dependabot-go_modules 0.121.0 → 0.123.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 701e98b35df513747baf443e0438108b3b9654e27f34f8c2222a6a66ca2ed629
-  data.tar.gz: 9a072a70eff30b0958a11ea3c18a52a9d226f0638802cac4c1a11ce43c11179e
+  metadata.gz: 8d87f9480f3afc9e6bdef144aa05c69503d9ce3f6ba77874312f1154a45acc5f
+  data.tar.gz: 4efcae643e50fe122f811ac929ec57b851eddd7dba0a6bf2f25cc1bf8314357c
 SHA512:
-  metadata.gz: f4c5afb8286faed93d541b40f466baa9ccf3204b3ba7ef600658b202dc30ec3085f8ac22a81169372a92d3edbbe4232ba2018c69824394d81db57cae44108f56
-  data.tar.gz: 3637c5c1b624bfba9e3b4a4af263e2aff7411c5ff181ae9c35cf1edc34b11fe62206dce9b3917dcc3869f78f76030158f43747fe0205becb969d3593a7ce1216
+  metadata.gz: 42a2f3835e2a99b515dfc875414244a9ed6f867cde47669d907d4bf27c2e5a4fc98c97a733d23aa0ec69e789e6f6f723f9af66740e949ef4633bcbe3ae3735e3
+  data.tar.gz: b5ba80c87a48e95e713d7d7c3cad2a6d5616398eda50aaf5ae938909be21a3a58ff1629fd2ead7e4f5139f36277e048b72421d18ab5c8d951cc6a5e551b005f0

data/lib/dependabot/go_modules/file_updater.rb

@@ -3,6 +3,7 @@
 require "dependabot/shared_helpers"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
+require "dependabot/file_updaters/vendor_updater"
 
 module Dependabot
   module GoModules
@@ -20,6 +21,8 @@ module Dependabot
           dependency_files.each do |file|
             File.write(file.name, file.content)
           end
+          `git config --global user.email "no-reply@github.com"`
+          `git config --global user.name "Dependabot"`
           `git init .`
           `git add .`
           `git commit -m'fake repo_contents_path'`
@@ -52,6 +55,12 @@ module Dependabot
                 content: file_updater.updated_go_sum_content
               )
           end
+
+          vendor_updater.
+            updated_vendor_cache_files(base_directory: directory).
+            each do |file|
+            updated_files << file
+          end
         end
 
         raise "No files changed!" if updated_files.none?
@@ -79,6 +88,17 @@ module Dependabot
         dependency_files.first.directory
       end
 
+      def vendor_dir
+        File.join(repo_contents_path, directory, "vendor")
+      end
+
+      def vendor_updater
+        Dependabot::FileUpdaters::VendorUpdater.new(
+          repo_contents_path: repo_contents_path,
+          vendor_dir: vendor_dir
+        )
+      end
+
       def file_updater
         @file_updater ||=
           GoModUpdater.new(
@@ -86,9 +106,18 @@ module Dependabot
             credentials: credentials,
             repo_contents_path: repo_contents_path,
             directory: directory,
-            tidy: !@repo_contents_stub && options.fetch(:go_mod_tidy, false)
+            options: { tidy: tidy?, vendor: vendor? }
           )
       end
+
+      def tidy?
+        !@repo_contents_stub && options.fetch(:go_mod_tidy, false)
+      end
+
+      def vendor?
+        File.exist?(File.join(vendor_dir, "modules.txt")) &&
+          options.fetch(:go_mod_vendor, false)
+      end
     end
   end
 end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -14,9 +14,14 @@ module Dependabot
         ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
 
         RESOLVABILITY_ERROR_REGEXES = [
+          # (Private) module could not be fetched
           /go: .*: git fetch .*: exit status 128/.freeze,
+          # The checksum in go.sum does not match the dowloaded content
           /verifying .*: checksum mismatch/.freeze,
-          /build .*: cannot find module providing package/.freeze
+          # (Private) module could not be found
+          /cannot find module providing package/.freeze,
+          # Package in module was likely renamed or removed
+          /module .* found \(.*\), but does not contain package/m.freeze
         ].freeze
 
         MODULE_PATH_MISMATCH_REGEXES = [
@@ -26,12 +31,13 @@ module Dependabot
         ].freeze
 
         def initialize(dependencies:, credentials:, repo_contents_path:,
-                       directory:, tidy:)
+                       directory:, options:)
           @dependencies = dependencies
           @credentials = credentials
           @repo_contents_path = repo_contents_path
           @directory = directory
-          @tidy = tidy
+          @tidy = options.fetch(:tidy, false)
+          @vendor = options.fetch(:vendor, false)
         end
 
         def updated_go_mod_content
@@ -51,7 +57,7 @@ module Dependabot
           @updated_files ||= update_files
         end
 
-        def update_files
+        def update_files # rubocop:disable Metrics/AbcSize
           in_repo_path do
             # Map paths in local replace directives to path hashes
 
@@ -71,6 +77,7 @@ module Dependabot
             # Then run `go get` to pick up other changes to the file caused by
             # the upgrade
             run_go_get
+            run_go_vendor
             run_go_mod_tidy
 
             # At this point, the go.mod returned from run_go_get contains the
@@ -111,6 +118,14 @@ module Dependabot
           handle_subprocess_error(stderr) unless status.success?
         end
 
+        def run_go_vendor
+          return unless vendor?
+
+          command = "go mod vendor"
+          _, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          handle_subprocess_error(stderr) unless status.success?
+        end
+
         def update_go_mod(dependencies)
           deps = dependencies.map do |dep|
             {
@@ -273,6 +288,10 @@ module Dependabot
         def tidy?
           !!@tidy
         end
+
+        def vendor?
+          !!@vendor
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.121.0
+  version: 0.123.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-06 00:00:00.000000000 Z
+date: 2020-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.121.0
+        version: 0.123.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.121.0
+        version: 0.123.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.92.0
+        version: 0.93.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.92.0
+        version: 0.93.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.0
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.2
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement