dependabot-linguist 0.0.1 → 0.212.0

data/lib/dependabot/linguist/dependabot_file_validator.rb

@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+
+require "yaml"
+require "rugged"
+
+module Dependabot
+  module Linguist
+    # Reads an existing dependabot file and determines how it should be updated
+    # to meet the suggested entried to the updates list coming from repository's
+    # directories_per_ecosystem_validated_by_dependabot
+    class DependabotFileValidator
+      def initialize(repo_path, remove_undiscovered: false, update_existing: true, minimum_interval: "weekly", max_open_pull_requests_limit: 5, verbose: false)
+        @repo = Rugged::Repository.new(repo_path)
+        @remove_undiscovered = remove_undiscovered
+        @update_existing = update_existing
+        @minimum_interval = minimum_interval
+        @max_open_pull_requests_limit = [max_open_pull_requests_limit, 0].max
+        @verbose = verbose
+        @load_ecosystem_directories ||= nil
+      end
+
+      YAML_FILE_PATH = ".github/dependabot.yaml"
+
+      YML_FILE_PATH = ".github/dependabot.yml"
+
+      def dependabot_file_path
+        @dependabot_file_path ||= if @repo.blob_at(@repo.head.target_id, YML_FILE_PATH)
+          # the yml extension is preferred by GitHub, so even though this
+          # returns the same as the `else`, check it before YAML.
+          YML_FILE_PATH # rubocop:disable Layout/IndentationWidth
+        elsif @repo.blob_at(@repo.head.target_id, YAML_FILE_PATH) # rubocop:disable Layout/ElseAlignment
+          YAML_FILE_PATH
+        else # rubocop:disable Layout/ElseAlignment
+          @existing_config = { "version" => 2, "updates" => [] }
+          YML_FILE_PATH
+        end # rubocop:disable Layout/EndAlignment
+      end
+
+      def existing_config
+        dependabot_file_path # to = {} if the file doesn't exist or isn't committed.
+        # @existing_config ||= YAML.load_file(File.join(@repo.path, dependabot_file_path))
+        @existing_config ||= YAML.safe_load(@repo.blob_at(@repo.head.target_id, dependabot_file_path).content)
+      end
+
+      def confirm_config_version_is_valid
+        raise StandardError("The existing config has a version other than 2") unless existing_config["version"] == 2
+      end
+
+      # Expects an input that is the output of ::Dependabot::Linguist::Repository.new(~)'s
+      # directories_per_ecosystem_validated_by_dependabot, which should be a map
+      # {"<package_ecosystem>" => ["<folder_path>", ...], ...}
+      def load_ecosystem_directories(incoming: @load_ecosystem_directories)
+        @load_ecosystem_directories ||= nil
+        if @load_ecosystem_directories == incoming
+          @load_ecosystem_directories
+        else
+          @config_drift = nil
+          @new_config = nil
+          @load_ecosystem_directories = incoming
+        end
+      end
+
+      def self.flatten_ecodirs_to_ecodir(ecosystem_directories_map)
+        ecosystem_directories_map.collect { |eco, dirs| dirs.collect { |dir| [eco, dir] } }.flatten(1)
+      end
+
+      def self.checking_exists(checking, exists)
+        exists["package-ecosystem"] == checking[0] && exists["directory"] == checking[1]
+      end
+
+      module ConfigDriftStatus
+        ALREADY_IN = "FOUND RECOMMENDATION ALREADY PRESENT"
+        TO_BE_ADDED = "RECOMMENDATION TO BE ADDED"
+        UNDISCOVERED = "UNDISCOVERED ENTRY PRE-EXISTS"
+      end
+
+      def config_drift
+        confirm_config_version_is_valid
+        @config_drift ||= {}.tap do |this|
+          ecodir_list = self.class.flatten_ecodirs_to_ecodir(load_ecosystem_directories)
+          this[ConfigDriftStatus::ALREADY_IN] = []
+          this[ConfigDriftStatus::TO_BE_ADDED] = []
+          this[ConfigDriftStatus::UNDISCOVERED] = []
+          this.freeze
+          ecodir_list.each do |checking_ecodir|
+            if !existing_config.empty? && !existing_config["updates"].nil?
+              existed_ecodir = nil
+              existing_config["updates"].each do |existing_ecodir|
+                if self.class.checking_exists(checking_ecodir, existing_ecodir)
+                  puts "#{ConfigDriftStatus::ALREADY_IN}; {#{checking_ecodir[0]} @ #{checking_ecodir[1]}}" if @verbose
+                  this[ConfigDriftStatus::ALREADY_IN].append(checking_ecodir)
+                  existed_ecodir = existing_ecodir
+                  break # existing_ecodir
+                end
+              end
+              # break to here
+              next unless existed_ecodir.nil? # checking_ecodir
+            end
+            # If we didn't break -> next, then we've got a checking_ecodir
+            # that we didn't find already present in the existing ecodirs.
+            puts "#{ConfigDriftStatus::TO_BE_ADDED}; {#{checking_ecodir[0]} @ #{checking_ecodir[1]}}" if @verbose
+            this[ConfigDriftStatus::TO_BE_ADDED].append(checking_ecodir)
+          end
+          if !existing_config.empty? && !existing_config["updates"].nil?
+            existing_config["updates"].each do |existing_ecodir|
+              existed_ecodir = nil
+              ecodir_list.each do |checking_ecodir|
+                existed_ecodir = checking_ecodir if self.class.checking_exists(checking_ecodir, existing_ecodir)
+                break unless existed_ecodir.nil?
+              end
+              if existed_ecodir.nil?
+                puts "#{ConfigDriftStatus::UNDISCOVERED}; {#{existing_ecodir["package-ecosystem"]} @ #{existing_ecodir["directory"]}} that wasn't found by us!!" if @verbose
+                this[ConfigDriftStatus::UNDISCOVERED].append([existing_ecodir["package-ecosystem"], existing_ecodir["directory"]])
+              end
+            end
+          end
+        end
+      end
+
+      def parsed_schedule_interval(interval)
+        intervals = ["daily", "weekly", "monthly"].freeze
+        if intervals.any? @minimum_interval
+          intervals[[intervals.find_index(@minimum_interval) || (intervals.length-1), intervals.find_index(interval) || (intervals.length-1)].min]
+        else
+          interval
+        end
+      end
+
+      def new_config
+        confirm_config_version_is_valid
+        @new_config ||= existing_config.clone.tap do |this|
+          this["updates"] = [] if this["updates"].nil?
+          # If "remove_undiscovered" is set, then set this to reject any
+          # updates that are in the list of those undiscovered. Removing
+          # is not safe from inside each, so reject instead.
+          this["updates"] = this["updates"].reject { |u| config_drift[ConfigDriftStatus::UNDISCOVERED].any? [u["package-ecosystem"], u["directory"]] } if @remove_undiscovered
+          # Next, go through and update any existing.
+          if @update_existing
+            this["updates"].each do |existing_update|
+              if config_drift[ConfigDriftStatus::ALREADY_IN].any? [existing_update["package-ecosystem"], existing_update["directory"]]
+                # Confirm that the already present entry is good enough
+                if existing_update["schedule"].is_a? Hash
+                  new_interval = parsed_schedule_interval(existing_update["schedule"]["interval"])
+                  existing_update["schedule"]["interval"] = new_interval
+                  # if it's not weekly anymore remove day if it's specified.
+                  if existing_update["schedule"]["interval"] != "weekly"
+                    existing_update["schedule"].delete("day")
+                  end
+                else
+                  existing_update["schedule"] = { "interval" => parsed_schedule_interval("monthly") }
+                end
+                # Confirm the open-pull-requests-limit
+                if existing_update["open-pull-requests-limit"]
+                  existing_update["open-pull-requests-limit"] = [existing_update["open-pull-requests-limit"], @max_open_pull_requests_limit].min
+                else
+                  existing_update["open-pull-requests-limit"] = @max_open_pull_requests_limit
+                end
+                existing_update.delete("open-pull-requests-limit") if existing_update["open-pull-requests-limit"] == 5
+              end
+            end
+          end
+          config_drift[ConfigDriftStatus::TO_BE_ADDED].each do |tba|
+            new_update = { "package-ecosystem" => tba[0], "directory" => tba[1] }
+            new_update["schedule"] = { "interval" => parsed_schedule_interval("monthly") }
+            new_update["open-pull-requests-limit"] = @max_open_pull_requests_limit if @max_open_pull_requests_limit != 5
+            this["updates"].append(new_update)
+          end
+        end
+      end
+
+      def write_new_config
+        File.open("#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}", "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
+      end
+
+      # The expected environment to run this final step in should have 'git' AND
+      # 'gh' available as commands to run, and calls out to a subshell to run
+      # them as set up by the environment that runs this, rather than requiring
+      # credentials being provided to this class.
