dependabot-vcpkg 0.359.0 → 0.360.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5bc4fadeb9304062a219b58603032397a0584a20602d3c30d25a2f1e5328b7f
-  data.tar.gz: 32b77e4b44277cc4b732ac1b4a4fcb42ed1fd76353e3814c7143866e67ec54dd
+  metadata.gz: 57ac8d719c97356820825e8cfb0fdd08634a55e4fcdd5bb8e23beb6245c5a7f6
+  data.tar.gz: 51d2e076ebda6dc107b137513784a016b7828f957133f11964a53e353746e5e0
 SHA512:
-  metadata.gz: cc23968f8183bae3b790486a323f66412268a4704794419dde9e5642cc7c7b2a3d92f6b130e5d5f538f09125c97133634e70f30dfaf268f88d955519d8ff28f3
-  data.tar.gz: e96052d19ae2cb0a934cf914f202ca3c134a480665a59531d0d0561d0f77f406a5fa36e888029677479ae564d2a09cad60726887c211713f305d9e3040f9b59e
+  metadata.gz: 07be584a143433a620e2988b9a3fdf52403baa7945e3eae6d51120864c6602e60806240a8339245de9e301dd625dfb6713a27c2b57d19e945ef1719cb642648e
+  data.tar.gz: de0465bde2a9ee5c0ba65de36a3024e41e9567e84cacd495bc377095d99029f86f84b4720977478dc9b1ed4c7a3b024791356f2ba702d16014f9653a29b5e681

data/lib/dependabot/vcpkg/file_fetcher.rb

@@ -15,12 +15,14 @@ module Dependabot
 
       sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
       def self.required_files_in?(filenames)
-        filenames.include?(VCPKG_JSON_FILENAME)
+        filenames.any? do |filename|
+          [VCPKG_JSON_FILENAME, VCPKG_CONFIGURATION_JSON_FILENAME].include?(filename)
+        end
       end
 
       sig { override.returns(String) }
       def self.required_files_message
-        "Repo must contain a vcpkg.json file."
+        "Repo must contain a vcpkg.json or vcpkg-configuration.json file."
       end
 
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }

data/lib/dependabot/vcpkg/file_parser.rb

@@ -40,9 +40,11 @@ module Dependabot
 
       sig { override.void }
       def check_required_files
-        return if dependency_files.any? { |f| f.name == VCPKG_JSON_FILENAME }
+        return if dependency_files.any? do |f|
+          [VCPKG_JSON_FILENAME, VCPKG_CONFIGURATION_JSON_FILENAME].include?(f.name)
+        end
 
-        raise Dependabot::DependencyFileNotFound, VCPKG_JSON_FILENAME
+        raise Dependabot::DependencyFileNotFound.new(nil, "No vcpkg manifest files found")
       end
 
       sig { params(dependency_file: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency]) }
@@ -51,7 +53,7 @@ module Dependabot
 
         case dependency_file.name
         in VCPKG_JSON_FILENAME then parse_vcpkg_json(dependency_file)
-        in VCPKG_CONFIGURATION_JSON_FILENAME then [] # TODO
+        in VCPKG_CONFIGURATION_JSON_FILENAME then parse_vcpkg_configuration_json(dependency_file)
         else []
         end
       end
@@ -64,7 +66,21 @@ module Dependabot
         dependencies = []
 
         parsed_json["builtin-baseline"]&.then do |baseline|
-          dependencies << parse_baseline_dependency(baseline:, dependency_file:)
+          dependencies << Dependabot::Dependency.new(
+            name: VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME,
+            version: baseline,
+            package_manager: "vcpkg",
+            requirements: [{
+              requirement: nil,
+              groups: [],
+              source: {
+                type: "git",
+                url: VCPKG_DEFAULT_BASELINE_URL,
+                ref: VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH
+              },
+              file: dependency_file.name
+            }]
+          )
         end
 
         parsed_json["dependencies"]&.each do |dep|
@@ -78,23 +94,29 @@ module Dependabot
         raise Dependabot::DependencyFileNotParseable, T.must(dependency_files.first).path
       end
 
-      sig { params(baseline: String, dependency_file: Dependabot::DependencyFile).returns(Dependabot::Dependency) }
-      def parse_baseline_dependency(baseline:, dependency_file:)
-        Dependabot::Dependency.new(
-          name: VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME,
-          version: baseline,
-          package_manager: "vcpkg",
-          requirements: [{
-            requirement: nil,
-            groups: [],
-            source: {
-              type: "git",
-              url: VCPKG_DEFAULT_BASELINE_URL,
-              ref: VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH
-            },
-            file: dependency_file.name
-          }]
-        )
+      sig { params(dependency_file: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency]) }
+      def parse_vcpkg_configuration_json(dependency_file)
+        contents = T.must(dependency_file.content)
+        parsed_json = JSON.parse(contents)
+
+        dependencies = []
+
+        # Parse default-registry if it exists
+        parsed_json["default-registry"]&.then do |registry|
+          dependency = parse_registry_dependency(registry:, dependency_file:, is_default: true)
+          dependencies << dependency if dependency
+        end
+
+        # Parse registries array if it exists
+        parsed_json["registries"]&.each do |registry|
+          dependency = parse_registry_dependency(registry:, dependency_file:, is_default: false)
+          dependencies << dependency if dependency
+        end
+
+        dependencies.compact
+      rescue JSON::ParserError
+        Dependabot.logger.warn("Failed to parse #{dependency_file.name}: #{dependency_file.content}")
+        raise Dependabot::DependencyFileNotParseable, dependency_file.path
       end
 
       sig do
@@ -141,6 +163,70 @@ module Dependabot
         end
       end
 
+      sig do
+        params(
+          registry: T::Hash[String, T.untyped],
+          dependency_file: Dependabot::DependencyFile,
+          is_default: T::Boolean
+        )
+          .returns(T.nilable(Dependabot::Dependency))
+      end
+      def parse_registry_dependency(registry:, dependency_file:, is_default: false) # rubocop:disable Metrics/MethodLength
+        kind = registry["kind"]
+        baseline = registry["baseline"]
+
+        # Only track git and builtin registries
+        return nil unless VCPKG_SUPPORTED_REGISTRY_TYPES.include?(kind)
+        return nil unless baseline.is_a?(String)
+
+        case kind
+        when "git"
+          repository = registry["repository"]
+          return nil unless repository.is_a?(String)
+
+          reference = registry["reference"] || "HEAD"
+
+          Dependabot::Dependency.new(
+            name: repository,
+            version: baseline,
+            package_manager: "vcpkg",
+            requirements: [{
+              requirement: nil,
+              groups: [],
+              source: {
+                type: "git",
+                url: repository,
+                ref: reference
+              },
+              file: dependency_file.name
+            }],
+            metadata: {
+              default: is_default
+            }
+          )
+        when "builtin"
+          Dependabot::Dependency.new(
+            name: VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME,
+            version: baseline,
+            package_manager: "vcpkg",
+            requirements: [{
+              requirement: nil,
+              groups: [],
+              source: {
+                type: "git",
+                url: VCPKG_DEFAULT_BASELINE_URL,
+                ref: VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH
+              },
+              file: dependency_file.name
+            }],
+            metadata: {
+              builtin: true,
+              default: is_default
+            }
+          )
+        end
+      end
+
       sig { params(version_string: String).returns([String, T.nilable(String)]) }
       def parse_version_with_port(version_string)
         if version_string.include?("#")

data/lib/dependabot/vcpkg/file_updater.rb

@@ -15,22 +15,36 @@ module Dependabot
 
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def updated_dependency_files
+        updated_files = []
+
+        # Handle vcpkg.json
         vcpkg_json_file = get_original_file(VCPKG_JSON_FILENAME)
-        return [] unless vcpkg_json_file&.then { |file| file_changed?(file) }
+        if vcpkg_json_file&.then { |file| file_changed?(file) }
+          updated_files << updated_file(
+            file: vcpkg_json_file,
+            content: updated_vcpkg_json_content(vcpkg_json_file)
+          )
+        end
+
+        # Handle vcpkg-configuration.json
+        vcpkg_config_file = get_original_file(VCPKG_CONFIGURATION_JSON_FILENAME)
+        if vcpkg_config_file&.then { |file| file_changed?(file) }
+          updated_files << updated_file(
+            file: vcpkg_config_file,
+            content: updated_vcpkg_configuration_json_content(vcpkg_config_file)
+          )
+        end
 
-        [updated_file(
-          file: vcpkg_json_file,
-          content: updated_vcpkg_json_content(vcpkg_json_file)
-        )]
+        updated_files
       end
 
       private
 
       sig { override.void }
       def check_required_files
-        return if get_original_file(VCPKG_JSON_FILENAME)
+        return if get_original_file(VCPKG_JSON_FILENAME) || get_original_file(VCPKG_CONFIGURATION_JSON_FILENAME)
 
-        raise Dependabot::DependencyFileNotFound, VCPKG_JSON_FILENAME
+        raise Dependabot::DependencyFileNotFound.new(nil, "No vcpkg manifest files found")
       end
 
       sig { params(file: Dependabot::DependencyFile).returns(String) }
@@ -48,6 +62,21 @@ module Dependabot
         raise Dependabot::DependencyFileNotParseable, file.path
       end
 
+      sig { params(file: Dependabot::DependencyFile).returns(String) }
+      def updated_vcpkg_configuration_json_content(file)
+        content = T.must(file.content)
+        parsed_content = JSON.parse(content)
+
+        dependencies
+          .filter_map { |dep| [dep, dep.requirements.find { |r| r[:file] == file.name }] }
+          .select { |_, requirement| requirement }
+          .each { |dependency, _| update_registry_dependency_in_content(parsed_content, dependency, file.name) }
+
+        JSON.pretty_generate(parsed_content)
+      rescue JSON::ParserError
+        raise Dependabot::DependencyFileNotParseable, file.path
+      end
+
       sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
       def update_dependency_in_content(content, dependency, filename)
         case dependency.name
@@ -60,6 +89,60 @@ module Dependabot
 
       sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
       def update_baseline_in_content(content, dependency, filename)
+        update_baseline_field(content, dependency, filename, "builtin-baseline")
+      end
+
+      sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency).void }
+      def update_port_dependency_in_content(content, dependency)
+        # Update the dependencies array
+        dependencies_array = content["dependencies"]
+        return unless dependencies_array.is_a?(Array)
+
+        # Find and update the specific dependency using more functional approach
+        target_dep = dependencies_array.find { _1.is_a?(Hash) && _1["name"] == dependency.name }
+        target_dep&.[]=("version>=", dependency.version)
+      end
+
+      sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
+      def update_registry_dependency_in_content(content, dependency, filename)
+        # Check if this is a default registry update based on metadata
+        if dependency.metadata[:default]
+          update_default_registry(content, dependency, filename)
+        else
+          # For registries array, find by repository URL
+          update_registry_by_name(content, dependency, filename)
+        end
+      end
+
+      sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
+      def update_default_registry(content, dependency, filename)
+        default_registry = content["default-registry"]
+        return unless default_registry.is_a?(Hash)
+
+        update_baseline_field(default_registry, dependency, filename, "baseline")
+      end
+
+      sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
+      def update_registry_by_name(content, dependency, filename)
+        registries = content["registries"]
+        return unless registries.is_a?(Array)
+
+        # Find registry based on dependency characteristics
+        registry = find_target_registry(registries, dependency)
+        return unless registry
+
+        update_baseline_field(registry, dependency, filename, "baseline")
+      end
+
+      sig do
+        params(
+          target: T::Hash[String, T.untyped],
+          dependency: Dependabot::Dependency,
+          filename: String,
+          field_name: String
+        ).void
+      end
+      def update_baseline_field(target, dependency, filename, field_name)
         # Find the requirement for this specific file
         requirement = dependency.requirements.find { |r| r[:file] == filename }
         return unless requirement
@@ -67,21 +150,28 @@ module Dependabot
         # Extract and validate the new baseline
         case requirement[:source]
         in { ref: String => new_baseline }
-          content["builtin-baseline"] = new_baseline
+          target[field_name] = new_baseline
         else
           # Skip if source doesn't have the expected structure
         end
       end
 
-      sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency).void }
-      def update_port_dependency_in_content(content, dependency)
-        # Update the dependencies array
-        dependencies_array = content["dependencies"]
-        return unless dependencies_array.is_a?(Array)
-
-        # Find and update the specific dependency using more functional approach
-        target_dep = dependencies_array.find { _1.is_a?(Hash) && _1["name"] == dependency.name }
-        target_dep&.[]=("version>=", dependency.version)
+      sig do
+        params(
+          registries: T::Array[T.untyped],
+          dependency: Dependabot::Dependency
+        )
+          .returns(T.nilable(T::Hash[String, T.untyped]))
+      end
+      def find_target_registry(registries, dependency)
+        if dependency.metadata[:builtin]
+          # For builtin registries, find by kind
+          registries.find { |r| r.is_a?(Hash) && r["kind"] == "builtin" }
+        else
+          # For git registries, find by repository URL
+          repository_url = dependency.requirements.first&.dig(:source, :url)
+          registries.find { |r| r.is_a?(Hash) && r["repository"] == repository_url }
+        end
       end
     end
   end

data/lib/dependabot/vcpkg.rb

@@ -39,5 +39,7 @@ module Dependabot
     VCPKG_DEFAULT_BASELINE_URL = "https://github.com/microsoft/vcpkg.git"
 
     VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH = "master"
+
+    VCPKG_SUPPORTED_REGISTRY_TYPES = %w(git builtin).freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-vcpkg
 version: !ruby/object:Gem::Version
-  version: 0.359.0
+  version: 0.360.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.359.0
+        version: 0.360.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.359.0
+        version: 0.360.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -256,7 +256,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.359.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.360.0
 rdoc_options: []
 require_paths:
 - lib