RubyGems - dependabot-python - Versions diffs - 0.112.29 → 0.112.30 - Mend

dependabot-python 0.112.29 → 0.112.30

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +31 -7
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +22 -6
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a3bbb698b8e2a55b3d989c4b82711072f6abb11b1710b784baf5b9ab2b7b172f
-  data.tar.gz: 69a1be85e69addcf157c59cf5926c74e69eff93274ef43f28703b8c5b3cccd56
+  metadata.gz: 3e37f5a5f10cec0975a1d7fbb4cb6cb3f4aa7b19bca7d6205519d1722c68820f
+  data.tar.gz: ef8ad3bc9de159aff138e402aa607edbed7596705b16f3836a08629d3b6573ef
 SHA512:
-  metadata.gz: 67a5e3f53d51111e966c9da5ea8935a409f4adf41cdae8986e86724a20b8a0cf3426cbcb690d6e6934c50d98c2e815b52be6367ae319629e98e4ed96d8781491
-  data.tar.gz: 64a8e68027ec1de7c8add99f79a93ddb4fef89092e8a897667615897ec7a5cd0694e5a6f8101cdfe4b3c7f751cfa7d73cf95fd71ec492a00f33a0ed0033e1c0e
+  metadata.gz: d3b52fdb9a90581b7212bb1d5c634fed436e25a2b4d477d6e7e4c0441e69c4da3494aa8f7dce201be9167b2a3a906cdbc7ef28992d01b8b8db782d20a5d44b25
+  data.tar.gz: 57eee2bb4d1ca57ddac7b4c58f67ddc4fddec229fd3578ff870255b6587b6dccb7e55776293c9bd140f9d813946ec0769e05b0035d99e373f972f91efd572bf6

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED

@@ -10,6 +10,7 @@ require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/name_normaliser"
+require "dependabot/python/authed_url_builder"
 module Dependabot
   module Python
@@ -425,13 +426,22 @@ module Dependabot
         end
         def pip_compile_options(filename)
-          requirements_file = compiled_file_for_filename(filename)
-          return "--build-isolation" unless requirements_file
+          options = ["--build-isolation"]
+          options += pip_compile_index_options
-          options = [
-            "--build-isolation",
-            "--output-file=#{requirements_file.name}"
-          ]
+          if (requirements_file = compiled_file_for_filename(filename))
+            options += pip_compile_options_from_compiled_file(requirements_file)
+          end
+          options.join(" ")
+        end
+        def pip_compile_options_from_compiled_file(requirements_file)
+          options = ["--output-file=#{requirements_file.name}"]
+          unless requirements_file.content.include?("index-url http")
+            options << "--no-index"
+          end
           if requirements_file.content.include?("--hash=sha")
             options << "--generate-hashes"
@@ -450,7 +460,21 @@ module Dependabot
           end
           options << "--pre" if requirements_file.content.include?("--pre")
-          options.join(" ")
+          options
+        end
+        def pip_compile_index_options
+          credentials.
+            select { |cred| cred["type"] == "python_index" }.
+            map do |cred|
+              authed_url = AuthedUrlBuilder.authed_url(credential: cred)
+              if cred["replaces-base"]
+                "--index-url=#{authed_url}"
+              else
+                "--extra-index-url=#{authed_url}"
+              end
+            end
         end
         def includes_unsafe_packages?(content)

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED

@@ -14,6 +14,7 @@ require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/name_normaliser"
+require "dependabot/python/authed_url_builder"
 module Dependabot
   module Python
@@ -199,13 +200,28 @@ module Dependabot
         end
         def pip_compile_options(filename)
-          requirements_file = compiled_file_for_filename(filename)
-          return "--build-isolation" unless requirements_file
+          options = ["--build-isolation"]
+          options += pip_compile_index_options
-          [
-            "--build-isolation",
-            "--output-file=#{requirements_file.name}"
-          ].join(" ")
+          if (requirements_file = compiled_file_for_filename(filename))
+            options << "--output-file=#{requirements_file.name}"
+          end
+          options.join(" ")
+        end
+        def pip_compile_index_options
+          credentials.
+            select { |cred| cred["type"] == "python_index" }.
+            map do |cred|
+              authed_url = AuthedUrlBuilder.authed_url(credential: cred)
+              if cred["replaces-base"]
+                "--index-url=#{authed_url}"
+              else
+                "--extra-index-url=#{authed_url}"
+              end
+            end
         end
         def run_pip_compile_command(command)

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.112.29
+  version: 0.112.30
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.112.29
+        version: 0.112.30
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.112.29
+        version: 0.112.30
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement