Maven: fix classifier being part of the dependency name (#7980)

dependabot · Sep 6, 2023 · 9b00b7d · 9b00b7d
1 parent 98038d9
commit 9b00b7d
Show file tree

Hide file tree

Showing 10 changed files with 38 additions and 27 deletions.
diff --git a/maven/lib/dependabot/maven.rb b/maven/lib/dependabot/maven.rb
@@ -22,7 +22,7 @@
   register_display_name_builder(
     "maven",
     lambda { |name|
-      _group_id, artifact_id, _classifier = name.split(":")
+      _group_id, artifact_id = name.split(":")
       name.length <= 100 ? name : artifact_id
     }
   )
diff --git a/maven/lib/dependabot/maven/file_parser.rb b/maven/lib/dependabot/maven/file_parser.rb
@@ -89,9 +89,6 @@ def dependency_from_dependency_node(pom, dependency_node)
         return unless (name = dependency_name(dependency_node, pom))
         return if internal_dependency_names.include?(name)
 
-        classifier = dependency_classifier(dependency_node, pom)
-        name = "#{name}:#{classifier}" if classifier
-
         build_dependency(pom, dependency_node, name)
       end
 
@@ -119,8 +116,9 @@ def build_dependency(pom, dependency_node, name)
             groups: dependency_groups(pom, dependency_node),
             source: nil,
             metadata: {
-              packaging_type: packaging_type(pom, dependency_node)
-            }.merge(property_details)
+              packaging_type: packaging_type(pom, dependency_node),
+              classifier: dependency_classifier(dependency_node, pom)
+            }.merge(property_details).compact
           }]
         )
       end

diff --git a/maven/lib/dependabot/maven/file_updater/declaration_finder.rb b/maven/lib/dependabot/maven/file_updater/declaration_finder.rb
@@ -59,8 +59,9 @@ def fetch_pom_declaration_strings
             ].compact.join(":")
 
             if node.at_xpath("./*/classifier")
-              node_name += ":#{evaluated_value(node.at_xpath('./*/classifier').
-                content.strip)}"
+              classifier = evaluated_value(node.at_xpath("./*/classifier").content.strip)
+              dep_classifier = dependency.requirements.first.dig(:metadata, :classifier)
+              next false if classifier != dep_classifier
             end
 
             next false unless node_name == dependency_name

diff --git a/maven/lib/dependabot/maven/metadata_finder.rb b/maven/lib/dependabot/maven/metadata_finder.rb
@@ -117,7 +117,7 @@ def dependency_pom_file
       end
 
       def dependency_artifact_id
-        _group_id, artifact_id, _classifier = dependency.name.split(":")
+        _group_id, artifact_id = dependency.name.split(":")
 
         artifact_id
       end

diff --git a/maven/lib/dependabot/maven/update_checker/version_finder.rb b/maven/lib/dependabot/maven/update_checker/version_finder.rb
@@ -251,7 +251,7 @@ def pom
         end
 
         def dependency_metadata_url(repository_url)
-          group_id, artifact_id, _classifier = dependency.name.split(":")
+          group_id, artifact_id = dependency.name.split(":")
 
           "#{repository_url}/" \
             "#{group_id.tr('.', '/')}/" \
@@ -260,9 +260,9 @@ def dependency_metadata_url(repository_url)
         end
 
         def dependency_files_url(repository_url, version)
-          group_id, artifact_id, classifier = dependency.name.split(":")
-          type = dependency.requirements.first.
-                 dig(:metadata, :packaging_type)
+          group_id, artifact_id = dependency.name.split(":")
+          type = dependency.requirements.first.dig(:metadata, :packaging_type)
+          classifier = dependency.requirements.first.dig(:metadata, :classifier)
 
           actual_classifier = classifier.nil? ? "" : "-#{classifier}"
           "#{repository_url}/" \

diff --git a/maven/spec/dependabot/maven/file_parser_spec.rb b/maven/spec/dependabot/maven/file_parser_spec.rb
@@ -72,15 +72,18 @@
 
         it "has the right details" do
           expect(dependency).to be_a(Dependabot::Dependency)
-          expect(dependency.name).to eq("io.mockk:mockk:sources")
+          expect(dependency.name).to eq("io.mockk:mockk")
           expect(dependency.version).to eq("1.0.0")
           expect(dependency.requirements).to eq(
             [{
               requirement: "1.0.0",
               file: "pom.xml",
               groups: [],
               source: nil,
-              metadata: { packaging_type: "jar" }
+              metadata: {
+                classifier: "sources",
+                packaging_type: "jar"
+              }
             }]
           )
         end

diff --git a/maven/spec/dependabot/maven/file_updater/declaration_finder_spec.rb b/maven/spec/dependabot/maven/file_updater/declaration_finder_spec.rb
@@ -71,8 +71,9 @@
     end
 
     context "with a dependency that has a classifier" do
-      let(:dependency_name) { "io.mockk:mockk:sources" }
+      let(:dependency_name) { "io.mockk:mockk" }
       let(:dependency_version) { "1.0.0" }
+      let(:dependency_metadata) { { packaging_type: "jar", classifier: "sources" } }
 
       it "finds the declaration" do
         expect(declaration_nodes.count).to eq(1)

diff --git a/maven/spec/dependabot/maven/file_updater_spec.rb b/maven/spec/dependabot/maven/file_updater_spec.rb
@@ -50,21 +50,27 @@
   end
   let(:mockk_dependency) do
     Dependabot::Dependency.new(
-      name: "io.mockk:mockk:sources",
+      name: "io.mockk:mockk",
       version: "1.10.0",
       requirements: [{
         file: "pom.xml",
         requirement: "1.10.0",
         groups: [],
         source: nil,
-        metadata: { packaging_type: "jar" }
+        metadata: {
+          packaging_type: "jar",
+          classifier: "sources"
+        }
       }],
       previous_requirements: [{
         file: "pom.xml",
         requirement: "1.0.0",
         groups: [],
         source: nil,
-        metadata: { packaging_type: "jar" }
+        metadata: {
+          packaging_type: "jar",
+          classifier: "sources"
+        }
       }],
       package_manager: "maven"
     )

diff --git a/maven/spec/dependabot/maven/metadata_finder_spec.rb b/maven/spec/dependabot/maven/metadata_finder_spec.rb
@@ -62,13 +62,6 @@
       )
     end
 
-    context "when the dependency name has a classifier" do
-      let(:dependency_name) { "io.mockk:mockk:sources" }
-      let(:dependency_version) { "1.10.0" }
-
-      it { is_expected.to eq("https://github.com/mockk/mockk") }
-    end
-
     context "when the github link is buried in the pom" do
       let(:maven_response) { fixture("poms", "guava-23.3-jre.xml") }
 

diff --git a/maven/spec/dependabot/maven/update_checker/version_finder_spec.rb b/maven/spec/dependabot/maven/update_checker/version_finder_spec.rb
@@ -85,8 +85,17 @@
   end
 
   describe "#latest_version_details when the dependency has a classifier" do
-    let(:dependency_name) { "io.mockk:mockk:sources" }
+    let(:dependency_name) { "io.mockk:mockk" }
     let(:dependency_version) { "1.0.0" }
+    let(:dependency_requirements) do
+      [{
+        file: "pom.xml",
+        requirement: dependency_version,
+        groups: [],
+        source: nil,
+        metadata: { packaging_type: "jar", classifier: "sources" }
+      }]
+    end
     subject { finder.latest_version_details }
 
     its([:version]) { is_expected.to eq(version_class.new("1.10.0")) }