Merge branch 'main' into jamiemagee/sentry-ruby

.github/ci-filters.yml

@@ -17,6 +17,9 @@ common:
 composer:
   - *shared
   - 'composer/**'
+devcontainers:
+  - *shared
+  - 'devcontainers/**'
 docker:
   - *shared
   - 'docker/**'

.github/labeler.yml

@@ -10,6 +10,10 @@
 - changed-files:
   - any-glob-to-any-file: composer/**
 
+"L: devcontainers":
+- changed-files:
+  - any-glob-to-any-file: devcontainers/**
+
 "L: docker":
 - changed-files:
   - any-glob-to-any-file: docker/**

.github/smoke-filters.yml

@@ -16,6 +16,9 @@ cargo:
 composer:
   - *common
   - 'composer/**'
+devcontainers:
+  - *common
+  - 'devcontainers/**'
 docker:
   - *common
   - 'docker/**'

.github/smoke-matrix.json

@@ -14,6 +14,11 @@
     "test": "composer",
     "ecosystem": "composer"
   },
+  {
+    "core": "devcontainers",
+    "test": "devcontainers",
+    "ecosystem": "devcontainers"
+  },
   {
     "core": "docker",
     "test": "docker",

.github/workflows/ci.yml

@@ -37,6 +37,7 @@ jobs:
           - { path: python, name: python, ecosystem: pip }
           - { path: python, name: python_slow, ecosystem: pip }
           - { path: swift, name: swift, ecosystem: swift }
+          - { path: devcontainers, name: devcontainers, ecosystem: devcontainers }
           - { path: terraform, name: terraform, ecosystem: terraform }
 
     steps:

.github/workflows/images-branch.yml

@@ -67,6 +67,7 @@ jobs:
           - { name: pub, ecosystem: pub }
           - { name: python, ecosystem: pip }
           - { name: swift, ecosystem: swift }
+          - { name: devcontainers, ecosystem: devcontainers }
           - { name: terraform, ecosystem: terraform }
     permissions:
       contents: read

.github/workflows/images-latest.yml

@@ -48,6 +48,7 @@ jobs:
           - { name: pub, ecosystem: pub }
           - { name: python, ecosystem: pip }
           - { name: swift, ecosystem: swift }
+          - { name: devcontainers, ecosystem: devcontainers }
           - { name: terraform, ecosystem: terraform }
     env:
       COMMIT_SHA: ${{ github.sha }}

Dockerfile.updater-core

@@ -83,6 +83,7 @@ COPY --chown=dependabot:dependabot common/lib/dependabot.rb common/lib/dependabo
 COPY --chown=dependabot:dependabot bundler/.bundle bundler/dependabot-bundler.gemspec bundler/
 COPY --chown=dependabot:dependabot cargo/.bundle cargo/dependabot-cargo.gemspec cargo/
 COPY --chown=dependabot:dependabot composer/.bundle composer/dependabot-composer.gemspec composer/
+COPY --chown=dependabot:dependabot devcontainers/.bundle devcontainers/dependabot-devcontainers.gemspec devcontainers/
 COPY --chown=dependabot:dependabot docker/.bundle docker/dependabot-docker.gemspec docker/
 COPY --chown=dependabot:dependabot elm/.bundle elm/dependabot-elm.gemspec elm/
 COPY --chown=dependabot:dependabot git_submodules/.bundle git_submodules/dependabot-git_submodules.gemspec git_submodules/
@@ -99,7 +100,7 @@ COPY --chown=dependabot:dependabot swift/.bundle swift/dependabot-swift.gemspec
 COPY --chown=dependabot:dependabot terraform/.bundle terraform/dependabot-terraform.gemspec terraform/
 
 # prevent having all the source in every ecosystem image
-RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler swift; do \
+RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler swift devcontainers; do \
     mkdir -p $ecosystem/lib/dependabot; \
     touch $ecosystem/lib/dependabot/$ecosystem.rb; \
   done

Gemfile

@@ -2,24 +2,25 @@
 
 source "https://rubygems.org"
 
