dependabot-go_modules 0.124.3 → 0.124.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/go_modules/file_parser.rb +9 -0
  3. data/lib/dependabot/go_modules/file_updater.rb +15 -8
  4. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -5
  5. data/lib/dependabot/go_modules/update_checker.rb +14 -0
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1492978ef872f51ed5fa02de9f2655c659a1a23efbd348ccefc9881ae32988c
4
- data.tar.gz: b2b33bf42b7989eeed10857e451652e4f6d27b5644d528dc02ae91c939ec91b3
3
+ metadata.gz: 4308ed4c177e9a209523ec4e849e54da68b4a892512d94c5a61c3a0bdbee7384
4
+ data.tar.gz: 6cbd501ec54b6eecfc494788a129afc7ed9ac6322145949b81c3004fa9244df5
5
5
  SHA512:
6
- metadata.gz: 7f7830e06e0a1ba383fa6055ee712bcfe786b1c18556de970f0baf8de33571c97ba9e3edfcf8fd156f8665fa09dd6ddc6bb795c8dbfb553c9cca93026887ee18
7
- data.tar.gz: d929d03bc881c0f1b4fd16b08d4ff303acd04e349f92f5efa33a2bf9cb70efdc1a4317e95b2cdbd8648e8db9c72e37d5b0c913ae480042a15d921ad9df2a7f82
6
+ metadata.gz: 8e53e4e877ab5493156d8704937b97e16e1af545ccc2e4539e0f50fb430c636e9a7866981afb5752c0a1aac27078affd3c9d65fdc253b4d407b0b40aa863dba8
7
+ data.tar.gz: fd9db11bc2d15b0e4f6acf5af804a9624479c8573443d67bce26c67938e61fc5b012e77180270eafff2284bab2eb5dcc7224998fae57cd85d8cbebf8ae26bf75
data/lib/dependabot/go_modules/file_parser.rb CHANGED
@@ -174,6 +174,15 @@ module Dependabot
174
174
  ref: git_revision(dep),
175
175
  branch: nil
176
176
  }
177
+ rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
178
+ if e.message == "Cannot detect VCS"
179
+ msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
180
+ "because the version looks like a git revision: "\
181
+ "#{dep['Version']}"
182
+ raise Dependabot::DependencyFileNotResolvable, msg
183
+ end
184
+
185
+ raise
177
186
  end
178
187
 
179
188
  def git_revision(dep)
data/lib/dependabot/go_modules/file_updater.rb CHANGED
@@ -42,8 +42,7 @@ module Dependabot
42
42
  )
43
43
  end
44
44
 
45
- vendor_updater.
46
- updated_vendor_cache_files(base_directory: directory).
45
+ vendor_updater.updated_vendor_cache_files(base_directory: directory).
47
46
  each do |file|
48
47
  updated_files << file
49
48
  end
@@ -65,15 +64,23 @@ module Dependabot
65
64
  def use_repo_contents_stub
66
65
  @repo_contents_stub = true
67
66
  @repo_contents_path = Dir.mktmpdir
67
+
68
68
  Dir.chdir(@repo_contents_path) do
69
69
  dependency_files.each do |file|
70
- File.write(file.name, file.content)
70
+ path = File.join(@repo_contents_path, directory, file.name)
71
+ path = Pathname.new(path).expand_path
72
+ FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
73
+ File.write(path, file.content)
74
+ end
75
+
76
+ # Only used to create a backup git config that's reset
77
+ SharedHelpers.with_git_configured(credentials: []) do
78
+ `git config --global user.email "no-reply@github.com"`
79
+ `git config --global user.name "Dependabot"`
80
+ `git init .`
81
+ `git add .`
82
+ `git commit -m'fake repo_contents_path'`
71
83
  end
72
- `git config --global user.email "no-reply@github.com"`
73
- `git config --global user.name "Dependabot"`
74
- `git init .`
75
- `git add .`
76
- `git commit -m'fake repo_contents_path'`
77
84
  end
78
85
  end
79
86
 
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -21,7 +21,10 @@ module Dependabot
21
21
  # (Private) module could not be found
22
22
  /cannot find module providing package/.freeze,
23
23
  # Package in module was likely renamed or removed
24
- /module .* found \(.*\), but does not contain package/m.freeze
24
+ /module .* found \(.*\), but does not contain package/m.freeze,
25
+ # Package does not exist, has been pulled or cannot be reached due to
26
+ # auth problems with either git or the go proxy
27
+ /go: .*: unknown revision/m.freeze
25
28
  ].freeze
26
29
 
27
30
  MODULE_PATH_MISMATCH_REGEXES = [
@@ -148,10 +151,12 @@ module Dependabot
148
151
  def run_go_get
149
152
  tmp_go_file = "#{SecureRandom.hex}.go"
150
153
 
151
- unless Dir.glob("*.go").any?
152
- File.write(tmp_go_file, "package dummypkg\n")
154
+ package = Dir.glob("[^\._]*.go").any? do |path|
155
+ !File.read(path).include?("// +build")
153
156
  end
154
157
 
158
+ File.write(tmp_go_file, "package dummypkg\n") unless package
159
+
155
160
  _, stderr, status = Open3.capture3(ENVIRONMENT, "go get -d")
156
161
  handle_subprocess_error(stderr) unless status.success?
157
162
  ensure
@@ -252,9 +257,9 @@ module Dependabot
252
257
  new(go_mod_path, match[1], match[2])
253
258
  end
254
259
 
260
+ # We don't know what happened so we raise a generic error
255
261
  msg = stderr.lines.last(10).join.strip
256
- raise Dependabot::DependencyFileNotParseable.
257
- new(go_mod_path, msg)
262
+ raise Dependabot::DependabotError, msg
258
263
  end
259
264
 
260
265
  def go_mod_path
data/lib/dependabot/go_modules/update_checker.rb CHANGED
@@ -10,6 +10,11 @@ require "dependabot/go_modules/version"
10
10
  module Dependabot
11
11
  module GoModules
12
12
  class UpdateChecker < Dependabot::UpdateCheckers::Base
13
+ RESOLVABILITY_ERROR_REGEXES = [
14
+ # Package url/proxy doesn't include any redirect meta tags
15
+ /no go-import meta tags/
16
+ ].freeze
17
+
13
18
  def latest_resolvable_version
14
19
  # We don't yet support updating indirect dependencies for go_modules
15
20
  #
@@ -73,6 +78,15 @@ module Dependabot
73
78
  retry_count ||= 0
74
79
  retry_count += 1
75
80
  retry if transitory_failure?(e) && retry_count < 2
81
+
82
+ handle_subprocess_error(e)
83
+ end
84
+
85
+ def handle_subprocess_error(error)
86
+ if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
87
+ raise Dependabot::DependencyFileNotResolvable, error.message
88
+ end
89
+
76
90
  raise
77
91
  end
78
92
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.124.3
4
+ version: 0.124.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-27 00:00:00.000000000 Z
11
+ date: 2020-10-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.124.3
19
+ version: 0.124.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.124.3
26
+ version: 0.124.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -212,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
212
212
  - !ruby/object:Gem::Version
213
213
  version: 2.5.0
214
214
  requirements: []
215
- rubygems_version: 3.1.2
215
+ rubygems_version: 3.1.4
216
216
  signing_key:
217
217
  specification_version: 4
218
218
  summary: Go modules support for dependabot