dependabot-github_actions 0.237.0 → 0.238.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_parser.rb +15 -13
  3. data/lib/dependabot/github_actions/update_checker.rb +2 -2
  4. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f21866075019c5a142acbc0f0c620a6bbfba50eb16a1bb59e37cd0474c0d88f
4
- data.tar.gz: 70fec17d129dff3814b61e810d6238985ac08ed59e2aa99319cb6ae3c5eba4b3
3
+ metadata.gz: 417a5dc780b5653b184e1b85bf500acba5f75527d0c6533b2d18a137aad5a1a6
4
+ data.tar.gz: d6162c2c02bf9c61ece051e9cc9c7df0af9037b0c0b10499fce246a685b00407
5
5
  SHA512:
6
- metadata.gz: c5eb1345d8690120321f69856e735d0aea769705105dc4168b2f007ea1ad97ed71b2c1c3e2df0ad1179d1c88327326b272e07ffe4e2fb55c305f70c14ee6957c
7
- data.tar.gz: bb5ea0c6225529c1c07f6c2ca88d11a7b038d852084450b097fa46df1331e2ad3addc890b0189039445882ee7639e553f6598e9c95db5624646ac6f0b11177f4
6
+ metadata.gz: 11f0acafb4b769b2e808b5447de805cbc5c62a4bbfc57b3ca869886c83fdd1124607d1406b5071a85e36953734186f5596cf6997cb96d3a3adc020dd11a112c2
7
+ data.tar.gz: 3cfdc22db82f2c0317709ed293fbb8f7ce941f3e5b38b58ea43f7e23cd59ac8db462fe154e7802924071483801e72c7a0b63433b21f594c7fdd38fbf6970b9e8
data/lib/dependabot/github_actions/file_parser.rb CHANGED
@@ -55,19 +55,21 @@ module Dependabot
55
55
  credentials: credentials,
56
56
  consider_version_branches_pinned: true
57
57
  )
58
- next unless git_checker.pinned?
59
-
60
- # If dep does not have an assigned (semver) version, look for a commit that references a semver tag
61
- unless dep.version
62
- resolved = git_checker.local_tag_for_pinned_sha
63
-
64
- if resolved && version_class.correct?(resolved)
65
- dep = Dependency.new(
66
- name: dep.name,
67
- version: version_class.new(resolved).to_s,
68
- requirements: dep.requirements,
69
- package_manager: dep.package_manager
70
- )
58
+ if git_checker.git_repo_reachable?
59
+ next unless git_checker.pinned?
60
+
61
+ # If dep does not have an assigned (semver) version, look for a commit that references a semver tag
62
+ unless dep.version
63
+ resolved = git_checker.version_for_pinned_sha
64
+
65
+ if resolved
66
+ dep = Dependency.new(
67
+ name: dep.name,
68
+ version: resolved.to_s,
69
+ requirements: dep.requirements,
70
+ package_manager: dep.package_manager
71
+ )
72
+ end
71
73
  end
72
74
  end
73
75
 
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -153,8 +153,7 @@ module Dependabot
153
153
 
154
154
  Dir.chdir(repo_contents_path) do
155
155
  ref_branch = find_container_branch(git_commit_checker.dependency_source_details[:ref])
156
-
157
- git_commit_checker.head_commit_for_local_branch(ref_branch)
156
+ git_commit_checker.head_commit_for_local_branch(ref_branch) if ref_branch
158
157
  end
159
158
  end
160
159
  end
@@ -254,6 +253,7 @@ module Dependabot
254
253
  "git branch --remotes --contains #{sha}",
255
254
  fingerprint: "git branch --remotes --contains <sha>"
256
255
  ).split("\n").map { |branch| branch.strip.gsub("origin/", "") }
256
+ return if branches_including_ref.empty?
257
257
 
258
258
  current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") }
259
259
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.237.0
4
+ version: 0.238.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-11-21 00:00:00.000000000 Z
11
+ date: 2023-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.237.0
19
+ version: 0.238.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.237.0
26
+ version: 0.238.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -227,7 +227,7 @@ licenses:
227
227
  - Nonstandard
228
228
  metadata:
229
229
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
230
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
230
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
231
231
  post_install_message:
232
232
  rdoc_options: []
233
233
  require_paths: