dependabot-python 0.95.58 → 0.95.59

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dea39898a311aabfdfeed788e75fcd6ad6e2b42636f317b01a6cf0216d2ba069
-  data.tar.gz: '069170b809ae713b3291b85718e6b13bae2a2db9ce32c63d9f59a800f7ade91e'
+  metadata.gz: 366c91fb1e2085cfeb25e78ae9892afea7ab90a5087711f687424998b0f74e93
+  data.tar.gz: f2003811eb623bb96682481a87fa89653032190d351fe076ff9ade7eb17e165b
 SHA512:
-  metadata.gz: e6d41cd16b815f8679e3051724d15472934bfb962d91b4a029d240c26b19a427289e100aa9808635c14ee63150de6cefe8d3da761df79d24a8e5f189eabb3f89
-  data.tar.gz: 678ed8722437bc738a5f64442f7a6383e4717439f25ab625a9f22315f54fb822ad55d1b26a7e3f6f735d29ca6af97e7314a722ccadfebcf012b055d874b4f5c6
+  metadata.gz: 77b70b748b3a1076f2fad8821e596929f375dd8432b2ae3f4116c04d2d5d5e770951a5ac54b21ef75082dd36b51ec8aab3d85ea0e3ea8fbe2630b017b35ebc34
+  data.tar.gz: cb47c3f64b83edc3f2c83d4d8d591dabc38c5b1090db64578a51911e85c23b5d162292cf072ea612146211b5a2bad10636d8ab3903819b7d1e3d687e687d44b4

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -187,6 +187,7 @@ module Dependabot
             SharedHelpers.in_a_temporary_directory do
               SharedHelpers.with_git_configured(credentials: credentials) do
                 write_temporary_dependency_files(prepared_pipfile_content)
+                install_required_python
 
                 # Initialize a git repo to appease pip-tools
                 IO.popen("git init", err: %i(child out)) if setup_files.any?
@@ -238,14 +239,14 @@ module Dependabot
           )
         end
 
-        def run_pipenv_command(command)
+        def run_command(command)
           start = Time.now
           stdout, process = Open3.capture2e(command)
           time_taken = Time.now - start
 
           # Raise an error with the output from the shell session if Pipenv
           # returns a non-zero status
-          return if process.success?
+          return stdout if process.success?
 
           raise SharedHelpers::HelperSubprocessFailed.new(
             message: stdout,
@@ -255,6 +256,11 @@ module Dependabot
               process_exit_value: process.to_s
             }
           )
+        end
+
+        def run_pipenv_command(command)
+          local_command = "pyenv local #{python_version} && " + command
+          run_command(local_command)
         rescue SharedHelpers::HelperSubprocessFailed => error
           original_error ||= error
           msg = error.message
@@ -265,10 +271,16 @@ module Dependabot
             end
 
           raise relevant_error unless error_suggests_bad_python_version?(msg)
-          raise relevant_error if command.include?("--two")
+          raise relevant_error if python_version.start_with?("2")
 
-          command = command.gsub("pipenv ", "pipenv --two ")
+          # Clear the existing virtualenv, so that we use the new Python version
+          run_command("pyenv local #{python_version} && pyenv exec pipenv --rm")
+
+          @python_version = "2.7.15"
           retry
+        ensure
+          @python_version = nil
+          FileUtils.remove_entry(".python-version", true)
         end
 
         def error_suggests_bad_python_version?(message)
@@ -279,13 +291,14 @@ module Dependabot
 
         def write_temporary_dependency_files(pipfile_content)
           dependency_files.each do |file|
-            next if file.name == ".python-version"
-
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
             File.write(path, file.content)
           end
 
+          # Overwrite the .python-version with updated content
+          File.write(".python-version", python_version)
+
           setup_files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -302,6 +315,21 @@ module Dependabot
           File.write("Pipfile", pipfile_content)
         end
 
+        def install_required_python
+          # Initialize a git repo to appease pip-tools
+          begin
+            run_command("git init") if setup_files.any?
+          rescue Dependabot::SharedHelpers::HelperSubprocessFailed
+            nil
+          end
+
+          return if run_command("pyenv versions").include?(python_version)
+
+          requirements_path = NativeHelpers.python_requirements_path
+          run_command("pyenv install -s")
+          run_command("pyenv exec pip install -r #{requirements_path}")
+        end
+
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
           if @sanitized_setup_file_content[file.name]
@@ -314,6 +342,59 @@ module Dependabot
             sanitized_content
         end
 
+        def python_version
+          @python_version ||= python_version_from_supported_versions
+        end
+
+        def python_version_from_supported_versions
+          requirement_string =
+            if @using_python_two then "2.7.*"
+            elsif user_specified_python_requirement
+              parts = user_specified_python_requirement.split(".")
+              parts.fill("*", (parts.length)..2).join(".")
+            else PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
+            end
+
+          # Ideally, the requirement is satisfied by a Python version we support
+          requirement = Python::Requirement.new(requirement_string)
+          version =
+            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
+            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
+          return version if version
+
+          # If not, and changing the patch version would fix things, we do that
+          # as the patch version is unlikely to affect resolution
+          requirement =
+            Python::Requirement.new(requirement_string.gsub(/\.\d+$/, ".*"))
+          version =
+            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
+            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
+          return version if version
+
+          # Otherwise we have to raise, giving details of the Python versions
+          # that Dependabot supports
+          msg = "Dependabot detected the following Python requirement "\
+                "for your project: '#{requirement_string}'.\n\nCurrently, the "\
+                "following Python versions are supported in Dependabot: "\
+                "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
+          raise DependencyFileNotResolvable, msg
+        end
+
+        def user_specified_python_requirement
+          if pipfile_python_requirement&.match?(/^\d/)
+            return pipfile_python_requirement
+          end
+
+          python_version_file&.content&.strip
+        end
+
+        def pipfile_python_requirement
+          parsed_pipfile = TomlRB.parse(pipfile.content)
+
+          parsed_pipfile.dig("requires", "python_full_version") ||
+            parsed_pipfile.dig("requires", "python_version")
+        end
+
         def setup_cfg(file)
           dependency_files.find do |f|
             f.name == file.name.sub(/\.py$/, ".cfg")
@@ -382,6 +463,10 @@ module Dependabot
           dependency_files.select { |f| f.name.end_with?(".txt") }
         end
 
+        def python_version_file
+          dependency_files.find { |f| f.name == ".python-version" }
+        end
+
         def pipenv_environment_variables
           environment_variables = [
             "PIPENV_YES=true",       # Install new Python versions if needed

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -214,7 +214,7 @@ module Dependabot
 
           requirements = Python::Requirement.requirements_array(requirement)
 
-          PythonVersions::PYTHON_VERSIONS.find do |version|
+          PythonVersions::SUPPORTED_VERSIONS.find do |version|
             requirements.any? do |r|
               r.satisfied_by?(Python::Version.new(version))
             end

data/lib/dependabot/python/python_versions.rb

@@ -3,23 +3,26 @@
 module Dependabot
   module Python
     module PythonVersions
-      # Poetry doesn't handle Python versions, so we have to do so manually
-      # (checking from a list of versions Poetry supports).
-      # This list gets iterated through to find a valid version, so we have
-      # the two pre-installed versions listed first.
-      PYTHON_VERSIONS = %w(
+      PRE_INSTALLED_PYTHON_VERSIONS = %w(
         3.6.8 2.7.15
+      ).freeze
+
+      # Due to an OpenSSL issue we can only install the following versions in
+      # the Dependabot container.
+      SUPPORTED_VERSIONS = %w(
         3.7.2 3.7.1 3.7.0
         3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
-        3.5.6 3.5.5 3.5.4 3.5.3 3.5.2 3.5.1 3.5.0
-        3.4.9 3.4.8 3.4.7 3.4.6 3.4.5 3.4.4 3.4.3 3.4.2 3.4.1 3.4.0
-        2.7.15 2.7.14 2.7.13 2.7.12 2.7.11 2.7.10 2.7.9 2.7.8 2.7.7 2.7.6 2.7.5
-        2.7.4 2.7.3 2.7.2 2.7.1 2.7
+        3.5.6 3.5.5 3.5.4 3.5.3
+        2.7.15 2.7.14 2.7.13
       ).freeze
 
-      PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.6.8 2.7.15
-      ).freeze
+      # This list gets iterated through to find a valid version, so we have
+      # the two pre-installed versions listed first.
+      SUPPORTED_VERSIONS_TO_ITERATE =
+        [
+          *PRE_INSTALLED_PYTHON_VERSIONS,
+          *SUPPORTED_VERSIONS
+        ].freeze
     end
   end
 end

data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb

@@ -71,6 +71,7 @@ module Dependabot
             SharedHelpers.in_a_temporary_directory do
               SharedHelpers.with_git_configured(credentials: credentials) do
                 write_temporary_dependency_files
+                install_required_python
 
                 # Shell out to Pipenv, which handles everything for us.
                 # Whilst calling `lock` avoids doing an install as part of the
@@ -158,7 +159,7 @@ module Dependabot
 
           if error.message.include?("UnsupportedPythonVersion") &&
              error.message.include?(dependency.name) &&
-             python_requirement_specified?
+             user_specified_python_requirement
             # The latest version of the dependency we're updating to needs a
             # different Python version. Skip the update.
             check_original_requirements_resolvable
@@ -240,13 +241,14 @@ module Dependabot
 
         def write_temporary_dependency_files(update_pipfile: true)
           dependency_files.each do |file|
-            next if file.name == ".python-version"
-
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
             File.write(path, file.content)
           end
 
+          # Overwrite the .python-version with updated content
+          File.write(".python-version", python_version)
+
           setup_files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -266,6 +268,21 @@ module Dependabot
           )
         end
 
+        def install_required_python
+          # Initialize a git repo to appease pip-tools
+          begin
+            run_command("git init") if setup_files.any?
+          rescue Dependabot::SharedHelpers::HelperSubprocessFailed
+            nil
+          end
+
+          return if run_command("pyenv versions").include?(python_version)
+
+          requirements_path = NativeHelpers.python_requirements_path
+          run_command("pyenv install -s")
+          run_command("pyenv exec pip install -r #{requirements_path}")
+        end
+
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
           @sanitized_setup_file_content[file.name] ||=
@@ -321,72 +338,57 @@ module Dependabot
             replace_sources(credentials)
         end
 
-        def add_python_two_requirement_to_pipfile
-          content = File.read("Pipfile")
-
-          updated_content =
-            Python::FileUpdater::PipfilePreparer.
-            new(pipfile_content: content).
-            update_python_requirement("2.7.15")
-
-          File.write("Pipfile", updated_content)
-        end
-
-        def pipfile_python_requirement
-          parsed_pipfile = TomlRB.parse(pipfile.content)
-
-          parsed_pipfile.dig("requires", "python_full_version") ||
-            parsed_pipfile.dig("requires", "python_version")
-        end
-
-        def python_requirement_specified?
-          return true if pipfile_python_requirement
-
-          !python_version_file.nil?
-        end
-
-        def set_up_python_environment
-          # Initialize a git repo to appease pip-tools
-          begin
-            SharedHelpers.run_shell_command("git init") if setup_files.any?
-          rescue Dependabot::SharedHelpers::HelperSubprocessFailed
-            nil
-          end
-
-          SharedHelpers.run_shell_command(
-            "pyenv install -s #{python_version}"
-          )
-          SharedHelpers.run_shell_command("pyenv local #{python_version}")
-          return if pre_installed_python?(python_version)
-
-          SharedHelpers.run_shell_command(
-            "pyenv exec pip install -r " + \
-            NativeHelpers.python_requirements_path
-          )
+        def python_version
+          @python_version ||= python_version_from_supported_versions
         end
 
-        def python_version
-          requirement =
-            if @using_python_two
-              "2.7.*"
-            elsif pipfile_python_requirement&.match?(/^\d/)
-              parts = pipfile_python_requirement.split(".")
+        def python_version_from_supported_versions
+          requirement_string =
+            if @using_python_two then "2.7.*"
+            elsif user_specified_python_requirement
+              parts = user_specified_python_requirement.split(".")
               parts.fill("*", (parts.length)..2).join(".")
-            elsif python_version_file
-              python_version_file.content
-            else
-              PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
+            else PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
             end
 
-          requirement = Python::Requirement.new(requirement)
+          # Ideally, the requirement is satisfied by a Python version we support
+          requirement = Python::Requirement.new(requirement_string)
+          version =
+            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
+            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
+          return version if version
 
-          PythonVersions::PYTHON_VERSIONS.find do |version|
-            requirement.satisfied_by?(Python::Version.new(version))
+          # If not, and changing the patch version would fix things, we do that
+          # as the patch version is unlikely to affect resolution
+          requirement =
+            Python::Requirement.new(requirement_string.gsub(/\.\d+$/, ".*"))
+          version =
+            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
+            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
+          return version if version
+
+          # Otherwise we have to raise, giving details of the Python versions
+          # that Dependabot supports
+          msg = "Dependabot detected the following Python requirement "\
+                "for your project: '#{requirement_string}'.\n\nCurrently, the "\
+                "following Python versions are supported in Dependabot: "\
+                "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
+          raise DependencyFileNotResolvable, msg
+        end
+
+        def user_specified_python_requirement
+          if pipfile_python_requirement&.match?(/^\d/)
+            return pipfile_python_requirement
           end
+
+          python_version_file&.content&.strip
         end
 
-        def pre_installed_python?(version)
-          PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
+        def pipfile_python_requirement
+          parsed_pipfile = TomlRB.parse(pipfile.content)
+
+          parsed_pipfile.dig("requires", "python_full_version") ||
+            parsed_pipfile.dig("requires", "python_version")
         end
 
         def check_private_sources_are_reachable
@@ -452,17 +454,13 @@ module Dependabot
           end
         end
 
-        # rubocop:disable Metrics/MethodLength
-        def run_pipenv_command(command)
-          set_up_python_environment
-
+        def run_command(command)
+          command = command.dup
           start = Time.now
           stdout, process = Open3.capture2e(command)
           time_taken = Time.now - start
 
-          # Raise an error with the output from the shell session if Pipenv
-          # returns a non-zero status
-          return if process.success?
+          return stdout if process.success?
 
           raise SharedHelpers::HelperSubprocessFailed.new(
             message: stdout,
@@ -472,6 +470,11 @@ module Dependabot
               process_exit_value: process.to_s
             }
           )
+        end
+
+        def run_pipenv_command(command)
+          local_command = "pyenv local #{python_version} && " + command
+          run_command(local_command)
         rescue SharedHelpers::HelperSubprocessFailed => error
           original_error ||= error
           msg = error.message
@@ -482,19 +485,20 @@ module Dependabot
             end
 
           raise relevant_error unless may_be_using_wrong_python_version?(msg)
-          raise relevant_error if @using_python_two
+          raise relevant_error if python_version.start_with?("2")
+
+          # Clear the existing virtualenv, so that we use the new Python version
+          run_command("pyenv local #{python_version} && pyenv exec pipenv --rm")
 
-          @using_python_two = true
-          add_python_two_requirement_to_pipfile
-          command = command.gsub("pipenv ", "pipenv --two ")
+          @python_version = "2.7.15"
           retry
         ensure
-          @using_python_two = nil
+          @python_version = nil
+          FileUtils.remove_entry(".python-version", true)
         end
-        # rubocop:enable Metrics/MethodLength
 
         def may_be_using_wrong_python_version?(error_message)
-          return false if python_requirement_specified?
+          return false if user_specified_python_requirement
           return true if error_message.include?("UnsupportedPythonVersion")
 
           error_message.include?('Command "python setup.py egg_info" failed')

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -152,11 +152,16 @@ module Dependabot
           requirements =
             Python::Requirement.requirements_array(requirement)
 
-          PythonVersions::PYTHON_VERSIONS.find do |version|
-            requirements.any? do |req|
-              req.satisfied_by?(Python::Version.new(version))
-            end
+          version = PythonVersions::SUPPORTED_VERSIONS.find do |v|
+            requirements.any? { |r| r.satisfied_by?(Python::Version.new(v)) }
           end
+          return version if version
+
+          msg = "Dependabot detected the following Python requirement "\
+                "for your project: '#{requirement}'.\n\nCurrently, the "\
+                "following Python versions are supported in Dependabot: "\
+                "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
+          raise DependencyFileNotResolvable, msg
         end
 
         def pre_installed_python?(version)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.95.58
+  version: 0.95.59
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-22 00:00:00.000000000 Z
+date: 2019-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.95.58
+        version: 0.95.59
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.95.58
+        version: 0.95.59
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement