dependabot-go_modules 0.121.1 → 0.122.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d399469f8a61821f96b70b4665ef9037c9c103194ae3aa7224fa7bbf45e19cc6
-  data.tar.gz: 041406a7f88713b93f2c91b3fcf903934037975c82a8a7facebc9849baba4488
+  metadata.gz: 4668f28343a248c1d0e2ec3d61ffb59b79be51eb0df6ece487db719379935e3f
+  data.tar.gz: a5957a544166a39647cee725a66c85503887a8e141589adbfed2987a47d987b3
 SHA512:
-  metadata.gz: df43946eea402a831d37a56637c69afe605b0c7ea3ad8e387d5e74175b13f629861b71073f7e0548b5630025089bdbc3fd8f7f8d6d00f6a9a08f9b20d96f84b9
-  data.tar.gz: beb0a877aa9c40b20d499da92c26aa03ebfdb9737e61ca1d296bbbb02ead76ec5ab2f953b3430cb7051de9a8bc58405ee6e0ddb105fe1b43f30136850e231594
+  metadata.gz: ffe602aaff9f86aa15d94ebe13d5fd533e614eeb293819a6521403fc65cbff4158a0d4b1aa00aa1373e757ec47039f95d69b39e2d9ff386e9a42055e1e8283ef
+  data.tar.gz: 0b30b162084a264df70c145b1fecc99f9895e9c5594a08b2a90730dd8b1aa56c9bd535eeb6bc78430e140812dacca17a9e61017c1dfa76eebaf4ffef739b22d8

data/lib/dependabot/go_modules/file_updater.rb

@@ -3,6 +3,7 @@
 require "dependabot/shared_helpers"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
+require "dependabot/file_updaters/vendor_updater"
 
 module Dependabot
   module GoModules
@@ -54,6 +55,12 @@ module Dependabot
                 content: file_updater.updated_go_sum_content
               )
           end
+
+          vendor_updater.
+            updated_vendor_cache_files(base_directory: directory).
+            each do |file|
+            updated_files << file
+          end
         end
 
         raise "No files changed!" if updated_files.none?
@@ -81,6 +88,17 @@ module Dependabot
         dependency_files.first.directory
       end
 
+      def vendor_dir
+        File.join(repo_contents_path, directory, "vendor")
+      end
+
+      def vendor_updater
+        Dependabot::FileUpdaters::VendorUpdater.new(
+          repo_contents_path: repo_contents_path,
+          vendor_dir: vendor_dir
+        )
+      end
+
       def file_updater
         @file_updater ||=
           GoModUpdater.new(
@@ -88,9 +106,18 @@ module Dependabot
             credentials: credentials,
             repo_contents_path: repo_contents_path,
             directory: directory,
-            tidy: !@repo_contents_stub && options.fetch(:go_mod_tidy, false)
+            options: { tidy: tidy?, vendor: vendor? }
           )
       end
+
+      def tidy?
+        !@repo_contents_stub && options.fetch(:go_mod_tidy, false)
+      end
+
+      def vendor?
+        File.exist?(File.join(vendor_dir, "modules.txt")) &&
+          options.fetch(:go_mod_vendor, false)
+      end
     end
   end
 end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -26,12 +26,13 @@ module Dependabot
         ].freeze
 
         def initialize(dependencies:, credentials:, repo_contents_path:,
-                       directory:, tidy:)
+                       directory:, options:)
           @dependencies = dependencies
           @credentials = credentials
           @repo_contents_path = repo_contents_path
           @directory = directory
-          @tidy = tidy
+          @tidy = options.fetch(:tidy, false)
+          @vendor = options.fetch(:vendor, false)
         end
 
         def updated_go_mod_content
@@ -51,7 +52,7 @@ module Dependabot
           @updated_files ||= update_files
         end
 
-        def update_files
+        def update_files # rubocop:disable Metrics/AbcSize
           in_repo_path do
             # Map paths in local replace directives to path hashes
 
@@ -71,6 +72,7 @@ module Dependabot
             # Then run `go get` to pick up other changes to the file caused by
             # the upgrade
             run_go_get
+            run_go_vendor
             run_go_mod_tidy
 
             # At this point, the go.mod returned from run_go_get contains the
@@ -111,6 +113,14 @@ module Dependabot
           handle_subprocess_error(stderr) unless status.success?
         end
 
+        def run_go_vendor
+          return unless vendor?
+
+          command = "go mod vendor"
+          _, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          handle_subprocess_error(stderr) unless status.success?
+        end
+
         def update_go_mod(dependencies)
           deps = dependencies.map do |dep|
             {
@@ -273,6 +283,10 @@ module Dependabot
         def tidy?
           !!@tidy
         end
+
+        def vendor?
+          !!@vendor
+        end
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.121.1
+  version: 0.122.0
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.121.1
+        version: 0.122.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.121.1
+        version: 0.122.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +108,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.92.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.0
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.2
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement