dependabot-python 0.211.0 → 0.213.0

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -4,6 +4,7 @@ require "toml-rb"
 require "open3"
 require "dependabot/dependency"
 require "dependabot/shared_helpers"
+require "dependabot/python/helpers"
 require "dependabot/python/version"
 require "dependabot/python/requirement"
 require "dependabot/python/python_versions"
@@ -131,7 +132,7 @@ module Dependabot
         end
 
         def lock_declaration_to_new_version!(poetry_object, dep)
-          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
+          Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
             names = poetry_object[type]&.keys || []
             pkg_name = names.find { |nm| normalise(nm) == dep.name }
             next unless pkg_name
@@ -170,11 +171,11 @@ module Dependabot
               write_temporary_dependency_files(pyproject_content)
               add_auth_env_vars
 
-              if python_version && !pre_installed_python?(python_version)
-                run_poetry_command("pyenv install -s #{python_version}")
-                run_poetry_command("pyenv exec pip install --upgrade pip")
-                run_poetry_command("pyenv exec pip install -r"\
-                                   "#{NativeHelpers.python_requirements_path}")
+              Helpers.install_required_python(python_version)
+
+              # use system git instead of the pure Python dulwich
+              unless python_version&.start_with?("3.6")
+                run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
               end
 
               run_poetry_command(poetry_update_command)

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -52,9 +52,10 @@ module Dependabot
           poetry_object = pyproject_object["tool"]["poetry"]
           excluded_names = dependencies.map(&:name) + ["python"]
 
-          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
+          Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
             next unless poetry_object[key]
 
+            source_types = %w(directory file url)
             poetry_object.fetch(key).each do |dep_name, _|
               next if excluded_names.include?(normalise(dep_name))
 
@@ -62,7 +63,7 @@ module Dependabot
 
               next unless (locked_version = locked_details&.fetch("version"))
 
-              next if %w(directory file url).include?(locked_details&.dig("source", "type"))
+              next if source_types.include?(locked_details&.dig("source", "type"))
 
               if locked_details&.dig("source", "type") == "git"
                 poetry_object[key][dep_name] = {

data/lib/dependabot/python/file_updater/requirement_file_updater.rb

@@ -36,7 +36,7 @@ module Dependabot
         def fetch_updated_dependency_files
           reqs = dependency.requirements.zip(dependency.previous_requirements)
 
-          reqs.map do |(new_req, old_req)|
+          reqs.filter_map do |(new_req, old_req)|
             next if new_req == old_req
 
             file = get_original_file(new_req.fetch(:file)).dup
@@ -46,7 +46,7 @@ module Dependabot
 
             file.content = updated_content
             file
-          end.compact
+          end
         end
 
         def updated_requirement_or_setup_file_content(new_req, old_req)

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -52,7 +52,7 @@ module Dependabot
           if add_space_after_operators?
             new_req_string =
               new_req_string.
-              gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/, '\1 ')
+              gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/o, '\1 ')
           end
 
           new_req_string
@@ -92,7 +92,7 @@ module Dependabot
         def add_space_after_operators?
           original_dependency_declaration_string(old_requirement).
             match(RequirementParser::REQUIREMENTS).
-            to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/)
+            to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/o)
         end
 
         def original_declaration_replacement_regex

data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb

@@ -19,9 +19,9 @@ module Dependabot
           # install_requires. A name and version are required by don't end up
           # in the lockfile.
           content =
-            "from setuptools import setup\n\n"\
-            "setup(name=\"sanitized-package\",version=\"0.0.1\","\
-            "install_requires=#{install_requires_array.to_json},"\
+            "from setuptools import setup\n\n" \
+            "setup(name=\"sanitized-package\",version=\"0.0.1\"," \
+            "install_requires=#{install_requires_array.to_json}," \
             "extras_require=#{extras_require_hash.to_json}"
 
           content += ',setup_requires=["pbr"],pbr=True' if include_pbr?
@@ -38,22 +38,22 @@ module Dependabot
 
         def install_requires_array
           @install_requires_array ||=
-            parsed_setup_file.dependencies.map do |dep|
+            parsed_setup_file.dependencies.filter_map do |dep|
               next unless dep.requirements.first[:groups].
                           include?("install_requires")
 
               dep.name + dep.requirements.first[:requirement].to_s
-            end.compact
+            end
         end
 
         def setup_requires_array
           @setup_requires_array ||=
-            parsed_setup_file.dependencies.map do |dep|
+            parsed_setup_file.dependencies.filter_map do |dep|
               next unless dep.requirements.first[:groups].
                           include?("setup_requires")
 
               dep.name + dep.requirements.first[:requirement].to_s
-            end.compact
+            end
         end
 
         def extras_require_hash
@@ -66,7 +66,7 @@ module Dependabot
 
                   hash[group.split(":").last] ||= []
                   hash[group.split(":").last] <<
-                    dep.name + dep.requirements.first[:requirement].to_s
+                    (dep.name + dep.requirements.first[:requirement].to_s)
                 end
               end
 

data/lib/dependabot/python/file_updater.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "toml-rb"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
 require "dependabot/shared_helpers"
@@ -60,8 +61,14 @@ module Dependabot
 
         # Otherwise, this is a top-level dependency, and we can figure out
         # which resolver to use based on the filename of its requirements
-        return :pipfile if changed_req_files.any? { |f| f == "Pipfile" }
-        return :poetry if changed_req_files.any? { |f| f == "pyproject.toml" }
+        return :pipfile if changed_req_files.any?("Pipfile")
+
+        if changed_req_files.any?("pyproject.toml")
+          return :poetry if poetry_based?
+
+          return :requirements
+        end
+
         return :pip_compile if changed_req_files.any? { |f| f.end_with?(".in") }
 
         :requirements
@@ -119,6 +126,12 @@ module Dependabot
         raise "Missing required files!"
       end
 
+      def poetry_based?
+        return false unless pyproject
+
+        !TomlRB.parse(pyproject.content).dig("tool", "poetry").nil?
+      end
+
       def pipfile
         @pipfile ||= get_original_file("Pipfile")
       end

data/lib/dependabot/python/helpers.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "dependabot/logger"
+
+module Dependabot
+  module Python
+    module Helpers
+      def self.install_required_python(python_version)
+        # The leading space is important in the version check
+        return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_version}")
+
+        Dependabot.logger.info("Installing required Python #{python_version}.")
+        SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
+        SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
+        SharedHelpers.run_shell_command("pyenv exec pip install -r" \
+                                        "#{NativeHelpers.python_requirements_path}")
+      end
+    end
+  end
+end

data/lib/dependabot/python/metadata_finder.rb

@@ -131,6 +131,8 @@ module Dependabot
           return @pypi_listing
         rescue JSON::ParserError
           next
+        rescue Excon::Error::Timeout
+          next
         end
 
         @pypi_listing = {} # No listing found

data/lib/dependabot/python/native_helpers.rb

@@ -12,7 +12,7 @@ module Dependabot
       end
 
       def self.python_helpers_dir
-        File.join(native_helpers_root, "python/helpers")
+        File.join(native_helpers_root, "python")
       end
 
       def self.native_helpers_root

data/lib/dependabot/python/python_versions.rb

@@ -4,16 +4,16 @@ module Dependabot
   module Python
     module PythonVersions
       PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.10.5
+        3.10.7
       ).freeze
 
       # Due to an OpenSSL issue we can only install the following versions in
       # the Dependabot container.
       SUPPORTED_VERSIONS = %w(
-        3.10.5 3.10.4 3.10.3 3.10.2 3.10.1 3.10.0
-        3.9.13 3.9.12 3.9.11 3.9.10 3.9.9 3.9.8 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
-        3.8.13 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
-        3.7.13 3.7.12 3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
+        3.10.7 3.10.6 3.10.5 3.10.4 3.10.3 3.10.2 3.10.1 3.10.0
+        3.9.14 3.9.13 3.9.12 3.9.11 3.9.10 3.9.9 3.9.8 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
+        3.8.14 3.8.13 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
+        3.7.14 3.7.13 3.7.12 3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
         3.6.15 3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3
         3.6.2 3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
       ).freeze

data/lib/dependabot/python/requirement.rb

@@ -6,7 +6,7 @@ require "dependabot/python/version"
 module Dependabot
   module Python
     class Requirement < Gem::Requirement
-      OR_SEPARATOR = /(?<=[a-zA-Z0-9)*])\s*\|+/.freeze
+      OR_SEPARATOR = /(?<=[a-zA-Z0-9)*])\s*\|+/
 
       # Add equality and arbitrary-equality matchers
       OPS = OPS.merge(
@@ -19,8 +19,8 @@ module Dependabot
       version_pattern = Python::Version::VERSION_PATTERN
 
       PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
-      PATTERN = /\A#{PATTERN_RAW}\z/.freeze
-      PARENS_PATTERN = /\A\(([^)]+)\)\z/.freeze
+      PATTERN = /\A#{PATTERN_RAW}\z/
+      PARENS_PATTERN = /\A\(([^)]+)\)\z/
 
       def self.parse(obj)
         return ["=", Python::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
@@ -60,6 +60,9 @@ module Dependabot
         requirements = requirements.flatten.flat_map do |req_string|
           next if req_string.nil?
 
+          # Standard python doesn't support whitespace in requirements, but Poetry does.
+          req_string = req_string.gsub(/(\d +)([<=>])/, '\1,\2')
+
           req_string.split(",").map(&:strip).map do |r|
             convert_python_constraint_to_ruby_constraint(r)
           end
@@ -87,7 +90,7 @@ module Dependabot
         return nil if req_string == "*"
 
         req_string = req_string.gsub("~=", "~>")
-        req_string = req_string.gsub(/(?<=\d)[<=>].*/, "")
+        req_string = req_string.gsub(/(?<=\d)[<=>].*\Z/, "")
 
         if req_string.match?(/~[^>]/) then convert_tilde_req(req_string)
         elsif req_string.start_with?("^") then convert_caret_req(req_string)

data/lib/dependabot/python/requirement_parser.rb

@@ -3,29 +3,26 @@
 module Dependabot
   module Python
     class RequirementParser
-      NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/.freeze
-      EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze
-      COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze
-      VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.
-                freeze
-      REQUIREMENT =
-        /(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/.freeze
-      HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
-      REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
-      HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
-      MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze
-      PYTHON_STR_C =
-        %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze
-      PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze
+      NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/
+      EXTRA = /[a-zA-Z0-9\-_\.]+/
+      COMPARISON = /===|==|>=|<=|<|>|~=|!=/
+      VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/
+
+      REQUIREMENT = /(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/
+      HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/
+      REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/
+      HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/
+      MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/
+      PYTHON_STR_C = %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}
+      PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/
       ENV_VAR =
         /python_version|python_full_version|os_name|sys_platform|
          platform_release|platform_system|platform_version|platform_machine|
          platform_python_implementation|implementation_name|
-         implementation_version/.freeze
-      MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze
-      MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze
-      MARKER_EXPR =
-        /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze
+         implementation_version/
+      MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/
+      MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/
+      MARKER_EXPR = /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/
 
       INSTALL_REQ_WITH_REQUIREMENT =
         /\s*\\?\s*(?<name>#{NAME})
@@ -34,7 +31,7 @@ module Dependabot
           \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
           \s*\\?\s*(?<hashes>#{HASHES})?
           \s*#*\s*(?<comment>.+)?
-        /x.freeze
+        /x
 
       INSTALL_REQ_WITHOUT_REQUIREMENT =
         /^\s*\\?\s*(?<name>#{NAME})
@@ -42,7 +39,7 @@ module Dependabot
           \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
           \s*\\?\s*(?<hashes>#{HASHES})?
           \s*#*\s*(?<comment>.+)?$
-        /x.freeze
+        /x
 
       VALID_REQ_TXT_REQUIREMENT =
         /^\s*\\?\s*(?<name>#{NAME})
@@ -51,12 +48,12 @@ module Dependabot
           \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
           \s*\\?\s*(?<hashes>#{HASHES})?
           \s*(\#+\s*(?<comment>.*))?$
-        /x.freeze
+        /x
 
       NAME_WITH_EXTRAS =
         /\s*\\?\s*(?<name>#{NAME})
           (\s*\\?\s*\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
-        /x.freeze
+        /x
     end
   end
 end

data/lib/dependabot/python/update_checker/index_finder.rb

@@ -9,7 +9,7 @@ module Dependabot
     class UpdateChecker
       class IndexFinder
         PYPI_BASE_URL = "https://pypi.org/simple/"
-        ENVIRONMENT_VARIABLE_REGEX = /\$\{.+\}/.freeze
+        ENVIRONMENT_VARIABLE_REGEX = /\$\{.+\}/
 
         def initialize(dependency_files:, credentials:)
           @dependency_files = dependency_files
@@ -171,7 +171,7 @@ module Dependabot
           authed_url = config_variable_urls.find { |u| u.match?(regexp) }
           return authed_url if authed_url
 
-          cleaned_url = url.gsub(%r{#{ENVIRONMENT_VARIABLE_REGEX}/?}, "")
+          cleaned_url = url.gsub(%r{#{ENVIRONMENT_VARIABLE_REGEX}/?}o, "")
           authed_url = authed_base_url(cleaned_url)
           return authed_url if credential_for(cleaned_url)
 

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -85,14 +85,14 @@ module Dependabot
         end
 
         def filter_unsupported_versions(versions_array, python_version)
-          versions_array.map do |details|
+          versions_array.filter_map do |details|
             python_requirement = details.fetch(:python_requirement)
             next details.fetch(:version) unless python_version
             next details.fetch(:version) unless python_requirement
             next unless python_requirement.satisfied_by?(python_version)
 
             details.fetch(:version)
-          end.compact
+          end
         end
 
         def filter_prerelease_versions(versions_array)
@@ -118,9 +118,9 @@ module Dependabot
         end
 
         def filter_out_of_range_versions(versions_array)
-          reqs = dependency.requirements.map do |r|
+          reqs = dependency.requirements.filter_map do |r|
             requirement_class.requirements_array(r.fetch(:requirement))
-          end.compact
+          end
 
           versions_array.
             select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }
@@ -144,11 +144,14 @@ module Dependabot
           @available_versions ||=
             index_urls.flat_map do |index_url|
               sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")
+
               index_response = registry_response_for_dependency(index_url)
+              if index_response.status == 401 || index_response.status == 403
+                registry_index_response = registry_index_response(index_url)
 
-              if [401, 403].include?(index_response.status) &&
-                 [401, 403].include?(registry_index_response(index_url).status)
-                raise PrivateSourceAuthenticationFailure, sanitized_url
+                if registry_index_response.status == 401 || registry_index_response.status == 403
+                  raise PrivateSourceAuthenticationFailure, sanitized_url
+                end
               end
 
               version_links = []

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -11,6 +11,7 @@ require "dependabot/python/file_updater/requirement_replacer"
 require "dependabot/python/file_updater/setup_file_sanitizer"
 require "dependabot/python/version"
 require "dependabot/shared_helpers"
+require "dependabot/python/helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/name_normaliser"
@@ -24,16 +25,14 @@ module Dependabot
       # - Run `pip-compile` and see what the result is
       # rubocop:disable Metrics/ClassLength
       class PipCompileVersionResolver
-        GIT_DEPENDENCY_UNREACHABLE_REGEX =
-          /git clone --filter=blob:none --quiet (?<url>[^\s]+).* /.freeze
-        GIT_REFERENCE_NOT_FOUND_REGEX =
-          /Did not find branch or tag '(?<tag>[^\n"]+)'/m.freeze
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none --quiet (?<url>[^\s]+).* /
+        GIT_REFERENCE_NOT_FOUND_REGEX = /Did not find branch or tag '(?<tag>[^\n"]+)'/m
         NATIVE_COMPILATION_ERROR =
           "pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
         # See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
-        PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
+        PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/
         RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
-        ERROR_REGEX = /(?<=ERROR\:\W).*$/.freeze
+        ERROR_REGEX = /(?<=ERROR\:\W).*$/
 
         attr_reader :dependency, :dependency_files, :credentials
 
@@ -72,7 +71,7 @@ module Dependabot
             SharedHelpers.in_a_temporary_directory do
               SharedHelpers.with_git_configured(credentials: credentials) do
                 write_temporary_dependency_files(updated_req: requirement)
-                install_required_python
+                Helpers.install_required_python(python_version)
 
                 filenames_to_compile.each do |filename|
                   # Shell out to pip-compile.
@@ -80,9 +79,17 @@ module Dependabot
                   run_pip_compile_command(
                     "pyenv exec pip-compile -v #{pip_compile_options(filename)} -P #{dependency.name} #{filename}"
                   )
-                  # Run pip-compile a second time, without an update argument,
-                  # to ensure it handles markers correctly
-                  write_original_manifest_files unless dependency.top_level?
+
+                  next if dependency.top_level?
+
+                  # Run pip-compile a second time for transient dependencies
+                  # to make sure we do not update dependencies that are
+                  # superfluous. pip-compile does not detect these when
+                  # updating a specific dependency with the -P option.
+                  # Running pip-compile a second time will automatically remove
+                  # superfluous dependencies. Dependabot then marks those with
+                  # update_not_possible.
+                  write_original_manifest_files
                   run_pip_compile_command(
                     "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
                   )
@@ -313,15 +320,6 @@ module Dependabot
           end
         end
 
-        def install_required_python
-          return if run_command("pyenv versions").include?("#{python_version}\n")
-
-          run_command("pyenv install -s #{python_version}")
-          run_command("pyenv exec pip install --upgrade pip")
-          run_command("pyenv exec pip install -r"\
-                      "#{NativeHelpers.python_requirements_path}")
-        end
-
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
           return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -29,21 +29,22 @@ module Dependabot
       # just raise if the latest version can't be resolved. Knowing that is
       # still better than nothing, though.
       class PipenvVersionResolver
-        GIT_DEPENDENCY_UNREACHABLE_REGEX =
-          /git clone -q (?<url>[^\s]+).* /.freeze
-        GIT_REFERENCE_NOT_FOUND_REGEX =
-          %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m.
-          freeze
-        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out"\
+        # rubocop:disable Layout/LineLength
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?<url>[^\s]+).* /
+        GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
+        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
                                     " with exit status 1: python setup.py egg_info"
         TRACEBACK = "Traceback (most recent call last):"
         PIPENV_INSTALLATION_ERROR_REGEX =
-          /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.
-          freeze
+          /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
+
         UNSUPPORTED_DEPS = %w(pyobjc).freeze
         UNSUPPORTED_DEP_REGEX =
-          /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/.freeze
-        PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/.freeze
+          /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/
+        PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
+        # rubocop:enable Layout/LineLength
+
+        DEPENDENCY_TYPES = %w(packages dev-packages).freeze
 
         attr_reader :dependency, :dependency_files, :credentials
 
@@ -136,20 +137,20 @@ module Dependabot
           end
 
           if error.message.match?(UNSUPPORTED_DEP_REGEX)
-            msg = "Dependabot detected a dependency that can't be built on "\
-                  "linux. Currently, all Dependabot builds happen on linux "\
-                  "boxes, so there is no way for Dependabot to resolve your "\
-                  "dependency files.\n\n"\
-                  "Unless you think Dependabot has made a mistake (please "\
-                  "tag us if so) you may wish to disable Dependabot on this "\
+            msg = "Dependabot detected a dependency that can't be built on " \
+                  "linux. Currently, all Dependabot builds happen on linux " \
+                  "boxes, so there is no way for Dependabot to resolve your " \
+                  "dependency files.\n\n" \
+                  "Unless you think Dependabot has made a mistake (please " \
+                  "tag us if so) you may wish to disable Dependabot on this " \
                   "repo."
             raise DependencyFileNotResolvable, msg
           end
 
           if error.message.match?(PIPENV_RANGE_WARNING)
-            msg = "Pipenv does not support specifying Python ranges "\
-              "(see https://github.com/pypa/pipenv/issues/1050 for more "\
-              "details)."
+            msg = "Pipenv does not support specifying Python ranges " \
+                  "(see https://github.com/pypa/pipenv/issues/1050 for more " \
+                  "details)."
             raise DependencyFileNotResolvable, msg
           end
 
@@ -159,7 +160,7 @@ module Dependabot
 
           if error.message.include?("SyntaxError: invalid syntax")
             raise DependencyFileNotResolvable,
-                  "SyntaxError while installing dependencies. Is one of the dependencies not Python 3 compatible? "\
+                  "SyntaxError while installing dependencies. Is one of the dependencies not Python 3 compatible? " \
                   "Pip v21 no longer supports Python 2."
           end
 
@@ -272,9 +273,9 @@ module Dependabot
           dependency_name = error_message.match(PIPENV_INSTALLATION_ERROR_REGEX).named_captures["name"]
           raise unless dependency_name
 
-          msg = "Pipenv failed to install \"#{dependency_name}\". This could be caused by missing system "\
-                "dependencies that can't be installed by Dependabot or required installation flags.\n\n"\
-                "Error output from running \"pipenv lock\":\n"\
+          msg = "Pipenv failed to install \"#{dependency_name}\". This could be caused by missing system " \
+                "dependencies that can't be installed by Dependabot or required installation flags.\n\n" \
+                "Error output from running \"pipenv lock\":\n" \
                 "#{clean_error_message(error_message)}"
 
           raise DependencyFileNotResolvable, msg
@@ -319,13 +320,7 @@ module Dependabot
             nil
           end
 
-          return if run_command("pyenv versions").include?("#{python_version}\n")
-
-          requirements_path = NativeHelpers.python_requirements_path
-          run_command("pyenv install -s #{python_version}")
-          run_command("pyenv exec pip install --upgrade pip")
-          run_command("pyenv exec pip install -r "\
-                      "#{requirements_path}")
+          Helpers.install_required_python(python_version)
         end
 
         def sanitized_setup_file_content(file)
@@ -361,7 +356,7 @@ module Dependabot
 
           pipfile_object = TomlRB.parse(pipfile_content)
 
-          %w(packages dev-packages).each do |type|
+          DEPENDENCY_TYPES.each do |type|
             names = pipfile_object[type]&.keys || []
             pkg_name = names.find { |nm| normalise(nm) == dependency.name }
             next unless pkg_name || subdep_type?(type)
@@ -429,9 +424,9 @@ module Dependabot
 
           # Otherwise we have to raise, giving details of the Python versions
           # that Dependabot supports
-          msg = "Dependabot detected the following Python requirement "\
-                "for your project: '#{requirement_string}'.\n\nCurrently, the "\
-                "following Python versions are supported in Dependabot: "\
+          msg = "Dependabot detected the following Python requirement " \
+                "for your project: '#{requirement_string}'.\n\nCurrently, the " \
+                "following Python versions are supported in Dependabot: " \
                 "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
           raise DependencyFileNotResolvable, msg
         end