dependabot-go_modules 0.123.1 → 0.124.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d87f9480f3afc9e6bdef144aa05c69503d9ce3f6ba77874312f1154a45acc5f
-  data.tar.gz: 4efcae643e50fe122f811ac929ec57b851eddd7dba0a6bf2f25cc1bf8314357c
+  metadata.gz: 4308ed4c177e9a209523ec4e849e54da68b4a892512d94c5a61c3a0bdbee7384
+  data.tar.gz: 6cbd501ec54b6eecfc494788a129afc7ed9ac6322145949b81c3004fa9244df5
 SHA512:
-  metadata.gz: 42a2f3835e2a99b515dfc875414244a9ed6f867cde47669d907d4bf27c2e5a4fc98c97a733d23aa0ec69e789e6f6f723f9af66740e949ef4633bcbe3ae3735e3
-  data.tar.gz: b5ba80c87a48e95e713d7d7c3cad2a6d5616398eda50aaf5ae938909be21a3a58ff1629fd2ead7e4f5139f36277e048b72421d18ab5c8d951cc6a5e551b005f0
+  metadata.gz: 8e53e4e877ab5493156d8704937b97e16e1af545ccc2e4539e0f50fb430c636e9a7866981afb5752c0a1aac27078affd3c9d65fdc253b4d407b0b40aa863dba8
+  data.tar.gz: fd9db11bc2d15b0e4f6acf5af804a9624479c8573443d67bce26c67938e61fc5b012e77180270eafff2284bab2eb5dcc7224998fae57cd85d8cbebf8ae26bf75

data/lib/dependabot/go_modules/file_parser.rb

@@ -174,6 +174,15 @@ module Dependabot
           ref: git_revision(dep),
           branch: nil
         }
+      rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
+        if e.message == "Cannot detect VCS"
+          msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
+                            "because the version looks like a git revision: "\
+                            "#{dep['Version']}"
+          raise Dependabot::DependencyFileNotResolvable, msg
+        end
+
+        raise
       end
 
       def git_revision(dep)

data/lib/dependabot/go_modules/file_updater.rb

@@ -13,22 +13,8 @@ module Dependabot
       def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
                      credentials:, options: {})
         super
-        return unless repo_contents_path.nil?
 
-        # masquerade repo_contents_path for GoModUpdater during transition
-        tmp = Dir.mktmpdir
-        Dir.chdir(tmp) do
-          dependency_files.each do |file|
-            File.write(file.name, file.content)
-          end
-          `git config --global user.email "no-reply@github.com"`
-          `git config --global user.name "Dependabot"`
-          `git init .`
-          `git add .`
-          `git commit -m'fake repo_contents_path'`
-        end
-        @repo_contents_path = tmp
-        @repo_contents_stub = true
+        use_repo_contents_stub if repo_contents_path.nil?
       end
 
       def self.updated_files_regex
@@ -56,8 +42,7 @@ module Dependabot
               )
           end
 
-          vendor_updater.
-            updated_vendor_cache_files(base_directory: directory).
+          vendor_updater.updated_vendor_cache_files(base_directory: directory).
             each do |file|
             updated_files << file
           end
@@ -76,6 +61,29 @@ module Dependabot
         raise "No go.mod!"
       end
 
+      def use_repo_contents_stub
+        @repo_contents_stub = true
+        @repo_contents_path = Dir.mktmpdir
+
+        Dir.chdir(@repo_contents_path) do
+          dependency_files.each do |file|
+            path = File.join(@repo_contents_path, directory, file.name)
+            path = Pathname.new(path).expand_path
+            FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
+            File.write(path, file.content)
+          end
+
+          # Only used to create a backup git config that's reset
+          SharedHelpers.with_git_configured(credentials: []) do
+            `git config --global user.email "no-reply@github.com"`
+            `git config --global user.name "Dependabot"`
+            `git init .`
+            `git add .`
+            `git commit -m'fake repo_contents_path'`
+          end
+        end
+      end
+
       def go_mod
         @go_mod ||= get_original_file("go.mod")
       end
@@ -111,12 +119,11 @@ module Dependabot
       end
 
       def tidy?
-        !@repo_contents_stub && options.fetch(:go_mod_tidy, false)
+        !@repo_contents_stub
       end
 
       def vendor?
-        File.exist?(File.join(vendor_dir, "modules.txt")) &&
-          options.fetch(:go_mod_vendor, false)
+        File.exist?(File.join(vendor_dir, "modules.txt"))
       end
     end
   end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -21,7 +21,10 @@ module Dependabot
           # (Private) module could not be found
           /cannot find module providing package/.freeze,
           # Package in module was likely renamed or removed
-          /module .* found \(.*\), but does not contain package/m.freeze
+          /module .* found \(.*\), but does not contain package/m.freeze,
+          # Package does not exist, has been pulled or cannot be reached due to
+          # auth problems with either git or the go proxy
+          /go: .*: unknown revision/m.freeze
         ].freeze
 
         MODULE_PATH_MISMATCH_REGEXES = [
@@ -148,10 +151,12 @@ module Dependabot
         def run_go_get
           tmp_go_file = "#{SecureRandom.hex}.go"
 
-          unless Dir.glob("*.go").any?
-            File.write(tmp_go_file, "package dummypkg\n")
+          package = Dir.glob("[^\._]*.go").any? do |path|
+            !File.read(path).include?("// +build")
           end
 
+          File.write(tmp_go_file, "package dummypkg\n") unless package
+
           _, stderr, status = Open3.capture3(ENVIRONMENT, "go get -d")
           handle_subprocess_error(stderr) unless status.success?
         ensure
@@ -252,9 +257,9 @@ module Dependabot
               new(go_mod_path, match[1], match[2])
           end
 
+          # We don't know what happened so we raise a generic error
           msg = stderr.lines.last(10).join.strip
-          raise Dependabot::DependencyFileNotParseable.
-            new(go_mod_path, msg)
+          raise Dependabot::DependabotError, msg
         end
 
         def go_mod_path

data/lib/dependabot/go_modules/update_checker.rb

@@ -10,6 +10,11 @@ require "dependabot/go_modules/version"
 module Dependabot
   module GoModules
     class UpdateChecker < Dependabot::UpdateCheckers::Base
+      RESOLVABILITY_ERROR_REGEXES = [
+        # Package url/proxy doesn't include any redirect meta tags
+        /no go-import meta tags/
+      ].freeze
+
       def latest_resolvable_version
         # We don't yet support updating indirect dependencies for go_modules
         #
@@ -73,6 +78,15 @@ module Dependabot
         retry_count ||= 0
         retry_count += 1
         retry if transitory_failure?(e) && retry_count < 2
+
+        handle_subprocess_error(e)
+      end
+
+      def handle_subprocess_error(error)
+        if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
+          raise Dependabot::DependencyFileNotResolvable, error.message
+        end
+
         raise
       end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.123.1
+  version: 0.124.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-19 00:00:00.000000000 Z
+date: 2020-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.123.1
+        version: 0.124.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.123.1
+        version: 0.124.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -212,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Go modules support for dependabot