dependabot-python 0.110.13 → 0.110.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43e205d891e9f373d47ed1aed1ed73e2538770edd93fd20dab742b8a99dfe33b
-  data.tar.gz: dd989a95c73a113d6567a7d61a3e2351e642ed87eef9669dee5b15541581fcee
+  metadata.gz: ce7ac9110e4d9fad6510995f9938ccfac0ac5ce62bb7b56b6bd5be4ba3b5dc2a
+  data.tar.gz: f0205fc6e19195f880333699486db230111912b3c79dfbde3fd02eb82b91df61
 SHA512:
-  metadata.gz: b88ad7f77598d73adb49bfd706313796e4cefe3849ea0d33b982069284f0235f740764b6e2b09ef27ab926ba66a39cb1e011fe1193f03f6f3483ffbb99e23e94
-  data.tar.gz: '0286a4185bdad37ddc9123b87aebbd745cb405d25048632d7b5af523566b40c88db5ba229b8725a9d8a3cbf7c8030cb83e4cc7b75984d6353293cbc7bfc0a12e'
+  metadata.gz: a51dbc2c9bf9baec3d0e7b0081a90d3022e5f5a55a80e4489407a73fdaab0518e4ab15fc5bda18a95bc1b73e68c6d255b8214ccff06481506a312b56a2874f1e
+  data.tar.gz: a37f6ba59bd5009201c3b4242c7a1f6244bcc35429c9764a291b6f392538c1d508e62bbb89ccc1ba74fe47c1ffa5eaa835c1325d086255fdf505a1ccd484babd

data/lib/dependabot/python/file_parser/python_requirement_parser.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+require "toml-rb"
+require "open3"
+require "dependabot/errors"
+require "dependabot/shared_helpers"
+require "dependabot/python/file_parser"
+require "dependabot/python/requirement"
+
+module Dependabot
+  module Python
+    class FileParser
+      class PythonRequirementParser
+        attr_reader :dependency_files
+
+        def initialize(dependency_files:)
+          @dependency_files = dependency_files
+        end
+
+        # TODO: Parse setup.py and setup.cfg to get python requirement
+        def user_specified_requirement
+          pipfile_python_requirement ||
+            pyproject_python_requirement ||
+            python_version_file_version ||
+            runtime_file_python_version
+        end
+
+        # TODO: Add better Python version detection using dependency versions
+        # (e.g., Django 2.x implies Python 3)
+        def imputed_requirements
+          requirement_files.flat_map do |file|
+            file.content.lines.
+              select { |l| l.include?(";") && l.include?("python") }.
+              map { |l| l.match(/python_version(?<req>.*?["'].*?['"])/) }.
+              compact.
+              map { |re| re.named_captures.fetch("req").gsub(/['"]/, "") }.
+              select do |r|
+                requirement_class.new(r)
+                true
+              rescue Gem::Requirement::BadRequirementError
+                false
+              end
+          end
+        end
+
+        private
+
+        def pipfile_python_requirement
+          return unless pipfile
+
+          parsed_pipfile = TomlRB.parse(pipfile.content)
+          requirement =
+            parsed_pipfile.dig("requires", "python_full_version") ||
+            parsed_pipfile.dig("requires", "python_version")
+          return unless requirement&.match?(/^\d/)
+
+          requirement
+        end
+
+        def pyproject_python_requirement
+          return unless pyproject
+
+          pyproject_object = TomlRB.parse(pyproject.content)
+          poetry_object = pyproject_object.dig("tool", "poetry")
+
+          poetry_object&.dig("dependencies", "python") ||
+            poetry_object&.dig("dev-dependencies", "python")
+        end
+
+        def python_version_file_version
+          return unless python_version_file
+
+          file_version = python_version_file.content.strip
+          return if file_version&.empty?
+          return unless pyenv_versions.include?("#{file_version}\n")
+
+          file_version
+        end
+
+        def runtime_file_python_version
+          return unless runtime_file
+
+          file_version = runtime_file.content.
+                         match(/(?<=python-).*/)&.to_s&.strip
+          return if file_version&.empty?
+          return unless pyenv_versions.include?("#{file_version}\n")
+
+          file_version
+        end
+
+        def pipenv_python_requirement
+          pipfile_lock_python_version || pipfile_python_requirement
+        end
+
+        def pipfile_lock_python_version
+          return unless pipfile_lock
+
+          JSON.parse(pipfile_lock.content).dig(
+            "_meta",
+            "host-environment-markers",
+            "python_full_version"
+          )
+        end
+
+        def pyenv_versions
+          @pyenv_versions ||= run_command("pyenv install --list")
+        end
+
+        def run_command(command, env: {})
+          start = Time.now
+          command = SharedHelpers.escape_command(command)
+          stdout, process = Open3.capture2e(env, command)
+          time_taken = Time.now - start
+
+          return stdout if process.success?
+
+          raise SharedHelpers::HelperSubprocessFailed.new(
+            message: stdout,
+            error_context: {
+              command: command,
+              time_taken: time_taken,
+              process_exit_value: process.to_s
+            }
+          )
+        end
+
+        def requirement_class
+          Dependabot::Python::Requirement
+        end
+
+        def pipfile
+          dependency_files.find { |f| f.name == "Pipfile" }
+        end
+
+        def pipfile_lock
+          dependency_files.find { |f| f.name == "Pipfile.lock" }
+        end
+
+        def pyproject
+          dependency_files.find { |f| f.name == "pyproject.toml" }
+        end
+
+        def setup_files
+          dependency_files.select { |f| f.name.end_with?("setup.py") }
+        end
+
+        def setup_cfg_files
+          dependency_files.select { |f| f.name.end_with?("setup.cfg") }
+        end
+
+        def python_version_file
+          dependency_files.find { |f| f.name == ".python-version" }
+        end
+
+        def runtime_file
+          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
+        end
+
+        def requirement_files
+          dependency_files.select { |f| f.name.end_with?(".txt") }
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -3,6 +3,7 @@
 require "open3"
 require "dependabot/python/requirement_parser"
 require "dependabot/python/file_fetcher"
+require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
@@ -524,60 +525,42 @@ module Dependabot
         end
 
         def python_version
-          # TODO: Add better Python version detection using dependency versions
-          # (e.g., Django 2.x implies Python 3)
           @python_version ||=
             user_specified_python_version ||
-            python_version_from_compiled_requirements ||
+            python_version_matching_imputed_requirements ||
             PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
         end
 
         def user_specified_python_version
-          file_version = python_version_file&.content&.strip
-          file_version ||= runtime_file_python_version
+          return unless python_requirement_parser.user_specified_requirement
 
-          return unless file_version
-          return unless pyenv_versions.include?("#{file_version}\n")
-
-          file_version
+          user_specified_requirement =
+            Dependabot::Python::Requirement.new(
+              python_requirement_parser.user_specified_requirement
+            )
+          python_version_matching([user_specified_requirement])
         end
 
-        def runtime_file_python_version
-          return unless runtime_file
-
-          runtime_file.content.match(/(?<=python-).*/)&.to_s&.strip
+        def python_version_matching_imputed_requirements
+          compiled_file_python_requirement_markers =
+            python_requirement_parser.imputed_requirements.map do |r|
+              Dependabot::Python::Requirement.new(r)
+            end
+          python_version_matching(compiled_file_python_requirement_markers)
         end
 
-        def python_version_from_compiled_requirements
+        def python_version_matching(requirements)
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
             version = Python::Version.new(version_string)
-            compiled_file_python_requirement_markers.all? do |req|
-              req.satisfied_by?(version)
-            end
+            requirements.all? { |req| req.satisfied_by?(version) }
           end
         end
 
-        def compiled_file_python_requirement_markers
-          @python_requirement_strings ||=
-            compiled_files.flat_map do |file|
-              file.content.lines.
-                select { |l| l.include?(";") && l.include?("python") }.
-                map { |l| l.match(/python_version(?<req>.*?["'].*?['"])/) }.
-                compact.
-                map { |re| re.named_captures.fetch("req").gsub(/['"]/, "") }.
-                select do |r|
-                  requirement_class.new(r)
-                  true
-                rescue Gem::Requirement::BadRequirementError
-                  false
-                end
-            end
-
-          @python_requirement_strings.map { |r| requirement_class.new(r) }
-        end
-
-        def pyenv_versions
-          @pyenv_versions ||= run_command("pyenv install --list")
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
         end
 
         def pre_installed_python?(version)
@@ -599,18 +582,6 @@ module Dependabot
         def setup_cfg_files
           dependency_files.select { |f| f.name.end_with?("setup.cfg") }
         end
-
-        def python_version_file
-          dependency_files.find { |f| f.name == ".python-version" }
-        end
-
-        def runtime_file
-          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
-        end
-
-        def requirement_class
-          Python::Requirement
-        end
       end
       # rubocop:enable Metrics/ClassLength
     end

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -3,6 +3,7 @@
 require "toml-rb"
 require "open3"
 require "dependabot/python/requirement_parser"
+require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
@@ -385,37 +386,14 @@ module Dependabot
         end
 
         def user_specified_python_requirement
-          if pipfile_python_requirement&.match?(/^\d/)
-            return pipfile_python_requirement
-          end
-
-          python_version_file_version || runtime_file_python_version
-        end
-
-        def python_version_file_version
-          file_version = python_version_file&.content&.strip
-
-          return unless file_version
-          return unless pyenv_versions.include?("#{file_version}\n")
-
-          file_version
-        end
-
-        def runtime_file_python_version
-          return unless runtime_file
-
-          runtime_file.content.match(/(?<=python-).*/)&.to_s&.strip
+          python_requirement_parser.user_specified_requirement
         end
 
-        def pyenv_versions
-          @pyenv_versions ||= run_command("pyenv install --list")
-        end
-
-        def pipfile_python_requirement
-          parsed_pipfile = TomlRB.parse(pipfile.content)
-
-          parsed_pipfile.dig("requires", "python_full_version") ||
-            parsed_pipfile.dig("requires", "python_version")
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
         end
 
         def setup_cfg(file)
@@ -470,14 +448,6 @@ module Dependabot
           dependency_files.select { |f| f.name.end_with?(".txt") }
         end
 
-        def python_version_file
-          dependency_files.find { |f| f.name == ".python-version" }
-        end
-
-        def runtime_file
-          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
-        end
-
         def pipenv_env_variables
           {
             "PIPENV_YES" => "true",       # Install new Python ver if needed

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -6,10 +6,10 @@ require "dependabot/shared_helpers"
 require "dependabot/python/version"
 require "dependabot/python/requirement"
 require "dependabot/python/python_versions"
+require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/python/native_helpers"
 
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   module Python
     class FileUpdater
@@ -232,17 +232,7 @@ module Dependabot
         end
 
         def python_version
-          pyproject_object = TomlRB.parse(prepared_pyproject)
-          poetry_object = pyproject_object.dig("tool", "poetry")
-
-          requirement =
-            poetry_object&.dig("dependencies", "python") ||
-            poetry_object&.dig("dev-dependencies", "python")
-
-          unless requirement
-            return python_version_file_version || runtime_file_python_version
-          end
-
+          requirement = user_specified_python_requirement
           requirements = Python::Requirement.requirements_array(requirement)
 
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version|
@@ -252,23 +242,15 @@ module Dependabot
           end
         end
 
-        def python_version_file_version
-          file_version = python_version_file&.content&.strip
-
-          return unless file_version
-          return unless pyenv_versions.include?("#{file_version}\n")
-
-          file_version
+        def user_specified_python_requirement
+          python_requirement_parser.user_specified_requirement
         end
 
-        def runtime_file_python_version
-          return unless runtime_file
-
-          runtime_file.content.match(/(?<=python-).*/)&.to_s&.strip
-        end
-
-        def pyenv_versions
-          @pyenv_versions ||= run_poetry_command("pyenv install --list")
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
         end
 
         def pre_installed_python?(version)
@@ -335,16 +317,7 @@ module Dependabot
         def poetry_lock
           dependency_files.find { |f| f.name == "poetry.lock" }
         end
-
-        def python_version_file
-          dependency_files.find { |f| f.name == ".python-version" }
-        end
-
-        def runtime_file
-          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
-        end
       end
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -4,6 +4,7 @@ require "open3"
 require "dependabot/python/requirement_parser"
 require "dependabot/python/file_fetcher"
 require "dependabot/python/file_parser"
+require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/update_checker"
 require "dependabot/python/file_updater/requirement_replacer"
 require "dependabot/python/file_updater/setup_file_sanitizer"
@@ -440,60 +441,42 @@ module Dependabot
         end
 
