Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support group configs specifically for security updates or version updates #9040

Merged
merged 3 commits into from
Feb 13, 2024
Merged

support group configs specifically for security updates or version updates #9040

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9ba10c2
support group configs specifically for security updates or version up…
jakecoffman Feb 12, 2024
e30adb1
set a default value
jakecoffman Feb 12, 2024
88988ea
Merge branch 'main' into jakecoffman/use-applies-to-field
jakecoffman Feb 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions common/lib/dependabot/dependency_group.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,21 @@ class DependencyGroup
sig { returns(T::Array[Dependabot::Dependency]) }
attr_reader :dependencies

sig { returns(String) }
attr_reader :applies_to

sig do
params(
name: String,
rules: T::Hash[String, T.untyped]
rules: T::Hash[String, T.untyped],
applies_to: T.nilable(String)
)
.void
end
def initialize(name:, rules:)
def initialize(name:, rules:, applies_to: "version-updates")
@name = name
# For backwards compatibility, if no applies_to is provided, default to "version-updates"
@applies_to = T.let(applies_to || "version-updates", String)
jakecoffman marked this conversation as resolved.
Show resolved Hide resolved
@rules = rules
@dependencies = T.let([], T::Array[Dependabot::Dependency])
end
Expand Down
1 change: 1 addition & 0 deletions silent/tests/testdata/su-group-pattern.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ job:
security-updates-only: true
dependency-groups:
- name: related
applies-to: "security-updates"
rules:
patterns:
- "related-*"
1 change: 1 addition & 0 deletions silent/tests/testdata/su-group-semver.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ job:
security-updates-only: true
dependency-groups:
- name: dev
applies-to: security-updates
rules:
update-types:
- minor
Expand Down
2 changes: 2 additions & 0 deletions silent/tests/testdata/su-group-type.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,10 @@ job:
grouped-update: true
dependency-groups:
- name: dev
applies-to: security-updates
rules:
dependency-type: development
- name: prod
applies-to: security-updates
rules:
dependency-type: production
12 changes: 10 additions & 2 deletions updater/lib/dependabot/dependency_group_engine.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ def self.from_job_config(job:)
# Since there are no groups, the default behavior is to group all dependencies, so create a fake group.
job.dependency_groups << {
"name" => "#{job.package_manager} group",
"rules" => { "patterns" => ["*"] }
"rules" => { "patterns" => ["*"] },
"applies-to" => "security-updates"
}

# This ensures refreshes work for these dynamic groups.
Expand All @@ -41,9 +42,16 @@ def self.from_job_config(job:)
end

groups = job.dependency_groups.map do |group|
Dependabot::DependencyGroup.new(name: group["name"], rules: group["rules"])
Dependabot::DependencyGroup.new(name: group["name"], rules: group["rules"], applies_to: group["applies-to"])
end

# Filter out version updates when doing security updates and visa versa
groups = if job.security_updates_only?
groups.select { |group| group.applies_to == "security-updates" }
else
groups.select { |group| group.applies_to == "version-updates" }
end

new(dependency_groups: groups)
end

Expand Down
52 changes: 50 additions & 2 deletions updater/spec/dependabot/dependency_group_engine_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,20 @@
include DependencyFileHelpers

let(:dependency_group_engine) { described_class.from_job_config(job: job) }

let(:source) do
Dependabot::Source.new(
provider: "github",
repo: "gocardless/bump",
directory: "/",
branch: "master"
)
end
let(:security_updates_only) { false }
let(:job) do
instance_double(Dependabot::Job,
dependency_groups: dependency_groups_config,
security_updates_only?: false)
source: source,
security_updates_only?: security_updates_only)
end

let(:dummy_pkg_a) do
Expand Down Expand Up @@ -108,6 +117,45 @@
end
end

context "when a job has grouped configured, and it's a version update" do
let(:dependency_groups_config) do
[
{
"name" => "group-a",
"rules" => {
"patterns" => ["dummy-pkg-*"],
"exclude-patterns" => ["dummy-pkg-b"]
}
},
{
"name" => "group-b",
"applies-to" => "security-updates",
"rules" => {
"patterns" => %w(dummy-pkg-b dummy-pkg-c)
}
}
]
end

describe "::from_job_config" do
it "filters out the security update" do
expect(dependency_group_engine.dependency_groups.length).to eql(1)
expect(dependency_group_engine.dependency_groups.map(&:name)).to eql(%w(group-a))
end
end

context "when it's a security update" do
let(:security_updates_only) { true }

describe "::from_job_config" do
it "filters out the version update" do
expect(dependency_group_engine.dependency_groups.length).to eql(1)
expect(dependency_group_engine.dependency_groups.map(&:name)).to eql(%w(group-b))
end
end
end
end

context "when a job has groups configured" do
let(:dependency_groups_config) do
[
Expand Down
Loading