+      def commit_new_config
+        new_branch = @repo.create_branch("dependabot-linguist_auto-config-update")
+        write_new_config
+        in_repo = "cd #{@repo.path} &&"
+        `#{"#{in_repo} git add #{dependabot_file_path}"}`
+        `#{"#{in_repo} git commit -m \"Auto update #{dependabot_file_path} -- dependabot-linguist\""}`
+        `#{"#{in_repo} git push --set-upstream #{@repo.remotes["origin"].name} #{new_branch.name}"}`
+        `#{"#{in_repo} gh pr create --fill"}`
+      end
+    end
+  end
+end

data/lib/dependabot/linguist/dependabot_patch.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Direct the requiring of the files that patch dependabot via this.
+# https://github.com/dependabot/dependabot-core/tree/v0.212.0
+
+require_relative "file_fetchers/base"
+require_relative "file_fetchers/go_modules"
+require_relative "file_fetchers/git_submodules"

data/lib/dependabot/linguist/file_fetchers/base.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
+# Patches the class Dependabot::FileFetchers::Base that all file fetching classes sub class.
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb
+
+# cloned_commit was added in 0.213.0; so we need to patch it in for 0.212.0 with an edit that
+# removes the `SharedHelpers.with_git_configured(credentials: credentials) do` wrap
+
+require "dependabot/file_fetchers"
+
+# rubocop:disable Style/Documentation
+
+module Dependabot
+  module FileFetchers
+    class Base
+      def cloned_commit
+        return if repo_contents_path.nil? || !File.directory?(File.join(repo_contents_path, ".git"))
+        Dir.chdir(repo_contents_path) do
+          return SharedHelpers.run_shell_command("git rev-parse HEAD")&.strip
+        end
+      end
+
+      def commit
+        return cloned_commit if cloned_commit
+        return source.commit if source.commit
+        branch = target_branch || default_branch_for_repo
+        @commit ||= client_for_provider.fetch_commit(repo, branch)
+      rescue *CLIENT_NOT_FOUND_ERRORS
+        raise Dependabot::BranchNotFound, branch
+      rescue Octokit::Conflict => e
+        raise unless e.message.include?("Repository is empty")
+      end
+    end
+  end
+end
+
+# rubocop:enable Style/Documentation

data/lib/dependabot/linguist/file_fetchers/git_submodules.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
+# Patches Dependabot::GitSubmodules::FileFetcher.(fetch_files, gitmodules_file)
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
+
+# This patches out the network calls that might fail if you've used a private
+# repo as a submodule. It still validates the `.gitmodules` exists. If you ARE
+# using a private repo as a submodule, consider visiting
+# "Allowing Dependabot to access private dependencies" at the below link
+# https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies
+
+# required_files_in? only asserts the presence of a `.gitmodules` file if the
+# submodule referenced is private, then the network calls in `submodule_refs`
+# might break the runner. If Dependabot::FileFetchers::Base.load_cloned_file_if_present
+# can't see the file, it'll `raise Dependabot::DependencyFileNotFound`, which
+# will make Dependabot::FileFetchers::Base.fetch_file_if_present `return` which
+# will add nil to the list of fetched_files -- i.e.
+# ```
+# def woah
+#   return
+# end
+# [] << woah # is [nil]
+# ```
+# So we need to be more cautious with this and check it first.
+
+# Dependabot::FileFetchers::Base.load_cloned_file_if_present
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L117-L137
+# Dependabot::FileFetchers::Base.fetch_file_if_present
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L93-L115
+
+require "dependabot/errors"
+require "dependabot/git_submodules"
+
+# rubocop:disable Style/Documentation
+
+module Dependabot
+  module GitSubmodules
+    class FileFetcher
+      def fetch_files
+        raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, ".gitmodules")).cleanpath.to_path) if gitmodules_file.nil?
+        [gitmodules_file]
+      end
+
+      def gitmodules_file
+        @gitmodules_file ||= fetch_file_if_present(".gitmodules")
+      end
+    end
+  end
+end
+
+# rubocop:enable Style/Documentation

data/lib/dependabot/linguist/file_fetchers/go_modules.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
+# Patches Dependabot::GoModules::FileFetcher.fetch_files
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L19-L41
+
+# Patch to remove the online requirement for fetching go modules
+
+# See the git_submodule patch for a comment explaining the reorder pattern,
+# due to `go_mod` being acquired via `fetch_file_if_present` and hitting
+# `load_cloned_file_if_present`.
+
+require "dependabot/errors"
+require "dependabot/go_modules"
+
+# rubocop:disable Style/Documentation
+
+module Dependabot
+  module GoModules
+    class FileFetcher
+      def fetch_files
+        raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "go.mod")).cleanpath.to_path) if go_mod.nil?
+        fetched_files = [go_mod]
+        fetched_files << go_sum unless go_sum.nil?
+        fetched_files
+      end
+    end
+  end
+end
+
+# rubocop:enable Style/Documentation

data/lib/dependabot/linguist/language.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+#####################################################################
+# _      _                   _     _     _____      _       _       #
+# | |    (_)                 (_)   | |   |  __ \    | |     | |     #
+# | |     _ _ __   __ _ _   _ _ ___| |_  | |__) |_ _| |_ ___| |__   #
+# | |    | | '_ \ / _` | | | | / __| __| |  ___/ _` | __/ __| '_ \  #
+# | |____| | | | | (_| | |_| | \__ \ |_  | |  | (_| | || (__| | | | #
+# |______|_|_| |_|\__, |\__,_|_|___/\__| |_|   \__,_|\__\___|_| |_| #
+#                  __/ |                                            #
+#                 |___/                                             #
+#####################################################################
+
+# Patches the class Linguist::Language to selectively "ungroup"
+# and change the type of "languages" to a detectable type.
+# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/language.rb
+
+# Patch https://github.com/github/linguist/blob/v7.23.0/lib/linguist/blob_helper.rb#L220
+# Need to remove the "(^|/)\.gitmodules$" string (plus one of the adjacent "|") as we
+# can't rely on the gitmodules to be unvendored in a `.gitattributes` and patching
+# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L35-L38 or
+# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L56-L62
+# would be too cumbersome. It also seems easier than duplicating the vendor patterns
+# from https://github.com/github/linguist/blob/v7.23.0/lib/linguist/vendor.yml
+# See https://ruby-doc.org/core-2.7.0/Regexp.html
+# We also need to remove the "(^|/)\.github/" string (plus one of the adjacent "|"),
+# to capture yaml files under .github/workflows/*.yaml
+
+require "linguist"
+
+# rubocop:disable Style/Documentation
+
+module Linguist
+  class Language
+    def ungroup_language
+      @group_name = self.name
+      self
+    end
+
+    def convert_to_detectable_type
+      @type = :programming
+    end
+
+    def patch_for_dependabot_linguist
+      self.ungroup_language.convert_to_detectable_type
+    end
+
+    # A list of dependabot relevant ecosystem linguist languages
+    patch_file = File.expand_path("./languages_to_patch.txt", __dir__)
+    languages_to_patch = File.readlines(patch_file, chomp: true)
+
+    languages_to_patch.each do |lang_name|
+      @name_index[lang_name.downcase].patch_for_dependabot_linguist
+    end
+  end
+
+  module BlobHelper
+    VendoredRegexp = Regexp.new(VendoredRegexp.source.gsub("(^|/)\\.gitmodules$|", "").gsub("|(^|/)\\.github/", ""))
+  end
+end
+
+# rubocop:enable Style/Documentation

data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb

@@ -0,0 +1,234 @@
+# frozen_string_literal: true
+
+# Provides the contexts for which "linguist languages" map to which dependabot
+# managers, and the reasons why the mapping has been added. Some are more
+# intuitively obvious and accurate, like "Git Config" mapping to git submodules.
+# But some are limited to generic languages that cast a wide net, like JSON,
+# YAML, and TOML. The only manager that isn't mapped to, is "GitHub Actions",
+# as it's source directory is not the directory it is valid to "fetch" from.
+
+# For a list of "linguist languages", see
+# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/languages.yml
+
+require_relative "manager_ecosystem_maps"
+
+# rubocop:disable Metrics/ModuleLength
+
+module Dependabot
+  module Linguist # rubocop:disable Style/Documentation
+    # ContextRule are the impetus for a certain language
+    # pointing to a given package manager.
+    module ContextRule
+      # FETCH_FILES implies the suggestion that a language should be relevant
+      # is derived from inspecting the rules the file fetcher class actually
+      # uses itself to determine if it can "fetch files" for a directory.
+      # Possibly also based on the `def self.required_files_message` message.
+      FETCH_FILES = "def fetch_files"
+      # PRIMARY_LANGUAGES implies that the language should be the main or only
+      # languages that that package manager could be used for, and the presence
+      # of that language should likely necessitate the presence of versioning.
+      PRIMARY_LANGUAGES = "primary languages"
+      # RELEVANT_LANGUAGES are satellites to the PRIMARY_LANGUAGES. They are
+      # other languages that are commonly built with this package manager.
+      RELEVANT_LANGUAGES = "relevant languages"
+    end
+
+    # Now apply the list of context rules to add `PackageManagers::`'s to
+    # the LANGUAGE_TO_PACKAGE_MANAGER map.
+    CONTEXT_RULES = {
+      PackageManagers::BUNDLER => {},
+      PackageManagers::CARGO => {},
+      PackageManagers::COMPOSER => {},
+      PackageManagers::DOCKER => {},
+      PackageManagers::HEX => {},
+      PackageManagers::ELM_PACKAGE => {},
+      PackageManagers::GIT_SUBMODULE => {},
+      PackageManagers::GITHUB_ACTIONS => {},
+      PackageManagers::GO_MODULES => {},
+      PackageManagers::GRADLE => {},
+      PackageManagers::MAVEN => {},
+      PackageManagers::NPM => {},
+      PackageManagers::NUGET => {},
+      PackageManagers::PIP => {},
+      PackageManagers::PIPENV => {},
+      PackageManagers::PIP_COMPILE => {},
+      PackageManagers::POETRY => {},
+      PackageManagers::PUB => {},
+      PackageManagers::TERRAFORM => {},
+      PackageManagers::YARN => {}
+  }.freeze # rubocop:disable Layout/FirstHashElementIndentation
+
+    ##
+    CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
+      "Gemfile.lock", # Gemfile.lock
+      "Ruby" # Gemfile or .gemspec
+    ]
+    CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::PRIMARY_LANGUAGES] = ["Ruby"]
+    CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::CARGO][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
+      "TOML" # Cargo.toml and Cargo.lock
+    ]
+    CONTEXT_RULES[PackageManagers::CARGO][ContextRule::PRIMARY_LANGUAGES] = ["Rust"]
+    CONTEXT_RULES[PackageManagers::CARGO][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
+      "JSON" # composer.json and composer.lock
+    ]
+    CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::PRIMARY_LANGUAGES] = ["PHP"]
+    CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/docker/lib/dependabot/docker/file_fetcher.rb#L17-L19
+      "Dockerfile", # Dockerfile
+      "YAML" # .yaml, if kubernetes option is set
+    ]
+    CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::PRIMARY_LANGUAGES] = []
+    CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::HEX][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/hex/lib/dependabot/hex/file_fetcher.rb#L20-L22
+      "Elixir" # mix.lock and mix.exs by extension
+    ]
+    CONTEXT_RULES[PackageManagers::HEX][ContextRule::PRIMARY_LANGUAGES] = ["Elixir"]
+    CONTEXT_RULES[PackageManagers::HEX][ContextRule::RELEVANT_LANGUAGES] = ["Erlang"]
+
+    ##
+    CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
+      "JSON" # elm-package.json or an elm.json, only seeks via .json extension though.
