dependabot-hex 0.118.8 → 0.119.0.beta1

data/helpers/install-dir/hex/lib/do_update.exs

@@ -0,0 +1,39 @@
+[dependency_name | credentials] = System.argv()
+
+grouped_creds = Enum.reduce credentials, [], fn cred, acc ->
+  if List.last(acc) == nil || List.last(acc)[:token] do
+    List.insert_at(acc, -1, %{ organization: cred })
+  else
+    { item, acc } = List.pop_at(acc, -1)
+    item = Map.put(item, :token, cred)
+    List.insert_at(acc, -1, item)
+  end
+end
+
+Enum.each grouped_creds, fn cred ->
+  hexpm = Hex.Repo.get_repo("hexpm")
+  repo = %{
+    url: hexpm.url <> "/repos/#{cred.organization}",
+    public_key: nil,
+    auth_key: cred.token
+  }
+
+  Hex.Config.read()
+  |> Hex.Config.read_repos()
+  |> Map.put("hexpm:#{cred.organization}", repo)
+  |> Hex.Config.update_repos()
+end
+
+# dependency atom
+dependency = String.to_atom(dependency_name)
+
+# Fetch dependencies that needs updating
+{dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
+Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+
+lockfile_content =
+  "mix.lock"
+  |> File.read()
+  |> :erlang.term_to_binary()
+
+IO.write(:stdio, lockfile_content)

data/helpers/install-dir/hex/lib/parse_deps.exs

@@ -0,0 +1,104 @@
+defmodule Parser do
+  def run do
+    Mix.Dep.load_on_environment([])
+    |> Enum.flat_map(&parse_dep/1)
+    |> Enum.map(&build_dependency(&1.opts[:lock], &1))
+  end
+
+  defp build_dependency(nil, dep) do
+    %{
+      name: dep.app,
+      from: Path.relative_to_cwd(dep.from),
+      groups: [],
+      requirement: normalise_requirement(dep.requirement),
+      top_level: dep.top_level || umbrella_top_level_dep?(dep)
+    }
+  end
+
+  defp build_dependency(lock, dep) do
+    {version, checksum, source} = parse_lock(lock)
+    groups = parse_groups(dep.opts[:only])
+
+    %{
+      name: dep.app,
+      from: Path.relative_to_cwd(dep.from),
+      version: version,
+      groups: groups,
+      checksum: checksum,
+      requirement: normalise_requirement(dep.requirement),
+      source: source,
+      top_level: dep.top_level || umbrella_top_level_dep?(dep)
+    }
+  end
+
+  defp parse_groups(nil), do: []
+  defp parse_groups(only) when is_list(only), do: only
+  defp parse_groups(only), do: [only]
+
+  # path dependency
+  defp parse_dep(%{scm: Mix.SCM.Path, opts: opts} = dep) do
+    cond do
+      # umbrella dependency - ignore
+      opts[:in_umbrella] ->
+        []
+
+      # umbrella application
+      opts[:from_umbrella] ->
+        Enum.reject(dep.deps, fn dep -> dep.opts[:in_umbrella] end)
+
+      true ->
+        []
+    end
+  end
+
+  # hex, git dependency
+  defp parse_dep(%{scm: scm} = dep) when scm in [Hex.SCM, Mix.SCM.Git], do: [dep]
+
+  # unsupported
+  defp parse_dep(_dep), do: []
+
+  defp umbrella_top_level_dep?(dep) do
+    if Mix.Project.umbrella?() do
+      apps_paths = Path.expand(Mix.Project.config()[:apps_path], File.cwd!())
+      String.contains?(Path.dirname(Path.dirname(dep.from)), apps_paths)
+    else
+      false
+    end
+  end
+
+  defp parse_lock({:git, repo_url, checksum, opts}),
+    do: {nil, checksum, git_source(repo_url, opts)}
+
+  defp parse_lock(tuple) when elem(tuple, 0) == :hex do
+    destructure [:hex, _app, version, _old_checksum, _managers, _deps, _repo, checksum],
+                Tuple.to_list(tuple)
+
+    {version, checksum, nil}
+  end
+
+  defp normalise_requirement(req) do
+    req
+    |> maybe_regex_to_str()
+    |> empty_str_to_nil()
+  end
+
+  defp maybe_regex_to_str(s), do: if Regex.regex?(s), do: Regex.source(s), else: s
+  defp empty_str_to_nil(""), do: nil
+  defp empty_str_to_nil(s), do: s
+
+  def git_source(repo_url, opts) do
+    ref = opts[:ref] || opts[:tag]
+    ref = if is_list(ref), do: to_string(ref), else: ref
+
+    %{
+      type: "git",
+      url: repo_url,
+      branch: opts[:branch] || "master",
+      ref: ref
+    }
+  end
+end
+
+dependencies = :erlang.term_to_binary({:ok, Parser.run()})
+
+IO.write(:stdio, dependencies)

data/helpers/install-dir/hex/lib/run.exs

@@ -0,0 +1,76 @@
+defmodule DependencyHelper do
+  def main() do
+    IO.read(:stdio, :all)
+    |> Jason.decode!()
+    |> run()
+    |> case do
+      {output, 0} ->
+        if output =~ "No authenticated organization found" do
+          {:error, output}
+        else
+          {:ok, :erlang.binary_to_term(output)}
+        end
+
+      {error, 1} -> {:error, error}
+    end
+    |> handle_result()
+  end
+
+  defp handle_result({:ok, {:ok, result}}) do
+    encode_and_write(%{"result" => result})
+  end
+
+  defp handle_result({:ok, {:error, reason}}) do
+    encode_and_write(%{"error" => reason})
+    System.halt(1)
+  end
+
+  defp handle_result({:error, reason}) do
+    encode_and_write(%{"error" => reason})
+    System.halt(1)
+  end
+
+  defp encode_and_write(content) do
+    content
+    |> Jason.encode!()
+    |> IO.write()
+  end
+
+  defp run(%{"function" => "parse", "args" => [dir]}) do
+    run_script("parse_deps.exs", dir)
+  end
+
+  defp run(%{"function" => "get_latest_resolvable_version", "args" => [dir, dependency_name, credentials]}) do
+    run_script("check_update.exs", dir, [dependency_name] ++ credentials)
+  end
+
+  defp run(%{"function" => "get_updated_lockfile", "args" => [dir, dependency_name, credentials]}) do
+    run_script("do_update.exs", dir, [dependency_name] ++ credentials)
+  end
+
+  defp run_script(script, dir, args \\ []) do
+    args = [
+      "run",
+      "--no-deps-check",
+      "--no-start",
+      "--no-compile",
+      "--no-elixir-version-check",
+      script
+    ] ++ args
+
+    System.cmd(
+      "mix",
+      args,
+      [
+        cd: dir,
+        env: %{
+          "MIX_EXS" => nil,
+          "MIX_LOCK" => nil,
+          "MIX_DEPS" => nil
+        }
+      ]
+    )
+  end
+end
+
+DependencyHelper.main()

data/helpers/install-dir/hex/mix.exs

@@ -0,0 +1,21 @@
+defmodule DependabotCore.Mixfile do
+  use Mix.Project
+
+  def project do
+    [app: :dependabot_core,
+     version: "0.1.0",
+     elixir: "~> 1.5",
+     start_permanent: Mix.env == :prod,
+     lockfile: System.get_env("MIX_LOCK") || "mix.lock",
+     deps_path: System.get_env("MIX_DEPS") || "deps",
+     deps: deps()]
+  end
+
+  def application do
+    [extra_applications: [:logger]]
+  end
+
+  defp deps() do
+    [{:jason, "~> 1.0"}]
+  end
+end

data/helpers/install-dir/hex/mix.lock

@@ -0,0 +1,3 @@
+%{
+  "jason": {:hex, :jason, "1.2.1", "12b22825e22f468c02eb3e4b9985f3d0cb8dc40b9bd704730efa11abd2708c44", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "b659b8571deedf60f79c5a608e15414085fa141344e2716fbd6988a084b5f993"},
+}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.118.8
+  version: 0.119.0.beta1
 platform: ruby
 authors:
 - Dependabot
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-24 00:00:00.000000000 Z
+date: 2020-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.8
+        version: 0.119.0.beta1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.8
+        version: 0.119.0.beta1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -94,20 +94,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
-- !ruby/object:Gem::Dependency
-  name: rspec_junit_formatter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.4'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.4'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -158,6 +144,27 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/build
+- helpers/install-dir/hex/deps/jason/.fetch
+- helpers/install-dir/hex/deps/jason/.hex
+- helpers/install-dir/hex/deps/jason/CHANGELOG.md
+- helpers/install-dir/hex/deps/jason/LICENSE
+- helpers/install-dir/hex/deps/jason/README.md
+- helpers/install-dir/hex/deps/jason/hex_metadata.config
+- helpers/install-dir/hex/deps/jason/lib/codegen.ex
+- helpers/install-dir/hex/deps/jason/lib/decoder.ex
+- helpers/install-dir/hex/deps/jason/lib/encode.ex
+- helpers/install-dir/hex/deps/jason/lib/encoder.ex
+- helpers/install-dir/hex/deps/jason/lib/formatter.ex
+- helpers/install-dir/hex/deps/jason/lib/fragment.ex
+- helpers/install-dir/hex/deps/jason/lib/helpers.ex
+- helpers/install-dir/hex/deps/jason/lib/jason.ex
+- helpers/install-dir/hex/deps/jason/mix.exs
+- helpers/install-dir/hex/lib/check_update.exs
+- helpers/install-dir/hex/lib/do_update.exs
+- helpers/install-dir/hex/lib/parse_deps.exs
+- helpers/install-dir/hex/lib/run.exs
+- helpers/install-dir/hex/mix.exs
+- helpers/install-dir/hex/mix.lock
 - helpers/lib/check_update.exs
 - helpers/lib/do_update.exs
 - helpers/lib/parse_deps.exs
@@ -185,7 +192,7 @@ homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -200,8 +207,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Elixir (Hex) support for dependabot
 test_files: []