         def python_version
-          # TODO: Add better Python version detection using dependency versions
-          # (e.g., Django 2.x implies Python 3)
           @python_version ||=
             user_specified_python_version ||
-            python_version_matching_requirements ||
+            python_version_matching_imputed_requirements ||
             PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
         end
 
         def user_specified_python_version
-          file_version = python_version_file&.content&.strip
-          file_version ||= runtime_file_python_version
+          return unless python_requirement_parser.user_specified_requirement
 
-          return unless file_version
-          return unless pyenv_versions.include?("#{file_version}\n")
-
-          file_version
+          user_specified_requirement =
+            Dependabot::Python::Requirement.new(
+              python_requirement_parser.user_specified_requirement
+            )
+          python_version_matching([user_specified_requirement])
         end
 
-        def runtime_file_python_version
-          return unless runtime_file
-
-          runtime_file.content.match(/(?<=python-).*/)&.to_s&.strip
+        def python_version_matching_imputed_requirements
+          compiled_file_python_requirement_markers =
+            python_requirement_parser.imputed_requirements.map do |r|
+              Dependabot::Python::Requirement.new(r)
+            end
+          python_version_matching(compiled_file_python_requirement_markers)
         end
 
-        def python_version_matching_requirements
+        def python_version_matching(requirements)
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
             version = Python::Version.new(version_string)
-            compiled_file_python_requirement_markers.all? do |req|
-              req.satisfied_by?(version)
-            end
+            requirements.all? { |req| req.satisfied_by?(version) }
           end
         end
 
-        def compiled_file_python_requirement_markers
-          @python_requirement_strings ||=
-            compiled_files.flat_map do |file|
-              file.content.lines.
-                select { |l| l.include?(";") && l.include?("python") }.
-                map { |l| l.match(/python_version(?<req>.*?["'].*?['"])/) }.
-                compact.
-                map { |re| re.named_captures.fetch("req").gsub(/['"]/, "") }.
-                select do |r|
-                  requirement_class.new(r)
-                  true
-                rescue Gem::Requirement::BadRequirementError
-                  false
-                end
-            end
-
-          @python_requirement_strings.map { |r| requirement_class.new(r) }
-        end
-
-        def pyenv_versions
-          @pyenv_versions ||= run_command("pyenv install --list")
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
         end
 
         def pre_installed_python?(version)
@@ -515,18 +498,6 @@ module Dependabot
         def setup_cfg_files
           dependency_files.select { |f| f.name.end_with?("setup.cfg") }
         end
-
-        def python_version_file
-          dependency_files.find { |f| f.name == ".python-version" }
-        end
-
-        def runtime_file
-          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
-        end
-
-        def requirement_class
-          Python::Requirement
-        end
       end
       # rubocop:enable Metrics/ClassLength
     end

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -6,13 +6,13 @@ require "open3"
 require "dependabot/errors"
 require "dependabot/shared_helpers"
 require "dependabot/python/file_parser"
+require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater/pipfile_preparer"
 require "dependabot/python/file_updater/setup_file_sanitizer"
 require "dependabot/python/update_checker"
 require "dependabot/python/python_versions"
 require "dependabot/python/native_helpers"
 require "dependabot/python/version"
-require "dependabot/python/authed_url_builder"
 
 # rubocop:disable Metrics/ClassLength
 module Dependabot
@@ -407,37 +407,14 @@ module Dependabot
         end
 
         def user_specified_python_requirement
-          if pipfile_python_requirement&.match?(/^\d/)
-            return pipfile_python_requirement
-          end
-
-          python_version_file_version || runtime_file_python_version
-        end
-
-        def python_version_file_version
-          file_version = python_version_file&.content&.strip
-
-          return unless file_version
-          return unless pyenv_versions.include?("#{file_version}\n")
-
-          file_version
+          python_requirement_parser.user_specified_requirement
         end
 
-        def runtime_file_python_version
-          return unless runtime_file
-
-          runtime_file.content.match(/(?<=python-).*/)&.to_s&.strip
-        end
-
-        def pyenv_versions
-          @pyenv_versions ||= run_command("pyenv install --list")
-        end
-
-        def pipfile_python_requirement
-          parsed_pipfile = TomlRB.parse(pipfile.content)
-
-          parsed_pipfile.dig("requires", "python_full_version") ||
-            parsed_pipfile.dig("requires", "python_version")
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
         end
 
         def run_command(command, env: {})
@@ -491,16 +468,6 @@ module Dependabot
           error_message.include?('Command "python setup.py egg_info" failed')
         end
 
-        def config_variable_sources
-          @config_variable_sources ||=
-            credentials.
-            select { |cred| cred["type"] == "python_index" }.
-            map do |h|
-              url = AuthedUrlBuilder.authed_url(credential: h)
-              { "url" => url.gsub(%r{/*$}, "") + "/" }
-            end
-        end
-
         def pipenv_env_variables
           {
             "PIPENV_YES" => "true",       # Install new Python ver if needed
@@ -531,14 +498,6 @@ module Dependabot
         def setup_cfg_files
           dependency_files.select { |f| f.name.end_with?("setup.cfg") }
         end
-
-        def python_version_file
-          dependency_files.find { |f| f.name == ".python-version" }
-        end
-
-        def runtime_file
-          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
-        end
       end
     end
   end

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -6,6 +6,7 @@ require "open3"
 require "dependabot/errors"
 require "dependabot/shared_helpers"
 require "dependabot/python/file_parser"
+require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater/pyproject_preparer"
 require "dependabot/python/update_checker"
 require "dependabot/python/version"
@@ -14,7 +15,6 @@ require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/authed_url_builder"
 
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   module Python
     class UpdateChecker
@@ -189,19 +189,8 @@ module Dependabot
         end
 
         def python_version
-          pyproject_object = TomlRB.parse(pyproject.content)
-          poetry_object = pyproject_object.dig("tool", "poetry")
-
-          requirement =
-            poetry_object&.dig("dependencies", "python") ||
-            poetry_object&.dig("dev-dependencies", "python")
-
-          unless requirement
-            return python_version_file_version || runtime_file_python_version
-          end
-
-          requirements =
-            Python::Requirement.requirements_array(requirement)
+          requirement = user_specified_python_requirement
+          requirements = Python::Requirement.requirements_array(requirement)
 
           version = PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |v|
             requirements.any? { |r| r.satisfied_by?(Python::Version.new(v)) }
@@ -215,23 +204,15 @@ module Dependabot
           raise DependencyFileNotResolvable, msg
         end
 
-        def python_version_file_version
-          file_version = python_version_file&.content&.strip
-
-          return unless file_version
-          return unless pyenv_versions.include?("#{file_version}\n")
-
-          file_version
+        def user_specified_python_requirement
+          python_requirement_parser.user_specified_requirement
         end
 
-        def runtime_file_python_version
-          return unless runtime_file
-
-          runtime_file.content.match(/(?<=python-).*/)&.to_s&.strip
-        end
-
-        def pyenv_versions
-          @pyenv_versions ||= run_poetry_command("pyenv install --list")
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
         end
 
         def pre_installed_python?(version)
@@ -324,14 +305,6 @@ module Dependabot
           poetry_lock || pyproject_lock
         end
 
-        def python_version_file
-          dependency_files.find { |f| f.name == ".python-version" }
-        end
-
-        def runtime_file
-          dependency_files.find { |f| f.name.end_with?("runtime.txt") }
-        end
-
         def run_poetry_command(command)
           start = Time.now
           command = SharedHelpers.escape_command(command)
@@ -360,4 +333,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.110.13
+  version: 0.110.14
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.13
+        version: 0.110.14
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.13
+        version: 0.110.14
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -155,6 +155,7 @@ files:
 - lib/dependabot/python/file_parser.rb
 - lib/dependabot/python/file_parser/pipfile_files_parser.rb
 - lib/dependabot/python/file_parser/poetry_files_parser.rb
+- lib/dependabot/python/file_parser/python_requirement_parser.rb
 - lib/dependabot/python/file_parser/setup_file_parser.rb
 - lib/dependabot/python/file_updater.rb
 - lib/dependabot/python/file_updater/pip_compile_file_updater.rb