dependabot-github_actions 0.334.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/constants.rb +9 -6
  3. data/lib/dependabot/github_actions/helpers.rb +11 -3
  4. data/lib/dependabot/github_actions/package/package_details_fetcher.rb +19 -8
  5. data/lib/dependabot/github_actions/requirement.rb +1 -1
  6. data/lib/dependabot/github_actions/update_checker/latest_version_finder.rb +44 -21
  7. data/lib/dependabot/github_actions/update_checker.rb +20 -13
  8. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a30ffe20a5ff5930f825aeadc4b85d92fde84ea8ed1cb9cc13b99f92c960c163
4
- data.tar.gz: 795c7319aa4b49d96e7907740c08149922377bca1887b717c57b2157d6c3da37
3
+ metadata.gz: 54425da96bddcc5836410b503d5378ada9e00a5620a342f7d80688476c4a654d
4
+ data.tar.gz: b31caaf2566746cc79ca57476a781c79c47836afb85484050c97f436ac8e87ca
5
5
  SHA512:
6
- metadata.gz: 0ee35e82d1ea1bae1c852130672255480d1a3c00bb0de51583a5557d838a01bfad658e5ca68fa4f2bbadc094a55aa358a3efb9034b59d0bb6cfc8e79ab0384d9
7
- data.tar.gz: 0fedb41c0b4cb69e95d1fd51ca9d63a8e935f967a778b60f132260823b17c751c5b4c34c2b79f18d600f9a7a98fce701e1f5c3afd1d72417972249cfd25fa0fd
6
+ metadata.gz: cef090fa412ba9f0f03b21133225ecafa67c3b35de7a444e88db2bcb1466076cfa2e3127b4fa6ddf49b3bea91ef4781bc2106a5c5d43f81d6809d9b11bc9b809
7
+ data.tar.gz: 3fce0cde059328dc96b68a25221cbd76c6b2df119c8053db73a13eca62260b1e4d20b0dbe5d2c663ae22669f77f71840bcfb2d9957017dd3f7c0cc8998c2a51f
data/lib/dependabot/github_actions/constants.rb CHANGED
@@ -7,12 +7,15 @@ module Dependabot
7
7
  GITHUB_COM = T.let("github.com", String)
8
8
 
9
9
  # Regular expression to match a GitHub repository reference
10
- GITHUB_REPO_REFERENCE = T.let(%r{
11
- ^(?<owner>[\w.-]+)/
12
- (?<repo>[\w.-]+)
13
- (?<path>/[^\@]+)?
14
- @(?<ref>.+)
15
- }x, Regexp)
10
+ GITHUB_REPO_REFERENCE = T.let(
11
+ %r{
12
+ ^(?<owner>[\w.-]+)/
13
+ (?<repo>[\w.-]+)
14
+ (?<path>/[^\@]+)?
15
+ @(?<ref>.+)
16
+ }x,
17
+ Regexp
18
+ )
16
19
 
17
20
  # Matches .yml or .yaml files in the .github/workflows directories
18
21
  WORKFLOW_YAML_REGEX = %r{\.github/workflows/.+\.ya?ml$}
data/lib/dependabot/github_actions/helpers.rb CHANGED
@@ -30,9 +30,14 @@ module Dependabot
30
30
  )
31
31
  .void
32
32
  end
33
- def initialize(dependency:, credentials:,
34
- ignored_versions: [], raise_on_ignored: false,
35
- consider_version_branches_pinned: false, dependency_source_details: nil)
33
+ def initialize(
34
+ dependency:,
35
+ credentials:,
36
+ ignored_versions: [],
37
+ raise_on_ignored: false,
38
+ consider_version_branches_pinned: false,
39
+ dependency_source_details: nil
40
+ )
36
41
  @dependency = dependency
37
42
  @credentials = credentials
38
43
  @ignored_versions = ignored_versions
@@ -43,10 +48,13 @@ module Dependabot
43
48
 
44
49
  sig { returns(Dependabot::Dependency) }
45
50
  attr_reader :dependency
51
+
46
52
  sig { returns(T::Array[Dependabot::Credential]) }
47
53
  attr_reader :credentials
54
+
48
55
  sig { returns(T::Array[String]) }
49
56
  attr_reader :ignored_versions
57
+
50
58
  sig { returns(T::Boolean) }
51
59
  attr_reader :raise_on_ignored
52
60
 
data/lib/dependabot/github_actions/package/package_details_fetcher.rb CHANGED
@@ -32,11 +32,13 @@ module Dependabot
32
32
  security_advisories: T::Array[Dependabot::SecurityAdvisory]
33
33
  ).void
34
34
  end
35
- def initialize(dependency:,
36
- credentials:,
37
- ignored_versions: [],
38
- raise_on_ignored: false,
39
- security_advisories: [])
35
+ def initialize(
36
+ dependency:,
37
+ credentials:,
38
+ ignored_versions: [],
39
+ raise_on_ignored: false,
40
+ security_advisories: []
41
+ )
40
42
  @dependency = dependency
41
43
  @credentials = credentials
42
44
  @raise_on_ignored = raise_on_ignored
@@ -48,12 +50,16 @@ module Dependabot
48
50
 
49
51
  sig { returns(Dependabot::Dependency) }
50
52
  attr_reader :dependency
53
+
51
54
  sig { returns(T::Array[Dependabot::Credential]) }
52
55
  attr_reader :credentials
56
+
53
57
  sig { returns(T::Array[String]) }
54
58
  attr_reader :ignored_versions
59
+
55
60
  sig { returns(T::Boolean) }
56
61
  attr_reader :raise_on_ignored
62
+
57
63
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
58
64
  attr_reader :security_advisories
59
65
 
@@ -227,9 +233,14 @@ module Dependabot
227
233
 
228
234
  sig { returns(Dependabot::GithubActions::Helpers::Githelper) }
229
235
  def git_helper
230
- Helpers::Githelper.new(dependency: dependency, credentials: credentials,
231
- ignored_versions: ignored_versions, raise_on_ignored: raise_on_ignored,
232
- consider_version_branches_pinned: false, dependency_source_details: nil)
236
+ Helpers::Githelper.new(
237
+ dependency: dependency,
238
+ credentials: credentials,
239
+ ignored_versions: ignored_versions,
240
+ raise_on_ignored: raise_on_ignored,
241
+ consider_version_branches_pinned: false,
242
+ dependency_source_details: nil
243
+ )
233
244
  end
234
245
  end
235
246
  end
data/lib/dependabot/github_actions/requirement.rb CHANGED
@@ -11,7 +11,7 @@ module Dependabot
11
11
  module GithubActions
12
12
  # Lifted from the bundler package manager
13
13
  class Requirement < Dependabot::Requirement
14
- extend T:: Sig
14
+ extend T::Sig
15
15
 
16
16
  # For consistency with other languages, we define a requirements array.
17
17
  # Ruby doesn't have an `OR` separator for requirements, so it always
data/lib/dependabot/github_actions/update_checker/latest_version_finder.rb CHANGED
@@ -57,14 +57,19 @@ module Dependabot
57
57
 
58
58
  sig { returns(Dependabot::Dependency) }
59
59
  attr_reader :dependency
60
+
60
61
  sig { returns(T::Array[Dependabot::Credential]) }
61
62
  attr_reader :credentials
63
+
62
64
  sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
63
65
  attr_reader :cooldown_options
66
+
64
67
  sig { returns(T::Array[String]) }
65
68
  attr_reader :ignored_versions
69
+
66
70
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
67
71
  attr_reader :security_advisories
72
+
68
73
  sig { returns(T::Boolean) }
69
74
  attr_reader :raise_on_ignored
70
75
 
@@ -101,32 +106,41 @@ module Dependabot
101
106
 
102
107
  sig { returns(T.nilable(Dependabot::GithubActions::Package::PackageDetailsFetcher)) }
103
108
  def package_details_fetcher
104
- @package_details_fetcher = T.let(Dependabot::GithubActions::Package::PackageDetailsFetcher
105
- .new(
106
- dependency: dependency,
107
- credentials: credentials,
108
- ignored_versions: ignored_versions,
109
- raise_on_ignored: raise_on_ignored,
110
- security_advisories: security_advisories
111
- ), T.nilable(Dependabot::GithubActions::Package::PackageDetailsFetcher))
109
+ @package_details_fetcher = T.let(
110
+ Dependabot::GithubActions::Package::PackageDetailsFetcher
111
+ .new(
112
+ dependency: dependency,
113
+ credentials: credentials,
114
+ ignored_versions: ignored_versions,
115
+ raise_on_ignored: raise_on_ignored,
116
+ security_advisories: security_advisories
117
+ ),
118
+ T.nilable(Dependabot::GithubActions::Package::PackageDetailsFetcher)
119
+ )
112
120
  end
113
121
 
114
122
  sig { returns(T.nilable(T.any(Dependabot::Version, String))) }
115
123
  def available_release
116
- @available_release = T.let(T.must(package_details_fetcher).release_list_for_git_dependency,
117
- T.nilable(T.any(Dependabot::Version, String)))
124
+ @available_release = T.let(
125
+ T.must(package_details_fetcher).release_list_for_git_dependency,
126
+ T.nilable(T.any(Dependabot::Version, String))
127
+ )
118
128
  end
119
129
 
120
130
  sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
121
131
  def available_security_fix_releases
122
- @available_security_fix_releases = T.let(T.must(package_details_fetcher).lowest_security_fix_version_tag,
123
- T.nilable(T::Hash[Symbol, T.untyped]))
132
+ @available_security_fix_releases = T.let(
133
+ T.must(package_details_fetcher).lowest_security_fix_version_tag,
134
+ T.nilable(T::Hash[Symbol, T.untyped])
135
+ )
124
136
  end
125
137
 
126
138
  sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
127
139
  def available_latest_version_tag
128
- @latest_version_tag = T.let(T.must(package_details_fetcher).latest_version_tag,
129
- T.nilable(T::Hash[Symbol, T.untyped]))
140
+ @latest_version_tag = T.let(
141
+ T.must(package_details_fetcher).latest_version_tag,
142
+ T.nilable(T::Hash[Symbol, T.untyped])
143
+ )
130
144
  end
131
145
 
132
146
  sig { override.returns(T::Boolean) }
@@ -170,8 +184,10 @@ module Dependabot
170
184
 
171
185
  SharedHelpers.run_shell_command("git clone --bare --no-recurse-submodules #{url} #{repo_contents_path}")
172
186
  Dir.chdir(repo_contents_path) do
173
- date = SharedHelpers.run_shell_command("git show --no-patch --format=\"%cd\" " \
174
- "--date=iso #{commit_ref}")
187
+ date = SharedHelpers.run_shell_command(
188
+ "git show --no-patch --format=\"%cd\" " \
189
+ "--date=iso #{commit_ref}"
190
+ )
175
191
  Dependabot.logger.info("Found release date : #{Time.parse(date)}")
176
192
  return date
177
193
  end
@@ -195,8 +211,10 @@ module Dependabot
195
211
  days = T.must(cooldown).default_days
196
212
  passed_seconds = Time.now.to_i - release_date.to_i
197
213
 
198
- Dependabot.logger.info("Days since release : #{passed_seconds / (3600 * 24)} " \
199
- "(cooldown days #{T.must(cooldown_options).default_days})")
214
+ Dependabot.logger.info(
215
+ "Days since release : #{passed_seconds / (3600 * 24)} " \
216
+ "(cooldown days #{T.must(cooldown_options).default_days})"
217
+ )
200
218
 
201
219
  passed_seconds < days * DAY_IN_SECONDS
202
220
  end
@@ -220,9 +238,14 @@ module Dependabot
220
238
 
221
239
  sig { returns(Dependabot::GithubActions::Helpers::Githelper) }
222
240
  def git_helper
223
- Helpers::Githelper.new(dependency: dependency, credentials: credentials,
224
- ignored_versions: ignored_versions, raise_on_ignored: raise_on_ignored,
225
- consider_version_branches_pinned: false, dependency_source_details: nil)
241
+ Helpers::Githelper.new(
242
+ dependency: dependency,
243
+ credentials: credentials,
244
+ ignored_versions: ignored_versions,
245
+ raise_on_ignored: raise_on_ignored,
246
+ consider_version_branches_pinned: false,
247
+ dependency_source_details: nil
248
+ )
226
249
  end
227
250
  end
228
251
  end
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -79,16 +79,18 @@ module Dependabot
79
79
  sig { returns(T.nilable(Dependabot::GithubActions::UpdateChecker::LatestVersionFinder)) }
80
80
  def latest_version_finder
81
81
  @latest_version_finder ||=
82
- T.let(LatestVersionFinder.new(
83
- dependency: dependency,
84
- credentials: credentials,
85
- dependency_files: dependency_files,
86
- security_advisories: security_advisories,
87
- ignored_versions: ignored_versions,
88
- raise_on_ignored: raise_on_ignored,
89
- cooldown_options: update_cooldown
90
- ),
91
- T.nilable(Dependabot::GithubActions::UpdateChecker::LatestVersionFinder))
82
+ T.let(
83
+ LatestVersionFinder.new(
84
+ dependency: dependency,
85
+ credentials: credentials,
86
+ dependency_files: dependency_files,
87
+ security_advisories: security_advisories,
88
+ ignored_versions: ignored_versions,
89
+ raise_on_ignored: raise_on_ignored,
90
+ cooldown_options: update_cooldown
91
+ ),
92
+ T.nilable(Dependabot::GithubActions::UpdateChecker::LatestVersionFinder)
93
+ )
92
94
  end
93
95
 
94
96
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
@@ -183,9 +185,14 @@ module Dependabot
183
185
 
184
186
  sig { returns(Dependabot::GithubActions::Helpers::Githelper) }
185
187
  def git_helper
186
- Helpers::Githelper.new(dependency: dependency, credentials: credentials,
187
- ignored_versions: ignored_versions, raise_on_ignored: raise_on_ignored,
188
- consider_version_branches_pinned: false, dependency_source_details: nil)
188
+ Helpers::Githelper.new(
189
+ dependency: dependency,
190
+ credentials: credentials,
191
+ ignored_versions: ignored_versions,
192
+ raise_on_ignored: raise_on_ignored,
193
+ consider_version_branches_pinned: false,
194
+ dependency_source_details: nil
195
+ )
189
196
  end
190
197
 
191
198
  sig { params(sha: String).returns(T.nilable(String)) }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.334.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.334.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.334.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -259,7 +259,7 @@ licenses:
259
259
  - MIT
260
260
  metadata:
261
261
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
262
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
262
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
263
263
  rdoc_options: []
264
264
  require_paths:
265
265
  - lib