Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow GitCommitChecker to check subdependencies too #7464

Merged
merged 5 commits into from
Jul 17, 2023
Merged

Allow GitCommitChecker to check subdependencies too #7464

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d1c39b2
Refactor dependency source management
deivid-rodriguez Jun 21, 2023
d64d1d0
Add an update checker spec, when subdependency metadata is present
deivid-rodriguez Jul 17, 2023
e19b4ab
Allow subdependencies to have an associated git source
deivid-rodriguez Jun 29, 2023
1ba1d57
Reuse `Dependency#source_type` in `Cargo::UpdateChecker#path_dependen…
deivid-rodriguez Jun 30, 2023
40b4473
Pass around subdependency metadata
deivid-rodriguez Jun 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 1 addition & 7 deletions bundler/lib/dependabot/bundler/metadata_finder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,7 @@ def suggested_changelog_url
end

def new_source_type
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

return "default" if sources.empty?
raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first[:type] || sources.first.fetch("type")
dependency.source_type
end

def find_source_from_rubygems
Expand Down
7 changes: 1 addition & 6 deletions bundler/lib/dependabot/bundler/update_checker.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,12 +306,7 @@ def updated_source
end

def dependency_source_details
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first
dependency.source_details
end

def force_updater
Expand Down
8 changes: 1 addition & 7 deletions cargo/lib/dependabot/cargo/metadata_finder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,7 @@ def look_up_source
end

def new_source_type
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

return "default" if sources.empty?
raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first[:type] || sources.first.fetch("type")
dependency.source_type
end

def find_source_from_crates_listing
Expand Down
14 changes: 2 additions & 12 deletions cargo/lib/dependabot/cargo/update_checker.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,12 +260,7 @@ def updated_source
end

def dependency_source_details
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first
dependency.source_details
end

def git_dependency?
Expand All @@ -279,12 +274,7 @@ def git_subdependency?
end

def path_dependency?
sources = dependency.requirements.
map { |r| r.fetch(:source) }.uniq.compact

raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first&.fetch(:type) == "path"
dependency.source_type == "path"
end

def git_commit_checker
Expand Down
30 changes: 30 additions & 0 deletions common/lib/dependabot/dependency.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,36 @@ def version_class
Utils.version_class_for_package_manager(package_manager)
end

def source_details(allowed_types: nil)
sources = all_sources.uniq.compact
sources.select! { |source| allowed_types.include?(source[:type].to_s) } if allowed_types

git = allowed_types == ["git"]

if (git && sources.map { |s| s[:url] }.uniq.count > 1) || (!git && sources.count > 1)
raise "Multiple sources! #{sources.join(', ')}"
end

sources.first
end

def source_type
details = source_details
return "default" if details.nil?

details[:type] || details.fetch("type")
end

def all_sources
if top_level?
requirements.map { |requirement| requirement.fetch(:source) }
elsif subdependency_metadata
subdependency_metadata.filter_map { |data| data[:source] }
else
[]
end
end

private

def check_values
Expand Down
16 changes: 1 addition & 15 deletions common/lib/dependabot/git_commit_checker.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,21 +163,7 @@ def git_repo_reachable?
end

def dependency_source_details
sources =
dependency.requirements.
map { |requirement| requirement.fetch(:source) }.uniq.compact.
select { |source| source[:type] == "git" }

return sources.first if sources.count <= 1

# If there are multiple source URLs, then it's unclear how we should
# proceed
raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1

# Otherwise it's reasonable to take the first source and use that. This
# will happen if we have multiple git sources with difference references
# specified. In that case it's fine to update them all.
sources.first
dependency.source_details(allowed_types: ["git"])
end

private
Expand Down
6 changes: 4 additions & 2 deletions common/lib/dependabot/update_checkers/base.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,8 @@ def updated_dependency_without_unlock
requirements: dependency.requirements,
previous_version: previous_version,
previous_requirements: dependency.requirements,
package_manager: dependency.package_manager
package_manager: dependency.package_manager,
subdependency_metadata: dependency.subdependency_metadata
)
end

Expand All @@ -178,7 +179,8 @@ def updated_dependency_with_own_req_unlock
requirements: updated_requirements,
previous_version: previous_version,
previous_requirements: dependency.requirements,
package_manager: dependency.package_manager
package_manager: dependency.package_manager,
subdependency_metadata: dependency.subdependency_metadata
)
end

Expand Down
8 changes: 1 addition & 7 deletions hex/lib/dependabot/hex/metadata_finder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,7 @@ def look_up_source
end

def new_source_type
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

return "default" if sources.empty?
raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first[:type] || sources.first.fetch("type")
dependency.source_type
end

def find_source_from_hex_listing
Expand Down
7 changes: 1 addition & 6 deletions hex/lib/dependabot/hex/update_checker.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,12 +162,7 @@ def updated_source
end

def dependency_source_details
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first
dependency.source_details
end

def fetch_latest_resolvable_version(unlock_requirement:)
Expand Down
32 changes: 32 additions & 0 deletions npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2052,4 +2052,36 @@ def eq_including_metadata(expected_array)
expect(updated_deps[0].name).to eq("is-stream")
end
end
context "if yarn berry subdependency, with subdependency metadata" do
let(:project_name) { "yarn_berry/subdependency" }
let(:repo_contents_path) { build_tmp_repo(project_name, path: "projects") }
let(:registry_listing_url) { "https://registry.npmjs.org/is-stream" }
let(:registry_response) do
fixture("npm_responses", "is-stream.json")
end
before do
stub_request(:get, registry_listing_url).
to_return(status: 200, body: registry_response)
stub_request(:get, registry_listing_url + "/latest").
to_return(status: 200, body: "{}")
stub_request(:get, registry_listing_url + "/3.0.0").
to_return(status: 200)
end
let(:dependency_files) { project_dependency_files("yarn_berry/subdependency") }
let(:dependency) do
Dependabot::Dependency.new(
name: "is-stream",
version: "1.0.1",
requirements: [],
package_manager: "npm_and_yarn",
subdependency_metadata: [{ production: false }]
)
end
it "returns 1 dependencies to update to the correct version" do
updated_deps = checker.updated_dependencies(requirements_to_unlock: :own)
expect(updated_deps.length).to eq(1)
expect(updated_deps[0].version).to eq("1.1.0")
expect(updated_deps[0].name).to eq("is-stream")
end
end
end
8 changes: 1 addition & 7 deletions terraform/lib/dependabot/terraform/metadata_finder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,7 @@ def look_up_source
end

def new_source_type
sources =
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

return "default" if sources.empty?
raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first[:type] || sources.first.fetch("type")
dependency.source_type
end

def find_source_from_git_url
Expand Down
13 changes: 1 addition & 12 deletions terraform/lib/dependabot/terraform/update_checker.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,11 +169,7 @@ def provider_dependency?
end

def dependency_source_details
sources = eligible_sources_from(dependency.requirements)

raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1

sources.first
dependency.source_details(allowed_types: ELIGIBLE_SOURCE_TYPES)
end

def git_dependency?
Expand All @@ -189,13 +185,6 @@ def git_commit_checker
raise_on_ignored: raise_on_ignored
)
end

def eligible_sources_from(requirements)
requirements.
map { |r| r.fetch(:source) }.
select { |source| ELIGIBLE_SOURCE_TYPES.include?(source[:type].to_s) }.
uniq.compact
end
end
end
end
Expand Down