dependabot-github_actions 0.236.0 → 0.238.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_fetcher.rb +7 -2
  3. data/lib/dependabot/github_actions/file_parser.rb +15 -13
  4. data/lib/dependabot/github_actions/update_checker.rb +6 -3
  5. metadata +21 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 01da475f18da7673192a1e563c21dda76604fced7ad602af4d0bb7e65b1d1631
4
- data.tar.gz: 5b4a93873ab7bb6adbfe9cceaa22de7f61ba362ce44e50c73c18a7fd0c5512f5
3
+ metadata.gz: 417a5dc780b5653b184e1b85bf500acba5f75527d0c6533b2d18a137aad5a1a6
4
+ data.tar.gz: d6162c2c02bf9c61ece051e9cc9c7df0af9037b0c0b10499fce246a685b00407
5
5
  SHA512:
6
- metadata.gz: 0ba93e333392de5c3ca2cab8f4b0a9d546a5936e84de5de882b88ee8810152323793f1317f3d655db0b6dfd807ae716cc57c3f746a0565fe3fdb7624393bfd74
7
- data.tar.gz: a3aced79001e54320e0a3f037c3d38501c7d128dd51d5f5cff1f8d8f76fd8aba302cc2f23784900e7049fab1431102ebbdee9b18e50bcec4a0bbcc0e73b404ee
6
+ metadata.gz: 11f0acafb4b769b2e808b5447de805cbc5c62a4bbfc57b3ca869886c83fdd1124607d1406b5071a85e36953734186f5596cf6997cb96d3a3adc020dd11a112c2
7
+ data.tar.gz: 3cfdc22db82f2c0317709ed293fbb8f7ce941f3e5b38b58ea43f7e23cd59ac8db462fe154e7802924071483801e72c7a0b63433b21f594c7fdd38fbf6970b9e8
data/lib/dependabot/github_actions/file_fetcher.rb CHANGED
@@ -1,12 +1,16 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/file_fetchers"
5
6
  require "dependabot/file_fetchers/base"
6
7
 
7
8
  module Dependabot
8
9
  module GithubActions
9
10
  class FileFetcher < Dependabot::FileFetchers::Base
11
+ extend T::Sig
12
+ extend T::Helpers
13
+
10
14
  FILENAME_PATTERN = /^(\.github|action.ya?ml)$/
11
15
 
12
16
  def self.required_files_in?(filenames)
@@ -17,8 +21,7 @@ module Dependabot
17
21
  "Repo must contain a .github/workflows directory with YAML files or an action.yml file"
18
22
  end
19
23
 
20
- private
21
-
24
+ sig { override.returns(T::Array[DependencyFile]) }
22
25
  def fetch_files
23
26
  fetched_files = []
24
27
  fetched_files += correctly_encoded_workflow_files
@@ -45,6 +48,8 @@ module Dependabot
45
48
  end
46
49
  end
47
50
 
51
+ private
52
+
48
53
  def workflow_files
49
54
  return @workflow_files if defined? @workflow_files
50
55
 
data/lib/dependabot/github_actions/file_parser.rb CHANGED
@@ -55,19 +55,21 @@ module Dependabot
55
55
  credentials: credentials,
56
56
  consider_version_branches_pinned: true
57
57
  )
58
- next unless git_checker.pinned?
59
-
60
- # If dep does not have an assigned (semver) version, look for a commit that references a semver tag
61
- unless dep.version
62
- resolved = git_checker.local_tag_for_pinned_sha
63
-
64
- if resolved && version_class.correct?(resolved)
65
- dep = Dependency.new(
66
- name: dep.name,
67
- version: version_class.new(resolved).to_s,
68
- requirements: dep.requirements,
69
- package_manager: dep.package_manager
70
- )
58
+ if git_checker.git_repo_reachable?
59
+ next unless git_checker.pinned?
60
+
61
+ # If dep does not have an assigned (semver) version, look for a commit that references a semver tag
62
+ unless dep.version
63
+ resolved = git_checker.version_for_pinned_sha
64
+
65
+ if resolved
66
+ dep = Dependency.new(
67
+ name: dep.name,
68
+ version: resolved.to_s,
69
+ requirements: dep.requirements,
70
+ package_manager: dep.package_manager
71
+ )
72
+ end
71
73
  end
72
74
  end
73
75
 
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/update_checkers"
5
6
  require "dependabot/update_checkers/base"
6
7
  require "dependabot/update_checkers/version_filters"
@@ -11,6 +12,8 @@ require "dependabot/github_actions/requirement"
11
12
  module Dependabot
12
13
  module GithubActions
13
14
  class UpdateChecker < Dependabot::UpdateCheckers::Base
15
+ extend T::Sig
16
+
14
17
  def latest_version
15
18
  @latest_version ||= fetch_latest_version
16
19
  end
@@ -141,7 +144,7 @@ module Dependabot
141
144
  head_commit_for_ref_sha
142
145
  else
143
146
  url = git_commit_checker.dependency_source_details[:url]
144
- source = Source.from_url(url)
147
+ source = T.must(Source.from_url(url))
145
148
 
146
149
  SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
147
150
  repo_contents_path = File.join(temp_dir, File.basename(source.repo))
@@ -150,8 +153,7 @@ module Dependabot
150
153
 
151
154
  Dir.chdir(repo_contents_path) do
152
155
  ref_branch = find_container_branch(git_commit_checker.dependency_source_details[:ref])
153
-
154
- git_commit_checker.head_commit_for_local_branch(ref_branch)
156
+ git_commit_checker.head_commit_for_local_branch(ref_branch) if ref_branch
155
157
  end
156
158
  end
157
159
  end
@@ -251,6 +253,7 @@ module Dependabot
251
253
  "git branch --remotes --contains #{sha}",
252
254
  fingerprint: "git branch --remotes --contains <sha>"
253
255
  ).split("\n").map { |branch| branch.strip.gsub("origin/", "") }
256
+ return if branches_including_ref.empty?
254
257
 
255
258
  current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") }
256
259
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.236.0
4
+ version: 0.238.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-26 00:00:00.000000000 Z
11
+ date: 2023-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.236.0
19
+ version: 0.238.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.236.0
26
+ version: 0.238.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,20 +94,34 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.3'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec-sorbet
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 1.9.2
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: 1.9.2
97
111
  - !ruby/object:Gem::Dependency
98
112
  name: rubocop
99
113
  requirement: !ruby/object:Gem::Requirement
100
114
  requirements:
101
115
  - - "~>"
102
116
  - !ruby/object:Gem::Version
103
- version: 1.56.0
117
+ version: 1.57.2
104
118
  type: :development
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
107
121
  requirements:
108
122
  - - "~>"
109
123
  - !ruby/object:Gem::Version
110
- version: 1.56.0
124
+ version: 1.57.2
111
125
  - !ruby/object:Gem::Dependency
112
126
  name: rubocop-performance
113
127
  requirement: !ruby/object:Gem::Requirement
@@ -213,7 +227,7 @@ licenses:
213
227
  - Nonstandard
214
228
  metadata:
215
229
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
216
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
230
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
217
231
  post_install_message:
218
232
  rdoc_options: []
219
233
  require_paths: