dependabot-linguist 0.0.1 → 0.212.0

data/lib/dependabot/linguist/languages_to_ecosystems/main.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+# All the entries in this file are for facilitating the journey of starting with
+# a list of languages detected by linguist; to travel via the list of "package
+# managers" -> "package ecosystems", to then use those "package ecosystems" to
+# yield the set of keys given to the file_fetchers register function.
+#
+# That is to say; going from the linguist languages to the
+# list of file_fetcher classes that should be checked against!
+
+require_relative "contexts_applied"
+
+module Dependabot
+  module Linguist # rubocop:disable Style/Documentation
+    # Returns the set of package managers
+    # mapped to in LANGUAGE_TO_PACKAGE_MANAGER
+    def self.linguist_languages_to_package_managers(languages)
+      package_managers = []
+      languages.each do |language|
+        unless LANGUAGE_TO_PACKAGE_MANAGER[language].nil?
+          if LANGUAGE_TO_PACKAGE_MANAGER[language].is_a?(Array)
+            package_managers |= LANGUAGE_TO_PACKAGE_MANAGER[language]
+          else
+            package_managers |= [LANGUAGE_TO_PACKAGE_MANAGER[language]]
+          end
+        end
+      end
+      package_managers
+    end
+
+    # Returns the set of package ecosystems mapped
+    # to in PACKAGE_MANAGER_TO_PACKAGE_ECOSYSTEM
+    def self.package_managers_to_package_ecosystems(package_managers)
+      package_ecosystems = []
+      package_managers.each do |package_manager|
+        unless PACKAGE_MANAGER_TO_PACKAGE_ECOSYSTEM[package_manager].nil?
+          package_ecosystems |= [PACKAGE_MANAGER_TO_PACKAGE_ECOSYSTEM[package_manager]]
+        end
+      end
+      package_ecosystems
+    end
+
+    # Returns the set of file fetcher registry keys mapped
+    # to in PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY
+    def self.package_ecosystems_to_file_fetcher_registry_keys(package_ecosystems)
+      file_fetcher_registry_keys = []
+      package_ecosystems.each do |package_ecosystem|
+        unless PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY[package_ecosystem].nil?
+          file_fetcher_registry_keys |= [PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY[package_ecosystem]]
+        end
+      end
+      file_fetcher_registry_keys
+    end
+  end
+end

data/lib/dependabot/linguist/languages_to_ecosystems/manager_ecosystem_maps.rb

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+
+# Provide the maps from names for "Package Managers" to "Package Ecosystems" and
+# subsequently to the "file fetcher registry keys"
+
+# For the list of package managers and which ecosystems they map to, see
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
+
+# For the file_fetchers' register function, whose keys we map to, see
+# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers.rb#L14-L16
+
+module Dependabot
+  module Linguist
+    # PackageManagers is the "Package Manager" list on "#package-ecosystem"
+    module PackageManagers
+      # Bundler; the ruby package manager.
+      BUNDLER = "Bundler"
+      # Cargo; the rust package manager.
+      CARGO = "Cargo"
+      # Composer; the PHP package manager.
+      COMPOSER = "Composer"
+      # Docker; the Docker package manager.
+      DOCKER = "Docker"
+      # Hex; the Erlang (and Elixir) package manager
+      HEX = "Hex"
+      # elm-package; the elm package manager.
+      ELM_PACKAGE = "elm-package"
+      # git submodule versioning is GitHub internal
+      GIT_SUBMODULE = "git submodule"
+      # GitHub Action versioning is GitHub internal.
+      # GitHub Actions expects a directory input of "/",
+      # and can't be found by linguist outside of "yaml".
+      GITHUB_ACTIONS = "GitHub Actions"
+      # Go Modules; versioning is handled via go.mod
+      GO_MODULES = "Go modules"
+      # Gradle; typically a replacement for maven and any java ecosystem, and
+      # supports Java (as well as Kotlin, Groovy, Scala), C/C++, and JavaScript,
+      # although it provides plugin capacity to extend it to other languages.
+      # Notably the other common Java derivative, clojure, isn't 1st party.
+      GRADLE = "Gradle"
+      # Maven; typically for the java ecosystem, although has arbitrary
+      # extensability via the plugin exec-maven-plugin
+      MAVEN = "Maven"
+      # npm; the Node package manager. Relevant to any language that could
+      # be part of a Node package. Primarily JavaScript and TypeScript.
+      NPM = "npm"
+      # NuGet; the ".NET" (core, and framework) package manager. Also hosts
+      # Xamarain packages and some C++ packages. .NET languages include F#,
+      # C# (or, "MicroSoft Java") and Visual Basic. Also supports "ASP.NET".
+      NUGET = "NuGet"
+      # pip; the python package manager.
+      PIP = "pip"
+      # pipenv; a python package toolset.
+      PIPENV = "pipenv"
+      # pip-compile; a python package toolset.
+      PIP_COMPILE = "pip-compile"
+      # poetry; another python package manager.
+      POETRY = "poetry"
+      # pub; the package manager for dart and flutter
+      PUB = "pub"
+      # terraform version management is terraform internal
+      TERRAFORM = "Terraform"
+      # Yarn; Facebook's alternative to npm, and
+      # is similarly relevant to what Node supports.
+      YARN = "yarn"
+    end
+
+    # PackageEcosystems is all "YAML Value" listed on "#package-ecosystem",
+    # that are the keys to `package-ecosystem` in dependabot yaml.
+    module PackageEcosystems
+      BUNDLER = "bundler"
+      CARGO = "cargo"
+      COMPOSER = "composer"
+      DOCKER = "docker"
+      ELM = "elm"
+      GITHUB_ACTIONS = "github-actions"
+      GIT_SUBMODULE = "gitsubmodule"
+      GOMOD = "gomod"
+      GRADLE = "gradle"
+      MAVEN = "maven"
+      MIX = "mix"
+      NPM = "npm"
+      NUGET = "nuget"
+      PIP = "pip"
+      PUB = "pub"
+      TERRAFORM = "terraform"
+    end
+
+    # PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY maps PackageEcosystems
+    # to our end goal of the keys used to collect the respective file fetcher
+    # classes that are registered via the "file_fetchers register function"
+    # so each mapping |K,V| element should have a comment linking to the place
+    # that its value was registered!
+    PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY = {
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L216
+      PackageEcosystems::BUNDLER => "bundler",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L295
+      PackageEcosystems::CARGO => "cargo",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/composer/lib/dependabot/composer/file_fetcher.rb#L183
+      PackageEcosystems::COMPOSER => "composer",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/docker/lib/dependabot/docker/file_fetcher.rb#L103
+      PackageEcosystems::DOCKER => "docker",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/elm/lib/dependabot/elm/file_fetcher.rb#L46
+      PackageEcosystems::ELM => "elm",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L72-L73
+      PackageEcosystems::GITHUB_ACTIONS => "github_actions",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L84-L85
+      PackageEcosystems::GIT_SUBMODULE => "submodules",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L54-L55
+      PackageEcosystems::GOMOD => "go_modules",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L131
+      PackageEcosystems::GRADLE => "gradle",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/maven/lib/dependabot/maven/file_fetcher.rb#L142
+      PackageEcosystems::MAVEN => "maven",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/hex/lib/dependabot/hex/file_fetcher.rb#L98
+      PackageEcosystems::MIX => "hex",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L419-L420
+      PackageEcosystems::NPM => "npm_and_yarn",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L271
+      PackageEcosystems::NUGET => "nuget",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L409
+      PackageEcosystems::PIP => "pip",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/pub/lib/dependabot/pub/file_fetcher.rb#L46
+      PackageEcosystems::PUB => "pub",
+      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L90-L91
+      PackageEcosystems::TERRAFORM => "terraform"
+    }.freeze
+
+    # PACKAGE_MANAGER_TO_PACKAGE_ECOSYSTEM maps PackageManagers
+    # to the PackageEcosystems, according to "#package-ecosystem"
+    PACKAGE_MANAGER_TO_PACKAGE_ECOSYSTEM = {
+      PackageManagers::BUNDLER => PackageEcosystems::BUNDLER,
+      PackageManagers::CARGO => PackageEcosystems::CARGO,
+      PackageManagers::COMPOSER => PackageEcosystems::COMPOSER,
+      PackageManagers::DOCKER => PackageEcosystems::DOCKER,
+      PackageManagers::HEX => PackageEcosystems::MIX,
+      PackageManagers::ELM_PACKAGE => PackageEcosystems::ELM,
+      PackageManagers::GIT_SUBMODULE => PackageEcosystems::GIT_SUBMODULE,
+      PackageManagers::GITHUB_ACTIONS => PackageEcosystems::GITHUB_ACTIONS,
+      PackageManagers::GO_MODULES => PackageEcosystems::GOMOD,
+      PackageManagers::GRADLE => PackageEcosystems::GRADLE,
+      PackageManagers::MAVEN => PackageEcosystems::MAVEN,
+      PackageManagers::NPM => PackageEcosystems::NPM,
+      PackageManagers::NUGET => PackageEcosystems::NUGET,
+      PackageManagers::PIP => PackageEcosystems::PIP,
+      PackageManagers::PIPENV => PackageEcosystems::PIP,
+      PackageManagers::PIP_COMPILE => PackageEcosystems::PIP,
+      PackageManagers::POETRY => PackageEcosystems::PIP,
+      PackageManagers::PUB => PackageEcosystems::PUB,
+      PackageManagers::TERRAFORM => PackageEcosystems::TERRAFORM,
+      PackageManagers::YARN => PackageEcosystems::NPM
+    }.freeze
+  end
+end

data/lib/dependabot/linguist/languages_to_patch.txt

@@ -0,0 +1,37 @@
+Gemfile.lock
+Git Config
+Go Checksums
+Go Module
+Gradle
+JSON
+Maven POM
+NPM Config
+Text
+TOML
+XML
+YAML
+ASP.NET
+C#
+C++
+Clojure
+CoffeeScript
+Dart
+Dockerfile
+Elixir
+Elm
+Erlang
+F#
+Go
+Groovy
+HCL
+Java
+JavaScript
+Kotlin
+Objective-C++
+PHP
+Python
+Ruby
+Rust
+Scala
+TypeScript
+Visual Basic .NET

data/lib/dependabot/linguist/linguist_patch.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+# Direct the requiring of the files that patch linguist via this.
+# https://github.com/github/linguist/tree/v7.23.0
+
+require_relative "language"

data/lib/dependabot/linguist/repository.rb

@@ -0,0 +1,232 @@
+# frozen_string_literal: true
+
+require "rugged"
+require_relative "linguist_patch"
+require_relative "languages_to_ecosystems/main"
+require "dependabot/source"
+require "dependabot/errors"
+require "dependabot/omnibus"
+require_relative "dependabot_patch"
+
+module Dependabot
+  module Linguist
+    # Repository wraps a Linguist::Repository, to discover "linguist languages"
+    # present in a repository, then maps them to Dependabot Ecosystems, finally
+    # verifying that those ecosystems are valid for the places linguist found
+    # the languages it thought was relevant to each dependabot ecosystem.
+    class Repository
+      def initialize(repo_path, repo_name, ignore_linguist: 0, verbose: false)
+        @repo_path = repo_path.chomp.delete_suffix("/")
+        @repo_name = repo_name
+        begin
+          @repo = Rugged::Repository.new(@repo_path)
+        rescue Rugged::RepositoryError, Rugged::OSError
+          # Either the folder doesn't exist, or it does and doesn't have a `.git/`
+          # Try to clone into it, if it's public
+          puts "Repository #{@repo_name} not found at #{@repo_path}; falling back to cloning public url"
+          @repo = Rugged::Repository.clone_at("https://github.com/#{@repo_name}.git", @repo_path)
+        end
+        @ignore_linguist = [[0, ignore_linguist].max, 2].min
+        @verbose = verbose
+        @linguist = ::Linguist::Repository.new(@repo, @repo.head.target_id)
+      end
+
+      # Wraps Linguist::Repository.new(~).languages
+      def linguist_languages
+        @linguist_languages ||= @linguist.languages
+      end
+
+      # linguist_cache, linguist.cache, is a map of
+      # "<file_path>" => ["<Language>", <loc>] for
+      # any files found for any language looked for.
+      def linguist_cache
+        @linguist_cache ||= @linguist.cache
+      end
+
+      # rubocop:disable Style/HashTransformValues, Style/BlockDelimiters, Style/MultilineBlockChain
+      # Disable these checks to demonstrate this style -- and the first `.to_h {...}` shouldn't be
+      # a `.transform_values {...}`` as the Style/HashTransformValues cop requests it to be.
+
+      # files_per_linguist_language inverts the linguist_cache map to
+      # "<Language>" => ["<file_path>", ...], a list of files per language!
+      # Note that they are not cleaned in the same way the folder paths in
+      # each of the "directories per *" are prepended with a '/'.
+      def files_per_linguist_language
+        @files_per_linguist_language ||= linguist_cache.keys.group_by { |source_file_path|
+          # create the map "<Language>" => ["<file_path>", ...]
+          linguist_cache[source_file_path][0]
+        }
+      end
+
+      # directories_per_linguist_language inverts the linguist_cache map to
+      # "<Language>" => ["<folder_path>", ...], a list of folders per language!
+      def directories_per_linguist_language
+        @directories_per_linguist_language ||= linguist_cache.keys.to_h { |source_file_path|
+          # create the map "<file_path>" => "<folder_path>"
+          [source_file_path, "/#{source_file_path.slice(0, source_file_path.rindex("/") || 0)}"]
+        }.group_by { |source_file_path, _source_folder_path|
+          # create the map "<Language>" => [["<file_path>", "<folder_path>"], ...]
+          linguist_cache[source_file_path][0]
+        }.to_h { |linguist_language, file_then_folder_arr|
+          # create the map "<Language>" => ["<folder_path>", ...] by taking the
+          # (&:last) out of each ["<file_path>", "<folder_path>"] pair, uniquely
+          [linguist_language, file_then_folder_arr.map(&:last).uniq]
+        }
+      end
+
+      # rubocop:enable Style/HashTransformValues, Style/BlockDelimiters, Style/MultilineBlockChain
+
+      # directories_per_package_manager splits and merges the results of
+      # directories_per_linguist_language; split across each package manager that
+      # is relevant to the language, and then merges the list of file paths for
+      # that language into the list of file paths for each package manager!
+      def directories_per_package_manager
+        @directories_per_package_manager ||= {}.tap do |this|
+          directories_per_linguist_language.each do |linguist_language, source_directories|
+            Dependabot::Linguist.linguist_languages_to_package_managers([linguist_language]).each do |dependabot_package_manager|
+              this[dependabot_package_manager] = (this[dependabot_package_manager] || []) | source_directories
+            end
+          end
+          # GitHub Actions must be added seperately..
+          # if any yaml exist in the workflows folder, it needs to be added at "/"
+          if (directories_per_linguist_language["YAML"] || []).any? "/.github/workflows"
+            this[PackageManagers::GITHUB_ACTIONS] = ["/"]
+          end
+          # Because actions are handled like this we also need to regexp for /\/action\.ya?ml$/
+          (files_per_linguist_language["YAML"] || []).each do |source_file_path|
+            # File paths aren't cleaned from linguist, so prepend the '/' here.
+            # This lets it match the \/ before action.ya?ml if it's in the root dir.
+            # /(?<dir>\S*)\/(?<file>action\.ya?ml)$/
+            action_match = "/#{source_file_path}".match %r{(?<dir>\S*)/(?<file>action\.ya?ml)$}
+            if action_match
+              # But that also means we then need to check if dir is empty, if it's the root dir
+              if action_match[:dir].empty?
+                this[PackageManagers::GITHUB_ACTIONS] = (this[PackageManagers::GITHUB_ACTIONS] || []) | ["/"]
+              else
+                this[PackageManagers::GITHUB_ACTIONS] = (this[PackageManagers::GITHUB_ACTIONS] || []) | [action_match[:dir]]
+              end
+            end
+          end
+        end
+      end
+
+      # directories_per_package_ecosystem squashes the map of
+      # directories_per_package_manager according to the map of managers
+      # to ecosystems, as some managers share a common ecosystem name.
+      def directories_per_package_ecosystem
+        @directories_per_package_ecosystem ||= nil
+        if @directories_per_package_ecosystem.nil?
+          @directories_per_package_ecosystem = {}
+          directories_per_package_manager.each do |dependabot_package_manager, source_directories|
+            Dependabot::Linguist.package_managers_to_package_ecosystems([dependabot_package_manager]).each do |dependabot_package_ecosystem|
+              if @directories_per_package_ecosystem[dependabot_package_ecosystem].nil?
+                @directories_per_package_ecosystem[dependabot_package_ecosystem] = []
+              end
+              @directories_per_package_ecosystem[dependabot_package_ecosystem] |= source_directories
+            end
+          end
+        end
+        @directories_per_package_ecosystem
+      end
+
+      # file_fetcher_class_per_package_ecosystem maps ecosystem names to the
+      # class objects for each dependabot file fetcher class that's relevant
+      # based on the list of ecosystems found by linguist languages.
+      def file_fetcher_class_per_package_ecosystem
+        @file_fetcher_class_per_package_ecosystem ||= nil
+        if @file_fetcher_class_per_package_ecosystem.nil?
+          @file_fetcher_class_per_package_ecosystem = {}
+          directories_per_package_ecosystem.each_key do |possible_ecosystem|
+            @file_fetcher_class_per_package_ecosystem[possible_ecosystem] =
+              Dependabot::FileFetchers.for_package_manager(
+                Dependabot::Linguist::PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY[possible_ecosystem]
+              )
+          end
+        end
+        @file_fetcher_class_per_package_ecosystem
+      end
+
+      # Print out the lists of languages, managers, and ecosystems found here.
+      def put_discovery_info
+        puts "List of languages: #{directories_per_linguist_language.keys}"
+        puts "List of package managers: #{directories_per_package_manager.keys}"
+        puts "List of package ecosystems: #{directories_per_package_ecosystem.keys}"
+      end
+
+      # Get ALL directories for the repo path.
+      def all_directories
+        # /**/*/ rather than /**/ would remove the base path, but delete_prefix
+        # will also remove it, so it needs to be specially added.
+        @all_directories ||= (["/"] | Dir.glob("#{@repo_path}/**/*/").map { |subpath| subpath.delete_prefix(@repo_path).delete_suffix("/") })
+      end
+
+      # Get ALL sources from ALL directories for the repo path.
+      def all_sources
+        @all_sources ||= all_directories.collect { |directory| Dependabot::Source.new(provider: "github", repo: @repo_name, directory: directory) }
+      end
+
+      # Get the list of all directories identified by linguist, that
+      # had their language mapped to a relevant dependabot ecosystem.
+      def linguist_directories
+        @linguist_directories ||= directories_per_package_ecosystem.values.flatten.uniq
+      end
+
+      # Get the list of all sources from all directories identified by linguist,
+      # that had their language mapped to a relevant dependabot ecosystem.
+      def linguist_sources
+        @linguist_sources ||= linguist_directories.to_h { |directory| [directory, Dependabot::Source.new(provider: "github", repo: @repo_name, directory: directory)] }
+      end
+
+      def all_ecosystem_classes
+        @all_ecosystem_classes ||= PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY.transform_values { |k, v| [k, Dependabot::FileFetchers.for_package_manager(v)] }
+      end
+
+      # directories_per_ecosystem_validated_by_dependabot maps each identified
+      # present ecosystem to a list of the directories that linguist found files
+      # for, that were then validated by running the file_fetcher files on them.
+      def directories_per_ecosystem_validated_by_dependabot
+        @directories_per_ecosystem_validated_by_dependabot ||= nil
+        if @directories_per_ecosystem_validated_by_dependabot.nil?
+          enable_options = { kubernetes_updates: true }
+          @directories_per_ecosystem_validated_by_dependabot = {}
+          case @ignore_linguist
+          when 1
+            # If ignore linguist is 1, we rely on it to block "vendored"
+            # files from the sources, but we run all dependabot classes
+            sources = linguist_sources.values
+            ecosystem_classes = all_ecosystem_classes
+          when 2
+            # If ignore linguist is 2, we just don't use it at all.
+            sources = all_sources
+            ecosystem_classes = all_ecosystem_classes
+          else # when 0 is part of this.
+            # If ignore linguist is 0, we don't ignore it and rely
+            # on it to find sources and pick dependabot classes
+            sources = nil
+            ecosystem_classes = file_fetcher_class_per_package_ecosystem
+          end
+          ecosystem_classes.each do |package_ecosystem, file_fetcher_class|
+            @directories_per_ecosystem_validated_by_dependabot[package_ecosystem] = []
+            puts "Spawning class instances for #{package_ecosystem}, in repo #{@repo_path}, class #{file_fetcher_class}" if @verbose
+            sources = directories_per_package_ecosystem[package_ecosystem].collect { |directories| linguist_sources[directories] } unless [1, 2].any? @ignore_linguist
+            sources.each do |source|
+              fetcher = file_fetcher_class.new(source: source, credentials: [], repo_contents_path: @repo_path, options: enable_options)
+              begin
+                unless fetcher.files.map(&:name).empty?
+                  @directories_per_ecosystem_validated_by_dependabot[package_ecosystem] |= [source.directory]
+                  puts "-- Dependency files FOUND for package-ecosystem #{package_ecosystem} at #{source.directory}; #{fetcher.files.map(&:name)}" if @verbose
+                end
+              rescue Dependabot::DependabotError => e
+                # Most of these will be Dependabot::DependencyFileNotFound
+                # or Dependabot::PathDependenciesNotReachable
+                puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: #{e.message}" if @verbose
+              end
+            end
+          end
+          @directories_per_ecosystem_validated_by_dependabot = @directories_per_ecosystem_validated_by_dependabot.delete_if { |_, v| v.empty? }.sort.to_h
+        end
+        @directories_per_ecosystem_validated_by_dependabot
+      end
+    end
+  end
+end

data/lib/dependabot/linguist/version.rb

@@ -2,6 +2,6 @@
 
 module Dependabot
   module Linguist
-    VERSION = "0.0.1"
+    VERSION = "0.212.0"
   end
 end

data/lib/dependabot/linguist.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 require_relative "linguist/version"
+# ::Dependabot::Linguist::Repository, not ::Linguist::Repository,
+# although it does wrap ::Linguist::Repository
+require_relative "linguist/repository"
+require_relative "linguist/dependabot_file_validator"
 
 module Dependabot
+  # Provides a patched linguist to use to target dependabot relevant ecosystem blobs.
   module Linguist
-    class Error < StandardError; end
-    # Your code goes here...
   end
 end

data/smoke-test/README.md

@@ -0,0 +1,58 @@
+# Dependabot smoke testing files
+This `<repo>/smoke-test` directory is essentially equivalent to a clone of the [`dependabot/smoke-tests`](https://github.com/dependabot/smoke-tests) repository. Disclaimer that the `dependabot/smoke-tests` does **not** appear to have any license permitting this to be copied here, yet even if there were, many of the [tests](https://github.com/dependabot/smoke-tests/tree/0e13b71e2d17c7e570448f0696390c6239c1c089/tests) whose files need to be duplicated to replicate the same test, are using old commits, that wouldn't retroactively receive any license if one was added subsequently. I'm relying on the good faith that it absorbs the licensing of the repositories it tests, notably [`dependabot/cli`'s MIT license](https://github.com/dependabot/cli/blob/main/LICENSE) (which comes with `Copyright 2022 GitHub, Inc.`) and [`dependabot/dependabot-core`'s Properity license](https://github.com/dependabot/dependabot-core/blob/main/LICENSE) (which comes with `Contributor: GitHub Inc.`, and has other components duplicated in the gem of this repository, under [this repository's GPLv3 license](https://github.com/Skenvy/dependabot-linguist/blob/main/LICENSE) with a copy of [`dependabot/dependabot-core`'s Properity license](https://github.com/Skenvy/dependabot-linguist/blob/main/LICENSE.dependabot-core)). The most direct assertion of the right to utilise the [`dependabot/smoke-tests`](https://github.com/dependabot/smoke-tests) is exclusively the sentence "You're welcome to use this repo to test Dependabot functionality." from [the README](https://github.com/dependabot/smoke-tests/blob/006edd50f2d8789fea79e7413d15a9ed0348b17d/README.md). I'm hoping this exhaustive attribution is enough while I wait for a result to [asking them to add a license](https://github.com/dependabot/smoke-tests/issues/17).
+
+The previous commits that [the current set of smoke tests](https://github.com/dependabot/smoke-tests/tree/0e13b71e2d17c7e570448f0696390c6239c1c089/tests) use, are:
+* [8b2c0d821028c531826db20ca22cffdd2cc05abf](https://github.com/dependabot/smoke-tests/tree/8b2c0d821028c531826db20ca22cffdd2cc05abf)
+    * [github_actions](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-actions.yaml#L14)
+        * [/actions]()
+    * [pub](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-pub.yaml#L26)
+        * [/pub]()
+    * [terraform](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-terraform.yaml#L23)
+        * [/terraform]()
+* [832e37c1a7a4ef89feb9dc7cfa06f62205191994](https://github.com/dependabot/smoke-tests/tree/832e37c1a7a4ef89feb9dc7cfa06f62205191994)
+    * [bundler](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-bundler.yaml#L18)
+        * [/]()
+    * [cargo](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-cargo.yaml#L23)
+        * [/]()
+    * [docker](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-docker.yaml#L14)
+        * [/]()
+    * [elm](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-elm.yaml#L26)
+        * [/]()
+    * [hex](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-hex.yaml#L17)
+        * [/]()
+    * [maven](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-maven.yaml#L14)
+        * [/]()
+    * [npm_and_yarn](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-npm.yaml#L14)
+        * [/]()
+    * [nuget](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-nuget.yaml#L14)
+        * [/nuget]()
+    * [pip](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-pip-compile.yaml#L13)
+        * [/pip-compile]()
+    * [pip](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-pip.yaml#L15)
+        * [/pip]()
+    * [pip](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-pipenv.yaml#L13)
+        * [/pipenv]()
+    * [pip](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-poetry.yaml#L14)
+        * [/poetry]()
+* [bb98f0c3489713c240ccc1f1800008d4f0844dfd](https://github.com/dependabot/smoke-tests/tree/bb98f0c3489713c240ccc1f1800008d4f0844dfd)
+    * [composer](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-composer.yaml#L14)
+        * [/composer]()
+* [941c9223edd97d233737435a404d038a4bc846c4](https://github.com/dependabot/smoke-tests/tree/941c9223edd97d233737435a404d038a4bc846c4)
+    * [go_modules](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-go.yaml#L17)
+        * [/go]()
+* [9d77bc7063ed8328a7dbc4fc3b30605530322877](https://github.com/dependabot/smoke-tests/tree/9d77bc7063ed8328a7dbc4fc3b30605530322877)
+    * [gradle](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-gradle.yaml#L23)
+        * [/gradle]()
+* [4e5e081d77a06dd5092a65e161c1142fbec372bd](https://github.com/dependabot/smoke-tests/tree/4e5e081d77a06dd5092a65e161c1142fbec372bd)
+    * [npm_and_yarn](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-npm-remove-transitive.yaml#L25)
+        * [/npm/removed]()
+* [d55092e0297999bf4d29725606cfa082b378959a](https://github.com/dependabot/smoke-tests/tree/d55092e0297999bf4d29725606cfa082b378959a)
+    * [submodules](https://github.com/dependabot/smoke-tests/blob/0e13b71e2d17c7e570448f0696390c6239c1c089/tests/smoke-submodules.yaml#L10)
+        * [/]()
+
+The contents are used to test the functionality of **_both_** `linguist` _and_ `dependabot`. The contents don't necessarily need to use the same structure as the earlier commits that the smoke-test repository actually runs it's tests on as our tests are;
+1. For linguist, that it is able to discover the contents of the folders.
+1. That the code here is able to map what linguists discovers to the appropriate dependabot class to attempt to fetch the files with
+1. That the result of running the dependabot classes we've chosen for the folders that linguist found to contain relevant code does result in a list of those ecosystems and the relevant folders in these smoke-test data files.
+
+The only adjustment that was notable was having to change the contents of the bundler folder to contain a gemspec.

