dependabot-python 0.112.29 → 0.112.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +31 -7
  3. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +22 -6
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a3bbb698b8e2a55b3d989c4b82711072f6abb11b1710b784baf5b9ab2b7b172f
4
- data.tar.gz: 69a1be85e69addcf157c59cf5926c74e69eff93274ef43f28703b8c5b3cccd56
3
+ metadata.gz: 3e37f5a5f10cec0975a1d7fbb4cb6cb3f4aa7b19bca7d6205519d1722c68820f
4
+ data.tar.gz: ef8ad3bc9de159aff138e402aa607edbed7596705b16f3836a08629d3b6573ef
5
5
  SHA512:
6
- metadata.gz: 67a5e3f53d51111e966c9da5ea8935a409f4adf41cdae8986e86724a20b8a0cf3426cbcb690d6e6934c50d98c2e815b52be6367ae319629e98e4ed96d8781491
7
- data.tar.gz: 64a8e68027ec1de7c8add99f79a93ddb4fef89092e8a897667615897ec7a5cd0694e5a6f8101cdfe4b3c7f751cfa7d73cf95fd71ec492a00f33a0ed0033e1c0e
6
+ metadata.gz: d3b52fdb9a90581b7212bb1d5c634fed436e25a2b4d477d6e7e4c0441e69c4da3494aa8f7dce201be9167b2a3a906cdbc7ef28992d01b8b8db782d20a5d44b25
7
+ data.tar.gz: 57eee2bb4d1ca57ddac7b4c58f67ddc4fddec229fd3578ff870255b6587b6dccb7e55776293c9bd140f9d813946ec0769e05b0035d99e373f972f91efd572bf6
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -10,6 +10,7 @@ require "dependabot/shared_helpers"
10
10
  require "dependabot/python/native_helpers"
11
11
  require "dependabot/python/python_versions"
12
12
  require "dependabot/python/name_normaliser"
13
+ require "dependabot/python/authed_url_builder"
13
14
 
14
15
  module Dependabot
15
16
  module Python
@@ -425,13 +426,22 @@ module Dependabot
425
426
  end
426
427
 
427
428
  def pip_compile_options(filename)
428
- requirements_file = compiled_file_for_filename(filename)
429
- return "--build-isolation" unless requirements_file
429
+ options = ["--build-isolation"]
430
+ options += pip_compile_index_options
430
431
 
431
- options = [
432
- "--build-isolation",
433
- "--output-file=#{requirements_file.name}"
434
- ]
432
+ if (requirements_file = compiled_file_for_filename(filename))
433
+ options += pip_compile_options_from_compiled_file(requirements_file)
434
+ end
435
+
436
+ options.join(" ")
437
+ end
438
+
439
+ def pip_compile_options_from_compiled_file(requirements_file)
440
+ options = ["--output-file=#{requirements_file.name}"]
441
+
442
+ unless requirements_file.content.include?("index-url http")
443
+ options << "--no-index"
444
+ end
435
445
 
436
446
  if requirements_file.content.include?("--hash=sha")
437
447
  options << "--generate-hashes"
@@ -450,7 +460,21 @@ module Dependabot
450
460
  end
451
461
 
452
462
  options << "--pre" if requirements_file.content.include?("--pre")
453
- options.join(" ")
463
+ options
464
+ end
465
+
466
+ def pip_compile_index_options
467
+ credentials.
468
+ select { |cred| cred["type"] == "python_index" }.
469
+ map do |cred|
470
+ authed_url = AuthedUrlBuilder.authed_url(credential: cred)
471
+
472
+ if cred["replaces-base"]
473
+ "--index-url=#{authed_url}"
474
+ else
475
+ "--extra-index-url=#{authed_url}"
476
+ end
477
+ end
454
478
  end
455
479
 
456
480
  def includes_unsafe_packages?(content)
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -14,6 +14,7 @@ require "dependabot/shared_helpers"
14
14
  require "dependabot/python/native_helpers"
15
15
  require "dependabot/python/python_versions"
16
16
  require "dependabot/python/name_normaliser"
17
+ require "dependabot/python/authed_url_builder"
17
18
 
18
19
  module Dependabot
19
20
  module Python
@@ -199,13 +200,28 @@ module Dependabot
199
200
  end
200
201
 
201
202
  def pip_compile_options(filename)
202
- requirements_file = compiled_file_for_filename(filename)
203
- return "--build-isolation" unless requirements_file
203
+ options = ["--build-isolation"]
204
+ options += pip_compile_index_options
204
205
 
205
- [
206
- "--build-isolation",
207
- "--output-file=#{requirements_file.name}"
208
- ].join(" ")
206
+ if (requirements_file = compiled_file_for_filename(filename))
207
+ options << "--output-file=#{requirements_file.name}"
208
+ end
209
+
210
+ options.join(" ")
211
+ end
212
+
213
+ def pip_compile_index_options
214
+ credentials.
215
+ select { |cred| cred["type"] == "python_index" }.
216
+ map do |cred|
217
+ authed_url = AuthedUrlBuilder.authed_url(credential: cred)
218
+
219
+ if cred["replaces-base"]
220
+ "--index-url=#{authed_url}"
221
+ else
222
+ "--extra-index-url=#{authed_url}"
223
+ end
224
+ end
209
225
  end
210
226
 
211
227
  def run_pip_compile_command(command)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.29
4
+ version: 0.112.30
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.29
19
+ version: 0.112.30
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.29
26
+ version: 0.112.30
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement