dependabot-linguist 0.0.1 → 0.212.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +25 -3
- data/Gemfile +0 -9
- data/Gemfile.lock +162 -5
- data/LICENSE +674 -1
- data/{LICENSE.Nonstandard → LICENSE.dependabot-core} +0 -0
- data/Makefile +8 -1
- data/README.md +39 -5
- data/demo_script.rb +50 -0
- data/dependabot-linguist.gemspec +16 -5
- data/devlog.md +186 -0
- data/exe/dependabot-linguist +145 -0
- data/lib/dependabot/linguist/dependabot_file_validator.rb +190 -0
- data/lib/dependabot/linguist/dependabot_patch.rb +8 -0
- data/lib/dependabot/linguist/file_fetchers/base.rb +48 -0
- data/lib/dependabot/linguist/file_fetchers/git_submodules.rb +63 -0
- data/lib/dependabot/linguist/file_fetchers/go_modules.rb +41 -0
- data/lib/dependabot/linguist/language.rb +62 -0
- data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb +234 -0
- data/lib/dependabot/linguist/languages_to_ecosystems/contexts_applied.rb +36 -0
- data/lib/dependabot/linguist/languages_to_ecosystems/languages.yaml +7950 -0
- data/lib/dependabot/linguist/languages_to_ecosystems/main.rb +55 -0
- data/lib/dependabot/linguist/languages_to_ecosystems/manager_ecosystem_maps.rb +154 -0
- data/lib/dependabot/linguist/languages_to_patch.txt +37 -0
- data/lib/dependabot/linguist/linguist_patch.rb +6 -0
- data/lib/dependabot/linguist/repository.rb +232 -0
- data/lib/dependabot/linguist/version.rb +1 -1
- data/lib/dependabot/linguist.rb +5 -2
- data/smoke-test/README.md +58 -0
- data/smoke-test/bundler/Gemfile +9 -0
- data/smoke-test/bundler/Gemfile.lock +47 -0
- data/smoke-test/bundler/dependabot-all-updates-test-staging.gemspec +10 -0
- data/smoke-test/cargo/Cargo.lock +90 -0
- data/smoke-test/cargo/Cargo.toml +8 -0
- data/smoke-test/composer/composer.json +5 -0
- data/smoke-test/composer/composer.lock +72 -0
- data/smoke-test/composer/vendor/autoload.php +7 -0
- data/smoke-test/composer/vendor/composer/ClassLoader.php +445 -0
- data/smoke-test/composer/vendor/composer/LICENSE +21 -0
- data/smoke-test/composer/vendor/composer/autoload_classmap.php +13 -0
- data/smoke-test/composer/vendor/composer/autoload_namespaces.php +9 -0
- data/smoke-test/composer/vendor/composer/autoload_psr4.php +9 -0
- data/smoke-test/composer/vendor/composer/autoload_real.php +55 -0
- data/smoke-test/composer/vendor/composer/autoload_static.php +23 -0
- data/smoke-test/composer/vendor/composer/installed.json +57 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/.gitignore +3 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/LICENSE +504 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/README.md +112 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/changelog.md +530 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/class.phpmailer.php +2758 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/class.pop3.php +417 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/class.smtp.php +1075 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/composer.json +32 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/Callback_function_notes.txt +17 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/DomainKeys_notes.txt +55 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/Note_for_SMTP_debugging.txt +23 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/extending.html +148 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/faq.html +67 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/generatedocs.sh +4 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/pop3_article.txt +39 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/docs/use_gmail.txt +44 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/contents.html +20 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/images/phpmailer.gif +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/images/phpmailer_mini.gif +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/index.html +50 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_db_smtp_basic.php +58 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_mail_advanced.php +30 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_mail_basic.php +41 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_pop_before_smtp_advanced.php +39 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_pop_before_smtp_basic.php +49 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_sendmail_advanced.php +33 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_sendmail_basic.php +43 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_smtp_advanced.php +42 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_smtp_advanced_no_auth.php +36 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_smtp_basic.php +58 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_smtp_basic_no_auth.php +53 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_smtp_gmail_advanced.php +42 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/examples/test_smtp_gmail_basic.php +59 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/extras/class.html2text.inc +489 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/extras/htmlfilter.php +861 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/extras/ntlm_sasl_client.php +185 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ar.php +26 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-br.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ca.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ch.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-cz.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-de.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-dk.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-es.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-et.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-fi.php +26 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-fo.php +26 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-fr.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-hu.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-it.php +26 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ja.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-nl.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-no.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-pl.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ro.php +26 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-ru.php +24 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-se.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-sk.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-tr.php +26 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/language/phpmailer.lang-zh_cn.php +25 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test/contents.html +10 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test/phpmailerTest.php +1084 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test/test.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test/test_callback.php +84 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test/testemail.php +48 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/LGPLv3.txt +165 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/contents.html +14 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/images/aikido.gif +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/images/bkgrnd.gif +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/images/phpmailer.gif +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/index.php +427 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/clipboard.swf +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushBash.js +59 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushCSharp.js +64 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushCpp.js +99 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushCss.js +93 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushDelphi.js +57 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushDiff.js +43 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushGroovy.js +69 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushJScript.js +51 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushJava.js +55 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushPerl.js +74 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushPhp.js +91 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushPlain.js +35 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushPython.js +56 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushRuby.js +57 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushScala.js +53 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushSql.js +68 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushVb.js +58 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shBrushXml.js +71 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shCore.js +30 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/scripts/shLegacy.js +30 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/src/shCore.js +1949 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/src/shLegacy.js +172 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/help.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/magnifier.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/page_white_code.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/page_white_copy.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/printer.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shCore.css +321 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shThemeDefault.css +191 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shThemeDjango.css +193 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shThemeEmacs.css +192 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shThemeFadeToGrey.css +193 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shThemeMidnight.css +192 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/shThemeRDark.css +192 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/styles/wrapping.png +0 -0
- data/smoke-test/composer/vendor/phpmailer/phpmailer/test_script/test.html +46 -0
- data/smoke-test/dependabot-file/no-config/.github/TARGET.yaml +14 -0
- data/smoke-test/dependabot-file/no-config/bundler/Gemfile +9 -0
- data/smoke-test/dependabot-file/no-config/bundler/Gemfile.lock +47 -0
- data/smoke-test/dependabot-file/no-config/bundler/dependabot-all-updates-test-staging.gemspec +10 -0
- data/smoke-test/dependabot-file/no-config/cargo/Cargo.lock +90 -0
- data/smoke-test/dependabot-file/no-config/cargo/Cargo.toml +8 -0
- data/smoke-test/dependabot-file/no-config/composer/composer.json +5 -0
- data/smoke-test/dependabot-file/no-config/composer/composer.lock +72 -0
- data/smoke-test/dependabot-file/over-config/.github/TARGET.yaml +17 -0
- data/smoke-test/dependabot-file/over-config/.github/dependabot.yaml +12 -0
- data/smoke-test/dependabot-file/over-config/bundler/Gemfile +9 -0
- data/smoke-test/dependabot-file/over-config/bundler/Gemfile.lock +47 -0
- data/smoke-test/dependabot-file/over-config/bundler/dependabot-all-updates-test-staging.gemspec +10 -0
- data/smoke-test/dependabot-file/over-config/cargo/Cargo.lock +90 -0
- data/smoke-test/dependabot-file/over-config/cargo/Cargo.toml +8 -0
- data/smoke-test/dependabot-file/over-config/composer/composer.json +5 -0
- data/smoke-test/dependabot-file/over-config/composer/composer.lock +72 -0
- data/smoke-test/dependabot-file/overer-config/.github/TARGET.yaml +19 -0
- data/smoke-test/dependabot-file/overer-config/.github/dependabot.yaml +12 -0
- data/smoke-test/dependabot-file/overer-config/bundler/Gemfile +9 -0
- data/smoke-test/dependabot-file/overer-config/bundler/Gemfile.lock +47 -0
- data/smoke-test/dependabot-file/overer-config/bundler/dependabot-all-updates-test-staging.gemspec +10 -0
- data/smoke-test/dependabot-file/overer-config/cargo/Cargo.lock +90 -0
- data/smoke-test/dependabot-file/overer-config/cargo/Cargo.toml +8 -0
- data/smoke-test/dependabot-file/overer-config/composer/composer.json +5 -0
- data/smoke-test/dependabot-file/overer-config/composer/composer.lock +72 -0
- data/smoke-test/dependabot-file/partial-config/.github/TARGET.yaml +17 -0
- data/smoke-test/dependabot-file/partial-config/.github/dependabot.yaml +7 -0
- data/smoke-test/dependabot-file/partial-config/bundler/Gemfile +9 -0
- data/smoke-test/dependabot-file/partial-config/bundler/Gemfile.lock +47 -0
- data/smoke-test/dependabot-file/partial-config/bundler/dependabot-all-updates-test-staging.gemspec +10 -0
- data/smoke-test/dependabot-file/partial-config/cargo/Cargo.lock +90 -0
- data/smoke-test/dependabot-file/partial-config/cargo/Cargo.toml +8 -0
- data/smoke-test/dependabot-file/partial-config/composer/composer.json +5 -0
- data/smoke-test/dependabot-file/partial-config/composer/composer.lock +72 -0
- data/smoke-test/docker/Dockerfile +19 -0
- data/smoke-test/elm/elm-package.json +15 -0
- data/smoke-test/elm/elm.json +31 -0
- data/smoke-test/github-actions/both/.github/workflows/this.yaml +11 -0
- data/smoke-test/github-actions/both/yaml/action.yml +13 -0
- data/smoke-test/github-actions/invalid/invalid_file.yaml +0 -0
- data/smoke-test/github-actions/workflow/.github/workflows/this.yaml +11 -0
- data/smoke-test/github-actions/yaml/action.yml +13 -0
- data/smoke-test/gitsubmodule/.gitmodules +4 -0
- data/smoke-test/gomod/go.mod +16 -0
- data/smoke-test/gomod/go.sum +18 -0
- data/smoke-test/gomod/gomain.go +14 -0
- data/smoke-test/gradle/.gitignore +1 -0
- data/smoke-test/gradle/build.gradle +65 -0
- data/smoke-test/maven/pom.xml +65 -0
- data/smoke-test/mix/mix.exs +24 -0
- data/smoke-test/mix/mix.lock +5 -0
- data/smoke-test/npm/package-lock.json +166 -0
- data/smoke-test/npm/package.json +22 -0
- data/smoke-test/npm/removed/package-lock.json +44 -0
- data/smoke-test/npm/removed/package.json +15 -0
- data/smoke-test/nuget/project.csproj +14 -0
- data/smoke-test/pip/pip/requirements.txt +5 -0
- data/smoke-test/pip/pip-compile/requirements.in +2 -0
- data/smoke-test/pip/pip-compile/requirements.txt +16 -0
- data/smoke-test/pip/pipenv/Pipfile +13 -0
- data/smoke-test/pip/pipenv/Pipfile.lock +86 -0
- data/smoke-test/pip/poetry/poetry.lock +33 -0
- data/smoke-test/pip/poetry/pyproject.toml +18 -0
- data/smoke-test/pub/pubspec.lock +40 -0
- data/smoke-test/pub/pubspec.yaml +10 -0
- data/smoke-test/terraform/main.tf +143 -0
- metadata +314 -6
- data/LICENSE.GPL-3.0-only +0 -674
@@ -0,0 +1,190 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "yaml"
|
4
|
+
require "rugged"
|
5
|
+
|
6
|
+
module Dependabot
|
7
|
+
module Linguist
|
8
|
+
# Reads an existing dependabot file and determines how it should be updated
|
9
|
+
# to meet the suggested entried to the updates list coming from repository's
|
10
|
+
# directories_per_ecosystem_validated_by_dependabot
|
11
|
+
class DependabotFileValidator
|
12
|
+
def initialize(repo_path, remove_undiscovered: false, update_existing: true, minimum_interval: "weekly", max_open_pull_requests_limit: 5, verbose: false)
|
13
|
+
@repo = Rugged::Repository.new(repo_path)
|
14
|
+
@remove_undiscovered = remove_undiscovered
|
15
|
+
@update_existing = update_existing
|
16
|
+
@minimum_interval = minimum_interval
|
17
|
+
@max_open_pull_requests_limit = [max_open_pull_requests_limit, 0].max
|
18
|
+
@verbose = verbose
|
19
|
+
@load_ecosystem_directories ||= nil
|
20
|
+
end
|
21
|
+
|
22
|
+
YAML_FILE_PATH = ".github/dependabot.yaml"
|
23
|
+
|
24
|
+
YML_FILE_PATH = ".github/dependabot.yml"
|
25
|
+
|
26
|
+
def dependabot_file_path
|
27
|
+
@dependabot_file_path ||= if @repo.blob_at(@repo.head.target_id, YML_FILE_PATH)
|
28
|
+
# the yml extension is preferred by GitHub, so even though this
|
29
|
+
# returns the same as the `else`, check it before YAML.
|
30
|
+
YML_FILE_PATH # rubocop:disable Layout/IndentationWidth
|
31
|
+
elsif @repo.blob_at(@repo.head.target_id, YAML_FILE_PATH) # rubocop:disable Layout/ElseAlignment
|
32
|
+
YAML_FILE_PATH
|
33
|
+
else # rubocop:disable Layout/ElseAlignment
|
34
|
+
@existing_config = { "version" => 2, "updates" => [] }
|
35
|
+
YML_FILE_PATH
|
36
|
+
end # rubocop:disable Layout/EndAlignment
|
37
|
+
end
|
38
|
+
|
39
|
+
def existing_config
|
40
|
+
dependabot_file_path # to = {} if the file doesn't exist or isn't committed.
|
41
|
+
# @existing_config ||= YAML.load_file(File.join(@repo.path, dependabot_file_path))
|
42
|
+
@existing_config ||= YAML.safe_load(@repo.blob_at(@repo.head.target_id, dependabot_file_path).content)
|
43
|
+
end
|
44
|
+
|
45
|
+
def confirm_config_version_is_valid
|
46
|
+
raise StandardError("The existing config has a version other than 2") unless existing_config["version"] == 2
|
47
|
+
end
|
48
|
+
|
49
|
+
# Expects an input that is the output of ::Dependabot::Linguist::Repository.new(~)'s
|
50
|
+
# directories_per_ecosystem_validated_by_dependabot, which should be a map
|
51
|
+
# {"<package_ecosystem>" => ["<folder_path>", ...], ...}
|
52
|
+
def load_ecosystem_directories(incoming: @load_ecosystem_directories)
|
53
|
+
@load_ecosystem_directories ||= nil
|
54
|
+
if @load_ecosystem_directories == incoming
|
55
|
+
@load_ecosystem_directories
|
56
|
+
else
|
57
|
+
@config_drift = nil
|
58
|
+
@new_config = nil
|
59
|
+
@load_ecosystem_directories = incoming
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.flatten_ecodirs_to_ecodir(ecosystem_directories_map)
|
64
|
+
ecosystem_directories_map.collect { |eco, dirs| dirs.collect { |dir| [eco, dir] } }.flatten(1)
|
65
|
+
end
|
66
|
+
|
67
|
+
def self.checking_exists(checking, exists)
|
68
|
+
exists["package-ecosystem"] == checking[0] && exists["directory"] == checking[1]
|
69
|
+
end
|
70
|
+
|
71
|
+
module ConfigDriftStatus
|
72
|
+
ALREADY_IN = "FOUND RECOMMENDATION ALREADY PRESENT"
|
73
|
+
TO_BE_ADDED = "RECOMMENDATION TO BE ADDED"
|
74
|
+
UNDISCOVERED = "UNDISCOVERED ENTRY PRE-EXISTS"
|
75
|
+
end
|
76
|
+
|
77
|
+
def config_drift
|
78
|
+
confirm_config_version_is_valid
|
79
|
+
@config_drift ||= {}.tap do |this|
|
80
|
+
ecodir_list = self.class.flatten_ecodirs_to_ecodir(load_ecosystem_directories)
|
81
|
+
this[ConfigDriftStatus::ALREADY_IN] = []
|
82
|
+
this[ConfigDriftStatus::TO_BE_ADDED] = []
|
83
|
+
this[ConfigDriftStatus::UNDISCOVERED] = []
|
84
|
+
this.freeze
|
85
|
+
ecodir_list.each do |checking_ecodir|
|
86
|
+
if !existing_config.empty? && !existing_config["updates"].nil?
|
87
|
+
existed_ecodir = nil
|
88
|
+
existing_config["updates"].each do |existing_ecodir|
|
89
|
+
if self.class.checking_exists(checking_ecodir, existing_ecodir)
|
90
|
+
puts "#{ConfigDriftStatus::ALREADY_IN}; {#{checking_ecodir[0]} @ #{checking_ecodir[1]}}" if @verbose
|
91
|
+
this[ConfigDriftStatus::ALREADY_IN].append(checking_ecodir)
|
92
|
+
existed_ecodir = existing_ecodir
|
93
|
+
break # existing_ecodir
|
94
|
+
end
|
95
|
+
end
|
96
|
+
# break to here
|
97
|
+
next unless existed_ecodir.nil? # checking_ecodir
|
98
|
+
end
|
99
|
+
# If we didn't break -> next, then we've got a checking_ecodir
|
100
|
+
# that we didn't find already present in the existing ecodirs.
|
101
|
+
puts "#{ConfigDriftStatus::TO_BE_ADDED}; {#{checking_ecodir[0]} @ #{checking_ecodir[1]}}" if @verbose
|
102
|
+
this[ConfigDriftStatus::TO_BE_ADDED].append(checking_ecodir)
|
103
|
+
end
|
104
|
+
if !existing_config.empty? && !existing_config["updates"].nil?
|
105
|
+
existing_config["updates"].each do |existing_ecodir|
|
106
|
+
existed_ecodir = nil
|
107
|
+
ecodir_list.each do |checking_ecodir|
|
108
|
+
existed_ecodir = checking_ecodir if self.class.checking_exists(checking_ecodir, existing_ecodir)
|
109
|
+
break unless existed_ecodir.nil?
|
110
|
+
end
|
111
|
+
if existed_ecodir.nil?
|
112
|
+
puts "#{ConfigDriftStatus::UNDISCOVERED}; {#{existing_ecodir["package-ecosystem"]} @ #{existing_ecodir["directory"]}} that wasn't found by us!!" if @verbose
|
113
|
+
this[ConfigDriftStatus::UNDISCOVERED].append([existing_ecodir["package-ecosystem"], existing_ecodir["directory"]])
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
def parsed_schedule_interval(interval)
|
121
|
+
intervals = ["daily", "weekly", "monthly"].freeze
|
122
|
+
if intervals.any? @minimum_interval
|
123
|
+
intervals[[intervals.find_index(@minimum_interval) || (intervals.length-1), intervals.find_index(interval) || (intervals.length-1)].min]
|
124
|
+
else
|
125
|
+
interval
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
def new_config
|
130
|
+
confirm_config_version_is_valid
|
131
|
+
@new_config ||= existing_config.clone.tap do |this|
|
132
|
+
this["updates"] = [] if this["updates"].nil?
|
133
|
+
# If "remove_undiscovered" is set, then set this to reject any
|
134
|
+
# updates that are in the list of those undiscovered. Removing
|
135
|
+
# is not safe from inside each, so reject instead.
|
136
|
+
this["updates"] = this["updates"].reject { |u| config_drift[ConfigDriftStatus::UNDISCOVERED].any? [u["package-ecosystem"], u["directory"]] } if @remove_undiscovered
|
137
|
+
# Next, go through and update any existing.
|
138
|
+
if @update_existing
|
139
|
+
this["updates"].each do |existing_update|
|
140
|
+
if config_drift[ConfigDriftStatus::ALREADY_IN].any? [existing_update["package-ecosystem"], existing_update["directory"]]
|
141
|
+
# Confirm that the already present entry is good enough
|
142
|
+
if existing_update["schedule"].is_a? Hash
|
143
|
+
new_interval = parsed_schedule_interval(existing_update["schedule"]["interval"])
|
144
|
+
existing_update["schedule"]["interval"] = new_interval
|
145
|
+
# if it's not weekly anymore remove day if it's specified.
|
146
|
+
if existing_update["schedule"]["interval"] != "weekly"
|
147
|
+
existing_update["schedule"].delete("day")
|
148
|
+
end
|
149
|
+
else
|
150
|
+
existing_update["schedule"] = { "interval" => parsed_schedule_interval("monthly") }
|
151
|
+
end
|
152
|
+
# Confirm the open-pull-requests-limit
|
153
|
+
if existing_update["open-pull-requests-limit"]
|
154
|
+
existing_update["open-pull-requests-limit"] = [existing_update["open-pull-requests-limit"], @max_open_pull_requests_limit].min
|
155
|
+
else
|
156
|
+
existing_update["open-pull-requests-limit"] = @max_open_pull_requests_limit
|
157
|
+
end
|
158
|
+
existing_update.delete("open-pull-requests-limit") if existing_update["open-pull-requests-limit"] == 5
|
159
|
+
end
|
160
|
+
end
|
161
|
+
end
|
162
|
+
config_drift[ConfigDriftStatus::TO_BE_ADDED].each do |tba|
|
163
|
+
new_update = { "package-ecosystem" => tba[0], "directory" => tba[1] }
|
164
|
+
new_update["schedule"] = { "interval" => parsed_schedule_interval("monthly") }
|
165
|
+
new_update["open-pull-requests-limit"] = @max_open_pull_requests_limit if @max_open_pull_requests_limit != 5
|
166
|
+
this["updates"].append(new_update)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
def write_new_config
|
172
|
+
File.open("#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}", "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
|
173
|
+
end
|
174
|
+
|
175
|
+
# The expected environment to run this final step in should have 'git' AND
|
176
|
+
# 'gh' available as commands to run, and calls out to a subshell to run
|
177
|
+
# them as set up by the environment that runs this, rather than requiring
|
178
|
+
# credentials being provided to this class.
|
179
|
+
def commit_new_config
|
180
|
+
new_branch = @repo.create_branch("dependabot-linguist_auto-config-update")
|
181
|
+
write_new_config
|
182
|
+
in_repo = "cd #{@repo.path} &&"
|
183
|
+
`#{"#{in_repo} git add #{dependabot_file_path}"}`
|
184
|
+
`#{"#{in_repo} git commit -m \"Auto update #{dependabot_file_path} -- dependabot-linguist\""}`
|
185
|
+
`#{"#{in_repo} git push --set-upstream #{@repo.remotes["origin"].name} #{new_branch.name}"}`
|
186
|
+
`#{"#{in_repo} gh pr create --fill"}`
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Direct the requiring of the files that patch dependabot via this.
|
4
|
+
# https://github.com/dependabot/dependabot-core/tree/v0.212.0
|
5
|
+
|
6
|
+
require_relative "file_fetchers/base"
|
7
|
+
require_relative "file_fetchers/go_modules"
|
8
|
+
require_relative "file_fetchers/git_submodules"
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#########################################################################################
|
4
|
+
# _____ _ _ _ _____ _ _ #
|
5
|
+
# | __ \ | | | | | | | __ \ | | | | #
|
6
|
+
# | | | | ___ _ __ ___ _ __ __| | __ _| |__ ___ | |_ | |__) |_ _| |_ ___| |__ #
|
7
|
+
# | | | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| | ___/ _` | __/ __| '_ \ #
|
8
|
+
# | |__| | __/ |_) | __/ | | | (_| | (_| | |_) | (_) | |_ | | | (_| | || (__| | | | #
|
9
|
+
# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_| \__,_|\__\___|_| |_| #
|
10
|
+
# | | #
|
11
|
+
# |_| #
|
12
|
+
#########################################################################################
|
13
|
+
|
14
|
+
# Patches the class Dependabot::FileFetchers::Base that all file fetching classes sub class.
|
15
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb
|
16
|
+
|
17
|
+
# cloned_commit was added in 0.213.0; so we need to patch it in for 0.212.0 with an edit that
|
18
|
+
# removes the `SharedHelpers.with_git_configured(credentials: credentials) do` wrap
|
19
|
+
|
20
|
+
require "dependabot/file_fetchers"
|
21
|
+
|
22
|
+
# rubocop:disable Style/Documentation
|
23
|
+
|
24
|
+
module Dependabot
|
25
|
+
module FileFetchers
|
26
|
+
class Base
|
27
|
+
def cloned_commit
|
28
|
+
return if repo_contents_path.nil? || !File.directory?(File.join(repo_contents_path, ".git"))
|
29
|
+
Dir.chdir(repo_contents_path) do
|
30
|
+
return SharedHelpers.run_shell_command("git rev-parse HEAD")&.strip
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def commit
|
35
|
+
return cloned_commit if cloned_commit
|
36
|
+
return source.commit if source.commit
|
37
|
+
branch = target_branch || default_branch_for_repo
|
38
|
+
@commit ||= client_for_provider.fetch_commit(repo, branch)
|
39
|
+
rescue *CLIENT_NOT_FOUND_ERRORS
|
40
|
+
raise Dependabot::BranchNotFound, branch
|
41
|
+
rescue Octokit::Conflict => e
|
42
|
+
raise unless e.message.include?("Repository is empty")
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
# rubocop:enable Style/Documentation
|
@@ -0,0 +1,63 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#########################################################################################
|
4
|
+
# _____ _ _ _ _____ _ _ #
|
5
|
+
# | __ \ | | | | | | | __ \ | | | | #
|
6
|
+
# | | | | ___ _ __ ___ _ __ __| | __ _| |__ ___ | |_ | |__) |_ _| |_ ___| |__ #
|
7
|
+
# | | | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| | ___/ _` | __/ __| '_ \ #
|
8
|
+
# | |__| | __/ |_) | __/ | | | (_| | (_| | |_) | (_) | |_ | | | (_| | || (__| | | | #
|
9
|
+
# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_| \__,_|\__\___|_| |_| #
|
10
|
+
# | | #
|
11
|
+
# |_| #
|
12
|
+
#########################################################################################
|
13
|
+
|
14
|
+
# Patches Dependabot::GitSubmodules::FileFetcher.(fetch_files, gitmodules_file)
|
15
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
|
16
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
|
17
|
+
|
18
|
+
# This patches out the network calls that might fail if you've used a private
|
19
|
+
# repo as a submodule. It still validates the `.gitmodules` exists. If you ARE
|
20
|
+
# using a private repo as a submodule, consider visiting
|
21
|
+
# "Allowing Dependabot to access private dependencies" at the below link
|
22
|
+
# https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies
|
23
|
+
|
24
|
+
# required_files_in? only asserts the presence of a `.gitmodules` file if the
|
25
|
+
# submodule referenced is private, then the network calls in `submodule_refs`
|
26
|
+
# might break the runner. If Dependabot::FileFetchers::Base.load_cloned_file_if_present
|
27
|
+
# can't see the file, it'll `raise Dependabot::DependencyFileNotFound`, which
|
28
|
+
# will make Dependabot::FileFetchers::Base.fetch_file_if_present `return` which
|
29
|
+
# will add nil to the list of fetched_files -- i.e.
|
30
|
+
# ```
|
31
|
+
# def woah
|
32
|
+
# return
|
33
|
+
# end
|
34
|
+
# [] << woah # is [nil]
|
35
|
+
# ```
|
36
|
+
# So we need to be more cautious with this and check it first.
|
37
|
+
|
38
|
+
# Dependabot::FileFetchers::Base.load_cloned_file_if_present
|
39
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L117-L137
|
40
|
+
# Dependabot::FileFetchers::Base.fetch_file_if_present
|
41
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L93-L115
|
42
|
+
|
43
|
+
require "dependabot/errors"
|
44
|
+
require "dependabot/git_submodules"
|
45
|
+
|
46
|
+
# rubocop:disable Style/Documentation
|
47
|
+
|
48
|
+
module Dependabot
|
49
|
+
module GitSubmodules
|
50
|
+
class FileFetcher
|
51
|
+
def fetch_files
|
52
|
+
raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, ".gitmodules")).cleanpath.to_path) if gitmodules_file.nil?
|
53
|
+
[gitmodules_file]
|
54
|
+
end
|
55
|
+
|
56
|
+
def gitmodules_file
|
57
|
+
@gitmodules_file ||= fetch_file_if_present(".gitmodules")
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
# rubocop:enable Style/Documentation
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#########################################################################################
|
4
|
+
# _____ _ _ _ _____ _ _ #
|
5
|
+
# | __ \ | | | | | | | __ \ | | | | #
|
6
|
+
# | | | | ___ _ __ ___ _ __ __| | __ _| |__ ___ | |_ | |__) |_ _| |_ ___| |__ #
|
7
|
+
# | | | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| | ___/ _` | __/ __| '_ \ #
|
8
|
+
# | |__| | __/ |_) | __/ | | | (_| | (_| | |_) | (_) | |_ | | | (_| | || (__| | | | #
|
9
|
+
# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_| \__,_|\__\___|_| |_| #
|
10
|
+
# | | #
|
11
|
+
# |_| #
|
12
|
+
#########################################################################################
|
13
|
+
|
14
|
+
# Patches Dependabot::GoModules::FileFetcher.fetch_files
|
15
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L19-L41
|
16
|
+
|
17
|
+
# Patch to remove the online requirement for fetching go modules
|
18
|
+
|
19
|
+
# See the git_submodule patch for a comment explaining the reorder pattern,
|
20
|
+
# due to `go_mod` being acquired via `fetch_file_if_present` and hitting
|
21
|
+
# `load_cloned_file_if_present`.
|
22
|
+
|
23
|
+
require "dependabot/errors"
|
24
|
+
require "dependabot/go_modules"
|
25
|
+
|
26
|
+
# rubocop:disable Style/Documentation
|
27
|
+
|
28
|
+
module Dependabot
|
29
|
+
module GoModules
|
30
|
+
class FileFetcher
|
31
|
+
def fetch_files
|
32
|
+
raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "go.mod")).cleanpath.to_path) if go_mod.nil?
|
33
|
+
fetched_files = [go_mod]
|
34
|
+
fetched_files << go_sum unless go_sum.nil?
|
35
|
+
fetched_files
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# rubocop:enable Style/Documentation
|
@@ -0,0 +1,62 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#####################################################################
|
4
|
+
# _ _ _ _ _____ _ _ #
|
5
|
+
# | | (_) (_) | | | __ \ | | | | #
|
6
|
+
# | | _ _ __ __ _ _ _ _ ___| |_ | |__) |_ _| |_ ___| |__ #
|
7
|
+
# | | | | '_ \ / _` | | | | / __| __| | ___/ _` | __/ __| '_ \ #
|
8
|
+
# | |____| | | | | (_| | |_| | \__ \ |_ | | | (_| | || (__| | | | #
|
9
|
+
# |______|_|_| |_|\__, |\__,_|_|___/\__| |_| \__,_|\__\___|_| |_| #
|
10
|
+
# __/ | #
|
11
|
+
# |___/ #
|
12
|
+
#####################################################################
|
13
|
+
|
14
|
+
# Patches the class Linguist::Language to selectively "ungroup"
|
15
|
+
# and change the type of "languages" to a detectable type.
|
16
|
+
# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/language.rb
|
17
|
+
|
18
|
+
# Patch https://github.com/github/linguist/blob/v7.23.0/lib/linguist/blob_helper.rb#L220
|
19
|
+
# Need to remove the "(^|/)\.gitmodules$" string (plus one of the adjacent "|") as we
|
20
|
+
# can't rely on the gitmodules to be unvendored in a `.gitattributes` and patching
|
21
|
+
# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L35-L38 or
|
22
|
+
# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L56-L62
|
23
|
+
# would be too cumbersome. It also seems easier than duplicating the vendor patterns
|
24
|
+
# from https://github.com/github/linguist/blob/v7.23.0/lib/linguist/vendor.yml
|
25
|
+
# See https://ruby-doc.org/core-2.7.0/Regexp.html
|
26
|
+
# We also need to remove the "(^|/)\.github/" string (plus one of the adjacent "|"),
|
27
|
+
# to capture yaml files under .github/workflows/*.yaml
|
28
|
+
|
29
|
+
require "linguist"
|
30
|
+
|
31
|
+
# rubocop:disable Style/Documentation
|
32
|
+
|
33
|
+
module Linguist
|
34
|
+
class Language
|
35
|
+
def ungroup_language
|
36
|
+
@group_name = self.name
|
37
|
+
self
|
38
|
+
end
|
39
|
+
|
40
|
+
def convert_to_detectable_type
|
41
|
+
@type = :programming
|
42
|
+
end
|
43
|
+
|
44
|
+
def patch_for_dependabot_linguist
|
45
|
+
self.ungroup_language.convert_to_detectable_type
|
46
|
+
end
|
47
|
+
|
48
|
+
# A list of dependabot relevant ecosystem linguist languages
|
49
|
+
patch_file = File.expand_path("./languages_to_patch.txt", __dir__)
|
50
|
+
languages_to_patch = File.readlines(patch_file, chomp: true)
|
51
|
+
|
52
|
+
languages_to_patch.each do |lang_name|
|
53
|
+
@name_index[lang_name.downcase].patch_for_dependabot_linguist
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
module BlobHelper
|
58
|
+
VendoredRegexp = Regexp.new(VendoredRegexp.source.gsub("(^|/)\\.gitmodules$|", "").gsub("|(^|/)\\.github/", ""))
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
# rubocop:enable Style/Documentation
|
@@ -0,0 +1,234 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Provides the contexts for which "linguist languages" map to which dependabot
|
4
|
+
# managers, and the reasons why the mapping has been added. Some are more
|
5
|
+
# intuitively obvious and accurate, like "Git Config" mapping to git submodules.
|
6
|
+
# But some are limited to generic languages that cast a wide net, like JSON,
|
7
|
+
# YAML, and TOML. The only manager that isn't mapped to, is "GitHub Actions",
|
8
|
+
# as it's source directory is not the directory it is valid to "fetch" from.
|
9
|
+
|
10
|
+
# For a list of "linguist languages", see
|
11
|
+
# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/languages.yml
|
12
|
+
|
13
|
+
require_relative "manager_ecosystem_maps"
