dependabot-go_modules 0.345.0 → 0.346.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36fd4a068877b40872bf4df82a7642244916f81477f39045462cea66e9c946c4
-  data.tar.gz: e57c89a6291c5c4f9033909a0996cfc1ce9acf95cbb0a7c3b1db79eac04658dc
+  metadata.gz: e4b67c25a333a01db10a2f22122678237420549e40d2be2369f4472d7ba595e5
+  data.tar.gz: 32c54e5e8e1faba16f42dbb6b4c8e3118acbba53e67a0cae3ed0e540b64a22ee
 SHA512:
-  metadata.gz: 26dbdbd19c81f543abf61aa8462386c27297d106ce613288ac3182dca6aadbf61138635c0e4dc18877756799c0262c351df36d6e55e7d8272aac7e2ab5850436
-  data.tar.gz: 6805ee20c24842a025ae8e874fe71a3724a7967e1a60eb483bc95f54cf9d3662f566b77183da0a838afd1c3ab04b8ea2b2f0ac632bd97dcc9f7de43bcd1709c0
+  metadata.gz: 96c1173e5b31b812429a2392258aea93892c99b15e876dd97df1dd42f95416f37b49fc6bc01bb50f4eb60ff1219cdd0271e8f729954b63bc77aa9f05bee7f0cf
+  data.tar.gz: 581dc00ba064553b5e97331aa15559bb4636fc9c168f7fbb96526162f785deb23d3d5ba1ad8704e1bc71913613e76b140f54524e80150a1fef4e317fe46e9fff

data/lib/dependabot/go_modules/dependency_grapher.rb

@@ -45,7 +45,7 @@ module Dependabot
         return @go_mod if defined?(@go_mod)
 
         @go_mod = T.let(
-          dependency_files.find { |f| f.name = "go.mod" },
+          dependency_files.find { |f| f.name == "go.mod" },
           T.nilable(Dependabot::DependencyFile)
         )
       end
@@ -75,21 +75,19 @@ module Dependabot
       # TODO: Re-instate method once we consider how we are handling `replace` directives
       sig { returns(T::Hash[String, T.untyped]) }
       def fetch_package_relationships
-        {}
-
-        # T.cast(
-        #   file_parser,
-        #   Dependabot::GoModules::FileParser
-        # ).run_in_parsed_context("go mod graph").lines.each_with_object({}) do |line, rels|
-        #   match = line.match(GO_MOD_GRAPH_LINE_REGEX)
-        #   unless match
-        #     Dependabot.logger.warn("Unexpected output from 'go mod graph': 'line'")
-        #     next
-        #   end
-
-        #   rels[match[:parent]] ||= []
-        #   rels[match[:parent]] << match[:child]
-        # end
+        T.cast(
+          file_parser,
+          Dependabot::GoModules::FileParser
+        ).run_in_parsed_context("go mod graph").lines.each_with_object({}) do |line, rels|
+          match = line.match(GO_MOD_GRAPH_LINE_REGEX)
+          unless match
+            Dependabot.logger.warn("Unexpected output from 'go mod graph': 'line'")
+            next
+          end
+
+          rels[match[:parent]] ||= []
+          rels[match[:parent]] << match[:child]
+        end
       end
     end
   end

data/lib/dependabot/go_modules/file_parser.rb

@@ -20,6 +20,9 @@ module Dependabot
     class FileParser < Dependabot::FileParsers::Base
       extend T::Sig
 
+      # NOTE: repo_contents_path is typed as T.nilable(String) to maintain
+      # compatibility with the base FileParser class signature. However,
+      # we validate it's not nil at runtime since it's always required in production.
       sig do
         params(
           dependency_files: T::Array[Dependabot::DependencyFile],
@@ -40,6 +43,8 @@ module Dependabot
       )
         super
 
+        raise ArgumentError, "repo_contents_path is required" if repo_contents_path.nil?
+
         set_go_environment_variables
       end
 
@@ -75,16 +80,16 @@ module Dependabot
       # Utility method to allow collaborators to check other go commands inside the parsed project's context
       sig { params(command: String).returns(String) }
       def run_in_parsed_context(command)
-        SharedHelpers.in_a_temporary_directory do |path|
-          # Create a fake empty module for each local module so that
-          # `go mod edit` works, even if some modules have been `replace`d with
-          # a local module that we don't have access to.
+        SharedHelpers.in_a_temporary_repo_directory(T.must(source&.directory), repo_contents_path) do |path|
+          # Create a fake empty module for local modules that are not inside the repository.
+          # This allows us to run go commands that require all modules to be present.
           local_replacements.each do |_, stub_path|
             FileUtils.mkdir_p(stub_path)
             FileUtils.touch(File.join(stub_path, "go.mod"))
           end
 
           File.write("go.mod", go_mod_content)
+
           stdout, stderr, status = Open3.capture3(command)
           handle_parser_error(path, stderr) unless status.success?
 
@@ -227,7 +232,7 @@ module Dependabot
           # means we don't need to worry about references to parent
           # directories, etc.
           T.let(
-            ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod&.directory),
+            ReplaceStubber.new(T.must(repo_contents_path)).stub_paths(manifest, go_mod&.directory),
             T.nilable(T::Hash[String, String])
           )
       end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -305,7 +305,7 @@ module Dependabot
         def replace_directive_substitutions(manifest)
           @replace_directive_substitutions ||=
             T.let(
-              Dependabot::GoModules::ReplaceStubber.new(repo_contents_path)
+              Dependabot::GoModules::ReplaceStubber.new(T.must(repo_contents_path))
                                                                .stub_paths(manifest, directory),
               T.nilable(T::Hash[String, String])
             )

data/lib/dependabot/go_modules/file_updater.rb

@@ -15,6 +15,9 @@ module Dependabot
 
       require_relative "file_updater/go_mod_updater"
 
+      # NOTE: repo_contents_path is typed as T.nilable(String) to maintain
+      # compatibility with the base FileUpdater class signature. However,
+      # we validate it's not nil at runtime since it's always required in production.
       sig do
         override
           .params(
@@ -29,7 +32,7 @@ module Dependabot
       def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path: nil, options: {})
         super
 
-        use_repo_contents_stub if repo_contents_path.nil?
+        raise ArgumentError, "repo_contents_path is required" if repo_contents_path.nil?
       end
 
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
@@ -77,31 +80,6 @@ module Dependabot
         raise "No go.mod!"
       end
 
-      sig { returns(String) }
-      def use_repo_contents_stub
-        @repo_contents_stub = T.let(true, T.nilable(T::Boolean))
-        @repo_contents_path = Dir.mktmpdir
-
-        Dir.chdir(@repo_contents_path) do
-          dependency_files.each do |file|
-            path = File.join(@repo_contents_path, directory, file.name)
-            path = Pathname.new(path).expand_path
-            FileUtils.mkdir_p(path.dirname)
-            File.write(path, file.content)
-          end
-
-          # Only used to create a backup git config that's reset
-          SharedHelpers.with_git_configured(credentials: []) do
-            `git config --global user.email "no-reply@github.com"`
-            `git config --global user.name "Dependabot"`
-            `git config --global init.defaultBranch "placeholder-default-branch"`
-            `git init .`
-            `git add .`
-            `git commit -m'fake repo_contents_path'`
-          end
-        end
-      end
-
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def go_mod
         @go_mod ||= T.let(get_original_file("go.mod"), T.nilable(Dependabot::DependencyFile))
@@ -147,7 +125,7 @@ module Dependabot
 
       sig { returns(T::Boolean) }
       def tidy?
-        !@repo_contents_stub
+        true
       end
 
       sig { returns(T::Boolean) }

data/lib/dependabot/go_modules/replace_stubber.rb

@@ -16,9 +16,9 @@ module Dependabot
     class ReplaceStubber
       extend T::Sig
 
-      sig { params(repo_contents_path: T.nilable(String)).void }
+      sig { params(repo_contents_path: String).void }
       def initialize(repo_contents_path)
-        @repo_contents_path = repo_contents_path
+        @repo_contents_path = T.let(repo_contents_path, String)
       end
 
       sig do
@@ -37,7 +37,6 @@ module Dependabot
       def stub_replace_path?(path, directory)
         return true if absolute_path?(path)
         return false unless relative_replacement_path?(path)
-        return true if @repo_contents_path.nil?
 
         resolved_path = module_pathname(directory).join(path).realpath
         inside_repo_contents_path = resolved_path.to_s.start_with?(@repo_contents_path.to_s)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.345.0
+  version: 0.346.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.345.0
+        version: 0.346.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.345.0
+        version: 0.346.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.345.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.346.0
 rdoc_options: []
 require_paths:
 - lib