dependabot-github_actions 0.232.0 → 0.233.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/github_actions/file_updater.rb +18 -8
- data/lib/dependabot/github_actions/update_checker.rb +21 -11
- metadata +19 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43d431ad1f6f124ba6a4a8703ff0aa1bc588c29c9d1b809b47cff5e90db76e9d
|
4
|
+
data.tar.gz: 4e3c822a8100f3875234923e8752490c663fb01e4f074ea4b3a02321eac73bad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e165bc83afd8ec58a8fbaf67fe71ffb7829891eb0f83f921e4a11769715058d429b90d3c4256ffcebed5c0176ac499dff9a7c82b23b9db936661d3867213edb
|
7
|
+
data.tar.gz: 3754c5a99c3ff13b67978b2cd69c08790f3b4b544ceac91d9c936abfd37f3106caac7a45b8ee70ca31c9a2d2e4f3c5dfd2bb9e694307df0e4956320d513e40a1
|
@@ -60,10 +60,13 @@ module Dependabot
|
|
60
60
|
# TODO: Support updating Docker sources
|
61
61
|
next unless new_req.fetch(:source).fetch(:type) == "git"
|
62
62
|
|
63
|
+
old_ref = old_req.fetch(:source).fetch(:ref)
|
64
|
+
new_ref = new_req.fetch(:source).fetch(:ref)
|
65
|
+
|
63
66
|
old_declaration = old_req.fetch(:metadata).fetch(:declaration_string)
|
64
67
|
new_declaration =
|
65
68
|
old_declaration
|
66
|
-
.gsub(/@.*+/, "@#{
|
69
|
+
.gsub(/@.*+/, "@#{new_ref}")
|
67
70
|
|
68
71
|
# Replace the old declaration that's preceded by a non-word character
|
69
72
|
# and followed by a whitespace character (comments) or EOL.
|
@@ -79,7 +82,7 @@ module Dependabot
|
|
79
82
|
) do |match|
|
80
83
|
comment = Regexp.last_match(:comment)
|
81
84
|
match.gsub!(old_declaration, new_declaration)
|
82
|
-
if comment && (updated_comment = updated_version_comment(comment,
|
85
|
+
if comment && (updated_comment = updated_version_comment(comment, old_ref, new_ref))
|
83
86
|
match.gsub!(comment, updated_comment)
|
84
87
|
end
|
85
88
|
match
|
@@ -89,17 +92,24 @@ module Dependabot
|
|
89
92
|
updated_content
|
90
93
|
end
|
91
94
|
|
92
|
-
def updated_version_comment(comment,
|
95
|
+
def updated_version_comment(comment, old_ref, new_ref)
|
93
96
|
raise "No comment!" unless comment
|
94
97
|
|
95
98
|
comment = comment.rstrip
|
96
|
-
return unless dependency.previous_version && dependency.version
|
97
|
-
return unless comment.end_with? dependency.previous_version
|
98
|
-
|
99
99
|
git_checker = Dependabot::GitCommitChecker.new(dependency: dependency, credentials: credentials)
|
100
|
-
return unless git_checker.ref_looks_like_commit_sha?(
|
100
|
+
return unless git_checker.ref_looks_like_commit_sha?(old_ref)
|
101
|
+
|
102
|
+
previous_version_tag = git_checker.most_specific_version_tag_for_sha(old_ref)
|
103
|
+
previous_version = version_class.new(previous_version_tag).to_s
|
104
|
+
return unless comment.end_with? previous_version
|
105
|
+
|
106
|
+
new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
|
107
|
+
new_version = version_class.new(new_version_tag).to_s
|
108
|
+
comment.gsub(previous_version, new_version)
|
109
|
+
end
|
101
110
|
|
102
|
-
|
111
|
+
def version_class
|
112
|
+
GithubActions::Version
|
103
113
|
end
|
104
114
|
end
|
105
115
|
end
|
@@ -35,20 +35,21 @@ module Dependabot
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def updated_requirements
|
38
|
-
updated = updated_ref
|
39
|
-
|
40
38
|
dependency.requirements.map do |req|
|
39
|
+
source = req[:source]
|
40
|
+
updated = updated_ref(source)
|
41
41
|
next req unless updated
|
42
42
|
|
43
|
+
current = source[:ref]
|
44
|
+
|
43
45
|
# Maintain a short git hash only if it matches the latest
|
44
46
|
if req[:type] == "git" &&
|
45
|
-
|
46
|
-
|
47
|
-
updated.start_with?(
|
47
|
+
