dependabot-vcpkg 0.383.0 → 0.384.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fce9caf8a451b37dc7557dc8bc678dfc4604c2faf70044d5be5c120ea9dc212b
4
- data.tar.gz: 026f63261fb9d236ab4a34cc604e663f7be2f126fa28010236c8a1f611305b37
3
+ metadata.gz: df9224704a4f2c080b3a6c4372aaf4de2a1f724a5462b8abb65ee356356f4c2e
4
+ data.tar.gz: 78ed42e14df7d26603d4cd9f6083ae259d64a799563cf6e4f5307cc1a99504fd
5
5
  SHA512:
6
- metadata.gz: 5de97c1ba1717c229d23e2a595ef8fd32d9715d77a41bd29a2a71ea27cc20b25499f219718a37cdc3b4b4caa696763dd7712449bb0563804e7230f2eee58d78e
7
- data.tar.gz: 931fd85db08c28cbe63a64bd30ede201f8db237c76a94ab9098908cd7a8380a662fb675c9e03f3b5ed36c93e2d64b9c20df82d1ce1909a38badcd7f717e21cec
6
+ metadata.gz: fbe1b6dace0ccbb55540a1e799725502e32504ecff58d2ff5a38f91d690c280abf97b98de2a5bafcd67cae89e1c904e261cd41912de90283c22e5c768e4e532d
7
+ data.tar.gz: 9e0d437eb0790fb81054d448bec4270008064595ac0209e9e0dcaefbd3ac972ceb18343a9d906a469c97d0b581b9f6f2d647ae7de7bc6f99d7498c062851adfd
@@ -21,7 +21,10 @@ module Dependabot
21
21
 
22
22
  sig { override.returns(T::Array[Dependabot::Dependency]) }
23
23
  def parse
24
- dependency_files.flat_map { |file| parse_dependency_file(file) }.compact
24
+ dependencies = dependency_files.flat_map { |file| parse_dependency_file(file) }.compact
25
+ baseline = missing_baseline_dependency
26
+ dependencies << baseline if baseline
27
+ dependencies
25
28
  end
26
29
 
27
30
  sig { override.returns(Ecosystem) }
@@ -236,6 +239,106 @@ module Dependabot
236
239
  end
237
240
  end
238
241
 
242
+ # A project relying on a global vcpkg install has no baseline to update.
243
+ # Synthesize one so the updater adds it to the manifest; later runs keep it
244
+ # current. See https://github.com/dependabot/dependabot-core/issues/13051
245
+ sig { returns(T.nilable(Dependabot::Dependency)) }
246
+ def missing_baseline_dependency
247
+ manifest = vcpkg_manifest_file
248
+ return nil unless manifest
249
+ return nil unless manifest_declares_dependencies?(manifest)
250
+ return nil if baseline_resolvable?
251
+
252
+ config = vcpkg_configuration_file
253
+ if config.nil?
254
+ synthetic_baseline_dependency(file_name: manifest.name)
255
+ elsif default_registry.nil?
256
+ synthetic_baseline_dependency(
257
+ file_name: config.name,
258
+ metadata: { default: true, create_default_registry: true }
259
+ )
260
+ end
261
+ end
262
+
263
+ sig do
264
+ params(file_name: String, metadata: T::Hash[Symbol, T.untyped]).returns(Dependabot::Dependency)
265
+ end
266
+ def synthetic_baseline_dependency(file_name:, metadata: {})
267
+ Dependabot::Dependency.new(
268
+ name: VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME,
269
+ version: nil,
270
+ package_manager: "vcpkg",
271
+ requirements: [{
272
+ requirement: nil,
273
+ groups: [],
274
+ source: {
275
+ type: "git",
276
+ url: VCPKG_DEFAULT_BASELINE_URL,
277
+ ref: VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH
278
+ },
279
+ file: file_name
280
+ }],
281
+ metadata: metadata
282
+ )
283
+ end
284
+
285
+ sig { returns(T::Boolean) }
286
+ def baseline_resolvable?
287
+ manifest_baseline_present? || default_registry_baseline_present?
288
+ end
289
+
290
+ sig { returns(T::Boolean) }
291
+ def manifest_baseline_present?
292
+ manifest = vcpkg_manifest_file
293
+ return false unless manifest
294
+
295
+ parsed_json(manifest)&.dig("builtin-baseline").is_a?(String)
296
+ end
297
+
298
+ sig { returns(T::Boolean) }
299
+ def default_registry_baseline_present?
300
+ registry = default_registry
301
+ !!(registry && registry["baseline"].is_a?(String))
302
+ end
303
+
304
+ sig { returns(T.nilable(T::Hash[String, T.untyped])) }
305
+ def default_registry
306
+ config = vcpkg_configuration_file
307
+ return nil unless config
308
+
309
+ registry = parsed_json(config)&.dig("default-registry")
310
+ registry.is_a?(Hash) ? registry : nil
311
+ end
312
+
313
+ sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
314
+ def manifest_declares_dependencies?(file)
315
+ declared = parsed_json(file)&.dig("dependencies")
316
+ return false unless declared.is_a?(Array)
317
+
318
+ !declared.empty?
319
+ end
320
+
321
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
322
+ def vcpkg_manifest_file
323
+ dependency_files.find { |file| file.name == VCPKG_JSON_FILENAME }
324
+ end
325
+
326
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
327
+ def vcpkg_configuration_file
328
+ dependency_files.find { |file| file.name == VCPKG_CONFIGURATION_JSON_FILENAME }
329
+ end
330
+
331
+ sig { params(file: Dependabot::DependencyFile).returns(T.nilable(T::Hash[String, T.untyped])) }
332
+ def parsed_json(file)
333
+ content = file.content
334
+ return nil unless content
335
+
336
+ parsed = JSON.parse(content)
337
+ parsed.is_a?(Hash) ? parsed : nil
338
+ rescue JSON::ParserError
339
+ nil
340
+ end
341
+
239
342
  sig { returns(Ecosystem::VersionManager) }
240
343
  def package_manager = @package_manager ||= T.let(PackageManager.new, T.nilable(Dependabot::Vcpkg::PackageManager))
241
344
 
@@ -117,9 +117,32 @@ module Dependabot
117
117
  sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
118
118
  def update_default_registry(content, dependency, filename)
119
119
  default_registry = content["default-registry"]
120
- return unless default_registry.is_a?(Hash)
120
+ if default_registry.is_a?(Hash)
121
+ update_baseline_field(default_registry, dependency, filename, "baseline")
122
+ elsif dependency.metadata[:create_default_registry]
123
+ created_registry = build_default_registry(dependency, filename)
124
+ content["default-registry"] = created_registry if created_registry
125
+ end
126
+ end
127
+
128
+ sig do
129
+ params(dependency: Dependabot::Dependency, filename: String)
130
+ .returns(T.nilable(T::Hash[String, String]))
131
+ end
132
+ def build_default_registry(dependency, filename)
133
+ requirement = dependency.requirements.find { |r| r[:file] == filename }
134
+ return unless requirement
121
135
 
122
- update_baseline_field(default_registry, dependency, filename, "baseline")
136
+ case requirement[:source]
137
+ in { ref: String => baseline }
138
+ {
139
+ "kind" => "git",
140
+ "repository" => VCPKG_DEFAULT_REGISTRY_REPOSITORY,
141
+ "baseline" => baseline
142
+ }
143
+ else
144
+ nil
145
+ end
123
146
  end
124
147
 
125
148
  sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
@@ -50,6 +50,15 @@ module Dependabot
50
50
  )
51
51
  end
52
52
 
53
+ # The release tag for the given commit SHA, if any.
54
+ sig { params(commit_sha: String).returns(T.nilable(String)) }
55
+ def tag_for_commit_sha(commit_sha)
56
+ package_details
57
+ &.releases
58
+ &.find { |release| release.details["commit_sha"] == commit_sha }
59
+ &.tag
60
+ end
61
+
53
62
  private
54
63
 
55
64
  sig { returns(T::Boolean) }
@@ -30,6 +30,16 @@ module Dependabot
30
30
  sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
31
31
  def latest_resolvable_version_with_no_unlock = latest_version
32
32
 
33
+ # The release tag for the current baseline commit SHA (else the SHA), so the
34
+ # PR title's "from" shows the tag, not the "master" ref.
35
+ sig { params(_updated_version: String).returns(T.nilable(String)) }
36
+ def latest_resolvable_previous_version(_updated_version)
37
+ current_version = dependency.version
38
+ return current_version unless registry_dependency? && current_version&.match?(/\A[0-9a-f]{40}\z/)
39
+
40
+ latest_version_finder.tag_for_commit_sha(current_version) || current_version
41
+ end
42
+
33
43
  sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
34
44
  def updated_requirements
35
45
  return dependency.requirements unless latest_version
@@ -66,6 +76,18 @@ module Dependabot
66
76
  !registry_dependency? && dependency.requirements.any? { |req| req[:requirement] }
67
77
  end
68
78
 
79
+ # `latest_version` is a git tag but the baseline is a commit SHA, so the base check never
80
+ # matches and reports an up-to-date baseline as stale. Match the release commit SHA by prefix.
81
+ sig { returns(T::Boolean) }
82
+ def sha1_version_up_to_date?
83
+ return super unless registry_dependency?
84
+
85
+ latest_commit_sha = latest_version_finder.latest_release_info&.details&.dig("commit_sha")
86
+ return super unless latest_commit_sha
87
+
88
+ latest_commit_sha.start_with?(T.must(dependency.version))
89
+ end
90
+
69
91
  # Vcpkg doesn't support full unlocking since dependencies are tracked via baselines
70
92
  sig { override.returns(T::Boolean) }
71
93
  def latest_version_resolvable_with_full_unlock? = false
@@ -38,6 +38,9 @@ module Dependabot
38
38
 
39
39
  VCPKG_DEFAULT_BASELINE_URL = "https://github.com/microsoft/vcpkg.git"
40
40
 
41
+ # Repository URL without the `.git` suffix, for generated `default-registry` blocks.
42
+ VCPKG_DEFAULT_REGISTRY_REPOSITORY = "https://github.com/microsoft/vcpkg"
43
+
41
44
  VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH = "master"
42
45
 
43
46
  VCPKG_SUPPORTED_REGISTRY_TYPES = %w(git builtin).freeze
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-vcpkg
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.383.0
4
+ version: 0.384.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.383.0
18
+ version: 0.384.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.383.0
25
+ version: 0.384.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -256,7 +256,7 @@ licenses:
256
256
  - MIT
257
257
  metadata:
258
258
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
259
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
259
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
260
260
  rdoc_options: []
261
261
  require_paths:
262
262
  - lib
@@ -271,7 +271,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
271
271
  - !ruby/object:Gem::Version
272
272
  version: 3.3.0
273
273
  requirements: []
274
- rubygems_version: 3.7.2
274
+ rubygems_version: 4.0.14
275
275
  specification_version: 4
276
276
  summary: Provides Dependabot support for the VCPKG package manager.
277
277
  test_files: []