dependabot-github_actions 0.232.0 → 0.233.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/github_actions/file_updater.rb +18 -8
- data/lib/dependabot/github_actions/update_checker.rb +21 -11
- metadata +19 -19
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43d431ad1f6f124ba6a4a8703ff0aa1bc588c29c9d1b809b47cff5e90db76e9d
|
|
4
|
+
data.tar.gz: 4e3c822a8100f3875234923e8752490c663fb01e4f074ea4b3a02321eac73bad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8e165bc83afd8ec58a8fbaf67fe71ffb7829891eb0f83f921e4a11769715058d429b90d3c4256ffcebed5c0176ac499dff9a7c82b23b9db936661d3867213edb
|
|
7
|
+
data.tar.gz: 3754c5a99c3ff13b67978b2cd69c08790f3b4b544ceac91d9c936abfd37f3106caac7a45b8ee70ca31c9a2d2e4f3c5dfd2bb9e694307df0e4956320d513e40a1
|
|
@@ -60,10 +60,13 @@ module Dependabot
|
|
|
60
60
|
# TODO: Support updating Docker sources
|
|
61
61
|
next unless new_req.fetch(:source).fetch(:type) == "git"
|
|
62
62
|
|
|
63
|
+
old_ref = old_req.fetch(:source).fetch(:ref)
|
|
64
|
+
new_ref = new_req.fetch(:source).fetch(:ref)
|
|
65
|
+
|
|
63
66
|
old_declaration = old_req.fetch(:metadata).fetch(:declaration_string)
|
|
64
67
|
new_declaration =
|
|
65
68
|
old_declaration
|
|
66
|
-
.gsub(/@.*+/, "@#{
|
|
69
|
+
.gsub(/@.*+/, "@#{new_ref}")
|
|
67
70
|
|
|
68
71
|
# Replace the old declaration that's preceded by a non-word character
|
|
69
72
|
# and followed by a whitespace character (comments) or EOL.
|
|
@@ -79,7 +82,7 @@ module Dependabot
|
|
|
79
82
|
) do |match|
|
|
80
83
|
comment = Regexp.last_match(:comment)
|
|
81
84
|
match.gsub!(old_declaration, new_declaration)
|
|
82
|
-
if comment && (updated_comment = updated_version_comment(comment,
|
|
85
|
+
if comment && (updated_comment = updated_version_comment(comment, old_ref, new_ref))
|
|
83
86
|
match.gsub!(comment, updated_comment)
|
|
84
87
|
end
|
|
85
88
|
match
|
|
@@ -89,17 +92,24 @@ module Dependabot
|
|
|
89
92
|
updated_content
|
|
90
93
|
end
|
|
91
94
|
|
|
92
|
-
def updated_version_comment(comment,
|
|
95
|
+
def updated_version_comment(comment, old_ref, new_ref)
|
|
93
96
|
raise "No comment!" unless comment
|
|
94
97
|
|
|
95
98
|
comment = comment.rstrip
|
|
96
|
-
return unless dependency.previous_version && dependency.version
|
|
97
|
-
return unless comment.end_with? dependency.previous_version
|
|
98
|
-
|
|
99
99
|
git_checker = Dependabot::GitCommitChecker.new(dependency: dependency, credentials: credentials)
|
|
100
|
-
return unless git_checker.ref_looks_like_commit_sha?(
|
|
100
|
+
return unless git_checker.ref_looks_like_commit_sha?(old_ref)
|
|
101
|
+
|
|
102
|
+
previous_version_tag = git_checker.most_specific_version_tag_for_sha(old_ref)
|
|
103
|
+
previous_version = version_class.new(previous_version_tag).to_s
|
|
104
|
+
return unless comment.end_with? previous_version
|
|
105
|
+
|
|
106
|
+
new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
|
|
107
|
+
new_version = version_class.new(new_version_tag).to_s
|
|
108
|
+
comment.gsub(previous_version, new_version)
|
|
109
|
+
end
|
|
101
110
|
|
|
102
|
-
|
|
111
|
+
def version_class
|
|
112
|
+
GithubActions::Version
|
|
103
113
|
end
|
|
104
114
|
end
|
|
105
115
|
end
|
|
@@ -35,20 +35,21 @@ module Dependabot
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
def updated_requirements
|
|
38
|
-
updated = updated_ref
|
|
39
|
-
|
|
40
38
|
dependency.requirements.map do |req|
|
|
39
|
+
source = req[:source]
|
|
40
|
+
updated = updated_ref(source)
|
|
41
41
|
next req unless updated
|
|
42
42
|
|
|
43
|
+
current = source[:ref]
|
|
44
|
+
|
|
43
45
|
# Maintain a short git hash only if it matches the latest
|
|
44
46
|
if req[:type] == "git" &&
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
updated.start_with?(
|
|
47
|
+
git_commit_checker.ref_looks_like_commit_sha?(updated) &&
|
|
48
|
+
git_commit_checker.ref_looks_like_commit_sha?(current) &&
|
|
49
|
+
updated.start_with?(current)
|
|
48
50
|
next req
|
|
49
51
|
end
|
|
50
52
|
|
|
51
|
-
source = req[:source]
|
|
52
53
|
new_source = source.merge(ref: updated)
|
|
53
54
|
req.merge(source: new_source)
|
|
54
55
|
end
|
|
@@ -172,7 +173,7 @@ module Dependabot
|
|
|
172
173
|
.select { |tag| tag.fetch(:version) > current_version }
|
|
173
174
|
end
|
|
174
175
|
|
|
175
|
-
def updated_ref
|
|
176
|
+
def updated_ref(source)
|
|
176
177
|
# TODO: Support Docker sources
|
|
177
178
|
return unless git_dependency?
|
|
178
179
|
|
|
@@ -181,14 +182,16 @@ module Dependabot
|
|
|
181
182
|
return new_tag.fetch(:tag)
|
|
182
183
|
end
|
|
183
184
|
|
|
185
|
+
source_git_commit_checker = git_commit_checker_for(source)
|
|
186
|
+
|
|
184
187
|
# Return the git tag if updating a pinned version
|
|
185
|
-
if
|
|
188
|
+
if source_git_commit_checker.pinned_ref_looks_like_version? &&
|
|
186
189
|
(new_tag = latest_version_tag)
|
|
187
190
|
return new_tag.fetch(:tag)
|
|
188
191
|
end
|
|
189
192
|
|
|
190
193
|
# Return the pinned git commit if one is available
|
|
191
|
-
if
|
|
194
|
+
if source_git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
|
192
195
|
(new_commit_sha = latest_commit_sha)
|
|
193
196
|
return new_commit_sha
|
|
194
197
|
end
|
|
@@ -217,12 +220,19 @@ module Dependabot
|
|
|
217
220
|
end
|
|
218
221
|
|
|
219
222
|
def git_commit_checker
|
|
220
|
-
@git_commit_checker ||=
|
|
223
|
+
@git_commit_checker ||= git_commit_checker_for(nil)
|
|
224
|
+
end
|
|
225
|
+
|
|
226
|
+
def git_commit_checker_for(source)
|
|
227
|
+
@git_commit_checkers ||= {}
|
|
228
|
+
|
|
229
|
+
@git_commit_checkers[source] ||= Dependabot::GitCommitChecker.new(
|
|
221
230
|
dependency: dependency,
|
|
222
231
|
credentials: credentials,
|
|
223
232
|
ignored_versions: ignored_versions,
|
|
224
233
|
raise_on_ignored: raise_on_ignored,
|
|
225
|
-
consider_version_branches_pinned: true
|
|
234
|
+
consider_version_branches_pinned: true,
|
|
235
|
+
dependency_source_details: source
|
|
226
236
|
)
|
|
227
237
|
end
|
|
228
238
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.233.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.233.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.233.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -52,20 +52,6 @@ dependencies:
|
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '2.0'
|
|
55
|
-
- !ruby/object:Gem::Dependency
|
|
56
|
-
name: parallel_tests
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
58
|
-
requirements:
|
|
59
|
-
- - "~>"
|
|
60
|
-
- !ruby/object:Gem::Version
|
|
61
|
-
version: 4.2.0
|
|
62
|
-
type: :development
|
|
63
|
-
prerelease: false
|
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
-
requirements:
|
|
66
|
-
- - "~>"
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: 4.2.0
|
|
69
55
|
- !ruby/object:Gem::Dependency
|
|
70
56
|
name: rake
|
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -164,6 +150,20 @@ dependencies:
|
|
|
164
150
|
- - "~>"
|
|
165
151
|
- !ruby/object:Gem::Version
|
|
166
152
|
version: 0.2.16
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: turbo_tests
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: 2.2.0
|
|
160
|
+
type: :development
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 2.2.0
|
|
167
167
|
- !ruby/object:Gem::Dependency
|
|
168
168
|
name: vcr
|
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -213,7 +213,7 @@ licenses:
|
|
|
213
213
|
- Nonstandard
|
|
214
214
|
metadata:
|
|
215
215
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
216
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
216
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
|
|
217
217
|
post_install_message:
|
|
218
218
|
rdoc_options: []
|
|
219
219
|
require_paths:
|