -59,7 +59,7 @@ module Dependabot
59
59
  end
60
60
 
61
61
  def fetch_latest_version_for_git_dependency
62
- return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
62
+ return current_commit unless git_commit_checker.pinned?
63
63
 
64
64
  # If the dependency is pinned to a tag that looks like a version then
65
65
  # we want to update that tag.
@@ -70,11 +70,11 @@ module Dependabot
70
70
  return latest_version
71
71
  end
72
72
 
73
- # If the dependency is pinned to a commit SHA, we return a *version* so
74
- # that we get nice behaviour in PullRequestCreator::MessageBuilder
75
- if git_commit_checker.pinned_ref_looks_like_commit_sha?
76
- latest_tag = git_commit_checker.local_tag_for_latest_version
77
- return latest_tag.fetch(:version)
73
+ if git_commit_checker.pinned_ref_looks_like_commit_sha? && latest_version_tag
74
+ latest_version = latest_version_tag.fetch(:version)
75
+ return latest_commit_for_pinned_ref unless git_commit_checker.branch_or_ref_in_release?(latest_version)
76
+
77
+ return latest_version
78
78
  end
79
79
 
80
80
  # If the dependency is pinned to a tag that doesn't look like a
@@ -82,6 +82,15 @@ module Dependabot
82
82
  nil
83
83
  end
84
84
 
85
+ def latest_commit_for_pinned_ref
86
+ @latest_commit_for_pinned_ref ||=
87
+ SharedHelpers.in_a_temporary_repo_directory("/", repo_contents_path) do
88
+ ref_branch = find_container_branch(current_commit)
89
+
90
+ git_commit_checker.head_commit_for_local_branch(ref_branch)
91
+ end
92
+ end
93
+
85
94
  def latest_version_tag
86
95
  @latest_version_tag ||= begin
87
96
  return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
@@ -119,18 +128,28 @@ module Dependabot
119
128
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
120
129
  end
121
130
 
122
- latest_tag = git_commit_checker.local_tag_for_latest_version
123
-
124
131
  # Update the pinned git commit if one is available
125
132
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
126
- latest_tag.fetch(:commit_sha) != current_commit
127
- return dependency_source_details.merge(ref: latest_tag.fetch(:commit_sha))
133
+ (new_commit_sha = latest_commit_sha) &&
134
+ new_commit_sha != current_commit
135
+ return dependency_source_details.merge(ref: new_commit_sha)
128
136
  end
129
137
 
130
138
  # Otherwise return the original source
131
139
  dependency_source_details
132
140
  end
133
141
 
142
+ def latest_commit_sha
143
+ new_tag = latest_version_tag
144
+ return unless new_tag
145
+
146
+ if git_commit_checker.branch_or_ref_in_release?(new_tag.fetch(:version))
147
+ new_tag.fetch(:commit_sha)
148
+ else
149
+ latest_commit_for_pinned_ref
150
+ end
151
+ end
152
+
134
153
  def dependency_source_details
135
154
  sources =
136
155
  dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
@@ -180,6 +199,23 @@ module Dependabot
180
199
 
181
200
  shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
182
201
  end
202
+
203
+ def find_container_branch(sha)
204
+ SharedHelpers.run_shell_command("git fetch #{current_commit}")
205
+
206
+ branches_including_ref = SharedHelpers.run_shell_command("git branch --contains #{sha}").split("\n")
207
+
208
+ current_branch = branches_including_ref.find { |line| line.start_with?("* ") }
209
+
210
+ if current_branch
211
+ current_branch.delete_prefix("* ")
212
+ elsif branches_including_ref.size > 1
213
+ # If there are multiple non default branches including the pinned SHA, then it's unclear how we should proceed
214
+ raise "Multiple ambiguous branches (#{branches_including_ref.join(', ')}) include #{current_commit}!"
215
+ else
216
+ branches_including_ref.first
217
+ end
218
+ end
183
219
  end
184
220
  end
185
221
  end
data/lib/dependabot/github_actions/version.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  def self.remove_leading_v(version)
14
14
  return version unless version.to_s.match?(/\Av([0-9])/)
15
15
 
16
- version.to_s.gsub(/\Av/, "")
16
+ version.to_s.delete_prefix("v")
17
17
  end
18
18
 
19
19
  def self.correct?(version)
data/lib/dependabot/github_actions.rb CHANGED
@@ -22,3 +22,6 @@ Dependabot::PullRequestCreator::Labeler.
22
22
  require "dependabot/dependency"
23
23
  Dependabot::Dependency.
24
24
  register_production_check("github_actions", ->(_) { true })
25
+
26
+ require "dependabot/utils"
27
+ Dependabot::Utils.register_always_clone("github_actions")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.212.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.212.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
26
+ version: 0.212.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 3.11.1
89
+ version: 3.12.0
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 3.11.1
96
+ version: 3.12.0
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: rake
99
99
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,28 @@ dependencies:
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 1.35.1
145
+ version: 1.36.0
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 1.35.1
152
+ version: 1.36.0
153
+ - !ruby/object:Gem::Dependency
154
+ name: rubocop-performance
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: 1.14.2
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: 1.14.2
153
167
  - !ruby/object:Gem::Dependency
154
168
  name: ruby-debug-ide
155
169
  requirement: !ruby/object:Gem::Requirement