vanagon 0.39.0 → 0.39.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/vanagon/component/source/git.rb +6 -9
  3. data/lib/vanagon/component/source/http.rb +13 -14
  4. data/lib/vanagon/component/source.rb +5 -2
  5. data/lib/vanagon/component.rb +9 -2
  6. data/spec/lib/vanagon/component/source/git_spec.rb +35 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ac97aec522601e6c06e6b246356b9fd2eef1a94d1548b501424224d4d51522c
4
- data.tar.gz: 557d3080596d55cc84819bd59b5d30d566c66d3620cc3687ea8bb889c8f50118
3
+ metadata.gz: 0bbab09cfcd3f8a91841bb070ac6fbdd57b37ba5833e4992f3c2251df12c825a
4
+ data.tar.gz: 1a14dea7853f5e623ae1d8fbccf35f63d5fb63c2ab6b9c013ce50bc37a2ba791
5
5
  SHA512:
6
- metadata.gz: 007b36851f55746bd042d54f1b4aa6ab2557b18f81f0d759730554080153b7cdbda44d8a16476f36f63556f906631eaca1bfa8de066c9c7b0bf4cc8da543e4e4
7
- data.tar.gz: fe4fa81aeb5246f3892cee17cea50b9545fce5f8dda33f491f7b92ad6f58c624e09540d3476353b2eeef58518fd730e310288140bdf03181b8d7c3137e8d6f3b
6
+ metadata.gz: f167828ef7a0012965b349b670fa4c3b3712bdb6065ae0ced63acca1ec8b909b850ada729cf4151271c62781f4576e088b8f5289de12e94f3748c64f311fdb4a
7
+ data.tar.gz: 4ab66f44f2b4fabd72ab2fa42c00bd4f3756b4dc9681c1ba05d2715fdacf82092327f297986f3fe872cdf3e306195d1fa3ee66b1ba9e2c8cf575e61b8b5386ae
data/lib/vanagon/component/source/git.rb CHANGED
@@ -60,6 +60,7 @@ class Vanagon
60
60
  # VANAGON-227 We need to be careful when guessing whether a https://github.com/...
61
61
  # URL is actually a true git repo. Make some rules around it based on the github API.
62
62
  # Decide that anything with a documented media_type is just an http url.
63
+ # We do this instead of talking to GitHub directly to avoid rate limiting.
63
64
  # See:
64
65
  # https://docs.github.com/en/repositories/working-with-files/using-files/downloading-source-code-archives
65
66
  # https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#download-a-repository-archive-tar
@@ -68,17 +69,13 @@ class Vanagon
68
69
  url_directory = url.to_s.delete_prefix(github_url_prefix)
69
70
  url_components = url_directory.split('/')
70
71
 
71
- return :github_remote if url_directory.end_with?('.git')
72
-
73
72
  # Find cases of supported github media types.
74
73
  # [ owner, repo, media_type, ref ]
75
- case url_components[2]
76
- when 'archive'
77
- :github_archive
78
- when 'tarball'
79
- :github_tarball
80
- when 'zipball'
81
- :github_zipball
74
+ path_types = ['archive', 'releases', 'tarball', 'zipball']
75
+ if path_types.include?(url_components[2]) ||
76
+ url_components[-1].end_with?('.tar.gz') ||
77
+ url_components[-1].end_with?('.zip')
78
+ :github_media
82
79
  else
83
80
  :github_remote
84
81
  end
data/lib/vanagon/component/source/http.rb CHANGED
@@ -22,20 +22,19 @@ class Vanagon
22
22
  return false unless ['http', 'https'].include? uri.scheme
23
23
 
24
24
  Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
25
- http.request(Net::HTTP::Head.new(uri)) do |response|
26
- case response
27
- when Net::HTTPRedirection
28
- # By parsing the location header, we get either an absolute
29
- # URI or a URI with a relative `path`. Adding it to `uri`
30
- # should correctly update the relative `path` or overwrite
31
- # the entire URI if it's absolute.
32
- location = URI.parse(response.header['location'])
33
- valid_url?(uri + location)
34
- when Net::HTTPSuccess
35
- return true
36
- else
37
- false
38
- end
25
+ response = http.request(Net::HTTP::Head.new(uri))
26
+ case response
27
+ when Net::HTTPRedirection
28
+ # By parsing the location header, we get either an absolute
29
+ # URI or a URI with a relative `path`. Adding it to `uri`
30
+ # should correctly update the relative `path` or overwrite
31
+ # the entire URI if it's absolute.
32
+ location = URI.parse(response.header['location'])
33
+ valid_url?(uri + location)
34
+ when Net::HTTPSuccess
35
+ true
36
+ else
37
+ false
39
38
  end
40
39
  end
41
40
  end
data/lib/vanagon/component/source.rb CHANGED
@@ -3,8 +3,11 @@ require 'vanagon/logger'
3
3
  require 'vanagon/component/source/http'
4
4
  require 'vanagon/component/source/git'
5
5
  require 'vanagon/component/source/local'
6
+ require 'vanagon/errors'
6
7
 
7
8
  class Vanagon
9
+ class InvalidSource < Vanagon::Error
10
+ end
8
11
  class Component
9
12
  class Source
10
13
  SUPPORTED_PROTOCOLS = %w[file http https git].freeze
@@ -55,8 +58,8 @@ class Vanagon
55
58
  end
56
59
 
57
60
  # Unknown source type!
58
- raise Vanagon::Error,
59
- "Unknown file type: '#{uri}'; cannot continue"
61
+ raise Vanagon::InvalidSource,
62
+ "Source is invalid or of an unknown type: '#{uri}'; cannot continue"
60
63
  end
61
64
 
62
65
  def determine_source_type(uri)
data/lib/vanagon/component.rb CHANGED
@@ -260,14 +260,21 @@ class Vanagon
260
260
  VanagonLogger.info %(Attempting to fetch from mirror URL "#{mirror}")
261
261
  @source = Vanagon::Component::Source.source(mirror, **options)
262
262
  return true if source.fetch
263
+ rescue Vanagon::InvalidSource
264
+ # This means that the URL was not a git repo or a valid downloadable file,
265
+ # which means either the URL is incorrect, or we don't have access to that
266
+ # resource. Return false, so that the pkg.url value can be used instead.
267
+ VanagonLogger.error %(Invalid source "#{mirror}")
263
268
  rescue SocketError
264
269
  # SocketError means that there was no DNS/name resolution
265
270
  # for whatever remote protocol the mirror tried to use.
266
271
  VanagonLogger.error %(Unable to resolve mirror URL "#{mirror}")
267
- rescue RuntimeError
272
+ rescue StandardError
268
273
  # Source retrieval does not consistently return a meaningful
269
274
  # namespaced error message, which means we're brute-force rescuing
270
- # RuntimeError. Not a good look, and we should fix this.
275
+ # StandardError. Also, we want to handle other unexpected things when
276
+ # we try reaching out to the URL, so that we can gracefully return
277
+ # false and fall back to fetching the pkg.url value instead.
271
278
  VanagonLogger.error %(Unable to retrieve mirror URL "#{mirror}")
272
279
  end
273
280
  end
data/spec/lib/vanagon/component/source/git_spec.rb CHANGED
@@ -15,12 +15,27 @@ describe "Vanagon::Component::Source::Git" do
15
15
  let(:github_archive_uri) do
16
16
  'https://github.com/2ndQuadrant/pglogical/archive/a_file_name.tar.gz'
17
17
  end
18
+ let(:github_releases_uri) do
19
+ 'https://github.com/libffi/libffi/releases/download/v3.4.3/libffi-3.4.3.tar.gz'
20
+ end
18
21
  let(:github_tarball_uri) do
19
22
  'https://github.com/Baeldung/kotlin-tutorials/tarball/main'
20
23
  end
21
24
  let(:github_zipball_uri) do
22
25
  'https://github.com/Baeldung/kotlin-tutorials/zipball/master'
23
26
  end
27
+ let(:github_actual_tarball_uri) do
28
+ 'https://github.com/puppetlabs/puppet/archive/refs/tags/8.2.0.tar.gz'
29
+ end
30
+ let(:github_actual_tarball_with_unexpected_path_uri) do
31
+ 'https://github.com/puppetlabs/puppet/something/refs/tags/8.2.0.tar.gz'
32
+ end
33
+ let(:github_actual_zipball_uri) do
34
+ 'https://github.com/puppetlabs/puppet/archive/refs/tags/8.2.0.zip'
35
+ end
36
+ let(:github_actual_zipball_with_unexpected_path_uri) do
37
+ 'https://github.com/puppetlabs/puppet/something/refs/tags/8.2.0.zip'
38
+ end
24
39
  let(:github_repo_uri) do
25
40
  'https://github.com/cameronmcnz/rock-paper-scissors'
26
41
  end
@@ -32,14 +47,34 @@ describe "Vanagon::Component::Source::Git" do
32
47
  expect(Vanagon::Component::Source::Git.valid_remote?(github_archive_uri)).to be false
33
48
  end
34
49
 
50
+ it "flags github releases uris as not valid repos" do
51
+ expect(Vanagon::Component::Source::Git.valid_remote?(github_releases_uri)).to be false
52
+ end
53
+
35
54
  it "flags github tarball uris as not valid repos" do
36
55
  expect(Vanagon::Component::Source::Git.valid_remote?(github_tarball_uri)).to be false
37
56
  end
38
57
 
58
+ it "flags github actual tarball uris as not valid repos" do
59
+ expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_tarball_uri)).to be false
60
+ end
61
+
62
+ it "flags github actual tarball uris with an unexpected path as not valid repos" do
63
+ expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_tarball_with_unexpected_path_uri)).to be false
64
+ end
65
+
39
66
  it "flags git zipball uris as not valid repos" do
40
67
  expect(Vanagon::Component::Source::Git.valid_remote?(github_zipball_uri)).to be false
41
68
  end
42
69
 
70
+ it "flags github actual tarball uris as not valid repos" do
71
+ expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_zipball_uri)).to be false
72
+ end
73
+
74
+ it "flags github actual tarball uris with an unexpected path as not valid repos" do
75
+ expect(Vanagon::Component::Source::Git.valid_remote?(github_actual_zipball_with_unexpected_path_uri)).to be false
76
+ end
77
+
43
78
  it "identifies git generic uris as valid repos" do
44
79
  expect(Vanagon::Component::Source::Git.valid_remote?(github_repo_uri)).to be true
45
80
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vanagon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.39.0
4
+ version: 0.39.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet By Perforce
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-08 00:00:00.000000000 Z
11
+ date: 2023-08-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docopt