RubyGems - dependabot-go_modules - Versions diffs - 0.124.3 → 0.124.4 - Mend

dependabot-go_modules 0.124.3 → 0.124.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/go_modules/file_parser.rb +9 -0
data/lib/dependabot/go_modules/file_updater.rb +15 -8
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -5
data/lib/dependabot/go_modules/update_checker.rb +14 -0
metadata +5 -5

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1492978ef872f51ed5fa02de9f2655c659a1a23efbd348ccefc9881ae32988c
-  data.tar.gz: b2b33bf42b7989eeed10857e451652e4f6d27b5644d528dc02ae91c939ec91b3
+  metadata.gz: 4308ed4c177e9a209523ec4e849e54da68b4a892512d94c5a61c3a0bdbee7384
+  data.tar.gz: 6cbd501ec54b6eecfc494788a129afc7ed9ac6322145949b81c3004fa9244df5
 SHA512:
-  metadata.gz: 7f7830e06e0a1ba383fa6055ee712bcfe786b1c18556de970f0baf8de33571c97ba9e3edfcf8fd156f8665fa09dd6ddc6bb795c8dbfb553c9cca93026887ee18
-  data.tar.gz: d929d03bc881c0f1b4fd16b08d4ff303acd04e349f92f5efa33a2bf9cb70efdc1a4317e95b2cdbd8648e8db9c72e37d5b0c913ae480042a15d921ad9df2a7f82
+  metadata.gz: 8e53e4e877ab5493156d8704937b97e16e1af545ccc2e4539e0f50fb430c636e9a7866981afb5752c0a1aac27078affd3c9d65fdc253b4d407b0b40aa863dba8
+  data.tar.gz: fd9db11bc2d15b0e4f6acf5af804a9624479c8573443d67bce26c67938e61fc5b012e77180270eafff2284bab2eb5dcc7224998fae57cd85d8cbebf8ae26bf75

data/lib/dependabot/go_modules/file_parser.rb CHANGED

@@ -174,6 +174,15 @@ module Dependabot
           ref: git_revision(dep),
           branch: nil
         }
+      rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
+        if e.message == "Cannot detect VCS"
+          msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
+                            "because the version looks like a git revision: "\
+                            "#{dep['Version']}"
+          raise Dependabot::DependencyFileNotResolvable, msg
+        end
+        raise
       end
       def git_revision(dep)

data/lib/dependabot/go_modules/file_updater.rb CHANGED

@@ -42,8 +42,7 @@ module Dependabot
               )
           end
-          vendor_updater.
-            updated_vendor_cache_files(base_directory: directory).
+          vendor_updater.updated_vendor_cache_files(base_directory: directory).
             each do |file|
             updated_files << file
           end
@@ -65,15 +64,23 @@ module Dependabot
       def use_repo_contents_stub
         @repo_contents_stub = true
         @repo_contents_path = Dir.mktmpdir
         Dir.chdir(@repo_contents_path) do
           dependency_files.each do |file|
-            File.write(file.name, file.content)
+            path = File.join(@repo_contents_path, directory, file.name)
+            path = Pathname.new(path).expand_path
+            FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
+            File.write(path, file.content)
+          end
+          # Only used to create a backup git config that's reset
+          SharedHelpers.with_git_configured(credentials: []) do
+            `git config --global user.email "no-reply@github.com"`
+            `git config --global user.name "Dependabot"`
+            `git init .`
+            `git add .`
+            `git commit -m'fake repo_contents_path'`
           end
-          `git config --global user.email "no-reply@github.com"`
-          `git config --global user.name "Dependabot"`
-          `git init .`
-          `git add .`
-          `git commit -m'fake repo_contents_path'`
         end
       end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED

@@ -21,7 +21,10 @@ module Dependabot
           # (Private) module could not be found
           /cannot find module providing package/.freeze,
           # Package in module was likely renamed or removed
-          /module .* found \(.*\), but does not contain package/m.freeze
+          /module .* found \(.*\), but does not contain package/m.freeze,
+          # Package does not exist, has been pulled or cannot be reached due to
+          # auth problems with either git or the go proxy
+          /go: .*: unknown revision/m.freeze
         ].freeze
         MODULE_PATH_MISMATCH_REGEXES = [
@@ -148,10 +151,12 @@ module Dependabot
         def run_go_get
           tmp_go_file = "#{SecureRandom.hex}.go"
-          unless Dir.glob("*.go").any?
-            File.write(tmp_go_file, "package dummypkg\n")
+          package = Dir.glob("[^\._]*.go").any? do |path|
+            !File.read(path).include?("// +build")
           end
+          File.write(tmp_go_file, "package dummypkg\n") unless package
           _, stderr, status = Open3.capture3(ENVIRONMENT, "go get -d")
           handle_subprocess_error(stderr) unless status.success?
         ensure
@@ -252,9 +257,9 @@ module Dependabot
               new(go_mod_path, match[1], match[2])
           end
+          # We don't know what happened so we raise a generic error
           msg = stderr.lines.last(10).join.strip
-          raise Dependabot::DependencyFileNotParseable.
-            new(go_mod_path, msg)
+          raise Dependabot::DependabotError, msg
         end
         def go_mod_path

data/lib/dependabot/go_modules/update_checker.rb CHANGED

@@ -10,6 +10,11 @@ require "dependabot/go_modules/version"
 module Dependabot
   module GoModules
     class UpdateChecker < Dependabot::UpdateCheckers::Base
+      RESOLVABILITY_ERROR_REGEXES = [
+        # Package url/proxy doesn't include any redirect meta tags
+        /no go-import meta tags/
+      ].freeze
       def latest_resolvable_version
         # We don't yet support updating indirect dependencies for go_modules
         #
@@ -73,6 +78,15 @@ module Dependabot
         retry_count ||= 0
         retry_count += 1
         retry if transitory_failure?(e) && retry_count < 2
+        handle_subprocess_error(e)
+      end
+      def handle_subprocess_error(error)
+        if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
+          raise Dependabot::DependencyFileNotResolvable, error.message
+        end
         raise
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.124.3
+  version: 0.124.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-27 00:00:00.000000000 Z
+date: 2020-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.3
+        version: 0.124.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.3
+        version: 0.124.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -212,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Go modules support for dependabot