dependabot-go_modules 0.87.0

data/lib/dependabot/go_modules/update_checker.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require "toml-rb"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/shared_helpers"
+require "dependabot/errors"
+require "dependabot/utils/go/version"
+require "dependabot/go_modules/native_helpers"
+
+module Dependabot
+  module GoModules
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      def latest_resolvable_version
+        @latest_resolvable_version ||=
+          version_class.new(find_latest_resolvable_version.gsub(/^v/, ""))
+      end
+
+      # This is currently used to short-circuit latest_resolvable_version,
+      # with the assumption that it'll be quicker than checking
+      # resolvability. As this is quite quick in Go anyway, we just alias.
+      def latest_version
+        latest_resolvable_version
+      end
+
+      def latest_resolvable_version_with_no_unlock
+        # Irrelevant, since Go modules uses a single dependency file
+        nil
+      end
+
+      def updated_requirements
+        dependency.requirements.map do |req|
+          req.merge(requirement: latest_version)
+        end
+      end
+
+      private
+
+      def find_latest_resolvable_version
+        SharedHelpers.in_a_temporary_directory do
+          SharedHelpers.with_git_configured(credentials: credentials) do
+            File.write("go.mod", go_mod.content)
+
+            SharedHelpers.run_helper_subprocess(
+              command: "GO111MODULE=on #{NativeHelpers.helper_path}",
+              function: "getUpdatedVersion",
+              args: {
+                dependency: {
+                  name: dependency.name,
+                  version: "v" + dependency.version,
+                  indirect: dependency.requirements.empty?
+                }
+              }
+            )
+          end
+        end
+      end
+
+      def latest_version_resolvable_with_full_unlock?
+        # Full unlock checks aren't implemented for Go (yet)
+        false
+      end
+
+      def updated_dependencies_after_full_unlock
+        raise NotImplementedError
+      end
+
+      # Override the base class's check for whether this is a git dependency,
+      # since not all dep git dependencies have a SHA version (sometimes their
+      # version is the tag)
+      def existing_version_is_sha?
+        git_dependency?
+      end
+
+      def library?
+        dependency_files.none? { |f| f.type == "package_main" }
+      end
+
+      def version_from_tag(tag)
+        # To compare with the current version we either use the commit SHA
+        # (if that's what the parser picked up) of the tag name.
+        if dependency.version&.match?(/^[0-9a-f]{40}$/)
+          return tag&.fetch(:commit_sha)
+        end
+
+        tag&.fetch(:tag)
+      end
+
+      def git_dependency?
+        git_commit_checker.git_dependency?
+      end
+
+      def default_source
+        { type: "default", source: dependency.name }
+      end
+
+      def go_mod
+        @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
+      end
+
+      def git_commit_checker
+        @git_commit_checker ||=
+          GitCommitChecker.new(
+            dependency: dependency,
+            credentials: credentials,
+            ignored_versions: ignored_versions
+          )
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.
+  register("go_modules", Dependabot::GoModules::UpdateChecker)

data/lib/dependabot/go_modules/version.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+# Go pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
+# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
+# alteration.
+# Best docs are at https://github.com/Masterminds/semver
+
+require "dependabot/utils"
+
+module Dependabot
+  module GoModules
+    class Version < Gem::Version
+      VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
+                        '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
+                        '(\+incompatible)?'
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+
+      def self.correct?(version)
+        version = version.gsub(/^v/, "") if version.is_a?(String)
+        version = version&.to_s&.split("+")&.first
+        super(version)
+      end
+
+      def initialize(version)
+        @version_string = version.to_s.gsub(/^v/, "")
+        version = version.gsub(/^v/, "") if version.is_a?(String)
+        version = version&.to_s&.split("+")&.first
+        super
+      end
+
+      def inspect # :nodoc:
+        "#<#{self.class} #{@version_string.inspect}>"
+      end
+
+      def to_s
+        @version_string
+      end
+    end
+  end
+end
+
+Dependabot::Utils.
+  register_version_class("go_modules", Dependabot::GoModules::Version)

metadata

@@ -0,0 +1,191 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-go_modules
+version: !ruby/object:Gem::Version
+  version: 0.87.0
+platform: ruby
+authors:
+- Dependabot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.87.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.87.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
+  Rust, Java, .NET, Elm and Go
+email: support@dependabot.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- helpers/Makefile
+- helpers/build
+- helpers/go.mod
+- helpers/go.sum
+- helpers/importresolver/main.go
+- helpers/main.go
+- helpers/updatechecker/main.go
+- helpers/updater/go.mod
+- helpers/updater/go.sum
+- helpers/updater/helpers.go
+- helpers/updater/main.go
+- lib/dependabot/go_modules.rb
+- lib/dependabot/go_modules/file_fetcher.rb
+- lib/dependabot/go_modules/file_parser.rb
+- lib/dependabot/go_modules/file_updater.rb
+- lib/dependabot/go_modules/file_updater/go_mod_updater.rb
+- lib/dependabot/go_modules/metadata_finder.rb
+- lib/dependabot/go_modules/native_helpers.rb
+- lib/dependabot/go_modules/path_converter.rb
+- lib/dependabot/go_modules/requirement.rb
+- lib/dependabot/go_modules/update_checker.rb
+- lib/dependabot/go_modules/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- Nonstandard
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+requirements: []
+rubygems_version: 3.0.2
+signing_key: 
+specification_version: 4
+summary: Go modules support for dependabot-core
+test_files: []