dependabot-github_actions 0.112.9 → 0.112.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bd802eec01e7fb3b79b785b35ebe85c47afca182003e6d02de2a46afc1eab05b
|
|
4
|
+
data.tar.gz: 42419c95b244858e55af5021ea27087df8c9afe99bc2b184998019316dc14f8c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3abe1c916fca6d4f7d2a5580a3692849f9ccfd958ce221c9a9e605ef18bb5ceea890ba62cb19011b93b6bd0f293ea7919bf96ae42c974303ca3bfafd1f109328
|
|
7
|
+
data.tar.gz: 89463e1a79e362b6c23ea1697ffd63c6a7ca8b8704e82653cd1ecdfb11aa038381839b026cc62335a73fb0608d44788bd0de4439f99621bfb7ca19eaa2c81a7c
|
|
@@ -9,6 +9,7 @@ require "dependabot/errors"
|
|
|
9
9
|
|
|
10
10
|
# For docs, see
|
|
11
11
|
# https://help.github.com/en/articles/configuring-a-workflow#referencing-actions-in-your-workflow
|
|
12
|
+
# https://help.github.com/en/articles/workflow-syntax-for-github-actions#example-using-versioned-actions
|
|
12
13
|
module Dependabot
|
|
13
14
|
module GithubActions
|
|
14
15
|
class FileParser < Dependabot::FileParsers::Base
|
|
@@ -11,7 +11,12 @@ module Dependabot
|
|
|
11
11
|
def look_up_source
|
|
12
12
|
info = dependency.requirements.map { |r| r[:source] }.compact.first
|
|
13
13
|
|
|
14
|
-
url =
|
|
14
|
+
url =
|
|
15
|
+
if info.nil?
|
|
16
|
+
"https://github.com/#{dependency.name}"
|
|
17
|
+
else
|
|
18
|
+
info[:url] || info.fetch("url")
|
|
19
|
+
end
|
|
15
20
|
Source.from_url(url)
|
|
16
21
|
end
|
|
17
22
|
end
|
|
@@ -63,13 +63,23 @@ module Dependabot
|
|
|
63
63
|
return latest_tag.fetch(:commit_sha)
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
+
# If the dependency is pinned to a commit SHA and the latest
|
|
67
|
+
# version-like tag includes that commit then we want to update to that
|
|
68
|
+
# version-like tag. We return a version (not a commit SHA) so that we
|
|
69
|
+
# get nice behaviour in PullRequestCreator::MessageBuilder
|
|
70
|
+
if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
|
71
|
+
(latest_tag = git_commit_checker.local_tag_for_latest_version) &&
|
|
72
|
+
git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
|
|
73
|
+
return latest_tag.fetch(:version)
|
|
74
|
+
end
|
|
75
|
+
|
|
66
76
|
# If the dependency is pinned to a tag that doesn't look like a
|
|
67
|
-
# version then there's nothing we can do.
|
|
68
|
-
#
|
|
69
|
-
# TODO: Treat refs that look like SHAs differently
|
|
77
|
+
# version or a commit SHA then there's nothing we can do.
|
|
70
78
|
dependency.version
|
|
71
79
|
end
|
|
72
80
|
|
|
81
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
82
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
73
83
|
def updated_source
|
|
74
84
|
# TODO: Support Docker sources
|
|
75
85
|
return dependency_source_details unless git_dependency?
|
|
@@ -81,9 +91,18 @@ module Dependabot
|
|
|
81
91
|
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
|
82
92
|
end
|
|
83
93
|
|
|
94
|
+
# Update the git tag if updating a pinned commit
|
|
95
|
+
if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
|
96
|
+
(latest_tag = git_commit_checker.local_tag_for_latest_version) &&
|
|
97
|
+
git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
|
|
98
|
+
return dependency_source_details.merge(ref: latest_tag.fetch(:tag))
|
|
99
|
+
end
|
|
100
|
+
|
|
84
101
|
# Otherwise return the original source
|
|
85
102
|
dependency_source_details
|
|
86
103
|
end
|
|
104
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
105
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
87
106
|
|
|
88
107
|
def dependency_source_details
|
|
89
108
|
sources =
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.112.
|
|
4
|
+
version: 0.112.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.112.
|
|
19
|
+
version: 0.112.10
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.112.
|
|
26
|
+
version: 0.112.10
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|