make a Credential class (dependabot#8967)

bundler/lib/dependabot/bundler/metadata_finder.rb

@@ -201,7 +201,7 @@ def base_url
         return @base_url if defined?(@base_url)
 
         credential = credentials.find do |cred|
-          cred["type"] == "rubygems_server" && cred["replaces-base"] == true
+          cred["type"] == "rubygems_server" && cred.replaces_base?
         end
         host = credential ? credential["host"] : "rubygems.org"
         @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))

bundler/spec/dependabot/bundler/metadata_finder_spec.rb

@@ -3,6 +3,7 @@
 
 require "octokit"
 require "spec_helper"
+require "dependabot/credential"
 require "dependabot/dependency"
 require "dependabot/bundler/metadata_finder"
 require_common_spec "metadata_finders/shared_examples_for_metadata_finders"
@@ -139,11 +140,11 @@
         end
         let(:credentials) do
           [
-            {
+            Dependabot::Credential.new({
               "type" => "rubygems_server",
               "host" => "gems.greysteil.com",
               "replaces-base" => true
-            }
+            })
           ]
         end
 

common/lib/dependabot/credential.rb

@@ -0,0 +1,30 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+module Dependabot
+  class Credential
+    extend T::Sig
+    extend Forwardable
+
+    def_delegators :@credential, :fetch, :keys, :[]=, :delete
+
+    sig { params(credential: T::Hash[String, T.any(T::Boolean, String)]).void }
+    def initialize(credential)
+      @replaces_base = T.let(credential["replaces-base"] == true, T::Boolean)
+      credential.delete("replaces-base")
+      @credential = T.let(T.unsafe(credential), T::Hash[String, String])
+    end
+
+    sig { returns(T::Boolean) }
+    def replaces_base?
+      @replaces_base
+    end
+
+    sig { params(key: String).returns(T.nilable(String)) }
+    def [](key)
+      @credential[key]
+    end
+  end
+end

common/lib/dependabot/file_fetchers/base.rb

@@ -7,6 +7,7 @@
 require "dependabot/dependency_file"
 require "dependabot/source"
 require "dependabot/errors"
+require "dependabot/credential"
 require "dependabot/clients/azure"
 require "dependabot/clients/codecommit"
 require "dependabot/clients/github_with_retries"
@@ -26,7 +27,7 @@ class Base
       sig { returns(Dependabot::Source) }
       attr_reader :source
 
-      sig { returns(T::Array[T::Hash[String, String]]) }
+      sig { returns(T::Array[Dependabot::Credential]) }
       attr_reader :credentials
 
       sig { returns(T.nilable(String)) }
@@ -94,7 +95,7 @@ def self.required_files_message
       sig do
         params(
           source: Dependabot::Source,
-          credentials: T::Array[T::Hash[String, String]],
+          credentials: T::Array[Dependabot::Credential],
           repo_contents_path: T.nilable(String),
           options: T::Hash[String, String]
         )

common/lib/dependabot/file_parsers/base.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+require "dependabot/credential"
 
 module Dependabot
   module FileParsers
@@ -17,7 +18,7 @@ class Base
       sig { returns(T.nilable(String)) }
       attr_reader :repo_contents_path
 
-      sig { returns(T::Array[T::Hash[String, String]]) }
+      sig { returns(T::Array[Dependabot::Credential]) }
       attr_reader :credentials
 
       sig { returns(T.nilable(Dependabot::Source)) }
@@ -31,7 +32,7 @@ class Base
           dependency_files: T::Array[Dependabot::DependencyFile],
           source: T.nilable(Dependabot::Source),
           repo_contents_path: T.nilable(String),
-          credentials: T::Array[T::Hash[String, String]],
+          credentials: T::Array[Dependabot::Credential],
           reject_external_code: T::Boolean,
           options: T::Hash[Symbol, T.untyped]
         )

common/lib/dependabot/file_updaters/base.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+require "dependabot/credential"
 
 module Dependabot
   module FileUpdaters
@@ -19,7 +20,7 @@ class Base
       sig { returns(T.nilable(String)) }
       attr_reader :repo_contents_path
 