data/smoke-test/bundler/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec
+
+gem "rubocop", "0.76.0"
+gem "toml-rb", "2.2.0"
+gem 'rack', git: 'git@github.com:rack/rack.git', tag: '2.1.4'

data/smoke-test/bundler/Gemfile.lock

@@ -0,0 +1,47 @@
+GIT
+  remote: git@github.com:rack/rack.git
+  revision: f3cf79d6460dc592767941806d1b2b7008f73e01
+  tag: 2.1.4
+  specs:
+    rack (2.1.4)
+
+PATH
+  remote: .
+  specs:
+    dependabot-all-updates-test-staging (0.0.0)
+      netaddr (= 2.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    citrus (3.0.2)
+    jaro_winkler (1.5.4)
+    netaddr (2.0.1)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    rainbow (3.1.1)
+    rubocop (0.76.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.6)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    ruby-progressbar (1.11.0)
+    toml-rb (2.2.0)
+      citrus (~> 3.0, > 3.0)
+    unicode-display_width (1.6.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  dependabot-all-updates-test-staging!
+  rack!
+  rubocop (= 0.76.0)
+  toml-rb (= 2.2.0)
+
+BUNDLED WITH
+   2.1.4

data/smoke-test/bundler/dependabot-all-updates-test-staging.gemspec

@@ -0,0 +1,10 @@
+Gem::Specification.new do |s|
+  s.name        = 'dependabot-all-updates-test-staging'
+  s.version     = '0.0.0'
+  s.description = "Dependabot test ruby"
+  s.summary     = "dependabot test"
+  s.authors     = ["No Reply"]
+  s.email       = 'noreply@github.com'
+  s.license     = 'MIT'
+  s.add_runtime_dependency 'netaddr', '= 2.0.1'
+end