+    ]
+    CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::PRIMARY_LANGUAGES] = ["Elm"]
+    CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
+      "Git Config" # ".gitmodules"
+    ]
+    CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::PRIMARY_LANGUAGES] = []
+    CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
+      # "YAML", but this is handled without linguist
+    ]
+    CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::PRIMARY_LANGUAGES] = []
+    CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
+      "Go Checksums", # go.sum
+      "Go Module" # go.mod
+    ]
+    CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::PRIMARY_LANGUAGES] = ["Go"]
+    CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::RELEVANT_LANGUAGES] = []
+
+    CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L23-L25
+      "Gradle", # for any `.gradle` file
+      "Kotlin" # for any `.kts` file"
+    ]
+    CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::PRIMARY_LANGUAGES] = []
+    CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::RELEVANT_LANGUAGES] = [
+      "Clojure", "Groovy", "Java", "Kotlin", "Scala"
+    ]
+
+    CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
+      "Maven POM" # for `pom.xml` files
+    ]
+    CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::PRIMARY_LANGUAGES] = []
+    CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::RELEVANT_LANGUAGES] = [
+      "Clojure", "Groovy", "Java", "Kotlin", "Scala"
+    ]
+
+    ##
+    CONTEXT_RULES[PackageManagers::NPM][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
+      "JSON", # "package.json" or "package-lock.json" or "npm-shrinkwrap.json" but only by extension
+      "NPM Config" # ".npmrc"
+    ]
+    CONTEXT_RULES[PackageManagers::NPM][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]
+    CONTEXT_RULES[PackageManagers::NPM][ContextRule::RELEVANT_LANGUAGES] = ["CoffeeScript"]
+
+    ##
+    CONTEXT_RULES[PackageManagers::NUGET][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
+      "XML" # .csproj, .vbproj and .fsproj
+      # Nothing looks for a packages.config
+    ]
+    CONTEXT_RULES[PackageManagers::NUGET][ContextRule::PRIMARY_LANGUAGES] = ["C#"]
+    CONTEXT_RULES[PackageManagers::NUGET][ContextRule::RELEVANT_LANGUAGES] = ["ASP.NET", "C++", "F#", "Objective-C++", "Visual Basic .NET"]
+
+    ##
+    CONTEXT_RULES[PackageManagers::PIP][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # Besides the other pip related package managers, there is no language for `requirements` files. RIP.
+      "Text" # for `.txt`
+    ]
+    CONTEXT_RULES[PackageManagers::PIP][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
+    CONTEXT_RULES[PackageManagers::PIP][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      "JSON", # Pipfile.lock
+      "TOML" # Pipfile
+    ]
+    CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
+    CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # Already captured by the other pip related package manager paths
+    ]
+    CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
+    CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::POETRY][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # pyproject.lock has none and setup.py is vague.
+      "TOML" # poetry.lock and pyproject.toml by extension
+    ]
+    CONTEXT_RULES[PackageManagers::POETRY][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
+    CONTEXT_RULES[PackageManagers::POETRY][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::PUB][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
+      "YAML" # pubspec.yaml, but only by extension.
+    ]
+    CONTEXT_RULES[PackageManagers::PUB][ContextRule::PRIMARY_LANGUAGES] = ["Dart"]
+    CONTEXT_RULES[PackageManagers::PUB][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
+      "HCL" # .tf and .hcl
+    ]
+    CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::PRIMARY_LANGUAGES] = []
+    CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::RELEVANT_LANGUAGES] = []
+
+    ##
+    CONTEXT_RULES[PackageManagers::YARN][ContextRule::FETCH_FILES] = [
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
+      "YAML" # yarn.lock
+    ]
+    CONTEXT_RULES[PackageManagers::YARN][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]
+    CONTEXT_RULES[PackageManagers::YARN][ContextRule::RELEVANT_LANGUAGES] = ["CoffeeScript"]
+  end
+end
+
+# rubocop:enable Metrics/ModuleLength