-      sig { returns(T::Array[T::Hash[String, String]]) }
+      sig { returns(T::Array[Dependabot::Credential]) }
       attr_reader :credentials
 
       sig { returns(T::Hash[Symbol, T.untyped]) }
@@ -34,7 +35,7 @@ def self.updated_files_regex
         params(
           dependencies: T::Array[Dependabot::Dependency],
           dependency_files: T::Array[Dependabot::DependencyFile],
-          credentials: T::Array[T::Hash[String, String]],
+          credentials: T::Array[Dependabot::Credential],
           repo_contents_path: T.nilable(String),
           options: T::Hash[Symbol, T.untyped]
         ).void

common/lib/dependabot/git_commit_checker.rb

@@ -12,6 +12,7 @@
 require "dependabot/utils"
 require "dependabot/source"
 require "dependabot/dependency"
+require "dependabot/credential"
 require "dependabot/git_metadata_fetcher"
 module Dependabot
   # rubocop:disable Metrics/ClassLength
@@ -29,7 +30,7 @@ class GitCommitChecker
     sig do
       params(
         dependency: Dependabot::Dependency,
-        credentials: T::Array[T::Hash[String, String]],
+        credentials: T::Array[Dependabot::Credential],
         ignored_versions: T::Array[String],
         raise_on_ignored: T::Boolean,
         consider_version_branches_pinned: T::Boolean,
@@ -226,7 +227,7 @@ def most_specific_version_tag_for_sha(commit_sha)
     sig { returns(Dependabot::Dependency) }
     attr_reader :dependency
 
-    sig { returns(T::Array[T::Hash[String, String]]) }
+    sig { returns(T::Array[Dependabot::Credential]) }
     attr_reader :credentials
 
     sig { returns(T::Array[String]) }

common/lib/dependabot/git_metadata_fetcher.rb

@@ -7,6 +7,7 @@
 
 require "dependabot/errors"
 require "dependabot/git_ref"
+require "dependabot/credential"
 
 module Dependabot
   class GitMetadataFetcher
@@ -17,7 +18,7 @@ class GitMetadataFetcher
     sig do
       params(
         url: String,
-        credentials: T::Array[T::Hash[String, String]]
+        credentials: T::Array[Dependabot::Credential]
       )
         .void
     end
@@ -97,7 +98,7 @@ def head_commit_for_ref_sha(ref)
     sig { returns(String) }
     attr_reader :url
 
-    sig { returns(T::Array[T::Hash[String, String]]) }
+    sig { returns(T::Array[Dependabot::Credential]) }
     attr_reader :credentials
 
     sig { params(uri: String).returns(String) }

common/lib/dependabot/metadata_finders/base.rb

@@ -3,6 +3,7 @@
 
 require "sorbet-runtime"
 require "dependabot/source"
+require "dependabot/credential"
 
 module Dependabot
   module MetadataFinders
@@ -19,13 +20,13 @@ class Base
       sig { returns(Dependabot::Dependency) }
       attr_reader :dependency
 
-      sig { returns(T::Array[T::Hash[String, String]]) }
+      sig { returns(T::Array[Dependabot::Credential]) }
       attr_reader :credentials
 
       sig do
         params(
           dependency: Dependabot::Dependency,
-          credentials: T::Array[T::Hash[String, String]]
+          credentials: T::Array[Dependabot::Credential]
         )
           .void
       end

common/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -9,6 +9,7 @@
 require "dependabot/git_metadata_fetcher"
 require "dependabot/git_commit_checker"
 require "dependabot/metadata_finders/base"
+require "dependabot/credential"
 
 module Dependabot
   module MetadataFinders
@@ -22,14 +23,14 @@ class CommitsFinder
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
 
-        sig { returns(T::Array[T::Hash[String, String]]) }
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
 
         sig do
           params(
             source: T.nilable(Dependabot::Source),
             dependency: Dependabot::Dependency,
-            credentials: T::Array[T::Hash[String, String]]
+            credentials: T::Array[Dependabot::Credential]
           )
             .void
         end

common/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -3,6 +3,7 @@
 
 require "sorbet-runtime"
 
+require "dependabot/credential"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
 require "dependabot/metadata_finders/base"
@@ -17,7 +18,7 @@ class ReleaseFinder
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
 
-        sig { returns(T::Array[T::Hash[String, String]]) }
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
 
         sig { returns(T.nilable(Dependabot::Source)) }
@@ -27,7 +28,7 @@ class ReleaseFinder
           params(
             source: T.nilable(Dependabot::Source),
             dependency: Dependabot::Dependency,
-            credentials: T::Array[T::Hash[String, String]]
+            credentials: T::Array[Dependabot::Credential]
           )
             .void
         end

common/lib/dependabot/pull_request_creator.rb

@@ -3,6 +3,7 @@
 
 require "sorbet-runtime"
 require "dependabot/metadata_finders"
+require "dependabot/credential"
 
 module Dependabot
   class PullRequestCreator
@@ -76,7 +77,7 @@ def initialize(cause, pull_request)
     sig { returns(String) }
     attr_reader :base_commit
 
-    sig { returns(T::Array[T::Hash[String, String]]) }
+    sig { returns(T::Array[Dependabot::Credential]) }
     attr_reader :credentials
 
     sig { returns(T.nilable(String)) }
@@ -142,7 +143,7 @@ def initialize(cause, pull_request)
         base_commit: String,
         dependencies: T::Array[Dependabot::Dependency],
         files: T::Array[Dependabot::DependencyFile],
-        credentials: T::Array[T::Hash[String, String]],
+        credentials: T::Array[Dependabot::Credential],
         pr_message_header: T.nilable(String),
         pr_message_footer: T.nilable(String),
         custom_labels: T.nilable(T::Array[String]),

common/lib/dependabot/pull_request_creator/labeler.rb

@@ -4,6 +4,7 @@
 require "octokit"
 require "sorbet-runtime"
 require "dependabot/pull_request_creator"
+require "dependabot/credential"
 
 module Dependabot
   class PullRequestCreator
@@ -41,7 +42,7 @@ def register_label_details(package_manager, label_details)
         params(
           source: Dependabot::Source,
           custom_labels: T.nilable(T::Array[String]),
-          credentials: T::Array[T::Hash[String, String]],
+          credentials: T::Array[Dependabot::Credential],
           dependencies: T::Array[Dependency],
           includes_security_fixes: T::Boolean,
           label_language: T::Boolean,
@@ -107,7 +108,7 @@ def label_pull_request(pull_request_number)
       sig { returns(T.nilable(T::Array[String])) }
       attr_reader :custom_labels
 
-      sig { returns(T::Array[T::Hash[String, String]]) }
+      sig { returns(T::Array[Dependabot::Credential]) }
       attr_reader :credentials
 
       sig { returns(T::Array[Dependency]) }

common/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+require "dependabot/credential"
 require "dependabot/clients/azure"
 require "dependabot/clients/bitbucket"
 require "dependabot/clients/codecommit"
@@ -36,7 +37,7 @@ class PrNamePrefixer # rubocop:disable Metrics/ClassLength
         params(
           source: Dependabot::Source,
           dependencies: T::Array[Dependency],
-          credentials: T::Array[T::Hash[String, String]],
+          credentials: T::Array[Dependabot::Credential],
           security_fix: T::Boolean,
           commit_message_options: T::Hash[Symbol, T.untyped]
         )
@@ -76,7 +77,7 @@ def capitalize_first_word?
       sig { returns(T::Array[Dependency]) }
       attr_reader :dependencies
 
-      sig { returns(T::Array[T::Hash[String, String]]) }
+      sig { returns(T::Array[Dependabot::Credential]) }
       attr_reader :credentials
 
       sig { returns(T::Hash[Symbol, T.untyped]) }

common/lib/dependabot/pull_request_updater.rb

@@ -5,6 +5,7 @@
 require "dependabot/pull_request_updater/github"
 require "dependabot/pull_request_updater/gitlab"
 require "dependabot/pull_request_updater/azure"
+require "dependabot/credential"
 
 module Dependabot
   class PullRequestUpdater
@@ -24,7 +25,7 @@ class BranchProtected < StandardError; end
     sig { returns(String) }
     attr_reader :old_commit
 
-    sig { returns(T::Array[T::Hash[String, String]]) }
+    sig { returns(T::Array[Dependabot::Credential]) }
     attr_reader :credentials
 
     sig { returns(Integer) }
@@ -45,7 +46,7 @@ class BranchProtected < StandardError; end
         base_commit: String,
         old_commit: String,
         files: T::Array[Dependabot::DependencyFile],
-        credentials: T::Array[T::Hash[String, String]],
+        credentials: T::Array[Dependabot::Credential],
         pull_request_number: Integer,
         author_details: T.nilable(T::Hash[Symbol, String]),
         signature_key: T.nilable(String),

common/lib/dependabot/shared_helpers.rb

@@ -11,6 +11,7 @@
 require "sorbet-runtime"
 require "tmpdir"
 
+require "dependabot/credential"
 require "dependabot/simple_instrumentor"
 require "dependabot/utils"
 require "dependabot/errors"
@@ -246,7 +247,7 @@ def self.excon_defaults(options = nil)
     sig do
       type_parameters(:T)
         .params(
-          credentials: T::Array[T::Hash[String, String]],
+          credentials: T::Array[Dependabot::Credential],
           _block: T.proc.returns(T.type_parameter(:T))
         )
         .returns(T.type_parameter(:T))
@@ -285,7 +286,7 @@ def self.credential_helper_path
     end
 
     # rubocop:disable Metrics/PerceivedComplexity
-    sig { params(credentials: T::Array[T::Hash[String, String]], safe_directories: T::Array[String]).void }
+    sig { params(credentials: T::Array[Dependabot::Credential], safe_directories: T::Array[String]).void }
     def self.configure_git_to_use_https_with_credentials(credentials, safe_directories)
       File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
         file << "# Generated by dependabot/dependabot-core"