RubyGems - dependabot-swift - Versions diffs - 0.314.0 → 0.316.0 - Mend

dependabot-swift 0.314.0 → 0.316.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/swift/package/package_details_fetcher.rb +69 -0
data/lib/dependabot/swift/update_checker/latest_version_resolver.rb +130 -0
data/lib/dependabot/swift/update_checker.rb +12 -1
metadata +10 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b33db3e49c480beca9e7f63d4eaa3338b59417bd6084df49f80ffdd7bdc4aabb
-  data.tar.gz: 5f4db50129f1641cdd36d401c324f7dc0c9bafc914a680c6f838f5cd2260fdbe
+  metadata.gz: 6a2b9732c591be3117127bc8d10d98a6244583d69d3dca23b3b8d4be835f2c5f
+  data.tar.gz: 8ce481f03d3dab87d2215dd1ec107f9a3cc70282c252d4d7a4e61ef0fef9f933
 SHA512:
-  metadata.gz: 0727dd3f8e0813dc5074d2aad6c669984b03c892e72ea5e101ec1e91f4655960a3befb88d33a3c77a3d3d39a228567c2d982516c0eb0ae150bfd1895c3c96584
-  data.tar.gz: 372d80ebe5cd19b1f3be5080ec541e77d8ec4861c06aa317e53ad6aee8291e5fa9a54643234ec99814332b35dffe4c515e15e85cff6efce516b1ec89318854b5
+  metadata.gz: 130cdcc0063affba1322e346f7fa391c3cf46e48081d2f5eeb441897b0d5876e553f9eb13d0d07cd56985413b1ade264765f3098b2ab20f35acde9972274a83d
+  data.tar.gz: 9bea1217ecd17a9fe96dee648db4b463e05a7389afb3ed8aa8e1c07f30a250ef748f5f978335958f127d49bbb6ab5de1a58c415ab447d664f3fe95293a941c45

data/lib/dependabot/swift/package/package_details_fetcher.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# typed: strict
+# frozen_string_literal: true
+require "json"
+require "time"
+require "cgi"
+require "excon"
+require "sorbet-runtime"
+require "dependabot/swift"
+module Dependabot
+  module Swift
+    module Package
+      class PackageDetailsFetcher
+        extend T::Sig
+        RELEASES_URL = "https://api.github.com/repos/"
+        APPLICATION_JSON = "JSON"
+        sig do
+          params(
+            dependency: Dependency,
+            credentials: T::Array[Dependabot::Credential],
+            git_commit_checker: Dependabot::GitCommitChecker
+          ).void
+        end
+        def initialize(dependency:, credentials:, git_commit_checker:)
+          @dependency = dependency
+          @credentials = credentials
+          @git_commit_checker = git_commit_checker
+        end
+        sig { returns(Dependabot::GitCommitChecker) }
+        attr_reader :git_commit_checker
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+        sig { returns(T::Array[GitTagWithDetail]) }
+        def fetch_tag_and_release_date
+          truncate_github_url = @dependency.name.gsub("github.com/", "")
+          url = RELEASES_URL + "#{truncate_github_url}/releases"
+          result_lines = T.let([], T::Array[GitTagWithDetail])
+          # Fetch the releases from the GitHub API
+          response = Excon.get(url, headers: { "Accept" => "application/vnd.github.v3+json" })
+          Dependabot.logger.error("Failed call details: #{response.body}") unless response.status == 200
+          return result_lines unless response.status == 200
+          # Parse the JSON response
+          releases = JSON.parse(response.body)
+          # Extract version names and release dates into a hash
+          releases.map do |release|
+            result_lines << GitTagWithDetail.new(
+              tag: release["tag_name"],
+              release_date: release["published_at"]
+            )
+          end
+          # sort the result lines by tag in descending order
+          result_lines = result_lines.sort_by(&:tag).reverse
+          # Log the extracted details for debugging
+          Dependabot.logger.info("Extracted release details: #{result_lines}")
+          result_lines
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/swift/update_checker/latest_version_resolver.rb ADDED Viewed

@@ -0,0 +1,130 @@
+# typed: strong
+# frozen_string_literal: true
+require "dependabot/update_checkers/base"
+require "dependabot/swift/file_parser/dependency_parser"
+require "dependabot/swift/file_updater/lockfile_updater"
+require "dependabot/swift/package/package_details_fetcher"
+require "sorbet-runtime"
+require "dependabot/git_commit_checker"
+module Dependabot
+  module Swift
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      class LatestVersionResolver
+        extend T::Sig
+        DAY_IN_SECONDS = T.let(24 * 60 * 60, Integer)
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            credentials: T::Array[Dependabot::Credential],
+            cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
+            git_commit_checker: Dependabot::GitCommitChecker
+          ).void
+        end
+        def initialize(dependency:, credentials:, cooldown_options:, git_commit_checker:)
+          @dependency = dependency
+          @credentials = credentials
+          @cooldown_options = cooldown_options
+          @git_commit_checker = T.let(
+            git_commit_checker,
+            Dependabot::GitCommitChecker
+          )
+        end
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+        # Return latest version tag for the dependency, it removes tags that are in cooldown period
+        # and returns the latest version tag that is not in cooldown period. If eexception occurs
+        # it will return the latest version tag from the git_commit_checker. as it was before
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+        def latest_version_tag
+          # step one fetch allowed version tags and
+          allowed_version_tags = git_commit_checker.allowed_version_tags
+          begin
+            # sort the allowed version tags by name in descending order
+            select_version_tags_in_cooldown_period&.each do |tag_name|
+              # filter out if name is not in cooldown period
+              allowed_version_tags.reject! do |gitref_filtered|
+                true if gitref_filtered.name == tag_name
+              end
+            end
+            Dependabot.logger.info("Allowed version tags after filtering versions in cooldown:
+              #{allowed_version_tags.map(&:name).join(', ')}")
+            git_commit_checker.max_local_tag(allowed_version_tags)
+          rescue StandardError => e
+            Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
+            git_commit_checker.local_tag_for_latest_version
+          end
+        end
+        sig { returns(T.nilable(T::Array[String])) }
+        def select_version_tags_in_cooldown_period
+          version_tags_in_cooldown_period = T.let([], T::Array[String])
+          package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
+            if check_if_version_in_cooldown_period?(git_tag_with_detail.release_date)
+              version_tags_in_cooldown_period << git_tag_with_detail.tag
+            end
+          end
+          version_tags_in_cooldown_period
+        rescue StandardError => e
+          Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
+          version_tags_in_cooldown_period
+        end
+        sig { params(release_date: String).returns(T::Boolean) }
+        def check_if_version_in_cooldown_period?(release_date)
+          return false unless release_date.length.positive?
+          cooldown = @cooldown_options
+          return false unless cooldown
+          return false if cooldown.nil?
+          # Get maximum cooldown days based on semver parts
+          days = [cooldown.default_days, cooldown.semver_major_days].max
+          days = cooldown.semver_minor_days unless days > cooldown.semver_minor_days
+          days = cooldown.semver_patch_days unless days > cooldown.semver_patch_days
+          # Calculate the number of seconds passed since the release
+          passed_seconds = Time.now.to_i - release_date_to_seconds(release_date)
+          # Check if the release is within the cooldown period
+          passed_seconds < days * DAY_IN_SECONDS
+        end
+        sig { params(release_date: String).returns(Integer) }
+        def release_date_to_seconds(release_date)
+          Time.parse(release_date).to_i
+        rescue ArgumentError => e
+          Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
+          0 # Default to 360 days in seconds if parsing fails, so that it will not be in cooldown
+        end
+        sig { returns(Package::PackageDetailsFetcher) }
+        def package_details_fetcher
+          @package_details_fetcher ||= T.let(
+            Package::PackageDetailsFetcher.new(
+              dependency: dependency,
+              credentials: credentials,
+              git_commit_checker: git_commit_checker
+            ), T.nilable(Package::PackageDetailsFetcher)
+          )
+        end
+        sig { returns(T::Boolean) }
+        def cooldown_enabled?
+          Dependabot::Experiments.enabled?(:enable_cooldown_for_swift)
+        end
+        sig { returns(Dependabot::GitCommitChecker) }
+        attr_reader :git_commit_checker
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+      end
+    end
+  end
+end

data/lib/dependabot/swift/update_checker.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Dependabot
       require_relative "update_checker/requirements_updater"
       require_relative "update_checker/version_resolver"
+      require_relative "update_checker/latest_version_resolver"
       sig { override.returns(T.nilable(Dependabot::Version)) }
       def latest_version
@@ -111,6 +112,16 @@ module Dependabot
         )
       end
+      sig { returns(LatestVersionResolver) }
+      def cooldown_check_version_resolver_for
+        LatestVersionResolver.new(
+          dependency: dependency,
+          credentials: credentials,
+          cooldown_options: update_cooldown,
+          git_commit_checker: git_commit_checker
+        )
+      end
       sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def unlocked_requirements
         NativeRequirement.map_requirements(old_requirements) do |_old_requirement|
@@ -183,7 +194,7 @@ module Dependabot
       sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
       def latest_version_tag
-        git_commit_checker.local_tag_for_latest_version
+        cooldown_check_version_resolver_for.latest_version_tag
       end
       sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-swift
 version: !ruby/object:Gem::Version
-  version: 0.314.0
+  version: 0.316.0
 platform: ruby
 authors:
 - Dependabot
 bindir: bin
 cert_chain: []
-date: 2025-05-22 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.314.0
+        version: 0.316.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.314.0
+        version: 0.316.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -253,9 +253,11 @@ files:
 - lib/dependabot/swift/language.rb
 - lib/dependabot/swift/metadata_finder.rb
 - lib/dependabot/swift/native_requirement.rb
+- lib/dependabot/swift/package/package_details_fetcher.rb
 - lib/dependabot/swift/package_manager.rb
 - lib/dependabot/swift/requirement.rb
 - lib/dependabot/swift/update_checker.rb
+- lib/dependabot/swift/update_checker/latest_version_resolver.rb
 - lib/dependabot/swift/update_checker/requirements_updater.rb
 - lib/dependabot/swift/update_checker/version_resolver.rb
 - lib/dependabot/swift/version.rb
@@ -264,7 +266,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.314.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.316.0
 rdoc_options: []
 require_paths:
 - lib
@@ -272,14 +274,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.3.0
 requirements: []
-rubygems_version: 3.6.3
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Provides Dependabot support for Swift
 test_files: []