|
14
|
+
|
15
|
+
# rubocop:disable Metrics/ModuleLength
|
16
|
+
|
17
|
+
module Dependabot
|
18
|
+
module Linguist # rubocop:disable Style/Documentation
|
19
|
+
# ContextRule are the impetus for a certain language
|
20
|
+
# pointing to a given package manager.
|
21
|
+
module ContextRule
|
22
|
+
# FETCH_FILES implies the suggestion that a language should be relevant
|
23
|
+
# is derived from inspecting the rules the file fetcher class actually
|
24
|
+
# uses itself to determine if it can "fetch files" for a directory.
|
25
|
+
# Possibly also based on the `def self.required_files_message` message.
|
26
|
+
FETCH_FILES = "def fetch_files"
|
27
|
+
# PRIMARY_LANGUAGES implies that the language should be the main or only
|
28
|
+
# languages that that package manager could be used for, and the presence
|
29
|
+
# of that language should likely necessitate the presence of versioning.
|
30
|
+
PRIMARY_LANGUAGES = "primary languages"
|
31
|
+
# RELEVANT_LANGUAGES are satellites to the PRIMARY_LANGUAGES. They are
|
32
|
+
# other languages that are commonly built with this package manager.
|
33
|
+
RELEVANT_LANGUAGES = "relevant languages"
|
34
|
+
end
|
35
|
+
|
36
|
+
# Now apply the list of context rules to add `PackageManagers::`'s to
|
37
|
+
# the LANGUAGE_TO_PACKAGE_MANAGER map.
|
38
|
+
CONTEXT_RULES = {
|
39
|
+
PackageManagers::BUNDLER => {},
|
40
|
+
PackageManagers::CARGO => {},
|
41
|
+
PackageManagers::COMPOSER => {},
|
42
|
+
PackageManagers::DOCKER => {},
|
43
|
+
PackageManagers::HEX => {},
|
44
|
+
PackageManagers::ELM_PACKAGE => {},
|
45
|
+
PackageManagers::GIT_SUBMODULE => {},
|
46
|
+
PackageManagers::GITHUB_ACTIONS => {},
|
47
|
+
PackageManagers::GO_MODULES => {},
|
48
|
+
PackageManagers::GRADLE => {},
|
49
|
+
PackageManagers::MAVEN => {},
|
50
|
+
PackageManagers::NPM => {},
|
51
|
+
PackageManagers::NUGET => {},
|
52
|
+
PackageManagers::PIP => {},
|
53
|
+
PackageManagers::PIPENV => {},
|
54
|
+
PackageManagers::PIP_COMPILE => {},
|
55
|
+
PackageManagers::POETRY => {},
|
56
|
+
PackageManagers::PUB => {},
|
57
|
+
PackageManagers::TERRAFORM => {},
|
58
|
+
PackageManagers::YARN => {}
|
59
|
+
}.freeze # rubocop:disable Layout/FirstHashElementIndentation
|
60
|
+
|
61
|
+
##
|
62
|
+
CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::FETCH_FILES] = [
|
63
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
|
64
|
+
"Gemfile.lock", # Gemfile.lock
|
65
|
+
"Ruby" # Gemfile or .gemspec
|
66
|
+
]
|
67
|
+
CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::PRIMARY_LANGUAGES] = ["Ruby"]
|
68
|
+
CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::RELEVANT_LANGUAGES] = []
|
69
|
+
|
70
|
+
##
|
71
|
+
CONTEXT_RULES[PackageManagers::CARGO][ContextRule::FETCH_FILES] = [
|
72
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
|
73
|
+
"TOML" # Cargo.toml and Cargo.lock
|
74
|
+
]
|
75
|
+
CONTEXT_RULES[PackageManagers::CARGO][ContextRule::PRIMARY_LANGUAGES] = ["Rust"]
|
76
|
+
CONTEXT_RULES[PackageManagers::CARGO][ContextRule::RELEVANT_LANGUAGES] = []
|
77
|
+
|
78
|
+
##
|
79
|
+
CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::FETCH_FILES] = [
|
80
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
|
81
|
+
"JSON" # composer.json and composer.lock
|
82
|
+
]
|
83
|
+
CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::PRIMARY_LANGUAGES] = ["PHP"]
|
84
|
+
CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::RELEVANT_LANGUAGES] = []
|
85
|
+
|
86
|
+
##
|
87
|
+
CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::FETCH_FILES] = [
|
88
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/docker/lib/dependabot/docker/file_fetcher.rb#L17-L19
|
89
|
+
"Dockerfile", # Dockerfile
|
90
|
+
"YAML" # .yaml, if kubernetes option is set
|
91
|
+
]
|
92
|
+
CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::PRIMARY_LANGUAGES] = []
|
93
|
+
CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::RELEVANT_LANGUAGES] = []
|
94
|
+
|
95
|
+
##
|
96
|
+
CONTEXT_RULES[PackageManagers::HEX][ContextRule::FETCH_FILES] = [
|
97
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/hex/lib/dependabot/hex/file_fetcher.rb#L20-L22
|
98
|
+
"Elixir" # mix.lock and mix.exs by extension
|
99
|
+
]
|
100
|
+
CONTEXT_RULES[PackageManagers::HEX][ContextRule::PRIMARY_LANGUAGES] = ["Elixir"]
|
101
|
+
CONTEXT_RULES[PackageManagers::HEX][ContextRule::RELEVANT_LANGUAGES] = ["Erlang"]
|
102
|
+
|
103
|
+
##
|
104
|
+
CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::FETCH_FILES] = [
|
105
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
|
106
|
+
"JSON" # elm-package.json or an elm.json, only seeks via .json extension though.
|
107
|
+
]
|
108
|
+
CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::PRIMARY_LANGUAGES] = ["Elm"]
|
109
|
+
CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::RELEVANT_LANGUAGES] = []
|
110
|
+
|
111
|
+
##
|
112
|
+
CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::FETCH_FILES] = [
|
113
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
|
114
|
+
"Git Config" # ".gitmodules"
|
115
|
+
]
|
116
|
+
CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::PRIMARY_LANGUAGES] = []
|
117
|
+
CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::RELEVANT_LANGUAGES] = []
|
118
|
+
|
119
|
+
##
|
120
|
+
CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::FETCH_FILES] = [
|
121
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
|
122
|
+
# "YAML", but this is handled without linguist
|
123
|
+
]
|
124
|
+
CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::PRIMARY_LANGUAGES] = []
|
125
|
+
CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::RELEVANT_LANGUAGES] = []
|
126
|
+
|
127
|
+
##
|
128
|
+
CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::FETCH_FILES] = [
|
129
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
|
130
|
+
"Go Checksums", # go.sum
|
131
|
+
"Go Module" # go.mod
|
132
|
+
]
|
133
|
+
CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::PRIMARY_LANGUAGES] = ["Go"]
|
134
|
+
CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::RELEVANT_LANGUAGES] = []
|
135
|
+
|
136
|
+
CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::FETCH_FILES] = [
|
137
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L23-L25
|
138
|
+
"Gradle", # for any `.gradle` file
|
139
|
+
"Kotlin" # for any `.kts` file"
|
140
|
+
]
|
141
|
+
CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::PRIMARY_LANGUAGES] = []
|
142
|
+
CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::RELEVANT_LANGUAGES] = [
|
143
|
+
"Clojure", "Groovy", "Java", "Kotlin", "Scala"
|
144
|
+
]
|
145
|
+
|
146
|
+
CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::FETCH_FILES] = [
|
147
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
|
148
|
+
"Maven POM" # for `pom.xml` files
|
149
|
+
]
|
150
|
+
CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::PRIMARY_LANGUAGES] = []
|
151
|
+
CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::RELEVANT_LANGUAGES] = [
|
152
|
+
"Clojure", "Groovy", "Java", "Kotlin", "Scala"
|
153
|
+
]
|
154
|
+
|
155
|
+
##
|
156
|
+
CONTEXT_RULES[PackageManagers::NPM][ContextRule::FETCH_FILES] = [
|
157
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
|
158
|
+
"JSON", # "package.json" or "package-lock.json" or "npm-shrinkwrap.json" but only by extension
|
159
|
+
"NPM Config" # ".npmrc"
|
160
|
+
]
|
161
|
+
CONTEXT_RULES[PackageManagers::NPM][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]
|
162
|
+
CONTEXT_RULES[PackageManagers::NPM][ContextRule::RELEVANT_LANGUAGES] = ["CoffeeScript"]
|
163
|
+
|
164
|
+
##
|
165
|
+
CONTEXT_RULES[PackageManagers::NUGET][ContextRule::FETCH_FILES] = [
|
166
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
|
167
|
+
"XML" # .csproj, .vbproj and .fsproj
|
168
|
+
# Nothing looks for a packages.config
|
169
|
+
]
|
170
|
+
CONTEXT_RULES[PackageManagers::NUGET][ContextRule::PRIMARY_LANGUAGES] = ["C#"]
|
171
|
+
CONTEXT_RULES[PackageManagers::NUGET][ContextRule::RELEVANT_LANGUAGES] = ["ASP.NET", "C++", "F#", "Objective-C++", "Visual Basic .NET"]
|
172
|
+
|
173
|
+
##
|
174
|
+
CONTEXT_RULES[PackageManagers::PIP][ContextRule::FETCH_FILES] = [
|
175
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
|
176
|
+
# Besides the other pip related package managers, there is no language for `requirements` files. RIP.
|
177
|
+
"Text" # for `.txt`
|
178
|
+
]
|
179
|
+
CONTEXT_RULES[PackageManagers::PIP][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
|
180
|
+
CONTEXT_RULES[PackageManagers::PIP][ContextRule::RELEVANT_LANGUAGES] = []
|
181
|
+
|
182
|
+
##
|
183
|
+
CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::FETCH_FILES] = [
|
184
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
|
185
|
+
"JSON", # Pipfile.lock
|
186
|
+
"TOML" # Pipfile
|
187
|
+
]
|
188
|
+
CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
|
189
|
+
CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::RELEVANT_LANGUAGES] = []
|
190
|
+
|
191
|
+
##
|
192
|
+
CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::FETCH_FILES] = [
|
193
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
|
194
|
+
# Already captured by the other pip related package manager paths
|
195
|
+
]
|
196
|
+
CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
|
197
|
+
CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::RELEVANT_LANGUAGES] = []
|
198
|
+
|
199
|
+
##
|
200
|
+
CONTEXT_RULES[PackageManagers::POETRY][ContextRule::FETCH_FILES] = [
|
201
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
|
202
|
+
# pyproject.lock has none and setup.py is vague.
|
203
|
+
"TOML" # poetry.lock and pyproject.toml by extension
|
204
|
+
]
|
205
|
+
CONTEXT_RULES[PackageManagers::POETRY][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
|
206
|
+
CONTEXT_RULES[PackageManagers::POETRY][ContextRule::RELEVANT_LANGUAGES] = []
|
207
|
+
|
208
|
+
##
|
209
|
+
CONTEXT_RULES[PackageManagers::PUB][ContextRule::FETCH_FILES] = [
|
210
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
|
211
|
+
"YAML" # pubspec.yaml, but only by extension.
|
212
|
+
]
|
213
|
+
CONTEXT_RULES[PackageManagers::PUB][ContextRule::PRIMARY_LANGUAGES] = ["Dart"]
|
214
|
+
CONTEXT_RULES[PackageManagers::PUB][ContextRule::RELEVANT_LANGUAGES] = []
|
215
|
+
|
216
|
+
##
|
217
|
+
CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::FETCH_FILES] = [
|
218
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
|
219
|
+
"HCL" # .tf and .hcl
|
220
|
+
]
|
221
|
+
CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::PRIMARY_LANGUAGES] = []
|
222
|
+
CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::RELEVANT_LANGUAGES] = []
|
223
|
+
|
224
|
+
##
|
225
|
+
CONTEXT_RULES[PackageManagers::YARN][ContextRule::FETCH_FILES] = [
|
226
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
|
227
|
+
"YAML" # yarn.lock
|
228
|
+
]
|
229
|
+
CONTEXT_RULES[PackageManagers::YARN][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]
|
230
|
+
CONTEXT_RULES[PackageManagers::YARN][ContextRule::RELEVANT_LANGUAGES] = ["CoffeeScript"]
|
231
|
+
end
|
232
|
+
end
|
233
|
+
|
234
|
+
# rubocop:enable Metrics/ModuleLength
|