RubyGems - dependabot-github_actions - Versions diffs - 0.345.0 → 0.346.0 - Mend

dependabot-github_actions 0.345.0 → 0.346.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/github_actions/constants.rb +1 -0
data/lib/dependabot/github_actions/file_parser.rb +11 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0436520f2ba29bd4474f5d9b678b4bcaff2a927198ab588115591b3b29320f2
-  data.tar.gz: d512f912541fec199493a768282cdd90cac781dffa71aa33565125c7d85a27c4
+  metadata.gz: 75289960526a47f7403ac9b15e86cb8e331077e0528095c501344e2ef119a830
+  data.tar.gz: 2008aadf7bc2cef609cb5f652d7911e458b828205e88377dc639b3acc0be2c0d
 SHA512:
-  metadata.gz: e999624c478e196d97f2764fbeb8953758777f3d28c3e55a225716cabf2319b66352cb8a958eb741f793df80bbd328d0a1794b2743c08d093579069e63f61923
-  data.tar.gz: 18a84b309bf88f34718f3e60176bef4c211529c66f5dc8fcc78fecb8186d180c2671b071acb80e4be086650541060a6f5301466f5de7f43db453c1e2bd313587
+  metadata.gz: 0433eb9b877d7c176a1ab75e5306b7d28d298f97d3b3abc1a2999ab69c9e3cd4ce62c2e0c6c83a040d46bf18b4e5f41862f1e82f42450b4fbe6f79f33abc0ab0
+  data.tar.gz: c7cf0e89b2320a5d287ace61dd792c63e0dc90f0799ce04144d9db728f4bad0838778106a180de7cbf7350bbf49046419b96224b384d9b6cecb34aa24e84de97

data/lib/dependabot/github_actions/constants.rb CHANGED Viewed

@@ -35,6 +35,7 @@ module Dependabot
     OWNER_KEY = T.let("owner", String)
     REPO_KEY = T.let("repo", String)
+    PATH_KEY = T.let("path", String)
     REF_KEY = T.let("ref", String)
     USES_KEY = T.let("uses", String)
     STEPS_KEY = T.let("steps", String)

data/lib/dependabot/github_actions/file_parser.rb CHANGED Viewed

@@ -112,9 +112,19 @@ module Dependabot
       def github_dependency(file, string, hostname)
         details = T.must(string.match(GITHUB_REPO_REFERENCE)).named_captures
         repo_name = "#{details.fetch(OWNER_KEY)}/#{details.fetch(REPO_KEY)}"
+        path = details[PATH_KEY]
         ref = details.fetch(REF_KEY)
         version = version_class.new(ref).to_s if version_class.correct?(ref)
-        name = version_class.path_based?(ref) ? string : repo_name
+        # For reusable workflows (.github/workflows/*.yml), use the repository name + workflow path
+        # to distinguish between different workflow files in the same repository
+        name = if path&.match?(%r{/\.github/workflows/.*\.ya?ml$})
+                 "#{repo_name}#{path}"
+               elsif version_class.path_based?(ref)
+                 string
+               else
+                 repo_name
+               end
         Dependency.new(
           name: name,
           version: version,

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-github_actions
 version: !ruby/object:Gem::Version
-  version: 0.345.0
+  version: 0.346.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.345.0
+        version: 0.346.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.345.0
+        version: 0.346.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -259,7 +259,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.345.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.346.0
 rdoc_options: []
 require_paths:
 - lib