dependabot-pre_commit 0.361.2

data/lib/dependabot/pre_commit/file_updater.rb

@@ -0,0 +1,188 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/errors"
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+
+module Dependabot
+  module PreCommit
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        updated_files = []
+
+        dependency_files.each do |file|
+          next unless requirement_changed?(file, dependency)
+
+          updated_files <<
+            updated_file(
+              file: file,
+              content: updated_config_file_content(file)
+            )
+        end
+
+        updated_files.reject! { |f| dependency_files.include?(T.cast(f, Dependabot::DependencyFile)) }
+        raise "No files changed!" if updated_files.none?
+
+        updated_files
+      end
+
+      private
+
+      sig { returns(Dependabot::Dependency) }
+      def dependency
+        T.must(dependencies.first)
+      end
+
+      sig { override.void }
+      def check_required_files
+        return if dependency_files.any?
+
+        raise "No pre-commit config files!"
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(String) }
+      def updated_config_file_content(file)
+        updated_requirement_pairs = requirement_pairs_for_file(file)
+        updated_content = T.must(file.content)
+
+        updated_requirement_pairs.each do |new_req, old_req|
+          updated_content = apply_requirement_update(updated_content, new_req, old_req)
+        end
+
+        updated_content
+      end
+
+      sig do
+        params(file: Dependabot::DependencyFile)
+          .returns(T::Array[[T::Hash[Symbol, T.untyped], T::Hash[Symbol, T.untyped]]])
+      end
+      def requirement_pairs_for_file(file)
+        pairs = dependency.requirements.zip(T.must(dependency.previous_requirements))
+        filtered_pairs = pairs.reject do |new_req, old_req|
+          next true unless old_req
+
+          file_name = T.cast(new_req[:file], T.nilable(String))
+          next true if file_name != file.name
+
+          new_source = T.cast(new_req[:source], T.nilable(T::Hash[Symbol, T.untyped]))
+          old_source = T.cast(old_req[:source], T.nilable(T::Hash[Symbol, T.untyped]))
+          new_source == old_source
+        end
+
+        filtered_pairs.map { |new_req, old_req| [new_req, T.must(old_req)] }
+      end
+
+      sig do
+        params(
+          content: String,
+          new_req: T::Hash[Symbol, T.untyped],
+          old_req: T::Hash[Symbol, T.untyped]
+        ).returns(String)
+      end
+      def apply_requirement_update(content, new_req, old_req)
+        new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol, T.untyped])
+        source_type = T.cast(new_source.fetch(:type), String)
+
+        case source_type
+        when "git"
+          apply_git_requirement_update(content, new_req, old_req)
+        when "additional_dependency"
+          apply_additional_dependency_update(content, new_req, old_req)
+        else
+          content
+        end
+      end
+
+      sig do
+        params(
+          content: String,
+          new_req: T::Hash[Symbol, T.untyped],
+          old_req: T::Hash[Symbol, T.untyped]
+        ).returns(String)
+      end
+      def apply_git_requirement_update(content, new_req, old_req)
+        new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol, T.untyped])
+        old_source = T.cast(old_req.fetch(:source), T::Hash[Symbol, T.untyped])
+        repo_url = T.cast(old_source.fetch(:url), String)
+        old_ref = T.cast(old_source.fetch(:ref), String)
+        new_ref = T.cast(new_source.fetch(:ref), String)
+
+        replace_ref_in_content(content, repo_url, old_ref, new_ref)
+      end
+
+      sig do
+        params(
+          content: String,
+          new_req: T::Hash[Symbol, T.untyped],
+          old_req: T::Hash[Symbol, T.untyped]
+        ).returns(String)
+      end
+      def apply_additional_dependency_update(content, new_req, old_req)
+        old_source = T.cast(old_req.fetch(:source), T::Hash[Symbol, T.untyped])
+        new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol, T.untyped])
+
+        old_string = T.cast(old_source.fetch(:original_string), String)
+        new_string = T.cast(new_source.fetch(:original_string), String)
+
+        replace_additional_dependency_in_content(content, old_string, new_string)
+      end
+
+      sig do
+        params(content: String, repo_url: String, old_ref: String, new_ref: String).returns(String)
+      end
+      def replace_ref_in_content(content, repo_url, old_ref, new_ref)
+        current_repo = T.let(nil, T.nilable(String))
+
+        updated_lines = content.lines.map do |line|
+          repo_match = line.match(/^\s*-\s*repo:\s*(\S+)/)
+          current_repo = repo_match[1] if repo_match
+
+          if current_repo == repo_url &&
+             line.match?(/^\s*rev:\s+#{Regexp.escape(old_ref)}(\s*(?:#.*)?)?$/)
+            line.gsub(old_ref, new_ref)
+          else
+            line
+          end
+        end
+
+        updated_lines.join
+      end
+
+      sig do
+        params(content: String, old_string: String, new_string: String).returns(String)
+      end
+      def replace_additional_dependency_in_content(content, old_string, new_string)
+        # Use line-by-line replacement to avoid variable-length look-behind issues
+        # We look for the exact dependency string in various YAML formats
+        escaped_old = Regexp.escape(old_string)
+
+        updated_lines = content.lines.map do |line|
+          # Check if this line contains the dependency in additional_dependencies context
+          # Matches formats like:
+          # - types-requests==1.0.0
+          # - 'types-requests==1.0.0'
+          # - "types-requests==1.0.0"
+          # [..., types-requests==1.0.0, ...]
+          if line.match?(/^\s*-\s*['"]?#{escaped_old}['"]?\s*$/) || # Block style
+             line.match?(/[\[,]\s*['"]?#{escaped_old}['"]?\s*[,\]]/) || # Flow style
+             line.match?(/^\s*-\s*['"]?#{escaped_old}['"]?\s*#/) # With comment
+            line.gsub(old_string, new_string)
+          else
+            line
+          end
+        end
+
+        updated_lines.join
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters
+  .register("pre_commit", Dependabot::PreCommit::FileUpdater)

data/lib/dependabot/pre_commit/helpers.rb

@@ -0,0 +1,82 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/dependency"
+require "dependabot/errors"
+require "dependabot/pre_commit/requirement"
+require "dependabot/pre_commit/version"
+require "sorbet-runtime"
+
+module Dependabot
+  module PreCommit
+    module Helpers
+      class Githelper
+        extend T::Sig
+
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            credentials: T::Array[Dependabot::Credential],
+            ignored_versions: T::Array[String],
+            raise_on_ignored: T::Boolean,
+            consider_version_branches_pinned: T::Boolean,
+            dependency_source_details: T.nilable(T::Hash[Symbol, String])
+          )
+            .void
+        end
+        def initialize(
+          dependency:,
+          credentials:,
+          ignored_versions: [],
+          raise_on_ignored: false,
+          consider_version_branches_pinned: false,
+          dependency_source_details: nil
+        )
+          @dependency = dependency
+          @credentials = credentials
+          @ignored_versions = ignored_versions
+          @raise_on_ignored = raise_on_ignored
+          @consider_version_branches_pinned = consider_version_branches_pinned
+          @dependency_source_details = dependency_source_details
+        end
+
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+
+        sig { returns(T::Boolean) }
+        attr_reader :raise_on_ignored
+
+        sig { returns(Dependabot::GitCommitChecker) }
+        def git_commit_checker
+          @git_commit_checker ||= T.let(
+            git_commit_checker_for(nil),
+            T.nilable(Dependabot::GitCommitChecker)
+          )
+        end
+
+        sig { params(source: T.nilable(T::Hash[Symbol, String])).returns(Dependabot::GitCommitChecker) }
+        def git_commit_checker_for(source)
+          @git_commit_checkers ||= T.let(
+            {},
+            T.nilable(T::Hash[T.nilable(T::Hash[Symbol, String]), Dependabot::GitCommitChecker])
+          )
+
+          @git_commit_checkers[source] ||= Dependabot::GitCommitChecker.new(
+            dependency: dependency,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            raise_on_ignored: raise_on_ignored,
+            consider_version_branches_pinned: @consider_version_branches_pinned,
+            dependency_source_details: source || @dependency_source_details
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/pre_commit/metadata_finder.rb

@@ -0,0 +1,28 @@
+# typed: strong
+# frozen_string_literal: true
+
+# NOTE: This file was scaffolded automatically but is OPTIONAL.
+# If you don't need custom metadata finding logic (changelogs, release notes, etc.),
+# you can safely delete this file and remove the require from lib/dependabot/pre_commit.rb
+
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+
+module Dependabot
+  module PreCommit
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      extend T::Sig
+
+      private
+
+      sig { override.returns(T.nilable(Dependabot::Source)) }
+      def look_up_source
+        # TODO: Implement custom source lookup logic if needed
+        # Otherwise, delete this file and the require in the main registration file
+        nil
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.register("pre_commit", Dependabot::PreCommit::MetadataFinder)

data/lib/dependabot/pre_commit/package/package_details_fetcher.rb

@@ -0,0 +1,199 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/errors"
+require "dependabot/pre_commit/helpers"
+require "dependabot/pre_commit/requirement"
+require "dependabot/pre_commit/update_checker"
+require "dependabot/pre_commit/version"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module PreCommit
+    module Package
+      class PackageDetailsFetcher
+        extend T::Sig
+
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            credentials: T::Array[Dependabot::Credential],
+            ignored_versions: T::Array[String],
+            raise_on_ignored: T::Boolean
+          ).void
+        end
+        def initialize(
+          dependency:,
+          credentials:,
+          ignored_versions: [],
+          raise_on_ignored: false
+        )
+          @dependency = dependency
+          @credentials = credentials
+          @raise_on_ignored = raise_on_ignored
+          @ignored_versions = ignored_versions
+
+          @git_helper = T.let(git_helper, Dependabot::PreCommit::Helpers::Githelper)
+        end
+
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+
+        sig { returns(T::Boolean) }
+        attr_reader :raise_on_ignored
+
+        sig { returns(T.nilable(T.any(Dependabot::Version, String))) }
+        def release_list_for_git_dependency
+          return unless git_dependency?
+          return current_commit unless git_commit_checker.pinned?
+
+          version_tag_release || commit_sha_release
+        end
+
+        sig { returns(T.nilable(T.any(Dependabot::Version, String))) }
+        def version_tag_release
+          return unless git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
+
+          latest_version = latest_version_tag&.fetch(:version)
+          return current_version if shortened_semver_eq?(dependency.version, latest_version.to_s)
+
+          latest_version
+        end
+
+        sig { returns(T.nilable(T.any(Dependabot::Version, String))) }
+        def commit_sha_release
+          return unless git_commit_checker.pinned_ref_looks_like_commit_sha?
+
+          # Prioritize tagged releases over latest commits
+          # If latest_version_tag exists, use it (even if current SHA doesn't have a tag)
+          return latest_version_tag&.fetch(:version) if latest_version_tag
+
+          # Only fall back to latest commit if no tags exist
+          latest_commit_for_pinned_ref
+        end
+
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+        def latest_version_tag
+          @latest_version_tag ||= T.let(
+            begin
+              return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
+
+              ref = git_commit_checker.local_ref_for_latest_version_matching_existing_precision
+              return ref if ref && current_version && ref.fetch(:version) > current_version
+
+              git_commit_checker.local_ref_for_latest_version_lower_precision
+            end,
+            T.nilable(T::Hash[Symbol, T.untyped])
+          )
+        end
+
+        private
+
+        sig { returns(T.nilable(String)) }
+        def current_commit
+          git_commit_checker.head_commit_for_current_branch
+        end
+
+        sig { params(base: T.nilable(String), other: T.nilable(String)).returns(T::Boolean) }
+        def shortened_semver_eq?(base, other)
+          return false unless base && other
+
+          base_split = base.split(".")
+          other_split = other.split(".")
+          return false unless base_split.length <= other_split.length
+
+          other_split[0..(base_split.length - 1)] == base_split
+        end
+
+        sig { returns(T.nilable(Dependabot::Version)) }
+        def current_version
+          @current_version ||= T.let(dependency.numeric_version, T.nilable(Dependabot::Version))
+        end
+
+        sig { returns(T.nilable(String)) }
+        def latest_commit_for_pinned_ref
+          @latest_commit_for_pinned_ref ||= T.let(
+            begin
+              head_commit_for_ref_sha = git_commit_checker.head_commit_for_pinned_ref
+              if head_commit_for_ref_sha
+                head_commit_for_ref_sha
+              else
+                url = git_commit_checker.dependency_source_details&.fetch(:url)
+                source = T.must(Source.from_url(url))
+
+                SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
+                  repo_contents_path = File.join(temp_dir, File.basename(source.repo))
+
+                  SharedHelpers.run_shell_command("git clone --no-recurse-submodules #{url} #{repo_contents_path}")
+
+                  Dir.chdir(repo_contents_path) do
+                    ref_branch = find_container_branch(git_commit_checker.dependency_source_details&.fetch(:ref))
+                    git_commit_checker.head_commit_for_local_branch(ref_branch) if ref_branch
+                  end
+                end
+              end
+            end,
+            T.nilable(String)
+          )
+        end
+
+        sig { params(sha: String).returns(T.nilable(String)) }
+        def find_container_branch(sha)
+          branches_including_ref = SharedHelpers.run_shell_command(
+            "git branch --remotes --contains #{sha}",
+            fingerprint: "git branch --remotes --contains <sha>"
+          ).split("\n").map { |branch| branch.strip.gsub("origin/", "") }
+          return if branches_including_ref.empty?
+
+          current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") }
+
+          if current_branch
+            current_branch.delete_prefix("HEAD -> ")
+          elsif branches_including_ref.size > 1
+            raise "Multiple ambiguous branches (#{branches_including_ref.join(', ')}) include #{sha}!"
+          else
+            branches_including_ref.first
+          end
+        end
+
+        sig do
+          params(tags_array: T::Array[T::Hash[Symbol, T.untyped]]).returns(T::Array[T::Hash[Symbol, T.untyped]])
+        end
+        def filter_lower_tags(tags_array)
+          return tags_array unless current_version
+
+          tags_array.select { |tag| tag.fetch(:version) > current_version }
+        end
+
+        sig { returns(T::Boolean) }
+        def git_dependency?
+          git_commit_checker.git_dependency?
+        end
+
+        sig { returns(Dependabot::GitCommitChecker) }
+        def git_commit_checker
+          @git_commit_checker ||= T.let(git_helper.git_commit_checker, T.nilable(Dependabot::GitCommitChecker))
+        end
+
+        sig { returns(Dependabot::PreCommit::Helpers::Githelper) }
+        def git_helper
+          Helpers::Githelper.new(
+            dependency: dependency,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            raise_on_ignored: raise_on_ignored,
+            consider_version_branches_pinned: false,
+            dependency_source_details: nil
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/pre_commit/package_manager.rb

@@ -0,0 +1,29 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/pre_commit/version"
+require "dependabot/ecosystem"
+require "dependabot/pre_commit/requirement"
+
+module Dependabot
+  module PreCommit
+    class PackageManager < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      # The package manager name for Pre-commit
+      NAME = T.let("pre_commit", String)
+
+      # The version of the package manager
+      VERSION = T.let("1.0.0", String)
+
+      sig { void }
+      def initialize
+        super(
+          name: NAME,
+          version: Version.new(VERSION)
+      )
+      end
+    end
+  end
+end

data/lib/dependabot/pre_commit/requirement.rb

@@ -0,0 +1,23 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/requirement"
+require "dependabot/utils"
+
+module Dependabot
+  module PreCommit
+    class Requirement < Dependabot::Requirement
+      extend T::Sig
+
+      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
+      def self.requirements_array(requirement_string)
+        [new(requirement_string)]
+      end
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_requirement_class("pre_commit", Dependabot::PreCommit::Requirement)