git_commit_checker.ref_looks_like_commit_sha?(updated) &&
|
48
|
+
git_commit_checker.ref_looks_like_commit_sha?(current) &&
|
49
|
+
updated.start_with?(current)
|
48
50
|
next req
|
49
51
|
end
|
50
52
|
|
51
|
-
source = req[:source]
|
52
53
|
new_source = source.merge(ref: updated)
|
53
54
|
req.merge(source: new_source)
|
54
55
|
end
|
@@ -172,7 +173,7 @@ module Dependabot
|
|
172
173
|
.select { |tag| tag.fetch(:version) > current_version }
|
173
174
|
end
|
174
175
|
|
175
|
-
def updated_ref
|
176
|
+
def updated_ref(source)
|
176
177
|
# TODO: Support Docker sources
|
177
178
|
return unless git_dependency?
|
178
179
|
|
@@ -181,14 +182,16 @@ module Dependabot
|
|
181
182
|
return new_tag.fetch(:tag)
|
182
183
|
end
|
183
184
|
|
185
|
+
source_git_commit_checker = git_commit_checker_for(source)
|
186
|
+
|
184
187
|
# Return the git tag if updating a pinned version
|
185
|
-
if
|
188
|
+
if source_git_commit_checker.pinned_ref_looks_like_version? &&
|
186
189
|
(new_tag = latest_version_tag)
|
187
190
|
return new_tag.fetch(:tag)
|
188
191
|
end
|
189
192
|
|
190
193
|
# Return the pinned git commit if one is available
|
191
|
-
if
|
194
|
+
if source_git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
192
195
|
(new_commit_sha = latest_commit_sha)
|
193
196
|
return new_commit_sha
|
194
197
|
end
|
@@ -217,12 +220,19 @@ module Dependabot
|
|
217
220
|
end
|
218
221
|
|
219
222
|
def git_commit_checker
|
220
|
-
@git_commit_checker ||=
|
223
|
+
@git_commit_checker ||= git_commit_checker_for(nil)
|
224
|
+
end
|
225
|
+
|
226
|
+
def git_commit_checker_for(source)
|
227
|
+
@git_commit_checkers ||= {}
|
228
|
+
|
229
|
+
@git_commit_checkers[source] ||= Dependabot::GitCommitChecker.new(
|
221
230
|
dependency: dependency,
|
222
231
|
credentials: credentials,
|
223
232
|
ignored_versions: ignored_versions,
|
224
233
|
raise_on_ignored: raise_on_ignored,
|
225
|
-
consider_version_branches_pinned: true
|
234
|
+
consider_version_branches_pinned: true,
|
235
|
+
dependency_source_details: source
|
226
236
|
)
|
227
237
|
end
|
228
238
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-github_actions
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.233.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-10-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.233.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.233.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -52,20 +52,6 @@ dependencies:
|
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '2.0'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: parallel_tests
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: 4.2.0
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: 4.2.0
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: rake
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -164,6 +150,20 @@ dependencies:
|
|
164
150
|
- - "~>"
|
165
151
|
- !ruby/object:Gem::Version
|
166
152
|
version: 0.2.16
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: turbo_tests
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 2.2.0
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: 2.2.0
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: vcr
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -213,7 +213,7 @@ licenses:
|
|
213
213
|
- Nonstandard
|
214
214
|
metadata:
|
215
215
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
216
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
216
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
|
217
217
|
post_install_message:
|
218
218
|
rdoc_options: []
|
219
219
|
require_paths:
|