-gemspec path: "bundler"
-gemspec path: "cargo"
-gemspec path: "common"
-gemspec path: "composer"
-gemspec path: "docker"
-gemspec path: "elm"
-gemspec path: "github_actions"
-gemspec path: "git_submodules"
-gemspec path: "go_modules"
-gemspec path: "gradle"
-gemspec path: "hex"
-gemspec path: "maven"
-gemspec path: "npm_and_yarn"
-gemspec path: "nuget"
-gemspec path: "pub"
-gemspec path: "python"
-gemspec path: "swift"
-gemspec path: "terraform"
+gem "dependabot-bundler", path: "bundler"
+gem "dependabot-cargo", path: "cargo"
+gem "dependabot-common", path: "common"
+gem "dependabot-composer", path: "composer"
+gem "dependabot-devcontainers", path: "devcontainers"
+gem "dependabot-docker", path: "docker"
+gem "dependabot-elm", path: "elm"
+gem "dependabot-github_actions", path: "github_actions"
+gem "dependabot-git_submodules", path: "git_submodules"
+gem "dependabot-go_modules", path: "go_modules"
+gem "dependabot-gradle", path: "gradle"
+gem "dependabot-hex", path: "hex"
+gem "dependabot-maven", path: "maven"
+gem "dependabot-npm_and_yarn", path: "npm_and_yarn"
+gem "dependabot-nuget", path: "nuget"
+gem "dependabot-pub", path: "pub"
+gem "dependabot-python", path: "python"
+gem "dependabot-swift", path: "swift"
+gem "dependabot-terraform", path: "terraform"
 
 # Sorbet
 gem "sorbet", "0.5.11178", group: :development

Gemfile.lock

@@ -38,6 +38,12 @@ PATH
     dependabot-composer (0.241.0)
       dependabot-common (= 0.241.0)
 
+PATH
+  remote: devcontainers
+  specs:
+    dependabot-devcontainers (0.241.0)
+      dependabot-common (= 0.241.0)
+
 PATH
   remote: docker
   specs:
@@ -306,6 +312,7 @@ DEPENDENCIES
   dependabot-cargo!
   dependabot-common!
   dependabot-composer!
+  dependabot-devcontainers!
   dependabot-docker!
   dependabot-elm!
   dependabot-git_submodules!

Rakefile

@@ -32,6 +32,7 @@ GEMSPECS = %w(
   pub/dependabot-pub.gemspec
   omnibus/dependabot-omnibus.gemspec
   swift/dependabot-swift.gemspec
+  devcontainers/dependabot-devcontainers.gemspec
 ).freeze
 
 def run_command(command)

bin/docker-dev-shell

@@ -141,6 +141,11 @@ docker run --rm -ti \
   -v "$(pwd)/composer/lib:$CODE_DIR/composer/lib" \
   -v "$(pwd)/composer/script:$CODE_DIR/composer/script" \
   -v "$(pwd)/composer/spec:$CODE_DIR/composer/spec" \
+  -v "$(pwd)/devcontainers/.rubocop.yml:$CODE_DIR/devcontainers/.rubocop.yml" \
+  -v "$(pwd)/devcontainers/dependabot-devcontainers.gemspec:$CODE_DIR/devcontainers/dependabot-devcontainers.gemspec" \
+  -v "$(pwd)/devcontainers/lib:$CODE_DIR/devcontainers/lib" \
+  -v "$(pwd)/devcontainers/script:$CODE_DIR/devcontainers/script" \
+  -v "$(pwd)/devcontainers/spec:$CODE_DIR/devcontainers/spec" \
   -v "$(pwd)/docker/.rubocop.yml:$CODE_DIR/docker/.rubocop.yml" \
   -v "$(pwd)/docker/dependabot-docker.gemspec:$CODE_DIR/docker/dependabot-docker.gemspec" \
   -v "$(pwd)/docker/lib:$CODE_DIR/docker/lib" \

bin/dry-run.rb

@@ -35,6 +35,7 @@
 # - terraform
 # - pub
 # - swift
+# - devcontainers
 
 # rubocop:disable Style/GlobalVars
 
@@ -52,6 +53,7 @@
 $LOAD_PATH << "./cargo/lib"
 $LOAD_PATH << "./common/lib"
 $LOAD_PATH << "./composer/lib"
+$LOAD_PATH << "./devcontainers/lib"
 $LOAD_PATH << "./docker/lib"
 $LOAD_PATH << "./elm/lib"
 $LOAD_PATH << "./git_submodules/lib"
@@ -95,6 +97,7 @@
 require "dependabot/bundler"
 require "dependabot/cargo"
 require "dependabot/composer"
+require "dependabot/devcontainers"
 require "dependabot/docker"
 require "dependabot/elm"
 require "dependabot/git_submodules"

common/lib/dependabot/config/file.rb

@@ -61,6 +61,7 @@ def self.parse(config)
         "bundler" => "bundler",
         "cargo" => "cargo",
         "composer" => "composer",
+        "devcontainer" => "devcontainers",
         "docker" => "docker",
         "elm" => "elm",
         "github-actions" => "github_actions",

devcontainers/.bundle/config

@@ -0,0 +1 @@
+BUNDLE_GEMFILE: "../dependabot-updater/Gemfile"

devcontainers/.gitignore

@@ -0,0 +1,5 @@
+/.bundle/
+!.bundle/config
+/.env
+/tmp
+/dependabot-*.gem

devcontainers/.rubocop.yml

@@ -0,0 +1 @@
+inherit_from: ../.rubocop.yml

devcontainers/Dockerfile

@@ -0,0 +1,38 @@
+FROM ghcr.io/dependabot/dependabot-updater-core
+ARG TARGETARCH
+
+# OS dependencies
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+    make \
+    ca-certificates \
+    gnupg \
+    build-essential \
+    curl \
+  && mkdir -p /etc/apt/keyrings \
+  && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+  && NODE_MAJOR=18 \
+  && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+
+RUN apt-get update -y \
+  && apt-get install -y nodejs \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN npm install -g @devcontainers/cli
+
+USER dependabot
+
+# Needed because tools like dependabot/cli will proxy/MITM the traffic
+# to the registry with a cert that (without this change) is not known
+# to the dev container process. See:
+# * https://github.com/microsoft/vscode-remote-release/issues/6092
+# * https://github.com/devcontainers/cli/blob/2d24543380dfc4d54e76b582536b52226af133c8/src/spec-utils/httpRequest.ts#L130-L162
+# * https://github.com/devcontainers/cli/pull/559
+ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
+
+# Sanity check
+RUN devcontainer --version
+
+COPY --chown=dependabot:dependabot devcontainers $DEPENDABOT_HOME/devcontainers
+COPY --chown=dependabot:dependabot common $DEPENDABOT_HOME/common
+COPY --chown=dependabot:dependabot updater $DEPENDABOT_HOME/dependabot-updater

devcontainers/README.md

@@ -0,0 +1,18 @@
+## `dependabot-devcontainers`
+
+Dev Containers support for [`dependabot-core`][core-repo].
+
+### Running locally
+
+1. Start a development shell
+
+  ```
+  $ bin/docker-dev-shell devcontainers
+  ```
+
+2. Run tests
+   ```
+   [dependabot-core-dev] ~ $ cd devcontainers && rspec
+   ```
+
+[core-repo]: https://github.com/dependabot/dependabot-core

devcontainers/dependabot-devcontainers.gemspec

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  common_gemspec =
+    Bundler.load_gemspec_uncached("../common/dependabot-common.gemspec")
+
+  spec.name         = "dependabot-devcontainers"
+  spec.summary      = "Provides Dependabot support for Dev Containers"
+  spec.description  = "Dependabot-Devcontainers provides support for managing dev container versioning via Dependabot."
+
+  spec.author       = common_gemspec.author
+  spec.email        = common_gemspec.email
+  spec.homepage     = common_gemspec.homepage
+  spec.license      = common_gemspec.license
+
+  spec.metadata = {
+    "bug_tracker_uri" => common_gemspec.metadata["bug_tracker_uri"],
+    "changelog_uri" => common_gemspec.metadata["changelog_uri"]
+  }
+
+  spec.version = common_gemspec.version
+  spec.required_ruby_version = common_gemspec.required_ruby_version
+  spec.required_rubygems_version = common_gemspec.required_ruby_version
+
+  spec.require_path = "lib"
+  spec.files        = Dir["lib/**/*"]
+
+  spec.add_dependency "dependabot-common", Dependabot::VERSION
+
+  common_gemspec.development_dependencies.each do |dep|
+    spec.add_development_dependency dep.name, *dep.requirement.as_list
+  end
+end

devcontainers/lib/dependabot/devcontainers.rb

@@ -0,0 +1,23 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/devcontainers/file_fetcher"
+require "dependabot/devcontainers/file_parser"
+require "dependabot/devcontainers/update_checker"
+require "dependabot/devcontainers/file_updater"
+require "dependabot/devcontainers/metadata_finder"
+require "dependabot/devcontainers/requirement"
+require "dependabot/devcontainers/version"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("devcontainers", name: "devcontainers_package_manager", colour: "2753E3")
+
+require "dependabot/dependency"
+Dependabot::Dependency
+  .register_production_check("devcontainers", ->(_) { true })
+
+require "dependabot/utils"
+Dependabot::Utils.register_always_clone("devcontainers")

devcontainers/lib/dependabot/devcontainers/file_fetcher.rb

@@ -0,0 +1,14 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+
+module Dependabot
+  module Devcontainers
+    class FileFetcher < Dependabot::FileFetchers::Base
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("devcontainers", Dependabot::Devcontainers::FileFetcher)

devcontainers/lib/dependabot/devcontainers/file_parser.rb

@@ -0,0 +1,21 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+
+module Dependabot
+  module Devcontainers
+    class FileParser < Dependabot::FileParsers::Base
+      def parse
+        []
+      end
+
+      private
+
+      def check_required_files; end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("devcontainers", Dependabot::Devcontainers::FileParser)

devcontainers/lib/dependabot/devcontainers/file_updater.rb

@@ -0,0 +1,14 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+
+module Dependabot
+  module Devcontainers
+    class FileUpdater < Dependabot::FileUpdaters::Base
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("devcontainers", Dependabot::Devcontainers::FileUpdater)