dependabot-github_actions 0.145.3 → 0.145.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c3c7de59ab732fb81989d7a28ccbf7d6bea8585b8c5fa4b16eb13085a85e0d5
|
|
4
|
+
data.tar.gz: cf4067fc2b77ddb0dc3123202f3a5dc6470db958bd16fd6c84d6e0ffcc2f66ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 35095faa81cf2c3f4b7e6fbbe7e82413d3cb8484a2455ebbf3473f4e81c7c456f9b3bf3228e6dad70f8ebaeb53563211ce8ff315434b30db0ca41c286e88b700
|
|
7
|
+
data.tar.gz: 1f8433788bdabefd1608fb7c7efa85f6da14875289d742e290eeb685ed68184ac5c8f98aa00e819fb8d0562e59f3b82af7dc03077fbe24780134f4c847aecfbc
|
|
@@ -30,6 +30,7 @@ module Dependabot
|
|
|
30
30
|
dependency_set += workfile_file_dependencies(file)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
resolve_git_tags(dependency_set)
|
|
33
34
|
dependency_set.dependencies
|
|
34
35
|
end
|
|
35
36
|
|
|
@@ -56,16 +57,18 @@ module Dependabot
|
|
|
56
57
|
name = "#{details.fetch('owner')}/#{details.fetch('repo')}"
|
|
57
58
|
url = "https://github.com/#{name}"
|
|
58
59
|
|
|
60
|
+
ref = details.fetch("ref")
|
|
61
|
+
version = version_class.new(ref).to_s if version_class.correct?(ref)
|
|
59
62
|
Dependency.new(
|
|
60
63
|
name: name,
|
|
61
|
-
version:
|
|
64
|
+
version: version,
|
|
62
65
|
requirements: [{
|
|
63
66
|
requirement: nil,
|
|
64
67
|
groups: [],
|
|
65
68
|
source: {
|
|
66
69
|
type: "git",
|
|
67
70
|
url: url,
|
|
68
|
-
ref:
|
|
71
|
+
ref: ref,
|
|
69
72
|
branch: nil
|
|
70
73
|
},
|
|
71
74
|
file: file.name,
|
|
@@ -83,6 +86,25 @@ module Dependabot
|
|
|
83
86
|
end
|
|
84
87
|
end
|
|
85
88
|
|
|
89
|
+
def resolve_git_tags(dependency_set)
|
|
90
|
+
# Find deps that do not have an assigned (semver) version, but pin a commit that references a semver tag
|
|
91
|
+
resolved = dependency_set.dependencies.map do |dep|
|
|
92
|
+
next unless dep.version.nil?
|
|
93
|
+
|
|
94
|
+
git_checker = Dependabot::GitCommitChecker.new(dependency: dep, credentials: credentials)
|
|
95
|
+
next unless git_checker.pinned_ref_looks_like_commit_sha?
|
|
96
|
+
|
|
97
|
+
resolved = git_checker.local_tag_for_pinned_version
|
|
98
|
+
next if resolved.nil? || !version_class.correct?(resolved)
|
|
99
|
+
|
|
100
|
+
# Build a Dependency with the resolved version, and rely on DependencySet's merge
|
|
101
|
+
Dependency.new(name: dep.name, version: version_class.new(resolved).to_s,
|
|
102
|
+
package_manager: dep.package_manager, requirements: [])
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
resolved.compact.each { |dep| dependency_set << dep }
|
|
106
|
+
end
|
|
107
|
+
|
|
86
108
|
def deep_fetch_uses_from_hash(json_object)
|
|
87
109
|
steps = json_object.fetch("steps", [])
|
|
88
110
|
|
|
@@ -111,6 +133,10 @@ module Dependabot
|
|
|
111
133
|
|
|
112
134
|
raise "No workflow files!"
|
|
113
135
|
end
|
|
136
|
+
|
|
137
|
+
def version_class
|
|
138
|
+
GithubActions::Version
|
|
139
|
+
end
|
|
114
140
|
end
|
|
115
141
|
end
|
|
116
142
|
end
|
|
@@ -62,12 +62,12 @@ module Dependabot
|
|
|
62
62
|
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
|
|
63
63
|
|
|
64
64
|
# If the dependency is pinned to a tag that looks like a version then
|
|
65
|
-
# we want to update that tag.
|
|
66
|
-
|
|
65
|
+
# we want to update that tag.
|
|
66
|
+
|
|
67
67
|
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
68
68
|
git_commit_checker.local_tag_for_latest_version
|
|
69
69
|
latest_tag = git_commit_checker.local_tag_for_latest_version
|
|
70
|
-
return latest_tag.fetch(:
|
|
70
|
+
return latest_tag.fetch(:version)
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
# If the dependency is pinned to a commit SHA and the latest
|
|
@@ -5,6 +5,21 @@ require "dependabot/utils"
|
|
|
5
5
|
module Dependabot
|
|
6
6
|
module GithubActions
|
|
7
7
|
class Version < Gem::Version
|
|
8
|
+
def initialize(version)
|
|
9
|
+
version = Version.remove_leading_v(version)
|
|
10
|
+
super
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.remove_leading_v(version)
|
|
14
|
+
return version unless version.to_s.match?(/\Av([0-9])/)
|
|
15
|
+
|
|
16
|
+
version.to_s.gsub(/\Av/, "")
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.correct?(version)
|
|
20
|
+
version = Version.remove_leading_v(version)
|
|
21
|
+
super
|
|
22
|
+
end
|
|
8
23
|
end
|
|
9
24
|
end
|
|
10
25
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.145.
|
|
4
|
+
version: 0.145.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.145.
|
|
19
|
+
version: 0.145.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.145.
|
|
26
|
+
version: 0.145.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|