dependabot-github_actions 0.112.9 → 0.112.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_parser.rb +1 -0
  3. data/lib/dependabot/github_actions/metadata_finder.rb +6 -1
  4. data/lib/dependabot/github_actions/update_checker.rb +22 -3
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e3359e9aa356ec1b765548a63ada2343bc662707e021b7b64511cf2151c7885
4
- data.tar.gz: d688b32081069b8a07c6e442db52dd77f666e692fc52e3e8d9a90cf6918a49de
3
+ metadata.gz: bd802eec01e7fb3b79b785b35ebe85c47afca182003e6d02de2a46afc1eab05b
4
+ data.tar.gz: 42419c95b244858e55af5021ea27087df8c9afe99bc2b184998019316dc14f8c
5
5
  SHA512:
6
- metadata.gz: 33aaea210f379f892377cead271631b5880503418451bc6fad71ea9a9c88b095cd3b8c2247f026852c42f1cbe0394a1fd5d1c5705e68606a6baea1d999f79aee
7
- data.tar.gz: 426dd9c9dff2d3ab618fe160a783e4a826d8531080da7b007a921ba802eb9d7d0e93361a04f478e0e9f593bff81184503eb5ec4b3da8d919dc8a64f564bb8cee
6
+ metadata.gz: 3abe1c916fca6d4f7d2a5580a3692849f9ccfd958ce221c9a9e605ef18bb5ceea890ba62cb19011b93b6bd0f293ea7919bf96ae42c974303ca3bfafd1f109328
7
+ data.tar.gz: 89463e1a79e362b6c23ea1697ffd63c6a7ca8b8704e82653cd1ecdfb11aa038381839b026cc62335a73fb0608d44788bd0de4439f99621bfb7ca19eaa2c81a7c
data/lib/dependabot/github_actions/file_parser.rb CHANGED
@@ -9,6 +9,7 @@ require "dependabot/errors"
9
9
 
10
10
  # For docs, see
11
11
  # https://help.github.com/en/articles/configuring-a-workflow#referencing-actions-in-your-workflow
12
+ # https://help.github.com/en/articles/workflow-syntax-for-github-actions#example-using-versioned-actions
12
13
  module Dependabot
13
14
  module GithubActions
14
15
  class FileParser < Dependabot::FileParsers::Base
data/lib/dependabot/github_actions/metadata_finder.rb CHANGED
@@ -11,7 +11,12 @@ module Dependabot
11
11
  def look_up_source
12
12
  info = dependency.requirements.map { |r| r[:source] }.compact.first
13
13
 
14
- url = info[:url] || info.fetch("url")
14
+ url =
15
+ if info.nil?
16
+ "https://github.com/#{dependency.name}"
17
+ else
18
+ info[:url] || info.fetch("url")
19
+ end
15
20
  Source.from_url(url)
16
21
  end
17
22
  end
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -63,13 +63,23 @@ module Dependabot
63
63
  return latest_tag.fetch(:commit_sha)
64
64
  end
65
65
 
66
+ # If the dependency is pinned to a commit SHA and the latest
67
+ # version-like tag includes that commit then we want to update to that
68
+ # version-like tag. We return a version (not a commit SHA) so that we
69
+ # get nice behaviour in PullRequestCreator::MessageBuilder
70
+ if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
71
+ (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
72
+ git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
73
+ return latest_tag.fetch(:version)
74
+ end
75
+
66
76
  # If the dependency is pinned to a tag that doesn't look like a
67
- # version then there's nothing we can do.
68
- #
69
- # TODO: Treat refs that look like SHAs differently
77
+ # version or a commit SHA then there's nothing we can do.
70
78
  dependency.version
71
79
  end
72
80
 
81
+ # rubocop:disable Metrics/CyclomaticComplexity
82
+ # rubocop:disable Metrics/PerceivedComplexity
73
83
  def updated_source
74
84
  # TODO: Support Docker sources
75
85
  return dependency_source_details unless git_dependency?
@@ -81,9 +91,18 @@ module Dependabot
81
91
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
82
92
  end
83
93
 
94
+ # Update the git tag if updating a pinned commit
95
+ if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
96
+ (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
97
+ git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
98
+ return dependency_source_details.merge(ref: latest_tag.fetch(:tag))
99
+ end
100
+
84
101
  # Otherwise return the original source
85
102
  dependency_source_details
86
103
  end
104
+ # rubocop:enable Metrics/CyclomaticComplexity
105
+ # rubocop:enable Metrics/PerceivedComplexity
87
106
 
88
107
  def dependency_source_details
89
108
  sources =
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.9
4
+ version: 0.112.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-21 00:00:00.000000000 Z
11
+ date: 2019-08-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.9
19
+ version: 0.112.10
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.9
26
+ version: 0.112.10
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement