dependabot-python 0.301.1 → 0.303.0

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "open3"
@@ -10,78 +10,120 @@ require "dependabot/python/language_version_manager"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/pipenv_runner"
+require "sorbet-runtime"
 
 module Dependabot
   module Python
     class FileUpdater
       class PipfileFileUpdater
+        extend T::Sig
         require_relative "pipfile_preparer"
         require_relative "pipfile_manifest_updater"
         require_relative "setup_file_sanitizer"
 
-        DEPENDENCY_TYPES = %w(packages dev-packages).freeze
+        DEPENDENCY_TYPES = T.let(%w(packages dev-packages).freeze, T::Array[String])
 
+        sig { returns(T::Array[Dependabot::Dependency]) }
         attr_reader :dependencies
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
+
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
+
+        sig { returns(T.nilable(String)) }
         attr_reader :repo_contents_path
 
+        # rubocop:disable Metrics/AbcSize
+        sig do
+          params(
+            dependencies: T::Array[Dependabot::Dependency],
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            credentials: T::Array[Dependabot::Credential],
+            repo_contents_path: T.nilable(String)
+          ).void
+        end
         def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:)
           @dependencies = dependencies
           @dependency_files = dependency_files
           @credentials = credentials
           @repo_contents_path = repo_contents_path
-        end
-
+          @updated_pipfile_content = T.let(nil, T.nilable(String))
+          @updated_lockfile_content = T.let(nil, T.nilable(String))
+          @updated_generated_files = T.let(nil, T.nilable(T::Hash[Symbol, String]))
+          @pipfile = T.let(nil, T.nilable(Dependabot::DependencyFile))
+          @lockfile = T.let(nil, T.nilable(Dependabot::DependencyFile))
+          @setup_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+          @setup_cfg_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+          @requirements_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+          @updated_dependency_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+          @updated_pipfile_content = T.let(nil, T.nilable(String))
+          @parsed_lockfile = T.let(nil, T.nilable(T::Hash[String, T::Hash[String, Object]]))
+          @pipenv_runner = T.let(nil, T.nilable(PipenvRunner))
+          @language_version_manager = T.let(nil, T.nilable(LanguageVersionManager))
+          @sanitized_setup_file_content = T.let({}, T.untyped)
+          @python_requirement_parser = T.let(nil, T.nilable(FileParser::PythonRequirementParser))
+        end
+
+        # rubocop:enable Metrics/AbcSize
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def updated_dependency_files
           @updated_dependency_files ||= fetch_updated_dependency_files
         end
 
         private
 
+        sig { returns(T.nilable(Dependabot::Dependency)) }
         def dependency
           # For now, we'll only ever be updating a single dependency
           dependencies.first
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def fetch_updated_dependency_files
           updated_files = []
 
-          if pipfile.content != updated_pipfile_content
+          if pipfile&.content != updated_pipfile_content
             updated_files <<
-              updated_file(file: pipfile, content: updated_pipfile_content)
+              updated_file(file: T.must(pipfile), content: T.must(updated_pipfile_content))
           end
 
           if lockfile
-            raise "Expected Pipfile.lock to change!" if lockfile.content == updated_lockfile_content
+            raise "Expected Pipfile.lock to change!" if lockfile&.content == updated_lockfile_content
 
             updated_files <<
-              updated_file(file: lockfile, content: updated_lockfile_content)
+              updated_file(file: T.must(lockfile), content: updated_lockfile_content)
           end
 
           updated_files += updated_generated_requirements_files
           updated_files
         end
 
+        sig { returns(T.nilable(String)) }
         def updated_pipfile_content
           @updated_pipfile_content ||=
             PipfileManifestUpdater.new(
               dependencies: dependencies,
-              manifest: pipfile
+              manifest: T.must(pipfile)
             ).updated_manifest_content
         end
 
+        sig { returns(String) }
         def updated_lockfile_content
           @updated_lockfile_content ||=
             updated_generated_files.fetch(:lockfile)
         end
 
+        sig { returns(T::Boolean) }
         def generate_updated_requirements_files?
           return true if generated_requirements_files("default").any?
 
           generated_requirements_files("develop").any?
         end
 
+        sig { params(type: String).returns(T::Array[Dependabot::DependencyFile]) }
         def generated_requirements_files(type)
           return [] unless lockfile
 
@@ -95,12 +137,13 @@ module Dependabot
           # generated using `pipenv requirements`
           requirements_files.select do |req_file|
             deps = []
-            req_file.content.scan(regex) { deps << Regexp.last_match }
+            req_file.content&.scan(regex) { deps << Regexp.last_match }
             deps = deps.map { |m| m[:name] }
             deps.sort == pipfile_lock_deps
           end
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def updated_generated_requirements_files
           updated_files = []
 
@@ -121,49 +164,56 @@ module Dependabot
           updated_files
         end
 
+        sig { returns(String) }
         def updated_req_content
           updated_generated_files.fetch(:requirements_txt)
         end
 
+        sig { returns(String) }
         def updated_dev_req_content
           updated_generated_files.fetch(:dev_requirements_txt)
         end
 
+        sig { returns(String) }
         def prepared_pipfile_content
           content = updated_pipfile_content
-          content = add_private_sources(content)
+          content = add_private_sources(content.to_s)
           content = update_python_requirement(content)
-          content = update_ssl_requirement(content, updated_pipfile_content)
+          content = update_ssl_requirement(content, updated_pipfile_content.to_s)
 
           content
         end
 
+        sig { params(pipfile_content: String).returns(String) }
         def update_python_requirement(pipfile_content)
           PipfilePreparer
             .new(pipfile_content: pipfile_content)
             .update_python_requirement(language_version_manager.python_major_minor)
         end
 
+        sig { params(pipfile_content: String, parsed_file: String).returns(String) }
         def update_ssl_requirement(pipfile_content, parsed_file)
           Python::FileUpdater::PipfilePreparer
             .new(pipfile_content: pipfile_content)
             .update_ssl_requirement(parsed_file)
         end
 
+        sig { params(pipfile_content: String).returns(String) }
         def add_private_sources(pipfile_content)
           PipfilePreparer
             .new(pipfile_content: pipfile_content)
             .replace_sources(credentials)
         end
 
+        sig { returns(T::Hash[Symbol, String]) }
         def updated_generated_files
           @updated_generated_files ||=
-            SharedHelpers.in_a_temporary_repo_directory(dependency_files.first.directory, repo_contents_path) do
+            SharedHelpers.in_a_temporary_repo_directory(T.must(dependency_files.first).directory, repo_contents_path) do
               SharedHelpers.with_git_configured(credentials: credentials) do
                 write_temporary_dependency_files(prepared_pipfile_content)
                 install_required_python
 
-                pipenv_runner.run_upgrade("==#{dependency.version}")
+                pipenv_runner&.run_upgrade("==#{dependency&.version}")
 
                 result = { lockfile: File.read("Pipfile.lock") }
                 result[:lockfile] = post_process_lockfile(result[:lockfile])
@@ -181,10 +231,11 @@ module Dependabot
             end
         end
 
+        sig { params(updated_lockfile_content: String).returns(String) }
         def post_process_lockfile(updated_lockfile_content)
-          pipfile_hash = pipfile_hash_for(updated_pipfile_content)
-          original_reqs = parsed_lockfile["_meta"]["requires"]
-          original_source = parsed_lockfile["_meta"]["sources"]
+          pipfile_hash = pipfile_hash_for(updated_pipfile_content.to_s)
+          original_reqs = T.must(parsed_lockfile["_meta"])["requires"]
+          original_source = T.must(parsed_lockfile["_meta"])["sources"]
 
           new_lockfile = updated_lockfile_content.dup
           new_lockfile_json = JSON.parse(new_lockfile)
@@ -197,6 +248,7 @@ module Dependabot
               .gsub(/\}\z/, "}\n")
         end
 
+        sig { returns(Integer) }
         def generate_updated_requirements_files
           req_content = run_pipenv_command(
             "pyenv exec pipenv requirements"
@@ -209,14 +261,17 @@ module Dependabot
           File.write("dev-req.txt", dev_req_content)
         end
 
+        sig { params(command: String).returns(String) }
         def run_command(command)
           SharedHelpers.run_shell_command(command)
         end
 
+        sig { params(command: String).returns(String) }
         def run_pipenv_command(command)
-          pipenv_runner.run(command)
+          T.must(pipenv_runner).run(command)
         end
 
+        sig { params(pipfile_content: Object).returns(Integer) }
         def write_temporary_dependency_files(pipfile_content)
           dependency_files.each do |file|
             path = file.name
@@ -243,6 +298,7 @@ module Dependabot
           File.write("Pipfile", pipfile_content)
         end
 
+        sig { returns(T.nilable(String)) }
         def install_required_python
           # Initialize a git repo to appease pip-tools
           begin
@@ -254,6 +310,7 @@ module Dependabot
           language_version_manager.install_required_python
         end
 
+        sig { params(file: Dependabot::DependencyFile).returns(String) }
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
           return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
@@ -264,12 +321,24 @@ module Dependabot
             .sanitized_content
         end
 
+        sig { params(file: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile)) }
         def setup_cfg(file)
           dependency_files.find do |f|
             f.name == file.name.sub(/\.py$/, ".cfg")
           end
         end
 
+        sig do
+          params(
+            pipfile_content: String
+          ).returns(
+            T.nilable(
+              T.any(T::Hash[String, T.untyped],
+                    String,
+                    T::Array[T::Hash[String, T.untyped]])
+            )
+          )
+        end
         def pipfile_hash_for(pipfile_content)
           SharedHelpers.in_a_temporary_directory do |dir|
             File.write(File.join(dir, "Pipfile"), pipfile_content)
@@ -281,12 +350,14 @@ module Dependabot
           end
         end
 
+        sig { params(file: Dependabot::DependencyFile, content: String).returns(Dependabot::DependencyFile) }
         def updated_file(file:, content:)
           updated_file = file.dup
           updated_file.content = content
           updated_file
         end
 
+        sig { returns(FileParser::PythonRequirementParser) }
         def python_requirement_parser
           @python_requirement_parser ||=
             FileParser::PythonRequirementParser.new(
@@ -294,6 +365,7 @@ module Dependabot
             )
         end
 
+        sig { returns(LanguageVersionManager) }
         def language_version_manager
           @language_version_manager ||=
             LanguageVersionManager.new(
@@ -301,35 +373,42 @@ module Dependabot
             )
         end
 
+        sig { returns(T.nilable(PipenvRunner)) }
         def pipenv_runner
           @pipenv_runner ||=
             PipenvRunner.new(
-              dependency: dependency,
+              dependency: T.must(dependency),
               lockfile: lockfile,
               language_version_manager: language_version_manager
             )
         end
 
+        sig { returns(T::Hash[String, T::Hash[String, T.untyped]]) }
         def parsed_lockfile
-          @parsed_lockfile ||= JSON.parse(lockfile.content)
+          @parsed_lockfile ||= JSON.parse(T.must(lockfile&.content))
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pipfile
           @pipfile ||= dependency_files.find { |f| f.name == "Pipfile" }
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def lockfile
           @lockfile ||= dependency_files.find { |f| f.name == "Pipfile.lock" }
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def setup_files
           dependency_files.select { |f| f.name.end_with?("setup.py") }
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def setup_cfg_files
           dependency_files.select { |f| f.name.end_with?("setup.cfg") }
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def requirements_files
           dependency_files.select { |f| f.name.end_with?(".txt") }
         end

data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/python/file_updater"
@@ -7,11 +7,15 @@ module Dependabot
   module Python
     class FileUpdater
       class PipfileManifestUpdater
+        extend T::Sig
+
+        sig { params(dependencies: T::Array[Dependency], manifest: DependencyFile).void }
         def initialize(dependencies:, manifest:)
           @dependencies = dependencies
           @manifest = manifest
         end
 
+        sig { returns(T.nilable(String)) }
         def updated_manifest_content
           dependencies
             .select { |dep| requirement_changed?(dep) }
@@ -19,7 +23,7 @@ module Dependabot
               updated_content = content
 
               updated_content = update_requirements(
-                content: updated_content,
+                content: T.must(updated_content),
                 dependency: dep
               )
 
@@ -31,28 +35,31 @@ module Dependabot
 
         private
 
+        sig { returns(T::Array[Dependency]) }
         attr_reader :dependencies
+        sig { returns(DependencyFile) }
         attr_reader :manifest
 
+        sig { params(content: String, dependency: Dependency).returns(String) }
         def update_requirements(content:, dependency:)
           updated_content = content.dup
 
           # The UpdateChecker ensures the order of requirements is preserved
           # when updating, so we can zip them together in new/old pairs.
           reqs = dependency.requirements
-                           .zip(dependency.previous_requirements)
+                           .zip(T.must(dependency.previous_requirements))
                            .reject { |new_req, old_req| new_req == old_req }
 
           # Loop through each changed requirement
           reqs.each do |new_req, old_req|
-            raise "Bad req match" unless new_req[:file] == old_req[:file]
-            next if new_req[:requirement] == old_req[:requirement]
+            raise "Bad req match" unless new_req[:file] == T.must(old_req)[:file]
+            next if new_req[:requirement] == T.must(old_req)[:requirement]
             next unless new_req[:file] == manifest.name
 
             updated_content = update_manifest_req(
               content: updated_content,
               dep: dependency,
-              old_req: old_req.fetch(:requirement),
+              old_req: T.must(old_req).fetch(:requirement),
               new_req: new_req.fetch(:requirement)
             )
           end
@@ -60,33 +67,43 @@ module Dependabot
           updated_content
         end
 
+        sig do
+          params(
+            content: String,
+            dep: Dependency,
+            old_req: String,
+            new_req: String
+          ).returns(String)
+        end
         def update_manifest_req(content:, dep:, old_req:, new_req:)
           simple_declaration = content.scan(declaration_regex(dep))
                                       .find { |m| m.include?(old_req) }
 
           if simple_declaration
             simple_declaration_regex =
-              /(?:^|["'])#{Regexp.escape(simple_declaration)}/
+              /(?:^|["'])#{Regexp.escape(simple_declaration.to_s)}/
             content.gsub(simple_declaration_regex) do |line|
               line.gsub(old_req, new_req)
             end
           elsif content.match?(table_declaration_version_regex(dep))
             content.gsub(table_declaration_version_regex(dep)) do |part|
-              line = content.match(table_declaration_version_regex(dep))
-                            .named_captures.fetch("version_declaration")
-              new_line = line.gsub(old_req, new_req)
-              part.gsub(line, new_line)
+              line = T.must(content.match(table_declaration_version_regex(dep)))
+                      .named_captures.fetch("version_declaration")
+              new_line = T.must(line).gsub(old_req, new_req)
+              part.gsub(T.must(line), new_line)
             end
           else
             content
           end
         end
 
+        sig { params(dep: Dependency).returns(Regexp) }
         def declaration_regex(dep)
           escaped_name = Regexp.escape(dep.name).gsub("\\-", "[-_.]")
           /(?:^|["'])#{escaped_name}["']?\s*=.*$/i
         end
 
+        sig { params(dep: Dependabot::Dependency).returns(Regexp) }
         def table_declaration_version_regex(dep)
           /
             packages\.#{Regexp.quote(dep.name)}\]
@@ -95,9 +112,10 @@ module Dependabot
           /mx
         end
 
+        sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
         def requirement_changed?(dependency)
           changed_requirements =
-            dependency.requirements - dependency.previous_requirements
+            dependency.requirements - T.must(dependency.previous_requirements)
 
           changed_requirements.any? { |f| f[:file] == manifest.name }
         end

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -7,6 +7,7 @@ require "dependabot/dependency"
 require "dependabot/python/file_parser"
 require "dependabot/python/file_updater"
 require "dependabot/python/authed_url_builder"
+require "sorbet-runtime"
 
 module Dependabot
   module Python
@@ -19,7 +20,7 @@ module Dependabot
           @pipfile_content = pipfile_content
         end
 
-        sig { params(credentials: T::Array[T::Hash[String, T.untyped]]).returns(String) }
+        sig { params(credentials: T::Array[Dependabot::Credential]).returns(String) }
         def replace_sources(credentials)
           pipfile_object = TomlRB.parse(pipfile_content)
 
@@ -67,23 +68,23 @@ module Dependabot
         sig { returns(String) }
         attr_reader :pipfile_content
 
-        sig { returns(T::Array[T::Hash[String, T.untyped]]) }
+        sig { returns(T::Array[T::Hash[String, String]]) }
         def pipfile_sources
           @pipfile_sources ||= T.let(TomlRB.parse(pipfile_content).fetch("source", []),
-                                     T.nilable(T::Array[T::Hash[String, T.untyped]]))
+                                     T.nilable(T::Array[T::Hash[String, String]]))
         end
 
         sig do
-          params(source: T::Hash[String, T.untyped],
-                 credentials: T::Array[T::Hash[String, T.untyped]]).returns(T.nilable(T::Hash[String, T.untyped]))
+          params(source: T::Hash[String, String],
+                 credentials: T::Array[Dependabot::Credential]).returns(T.nilable(T::Hash[String, String]))
         end
         def sub_auth_url(source, credentials)
-          if source["url"].include?("${")
-            base_url = source["url"].sub(/\${.*}@/, "")
+          if source["url"]&.include?("${")
+            base_url = source["url"]&.sub(/\${.*}@/, "")
 
             source_cred = credentials
                           .select { |cred| cred["type"] == "python_index" && cred["index-url"] }
-                          .find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
+                          .find { |c| T.must(c["index-url"]).sub(/\${.*}@/, "") == base_url }
 
             return nil if source_cred.nil?
 
@@ -93,9 +94,9 @@ module Dependabot
           source
         end
 
-        sig { params(credentials: T::Array[T::Hash[String, T.untyped]]).returns(T::Array[T::Hash[String, T.untyped]]) }
+        sig { params(credentials: T::Array[Dependabot::Credential]).returns(T::Array[T::Hash[String, String]]) }
         def config_variable_sources(credentials)
-          @config_variable_sources = T.let([], T.nilable(T::Array[T::Hash[String, T.untyped]]))
+          @config_variable_sources = T.let([], T.nilable(T::Array[T::Hash[String, String]]))
           @config_variable_sources =
             credentials.select { |cred| cred["type"] == "python_index" }.map.with_index do |c, i|
               {