dependabot-github_actions 0.211.0 → 0.212.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_parser.rb +1 -1
  3. data/lib/dependabot/github_actions/metadata_finder.rb +1 -1
  4. data/lib/dependabot/github_actions/update_checker.rb +46 -10
  5. data/lib/dependabot/github_actions/version.rb +1 -1
  6. data/lib/dependabot/github_actions.rb +3 -0
  7. metadata +22 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a755f2e216dc49388866fbceae4209313b2272d243691b331793313ab8842b8
4
- data.tar.gz: 15b4dec7f68b942709c3c260ffaeea6dd3fad49bf90e88b4189fca41da4bdc9e
3
+ metadata.gz: b99470ea707631aca82d807b49067151dfcae50d66c60edc46d745c9616a0d74
4
+ data.tar.gz: 199d27e6b67a81fe6f6728ab6a88800851788388b419b0b2df1ca6568c38b71b
5
5
  SHA512:
6
- metadata.gz: 775c9fdb7b9090cd939ac0f23610403abe2cfd6da3bf8f602f2e5069d83ce532d68546af2571d31725b50c8736bfa966aeb363f160c4e1fddd224337fe021b53
7
- data.tar.gz: c972c2410a628a3a1a83c114652096a1112bd1e0aa830cbed9302a79322e4728b6a2a5d351bce5f224cea9e88dfa3719d5e9953d44f44d3f9e45f2978fb65355
6
+ metadata.gz: 3a39a5301c8164912dca155d1f76237ee7023c332dd39d1aee61f9d57bfb222e8b67f41604a25806f9aca6bd8862bcbeff21243e54a3afac416e9027afd42ae1
7
+ data.tar.gz: 9ea44575276134e6b20f23ac77db0d91b6e2b7d5bba7f52006ed7715cd6864825e53933ae9559bfeb3d2e317c2e8b652d3709247ea203f14e635fc047fdb939f
data/lib/dependabot/github_actions/file_parser.rb CHANGED
@@ -109,7 +109,7 @@ module Dependabot
109
109
  steps = json_object.fetch("steps", [])
110
110
 
111
111
  uses_strings =
112
- if steps.is_a?(Array) && steps.all? { |s| s.is_a?(Hash) }
112
+ if steps.is_a?(Array) && steps.all?(Hash)
113
113
  steps.
114
114
  map { |step| step.fetch("uses", nil) }.
115
115
  select { |use| use.is_a?(String) }
data/lib/dependabot/github_actions/metadata_finder.rb CHANGED
@@ -9,7 +9,7 @@ module Dependabot
9
9
  private
10
10
 
11
11
  def look_up_source
12
- info = dependency.requirements.map { |r| r[:source] }.compact.first
12
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
13
13
 
14
14
  url =
15
15
  if info.nil?
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -59,7 +59,7 @@ module Dependabot
59
59
  end
60
60
 
61
61
  def fetch_latest_version_for_git_dependency
62
- return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
62
+ return current_commit unless git_commit_checker.pinned?
63
63
 
64
64
  # If the dependency is pinned to a tag that looks like a version then
65
65
  # we want to update that tag.
@@ -70,11 +70,11 @@ module Dependabot
70
70
  return latest_version
71
71
  end
72
72
 
73
- # If the dependency is pinned to a commit SHA, we return a *version* so
74
- # that we get nice behaviour in PullRequestCreator::MessageBuilder
75
- if git_commit_checker.pinned_ref_looks_like_commit_sha?
76
- latest_tag = git_commit_checker.local_tag_for_latest_version
77
- return latest_tag.fetch(:version)
73
+ if git_commit_checker.pinned_ref_looks_like_commit_sha? && latest_version_tag
74
+ latest_version = latest_version_tag.fetch(:version)
75
+ return latest_commit_for_pinned_ref unless git_commit_checker.branch_or_ref_in_release?(latest_version)
76
+
77
+ return latest_version
78
78
  end
79
79
 
80
80
  # If the dependency is pinned to a tag that doesn't look like a
@@ -82,6 +82,15 @@ module Dependabot
82
82
  nil
83
83
  end
84
84
 
85
+ def latest_commit_for_pinned_ref
86
+ @latest_commit_for_pinned_ref ||=
87
+ SharedHelpers.in_a_temporary_repo_directory("/", repo_contents_path) do
88
+ ref_branch = find_container_branch(current_commit)
89
+
90
+ git_commit_checker.head_commit_for_local_branch(ref_branch)
91
+ end
92
+ end
93
+
85
94
  def latest_version_tag
86
95
  @latest_version_tag ||= begin
87
96
  return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
@@ -119,18 +128,28 @@ module Dependabot
119
128
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
120
129
  end
121
130
 
122
- latest_tag = git_commit_checker.local_tag_for_latest_version
123
-
124
131
  # Update the pinned git commit if one is available
125
132
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
126
- latest_tag.fetch(:commit_sha) != current_commit
127
- return dependency_source_details.merge(ref: latest_tag.fetch(:commit_sha))
133
+ (new_commit_sha = latest_commit_sha) &&
134
+ new_commit_sha != current_commit
135
+ return dependency_source_details.merge(ref: new_commit_sha)
128
136
  end
129
137
 
130
138
  # Otherwise return the original source
131
139
  dependency_source_details
132
140
  end
133
141
 
142
+ def latest_commit_sha
143
+ new_tag = latest_version_tag
144
+ return unless new_tag
145
+
146
+ if git_commit_checker.branch_or_ref_in_release?(new_tag.fetch(:version))
147
+ new_tag.fetch(:commit_sha)
148
+ else
149
+ latest_commit_for_pinned_ref
150
+ end
151
+ end
152
+
134
153
  def dependency_source_details
135
154
  sources =
136
155
  dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
@@ -180,6 +199,23 @@ module Dependabot
180
199
 
181
200
  shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
182
201
  end
202
+
203
+ def find_container_branch(sha)
204
+ SharedHelpers.run_shell_command("git fetch #{current_commit}")
205
+
206
+ branches_including_ref = SharedHelpers.run_shell_command("git branch --contains #{sha}").split("\n")
207
+
208
+ current_branch = branches_including_ref.find { |line| line.start_with?("* ") }
209
+
210
+ if current_branch
211
+ current_branch.delete_prefix("* ")
212
+ elsif branches_including_ref.size > 1
213
+ # If there are multiple non default branches including the pinned SHA, then it's unclear how we should proceed
214
+ raise "Multiple ambiguous branches (#{branches_including_ref.join(', ')}) include #{current_commit}!"
215
+ else
216
+ branches_including_ref.first
217
+ end
218
+ end
183
219
  end
184
220
  end
185
221
  end
data/lib/dependabot/github_actions/version.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  def self.remove_leading_v(version)
14
14
  return version unless version.to_s.match?(/\Av([0-9])/)
15
15
 
16
- version.to_s.gsub(/\Av/, "")
16
+ version.to_s.delete_prefix("v")
17
17
  end
18
18
 
19
19
  def self.correct?(version)
data/lib/dependabot/github_actions.rb CHANGED
@@ -22,3 +22,6 @@ Dependabot::PullRequestCreator::Labeler.
22
22
  require "dependabot/dependency"
23
23
  Dependabot::Dependency.
24
24
  register_production_check("github_actions", ->(_) { true })
25
+
26
+ require "dependabot/utils"
27
+ Dependabot::Utils.register_always_clone("github_actions")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.212.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.212.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
26
+ version: 0.212.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 3.11.1
89
+ version: 3.12.0
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 3.11.1
96
+ version: 3.12.0
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: rake
99
99
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,28 @@ dependencies:
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 1.35.1
145
+ version: 1.36.0
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 1.35.1
152
+ version: 1.36.0
153
+ - !ruby/object:Gem::Dependency
154
+ name: rubocop-performance
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: 1.14.2
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: 1.14.2
153
167
  - !ruby/object:Gem::Dependency
154
168
  name: ruby-debug-ide
155
169
  requirement: !ruby/object:Gem::Requirement