dependabot-gradle 0.162.2 → 0.165.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee0abc801d0d0c61a8d55e4ce75f0eb0c20f14af92766fd7097fe351a45aaaf8
-  data.tar.gz: 0e92668e917ff0b8bb7740a641f6d205e65251537c42f25084c2664e889f36cb
+  metadata.gz: 3da5284760eb9fd01b31c5d460b24c01a2437dc9aae06b1b30de18a3c2c64ffa
+  data.tar.gz: f5dacc19d4ae2aa3d494e0e8fe1c7ac2863f937d4877ef86d30c7fb21dde5f07
 SHA512:
-  metadata.gz: 4b06b98fc488a40fca9ff8b23316c01423004d916d2c919a1623976110c79a8d83ce032b84b962814c7489e7e2341c24f448202f88b4ea72ab8b6f83b6d7720b
-  data.tar.gz: 421477c81cb6ffc4ca5c2f26e3eee4683dd26d4780361232f828b8751ad8df50cfa167ca4ba1fe273690e4df468660c938abf3c8410f12313f183382f6ff3321
+  metadata.gz: 60bede8805665c8e7bdd10dec1a58f7d94f8b623554ff3a993ad763d9bc0e1f668167eb6bddfcf7d23efcddba1cec11f81c47db377fd8898b9cb39ec7976c69a
+  data.tar.gz: 51f4346b45c0352863dd0600405077c38f68e802c3d8cd1771c6ecc75e669934c7c057cc8fb671e55f6e307089cb5cc9ca999e25ddbc0f808e6e53888ac5e2be

data/lib/dependabot/gradle/file_fetcher.rb

@@ -28,7 +28,7 @@ module Dependabot
 
       def fetch_files
         fetched_files = []
-        fetched_files << buildfile
+        fetched_files << buildfile if buildfile
         fetched_files += subproject_buildfiles
         fetched_files += dependency_script_plugins
         check_required_files_present
@@ -46,17 +46,23 @@ module Dependabot
       def subproject_buildfiles
         return [] unless settings_file
 
-        subproject_paths =
-          SettingsFileParser.
-          new(settings_file: settings_file).
-          subproject_paths
-
-        subproject_paths.map do |path|
-          fetch_file_from_host(File.join(path, @buildfile_name))
-        rescue Dependabot::DependencyFileNotFound
-          # Gradle itself doesn't worry about missing subprojects, so we don't
-          nil
-        end.compact
+        @subproject_buildfiles ||= begin
+          subproject_paths =
+            SettingsFileParser.
+            new(settings_file: settings_file).
+            subproject_paths
+
+          subproject_paths.map do |path|
+            if @buildfile_name
+              fetch_file_from_host(File.join(path, @buildfile_name))
+            else
+              supported_file(SUPPORTED_BUILD_FILE_NAMES.map { |f| File.join(path, f) })
+            end
+          rescue Dependabot::DependencyFileNotFound
+            # Gradle itself doesn't worry about missing subprojects, so we don't
+            nil
+          end.compact
+        end
       end
 
       # rubocop:disable Metrics/PerceivedComplexity
@@ -83,7 +89,7 @@ module Dependabot
       # rubocop:enable Metrics/PerceivedComplexity
 
       def check_required_files_present
-        return if buildfile
+        return if buildfile || (subproject_buildfiles && !subproject_buildfiles.empty?)
 
         path = Pathname.new(File.join(directory, "build.gradle")).cleanpath.to_path
         path += "(.kts)?"

data/lib/dependabot/gradle/file_parser/repositories_finder.rb

@@ -12,6 +12,8 @@ module Dependabot
         # we're confident we're selecting repos correctly it's wise to include
         # it as a default.
         CENTRAL_REPO_URL = "https://repo.maven.apache.org/maven2"
+        GOOGLE_MAVEN_REPO = "https://maven.google.com"
+        GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
 
         REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze
 
@@ -96,12 +98,14 @@ module Dependabot
           end
 
           repository_blocks.each do |block|
-            repository_urls << "https://maven.google.com/" if block.match?(/\sgoogle\(/)
+            repository_urls << GOOGLE_MAVEN_REPO if block.match?(/\sgoogle\(/)
 
-            repository_urls << "https://repo.maven.apache.org/maven2/" if block.match?(/\smavenCentral\(/)
+            repository_urls << CENTRAL_REPO_URL if block.match?(/\smavenCentral\(/)
 
             repository_urls << "https://jcenter.bintray.com/" if block.match?(/\sjcenter\(/)
 
+            repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
+
             block.scan(MAVEN_REPO_REGEX) do
               repository_urls << Regexp.last_match.named_captures.fetch("url")
             end

data/lib/dependabot/gradle/file_parser.rb

@@ -321,7 +321,7 @@ module Dependabot
       end
 
       def check_required_files
-        raise "No build.gradle or build.gradle.kts!" unless original_file
+        raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
       def original_file

data/lib/dependabot/gradle/file_updater.rb

@@ -40,7 +40,7 @@ module Dependabot
       private
 
       def check_required_files
-        raise "No build.gradle or build.gradle.kts!" unless original_file
+        raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
       def original_file

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -13,8 +13,6 @@ module Dependabot
   module Gradle
     class UpdateChecker
       class VersionFinder
-        GOOGLE_MAVEN_REPO = "https://maven.google.com"
-        GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
         KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
         TYPE_SUFFICES = %w(jre android java native_mt agp).freeze
 
@@ -59,7 +57,7 @@ module Dependabot
           version_details =
             repositories.map do |repository_details|
               url = repository_details.fetch("url")
-              next google_version_details if url == GOOGLE_MAVEN_REPO
+              next google_version_details if url == Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
 
               dependency_metadata(repository_details).css("versions > version").
                 select { |node| version_class.correct?(node.content) }.
@@ -136,10 +134,10 @@ module Dependabot
         end
 
         def google_version_details
-          url = GOOGLE_MAVEN_REPO
+          url = Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
           group_id, artifact_id = group_and_artifact_ids
 
-          dependency_metadata_url = "#{GOOGLE_MAVEN_REPO}/"\
+          dependency_metadata_url = "#{Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO}/"\
                                     "#{group_id.tr('.', '/')}/"\
                                     "group-index.xml"
 
@@ -250,7 +248,7 @@ module Dependabot
 
         def plugin_repository_details
           [{
-            "url" => GRADLE_PLUGINS_REPO,
+            "url" => Gradle::FileParser::RepositoriesFinder::GRADLE_PLUGINS_REPO,
             "auth_headers" => {}
           }] + dependency_repository_details
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.162.2
+  version: 0.165.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-29 00:00:00.000000000 Z
+date: 2021-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.2
+        version: 0.165.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.2
+        version: 0.165.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.2
+        version: 0.165.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.2
+        version: 0.165.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement