dependabot-python 0.190.1 → 0.191.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5917477c2b230f16b8adf2bbc978965b4d7a0f4227cb0d8ad112048e8b441631
4
- data.tar.gz: 65258925be87880a73abda0d22973b2b261b7fbc715ad11a4c47282a35799a04
3
+ metadata.gz: 150269043a3867fcb18117aa1d10218739fbc4c1012aac13f791aab02643d5b5
4
+ data.tar.gz: 0ac19e084fd83d7c6746745a4df2bedb7bb9b4e14784262559137a2bf395e29f
5
5
  SHA512:
6
- metadata.gz: 2e1322d26a9b9f1d44c1265f8deab747a7bc0ac1a527f4d50e43e7988a1eb11a6c90ba9c441a2b2ed2ee9d8cfa87ddd1990ff26ed8751c067dab793340fc4a64
7
- data.tar.gz: f3c936af5d6bec1e925161c4b58c8fe4e148b69ae33bdb0fcba13a432262c777a64038ebd1ebb817ae35569f56a4373645c3ffdd172f1b8512a55c60a3cec91c
6
+ metadata.gz: 642466d5f39522eb5e94c684dc577c6b2c9cfed14235ba9d9b592791c755d6164f315bffae3d0751a5f4338fe6285507eafd792cc098111d61a60f549bccb68f
7
+ data.tar.gz: 9cfefc6e1b85823611190fb357dac2bd29dd4b6bb523ae072293028388740919e43829adccb9a77d3215aa331098ae1d26f995bf61b84df15f2f92e6dbf7909b
@@ -105,7 +105,6 @@ module Dependabot
105
105
  content = sanitize(content)
106
106
  content = freeze_other_dependencies(content)
107
107
  content = freeze_dependencies_being_updated(content)
108
- content = add_private_sources(content)
109
108
  content
110
109
  end
111
110
  end
@@ -150,12 +149,6 @@ module Dependabot
150
149
  poetry_object[subdep_type][dependency.name] = dep.version
151
150
  end
152
151
 
153
- def add_private_sources(pyproject_content)
154
- PyprojectPreparer.
155
- new(pyproject_content: pyproject_content).
156
- replace_sources(credentials)
157
- end
158
-
159
152
  def subdep_type
160
153
  category =
161
154
  TomlRB.parse(lockfile.content).fetch("package", []).
@@ -175,6 +168,7 @@ module Dependabot
175
168
  SharedHelpers.in_a_temporary_directory do
176
169
  SharedHelpers.with_git_configured(credentials: credentials) do
177
170
  write_temporary_dependency_files(pyproject_content)
171
+ add_auth_env_vars
178
172
 
179
173
  if python_version && !pre_installed_python?(python_version)
180
174
  run_poetry_command("pyenv install -s #{python_version}")
@@ -232,6 +226,12 @@ module Dependabot
232
226
  File.write("pyproject.toml", pyproject_content)
233
227
  end
234
228
 
229
+ def add_auth_env_vars
230
+ Python::FileUpdater::PyprojectPreparer.
231
+ new(pyproject_content: pyproject.content).
232
+ add_auth_env_vars(credentials)
233
+ end
234
+
235
235
  def python_version
236
236
  requirements = python_requirement_parser.user_specified_requirements
237
237
  requirements = requirements.
@@ -18,24 +18,22 @@ module Dependabot
18
18
  @lockfile = lockfile
19
19
  end
20
20
 
21
- def replace_sources(credentials)
22
- pyproject_object = TomlRB.parse(pyproject_content)
23
- poetry_object = pyproject_object.fetch("tool").fetch("poetry")
24
-
25
- sources_hash = pyproject_sources.map { |source| [source["url"], source] }.to_h
26
-
27
- config_variable_sources(credentials).each do |source|
28
- if sources_hash.key?(source["original_url"])
29
- sources_hash[source["original_url"]]["url"] = source["url"]
30
- else
31
- source.delete("original_url")
32
- sources_hash[source["url"]] = source
33
- end
21
+ # For hosted Dependabot token will be nil since the credentials aren't present.
22
+ # This is for those running Dependabot themselves and for dry-run.
23
+ def add_auth_env_vars(credentials)
24
+ TomlRB.parse(@pyproject_content).dig("tool", "poetry", "source")&.each do |source|
25
+ cred = credentials&.find { |c| c["index-url"] == source["url"] }
26
+ next unless cred
27
+
28
+ token = cred.fetch("token", nil)
29
+ next unless token && token.count(":") == 1
30
+
31
+ arr = token.split(":")
32
+ # https://python-poetry.org/docs/configuration/#using-environment-variables
33
+ name = source["name"]&.upcase&.gsub(/\W/, "_")
34
+ ENV["POETRY_HTTP_BASIC_#{name}_USERNAME"] = arr[0]
35
+ ENV["POETRY_HTTP_BASIC_#{name}_PASSWORD"] = arr[1]
34
36
  end
35
-
36
- poetry_object["source"] = sources_hash.values unless sources_hash.empty?
37
-
38
- TomlRB.dump(pyproject_object)
39
37
  end
40
38
 
41
39
  def sanitize
@@ -97,32 +95,6 @@ module Dependabot
97
95
  NameNormaliser.normalise(name)
98
96
  end
99
97
 
100
- def pyproject_sources
101
- return @pyproject_sources if @pyproject_sources
102
-
103
- pyproject_sources ||=
104
- TomlRB.parse(pyproject_content).
105
- dig("tool", "poetry", "source")
106
-
107
- @pyproject_sources ||=
108
- (pyproject_sources || []).
109
- map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
110
- end
111
-
112
- def config_variable_sources(credentials)
113
- @config_variable_sources ||=
114
- credentials.
115
- select { |cred| cred["type"] == "python_index" }.
116
- map do |c|
117
- {
118
- "original_url" => c["index-url"],
119
- "url" => AuthedUrlBuilder.authed_url(credential: c),
120
- "name" => SecureRandom.hex[0..3],
121
- "default" => c["replaces-base"]
122
- }.compact
123
- end
124
- end
125
-
126
98
  def parsed_lockfile
127
99
  @parsed_lockfile ||= TomlRB.parse(lockfile.content)
128
100
  end
@@ -76,6 +76,7 @@ module Dependabot
76
76
  SharedHelpers.in_a_temporary_directory do
77
77
  SharedHelpers.with_git_configured(credentials: credentials) do
78
78
  write_temporary_dependency_files(updated_req: requirement)
79
+ add_auth_env_vars
79
80
 
80
81
  if python_version && !pre_installed_python?(python_version)
81
82
  run_poetry_command("pyenv install -s #{python_version}")
@@ -195,6 +196,12 @@ module Dependabot
195
196
  end
196
197
  end
197
198
 
199
+ def add_auth_env_vars
200
+ Python::FileUpdater::PyprojectPreparer.
201
+ new(pyproject_content: pyproject.content).
202
+ add_auth_env_vars(credentials)
203
+ end
204
+
198
205
  def python_version
199
206
  requirements = python_requirement_parser.user_specified_requirements
200
207
  requirements = requirements.
@@ -228,7 +235,6 @@ module Dependabot
228
235
  def updated_pyproject_content(updated_requirement:)
229
236
  content = pyproject.content
230
237
  content = sanitize_pyproject_content(content)
231
- content = add_private_sources(content)
232
238
  content = freeze_other_dependencies(content)
233
239
  content = set_target_dependency_req(content, updated_requirement)
234
240
  content
@@ -237,7 +243,6 @@ module Dependabot
237
243
  def sanitized_pyproject_content
238
244
  content = pyproject.content
239
245
  content = sanitize_pyproject_content(content)
240
- content = add_private_sources(content)
241
246
  content
242
247
  end
243
248
 
@@ -247,12 +252,6 @@ module Dependabot
247
252
  sanitize
248
253
  end
249
254
 
250
- def add_private_sources(pyproject_content)
251
- Python::FileUpdater::PyprojectPreparer.
252
- new(pyproject_content: pyproject_content).
253
- replace_sources(credentials)
254
- end
255
-
256
255
  def freeze_other_dependencies(pyproject_content)
257
256
  Python::FileUpdater::PyprojectPreparer.
258
257
  new(pyproject_content: pyproject_content, lockfile: lockfile).
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.190.1
4
+ version: 0.191.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-31 00:00:00.000000000 Z
11
+ date: 2022-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.190.1
19
+ version: 0.191.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.190.1
26
+ version: 0.191.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement