dependabot-github_actions 0.112.4 → 0.112.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/update_checker.rb +13 -4
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e85c84d850fc9c8beecf6589294d6b24f251d7fc2ad8612ef975a6e7682598bd
4
- data.tar.gz: 6397fe222aa60d3cdad6757f38242e215574f601351caadc9dba4f173eb585fb
3
+ metadata.gz: 8e9052844f46abcef42fc7daf26a33f0758af5cc20497e915a8cc76d60f45c03
4
+ data.tar.gz: 14e9930e13a41655a57db54d4ecb3a6f4e57b22c1d45618a3de6afdaf80395f6
5
5
  SHA512:
6
- metadata.gz: 2f6c02d9727ab2ed9f6551f93a63de99b5123c369e452103249bfc749e92905244272661c2b268113399a7d8449702f6ad324ca55dbb6bcac5f3da3aed76b2da
7
- data.tar.gz: 5b53de497ca30c420701a89652a6cb15cbffb412dc0f34a43c05a191cab8364923c05fdc3f885450ac4cc8cd14bd7892858f46ad2e9fcf9e4631f34e8c98dcf5
6
+ metadata.gz: 14db58db4be4c809aa207b15a133930451c8a0d1b75d56e1d5b91119ad0309f365e59c609982fd438292aef09909e6eee4eee648eb4b67f328d6111e562c1e97
7
+ data.tar.gz: 2c09449ba87ecf7839db9c906aba1ab59ded7ba3562389b66e9f8b7f25c2f1efd148183c25f1f68e7996e88c81ef562235b9cd507fcb43a3fd13f2323f6d341e
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -24,6 +24,10 @@ module Dependabot
24
24
  end
25
25
 
26
26
  def updated_requirements
27
+ if updated_source == dependency_source_details
28
+ return dependency.requirements
29
+ end
30
+
27
31
  dependency.requirements.map { |req| req.merge(source: updated_source) }
28
32
  end
29
33
 
@@ -53,9 +57,10 @@ module Dependabot
53
57
  # If the dependency is pinned to a tag that looks like a version then
54
58
  # we want to update that tag. The latest version will then be the SHA
55
59
  # of the latest tag that looks like a version.
56
- if git_commit_checker.pinned_ref_looks_like_version?
60
+ if git_commit_checker.pinned_ref_looks_like_version? &&
61
+ git_commit_checker.local_tag_for_latest_version
57
62
  latest_tag = git_commit_checker.local_tag_for_latest_version
58
- return latest_tag&.fetch(:commit_sha) || dependency.version
63
+ return latest_tag.fetch(:commit_sha)
59
64
  end
60
65
 
61
66
  # If the dependency is pinned to a tag that doesn't look like a
@@ -71,8 +76,8 @@ module Dependabot
71
76
 
72
77
  # Update the git tag if updating a pinned version
73
78
  if git_commit_checker.pinned_ref_looks_like_version? &&
74
- git_commit_checker.local_tag_for_latest_version
75
- new_tag = git_commit_checker.local_tag_for_latest_version
79
+ (new_tag = git_commit_checker.local_tag_for_latest_version) &&
80
+ new_tag.fetch(:commit_sha) != current_commit
76
81
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
77
82
  end
78
83
 
@@ -98,6 +103,10 @@ module Dependabot
98
103
  sources.first
99
104
  end
100
105
 
106
+ def current_commit
107
+ git_commit_checker.head_commit_for_current_branch
108
+ end
109
+
101
110
  def git_dependency?
102
111
  git_commit_checker.git_dependency?
103
112
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.4
4
+ version: 0.112.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.4
19
+ version: 0.112.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.4
26
+ version: 0.112.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement