dependabot-gradle 0.127.0 → 0.129.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_fetcher.rb +38 -6
  3. data/lib/dependabot/gradle/file_parser.rb +20 -9
  4. data/lib/dependabot/gradle/file_parser/property_value_finder.rb +86 -7
  5. data/lib/dependabot/gradle/file_parser/repositories_finder.rb +13 -3
  6. data/lib/dependabot/gradle/file_updater.rb +12 -3
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 209f92297c17db791826c8a5159bbd542651d564fe3d96b3cbaf44d3f615acfd
4
- data.tar.gz: b0b92d28f29f379fcb0bb307f30dcf5ecee298f3616560c21b538be8cae78ecb
3
+ metadata.gz: ff85aa120e66f0e93c07cc261dccd9ff1ac976144808fa8decdf54e1f28a10e0
4
+ data.tar.gz: fe95e2ad6f368e6c4f76977988fa602e856118474aed37c54ae3d005a68a8c34
5
5
  SHA512:
6
- metadata.gz: f2d1cc72f6db9f123cc31a8532550a1b0ab97249c3361381b52ef66e012e3e5b82d820b0125458ca54f6c9b47d175dc9a49f6bbfb399aa3118c486254d556550
7
- data.tar.gz: d10be05e721c219c75611cc4cb944b6fe8c45d8958aaced978def5ca487043dc1f2e79d44223d1806dd1eb66cf46063e51b00df18ece8e35ce3a0b0781f557fa
6
+ metadata.gz: 1cefcf95ed09f06467be0a75f55006d5375a43d115908c2f50751e76b196e1d5573bb51351a4f698f8f81a655b2e57b884524435e1722db5e7ff51955c2d767d
7
+ data.tar.gz: fabe2290a0d4e2cfecd321bba595ab5d78e831b2c66455d8c60b9cc90434dce686a151e25439f15bd5875727a5f29142bc30504faa108f6c070e2aaca72c8de3
data/lib/dependabot/gradle/file_fetcher.rb CHANGED
@@ -8,12 +8,20 @@ module Dependabot
8
8
  class FileFetcher < Dependabot::FileFetchers::Base
9
9
  require_relative "file_fetcher/settings_file_parser"
10
10
 
11
+ SUPPORTED_BUILD_FILE_NAMES =
12
+ %w(build.gradle build.gradle.kts).freeze
13
+
14
+ SUPPORTED_SETTINGS_FILE_NAMES =
15
+ %w(settings.gradle settings.gradle.kts).freeze
16
+
11
17
  def self.required_files_in?(filenames)
12
- filenames.include?("build.gradle")
18
+ filenames.any? do |filename|
19
+ SUPPORTED_BUILD_FILE_NAMES.include?(filename)
20
+ end
13
21
  end
14
22
 
15
23
  def self.required_files_message
16
- "Repo must contain a build.gradle."
24
+ "Repo must contain a build.gradle / build.gradle.kts file."
17
25
  end
18
26
 
19
27
  private
@@ -27,7 +35,11 @@ module Dependabot
27
35
  end
28
36
 
29
37
  def buildfile
30
- @buildfile ||= fetch_file_from_host("build.gradle")
38
+ @buildfile ||= begin
39
+ file = supported_build_file
40
+ @buildfile_name ||= file.name if file
41
+ fetch_file_from_host(file.name) if file
42
+ end
31
43
  end
32
44
 
33
45
  def subproject_buildfiles
@@ -39,7 +51,7 @@ module Dependabot
39
51
  subproject_paths
40
52
 
41
53
  subproject_paths.map do |path|
42
- fetch_file_from_host(File.join(path, "build.gradle"))
54
+ fetch_file_from_host(File.join(path, @buildfile_name))
43
55
  rescue Dependabot::DependencyFileNotFound
44
56
  # Gradle itself doesn't worry about missing subprojects, so we don't
45
57
  nil
@@ -74,8 +86,28 @@ module Dependabot
74
86
  end
75
87
 
76
88
  def settings_file
77
- @settings_file ||= fetch_file_from_host("settings.gradle")
78
- rescue Dependabot::DependencyFileNotFound
89
+ @settings_file ||= begin
90
+ file = supported_settings_file
91
+ fetch_file_from_host(file.name) if file
92
+ rescue Dependabot::DependencyFileNotFound
93
+ nil
94
+ end
95
+ end
96
+
97
+ def supported_build_file
98
+ supported_file(SUPPORTED_BUILD_FILE_NAMES)
99
+ end
100
+
101
+ def supported_settings_file
102
+ supported_file(SUPPORTED_SETTINGS_FILE_NAMES)
103
+ end
104
+
105
+ def supported_file(supported_file_names)
106
+ supported_file_names.each do |supported_file_name|
107
+ file = fetch_file_if_present(supported_file_name)
108
+ return file if file
109
+ end
110
+
79
111
  nil
80
112
  end
81
113
  end
data/lib/dependabot/gradle/file_parser.rb CHANGED
@@ -18,6 +18,8 @@ module Dependabot
18
18
  require "dependabot/file_parsers/base/dependency_set"
19
19
  require_relative "file_parser/property_value_finder"
20
20
 
21
+ SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
22
+
21
23
  PROPERTY_REGEX =
22
24
  /
23
25
  (?:\$\{property\((?<property_name>[^:\s]*?)\)\})|
@@ -36,6 +38,7 @@ module Dependabot
36
38
  PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze
37
39
  PLUGIN_BLOCK_ENTRY_REGEX =
38
40
  /id\s+"(?<id>#{PART})"\s+version\s+"(?<version>#{VSN_PART})"/.freeze
41
+ PLUGIN_ID_REGEX = /['"](?<id>#{PART})['"]/.freeze
39
42
 
40
43
  def parse
41
44
  dependency_set = DependencySet.new
@@ -51,7 +54,7 @@ module Dependabot
51
54
  private
52
55
 
53
56
  def map_value_regex(key)
54
- /(?:^|\s|,|\()#{Regexp.quote(key)}:\s*['"](?<value>[^'"]+)['"]/
57
+ /(?:^|\s|,|\()#{Regexp.quote(key)}(\s*=|:)\s*['"](?<value>[^'"]+)['"]/
55
58
  end
56
59
 
57
60
  def buildfile_dependencies(buildfile)
@@ -146,10 +149,11 @@ module Dependabot
146
149
 
147
150
  plugin_blocks.each do |blk|
148
151
  blk.lines.each do |line|
149
- name = line.match(/id\s+['"](?<id>#{PART})['"]/)&.
150
- named_captures&.fetch("id")
151
- version = line.match(/version\s+['"](?<version>#{VSN_PART})['"]/)&.
152
- named_captures&.fetch("version")
152
+ name_regex = /id(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/
153
+ name = line.match(name_regex)&.named_captures&.fetch("id")
154
+ version_regex = /version\s+['"](?<version>#{VSN_PART})['"]/
155
+ version = line.match(version_regex)&.named_captures&.
156
+ fetch("version")
153
157
  next unless name && version
154
158
 
155
159
  details = { name: name, group: "plugins", version: version }
@@ -286,15 +290,16 @@ module Dependabot
286
290
  end
287
291
 
288
292
  def buildfiles
289
- @buildfiles ||=
290
- dependency_files.select { |f| f.name.end_with?("build.gradle") }
293
+ @buildfiles ||= dependency_files.select do |f|
294
+ f.name.end_with?(*SUPPORTED_BUILD_FILE_NAMES)
295
+ end
291
296
  end
292
297
 
293
298
  def script_plugin_files
294
299
  @script_plugin_files ||=
295
300
  buildfiles.flat_map do |buildfile|
296
301
  buildfile.content.
297
- scan(/apply from:\s+['"]([^'"]+)['"]/).flatten.
302
+ scan(/apply from(\s+=|:)\s+['"]([^'"]+)['"]/).flatten.
298
303
  map { |f| dependency_files.find { |bf| bf.name == f } }.
299
304
  compact
300
305
  end.
@@ -302,7 +307,13 @@ module Dependabot
302
307
  end
303
308
 
304
309
  def check_required_files
305
- raise "No build.gradle!" unless get_original_file("build.gradle")
310
+ raise "No build.gradle or build.gradle.kts!" unless original_file
311
+ end
312
+
313
+ def original_file
314
+ dependency_files.find do |f|
315
+ SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
316
+ end
306
317
  end
307
318
  end
308
319
  end
data/lib/dependabot/gradle/file_parser/property_value_finder.rb CHANGED
@@ -7,6 +7,8 @@ module Dependabot
7
7
  class FileParser
8
8
  class PropertyValueFinder
9
9
  # rubocop:disable Layout/LineLength
10
+ SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
11
+
10
12
  QUOTED_VALUE_REGEX =
11
13
  /\s*['"][^\s]+['"]\s*/.freeze
12
14
 
@@ -15,20 +17,63 @@ module Dependabot
15
17
  /\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/.freeze
16
18
 
17
19
  # project.hasProperty('property') ? project.getProperty('property') :
18
- HAS_PROPERTY_REGEX =
20
+ GROOVY_HAS_PROPERTY_REGEX =
19
21
  /\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s*:/.freeze
20
22
 
23
+ # if(project.hasProperty("property")) project.getProperty("property") else
24
+ KOTLIN_HAS_PROPERTY_REGEX =
25
+ /\s*if\s*\(project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\)\s+project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s+else\s+/.freeze
26
+
27
+ GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
28
+ /(?:#{FIND_PROPERTY_REGEX}|#{GROOVY_HAS_PROPERTY_REGEX})?/.freeze
29
+
30
+ KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
31
+ /(?:#{FIND_PROPERTY_REGEX}|#{KOTLIN_HAS_PROPERTY_REGEX})?/.freeze
32
+
21
33
  PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
22
- /(?:#{FIND_PROPERTY_REGEX}|#{HAS_PROPERTY_REGEX})?/.freeze
34
+ /(#{GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}|#{KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX})?/.freeze
35
+
36
+ VALUE_REGEX =
37
+ /#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/.freeze
38
+
39
+ GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX =
40
+ /(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{VALUE_REGEX}/.freeze
41
+
42
+ KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX =
43
+ /\s*extra\[['"](?<name>[^\s=]+)['"]\]\s*=#{VALUE_REGEX}/.freeze
44
+
45
+ KOTLIN_SINGLE_PROPERTY_SET_REGEX =
46
+ /\s*set\(['"](?<name>[^\s=]+)['"]\s*,#{VALUE_REGEX}\)/.freeze
47
+
48
+ KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX =
49
+ /\s*extra\.#{KOTLIN_SINGLE_PROPERTY_SET_REGEX}/.freeze
50
+
51
+ KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX =
52
+ /(#{KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX}|#{KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX})/.freeze
23
53
 
24
54
  SINGLE_PROPERTY_DECLARATION_REGEX =
25
- /(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/.freeze
55
+ /(#{KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX}|#{GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX})/.freeze
26
56
 
27
- MULTI_PROPERTY_DECLARATION_REGEX =
57
+ GROOVY_MULTI_PROPERTY_DECLARATION_REGEX =
28
58
  /(?:^|\s+|ext.)(?<namespace>[^\s=]+)\s*=\s*\[(?<values>[^\]]+)\]/m.freeze
29
59
 
60
+ KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX =
61
+ /\s*(?<namespace>[^\s=]+)\.apply\s*{(?<values>[^\]]+)}/m.freeze
62
+
63
+ KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX =
64
+ /\s*extra\[['"](?<namespace>[^\s=]+)['"]\]\s*=\s*mapOf\((?<values>[^\]]+)\)/m.freeze
65
+
66
+ MULTI_PROPERTY_DECLARATION_REGEX =
67
+ /(#{KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX}|#{GROOVY_MULTI_PROPERTY_DECLARATION_REGEX})/.freeze
68
+
69
+ KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX =
70
+ /(?:^|\s+)['"](?<name>[^\s:]+)['"]\s*to#{VALUE_REGEX}\s*/.freeze
71
+
72
+ REGULAR_NAMESPACED_DECLARATION_REGEX =
73
+ /(?:^|\s+)(?<name>[^\s:]+)\s*[:=]#{VALUE_REGEX}\s*/.freeze
74
+
30
75
  NAMESPACED_DECLARATION_REGEX =
31
- /(?:^|\s+)(?<name>[^\s:]+)\s*:#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]\s*/.freeze
76
+ /(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})/.freeze
32
77
  # rubocop:enable Layout/LineLength
33
78
 
34
79
  def initialize(dependency_files:)
@@ -78,6 +123,9 @@ module Dependabot
78
123
  @properties[buildfile.name].
79
124
  merge!(fetch_single_property_declarations(buildfile))
80
125
 
126
+ @properties[buildfile.name].
127
+ merge!(fetch_kotlin_block_property_declarations(buildfile))
128
+
81
129
  @properties[buildfile.name].
82
130
  merge!(fetch_multi_property_declarations(buildfile))
83
131
 
@@ -104,6 +152,36 @@ module Dependabot
104
152
  properties
105
153
  end
106
154
 
155
+ def fetch_kotlin_block_property_declarations(buildfile)
156
+ properties = {}
157
+
158
+ prepared_content(buildfile).
159
+ scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
160
+ captures = Regexp.last_match.named_captures
161
+ namespace = captures.fetch("namespace")
162
+
163
+ captures.fetch("values").
164
+ scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
165
+ declaration_string = Regexp.last_match.to_s.strip
166
+ sub_captures = Regexp.last_match.named_captures
167
+ name = sub_captures.fetch("name")
168
+ full_name = if namespace == "extra"
169
+ name
170
+ else
171
+ [namespace, name].join(".")
172
+ end
173
+
174
+ properties[full_name] = {
175
+ value: sub_captures.fetch("value"),
176
+ declaration_string: declaration_string,
177
+ file: buildfile.name
178
+ }
179
+ end
180
+ end
181
+
182
+ properties
183
+ end
184
+
107
185
  def fetch_multi_property_declarations(buildfile)
108
186
  properties = {}
109
187
 
@@ -136,8 +214,9 @@ module Dependabot
136
214
  end
137
215
 
138
216
  def top_level_buildfile
139
- @top_level_buildfile ||=
140
- dependency_files.find { |f| f.name == "build.gradle" }
217
+ @top_level_buildfile ||= dependency_files.find do |f|
218
+ SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
219
+ end
141
220
  end
142
221
  end
143
222
  end
data/lib/dependabot/gradle/file_parser/repositories_finder.rb CHANGED
@@ -6,15 +6,24 @@ module Dependabot
6
6
  module Gradle
7
7
  class FileParser
8
8
  class RepositoriesFinder
9
+ SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
10
+
9
11
  # The Central Repo doesn't have special status for Gradle, but until
10
12
  # we're confident we're selecting repos correctly it's wise to include
11
13
  # it as a default.
12
14
  CENTRAL_REPO_URL = "https://repo.maven.apache.org/maven2"
13
15
 
14
16
  REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze
15
- MAVEN_REPO_REGEX =
17
+
18
+ GROOVY_MAVEN_REPO_REGEX =
16
19
  /maven\s*\{[^\}]*\surl[\s\(]\s*['"](?<url>[^'"]+)['"]/.freeze
17
20
 
21
+ KOTLIN_MAVEN_REPO_REGEX =
22
+ /maven\(['"](?<url>[^'"]+)['"]\)/.freeze
23
+
24
+ MAVEN_REPO_REGEX =
25
+ /(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/.freeze
26
+
18
27
  def initialize(dependency_files:, target_dependency_file:)
19
28
  @dependency_files = dependency_files
20
29
  @target_dependency_file = target_dependency_file
@@ -130,8 +139,9 @@ module Dependabot
130
139
  end
131
140
 
132
141
  def top_level_buildfile
133
- @top_level_buildfile ||=
134
- dependency_files.find { |f| f.name == "build.gradle" }
142
+ @top_level_buildfile ||= dependency_files.find do |f|
143
+ SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
144
+ end
135
145
  end
136
146
  end
137
147
  end
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -10,8 +10,10 @@ module Dependabot
10
10
  require_relative "file_updater/dependency_set_updater"
11
11
  require_relative "file_updater/property_value_updater"
12
12
 
13
+ SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
14
+
13
15
  def self.updated_files_regex
14
- [/^build\.gradle$/, %r{/build\.gradle$}]
16
+ [/^build\.gradle(\.kts)?$/, %r{/build\.gradle(\.kts)?$}]
15
17
  end
16
18
 
17
19
  def updated_dependency_files
@@ -38,7 +40,13 @@ module Dependabot
38
40
  private
39
41
 
40
42
  def check_required_files
41
- raise "No build.gradle!" unless get_original_file("build.gradle")
43
+ raise "No build.gradle or build.gradle.kts!" unless original_file
44
+ end
45
+
46
+ def original_file
47
+ dependency_files.find do |f|
48
+ SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
49
+ end
42
50
  end
43
51
 
44
52
  def update_buildfiles_for_dependency(buildfiles:, dependency:)
@@ -131,7 +139,8 @@ module Dependabot
131
139
  next false unless line.include?(dependency.name.split(":").first)
132
140
  next false unless line.include?(dependency.name.split(":").last)
133
141
  else
134
- name_regex = /id\s+['"]#{Regexp.quote(dependency.name)}['"]/
142
+ name_regex_value = /['"]#{Regexp.quote(dependency.name)}['"]/
143
+ name_regex = /id(\s+#{name_regex_value}|\(#{name_regex_value}\))/
135
144
  next false unless line.match?(name_regex)
136
145
  end
137
146
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.127.0
4
+ version: 0.129.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-14 00:00:00.000000000 Z
11
+ date: 2020-12-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.127.0
19
+ version: 0.129.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.127.0
26
+ version: 0.129.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement