vanagon 0.39.0 → 0.39.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ac97aec522601e6c06e6b246356b9fd2eef1a94d1548b501424224d4d51522c
-  data.tar.gz: 557d3080596d55cc84819bd59b5d30d566c66d3620cc3687ea8bb889c8f50118
+  metadata.gz: 4fe169a867215743c1234c1dc7611f6747040505867c94f05379e2e789e1ef22
+  data.tar.gz: d663402a3ff359291b83a970e59ea8e9ce3b3101ba1a5d443e38b2372018ffa4
 SHA512:
-  metadata.gz: 007b36851f55746bd042d54f1b4aa6ab2557b18f81f0d759730554080153b7cdbda44d8a16476f36f63556f906631eaca1bfa8de066c9c7b0bf4cc8da543e4e4
-  data.tar.gz: fe4fa81aeb5246f3892cee17cea50b9545fce5f8dda33f491f7b92ad6f58c624e09540d3476353b2eeef58518fd730e310288140bdf03181b8d7c3137e8d6f3b
+  metadata.gz: 1c58c68372fb374b8ea3d3d016473e32bc41d76632f42dd76bcdef99a375b8758198fd1b193231932746d8c219cce8131817a43bc4c2597f8be2477c52f02d3f
+  data.tar.gz: 18e74e97521b6db5596d746ff6628f932bdfd0b69670987588063a8f6b688a4ce3e0bfcd9d2f6159af68f5f9c3a47a2336267a928e10e0adf35d3e7b4cdd9f29

data/lib/vanagon/component/source/git.rb

@@ -60,6 +60,7 @@ class Vanagon
           # VANAGON-227 We need to be careful when guessing whether a https://github.com/...
           # URL is actually a true git repo. Make some rules around it based on the github API.
           # Decide that anything with a documented media_type is just an http url.
+          # We do this instead of talking to GitHub directly to avoid rate limiting.
           # See:
           # https://docs.github.com/en/repositories/working-with-files/using-files/downloading-source-code-archives
           # https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#download-a-repository-archive-tar
@@ -68,17 +69,13 @@ class Vanagon
             url_directory = url.to_s.delete_prefix(github_url_prefix)
             url_components = url_directory.split('/')
 
-            return :github_remote if url_directory.end_with?('.git')
-
             # Find cases of supported github media types.
             # [ owner, repo, media_type, ref ]
-            case url_components[2]
-            when 'archive'
-              :github_archive
-            when 'tarball'
-              :github_tarball
-            when 'zipball'
-              :github_zipball
+            path_types = ['archive', 'releases', 'tarball', 'zipball']
+            if path_types.include?(url_components[2]) ||
+               url_components[-1].end_with?('.tar.gz') ||
+               url_components[-1].end_with?('.zip')
+              :github_media
             else
               :github_remote
             end

data/lib/vanagon/component/source/http.rb

@@ -22,20 +22,19 @@ class Vanagon
             return false unless ['http', 'https'].include? uri.scheme
 
             Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
-              http.request(Net::HTTP::Head.new(uri)) do |response|
-                case response
-                when Net::HTTPRedirection
-                  # By parsing the location header, we get either an absolute
-                  # URI or a URI with a relative `path`. Adding it to `uri`
-                  # should correctly update the relative `path` or overwrite
-                  # the entire URI if it's absolute.
-                  location = URI.parse(response.header['location'])
-                  valid_url?(uri + location)
-                when Net::HTTPSuccess
-                  return true
-                else
-                  false
-                end
+              response = http.request(Net::HTTP::Head.new(uri))
+              case response
+              when Net::HTTPRedirection
+                # By parsing the location header, we get either an absolute
+                # URI or a URI with a relative `path`. Adding it to `uri`
+                # should correctly update the relative `path` or overwrite
+                # the entire URI if it's absolute.
+                location = URI.parse(response.header['location'])
+                valid_url?(uri + location)
+              when Net::HTTPSuccess
+                true
+              else
+                false
               end
             end
           end

data/spec/lib/vanagon/component/source/git_spec.rb

@@ -15,12 +15,27 @@ describe "Vanagon::Component::Source::Git" do
     let(:github_archive_uri) do
       'https://github.com/2ndQuadrant/pglogical/archive/a_file_name.tar.gz'
     end
+    let(:github_releases_uri) do
+      'https://github.com/libffi/libffi/releases/download/v3.4.3/libffi-3.4.3.tar.gz'
+    end
     let(:github_tarball_uri) do
       'https://github.com/Baeldung/kotlin-tutorials/tarball/main'
     end
     let(:github_zipball_uri) do
       'https://github.com/Baeldung/kotlin-tutorials/zipball/master'
     end
+    let(:github_actual_tarball_uri) do
+      'https://github.com/puppetlabs/puppet/archive/refs/tags/8.2.0.tar.gz'
+    end
+    let(:github_actual_tarball_with_unexpected_path_uri) do
+      'https://github.com/puppetlabs/puppet/something/refs/tags/8.2.0.tar.gz'
+    end
+    let(:github_actual_zipball_uri) do
+      'https://github.com/puppetlabs/puppet/archive/refs/tags/8.2.0.zip'
+    end
+    let(:github_actual_zipball_with_unexpected_path_uri) do
+      'https://github.com/puppetlabs/puppet/something/refs/tags/8.2.0.zip'
+    end
     let(:github_repo_uri) do
       'https://github.com/cameronmcnz/rock-paper-scissors'
     end
@@ -32,14 +47,34 @@ describe "Vanagon::Component::Source::Git" do
       expect(Vanagon::Component::Source::Git.valid_remote?(github_archive_uri)).to be false
     end
 
+    it "flags github releases uris as not valid repos" do
+      expect(Vanagon::Component::Source::Git.valid_remote?(github_releases_uri)).to be false
+    end
+
     it "flags github tarball uris as not valid repos" do
       expect(Vanagon::Component::Source::Git.valid_remote?(github_tarball_uri)).to be false
     end
 
+    it "flags github actual tarball uris as not valid repos" do
+      expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_tarball_uri)).to be false
+    end
+
+    it "flags github actual tarball uris with an unexpected path as not valid repos" do
+      expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_tarball_with_unexpected_path_uri)).to be false
+    end
+
     it "flags git zipball uris as not valid repos" do
       expect(Vanagon::Component::Source::Git.valid_remote?(github_zipball_uri)).to be false
     end
 
+    it "flags github actual tarball uris as not valid repos" do
+      expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_zipball_uri)).to be false
+    end
+
+    it "flags github actual tarball uris with an unexpected path as not valid repos" do
+      expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_zipball_with_unexpected_path_uri)).to be false
+    end
+
     it "identifies git generic uris as valid repos" do
       expect(Vanagon::Component::Source::Git.valid_remote?(github_repo_uri)).to be true
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vanagon
 version: !ruby/object:Gem::Version
-  version: 0.39.0
+  version: 0.39.1
 platform: ruby
 authors:
 - Puppet By Perforce
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-08 00:00:00.000000000 Z
+date: 2023-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docopt