Merge pull request #221 from GiriB/mipincha/latest_merge_from_dependabot

Latest merge from dependabot-core

.dockerignore

@@ -1,8 +1,21 @@
-/.bundle
+/.core-bash_history
+/.env
+/.envrc
 /.git
-/tmp/
-/helpers
-/spec
-gitignored
-/bundler/helpers/helpers/
-/python/helpers/helpers/
+/.vscode-server-insiders/
+/.vscode-server/
+/.vscode/
+/dependabot-*.gem
+/dry-run
+/pkg
+/vendor
+/tmp
+**/.bundle
+**/coverage
+**/Gemfile.lock
+**/node_modules
+!**/spec/fixtures/*
+git.store
+.byebug_history
+.DS_Store
+*.pyc

.github/workflows/ci.yml

@@ -38,19 +38,13 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-      - name: Free up disk space
-        run: |
-          sudo apt autoremove --purge && sudo apt -y clean
-          docker system prune -af --volumes
-          sudo swapoff -a
-          sudo rm -f /swapfile
-          df -h
       - name: Prepare environment variables
         run: |
           echo "BRANCH_REF=$(echo '${{ github.ref }}' | sed -E 's/[^A-Za-z0-9]+/-/g')" >> $GITHUB_ENV
           echo "BASE_IMAGE=ubuntu:18.04" >> $GITHUB_ENV
           echo "CORE_IMAGE=dependabot/dependabot-core" >> $GITHUB_ENV
           echo "CORE_CI_IMAGE=dependabot/dependabot-core-ci" >> $GITHUB_ENV
+          echo "CODE_DIR=/home/dependabot/dependabot-core" >> $GITHUB_ENV
       - name: Log in to Docker registry
         run: |
           if [ -n "${{ secrets.DOCKER_USERNAME }}" ] && [ -n "${{ secrets.DOCKER_PASSWORD }}" ]; then
@@ -59,68 +53,40 @@ jobs:
           else
             echo "No Docker credentials, skipping login"
           fi
-      - name: Set test env credentials
-        run: |
-          echo "DEPENDABOT_TEST_ACCESS_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
-      - name: Pull Docker base images & warm Docker cache
-        run: |
-          docker pull "$BASE_IMAGE"
-          docker pull "$CORE_CI_IMAGE:core--$BRANCH_REF" ||
-            docker pull "$CORE_IMAGE:latest"
-          docker pull "$CORE_CI_IMAGE:ci--$BRANCH_REF" ||
-            "$CORE_CI_IMAGE:latest" || true
       - name: Build dependabot-core image
         run: |
           DOCKER_BUILDKIT=1 docker build \
             -t "$CORE_IMAGE:latest" \
-            -t "$CORE_CI_IMAGE:core--$BRANCH_REF" \
+            -t "$CORE_IMAGE:branch--$BRANCH_REF" \
             --build-arg BUILDKIT_INLINE_CACHE=1 \
             --cache-from "$BASE_IMAGE" \
-            --cache-from "$CORE_CI_IMAGE:core--$BRANCH_REF" \
+            --cache-from "$CORE_IMAGE:branch--$BRANCH_REF" \
             --cache-from "$CORE_IMAGE:latest" \
             .
       - name: Push dependabot-core image to Docker registry
         if: env.DOCKER_LOGGED_IN == 'true'
         run: |
-          docker push "$CORE_CI_IMAGE:core--$BRANCH_REF"
+          docker push "$CORE_IMAGE:branch--$BRANCH_REF"
       - name: Build dependabot-core-ci image
         run: |
-          rm .dockerignore
-          docker build \
+          DOCKER_BUILDKIT=1 docker build \
             -t "$CORE_CI_IMAGE:latest" \
-            -t "$CORE_CI_IMAGE:ci--$BRANCH_REF" \
+            -t "$CORE_CI_IMAGE:branch--$BRANCH_REF" \
             -f Dockerfile.ci \
+            --build-arg BUILDKIT_INLINE_CACHE=1 \
             --cache-from "$CORE_CI_IMAGE:latest" \
-            --cache-from "$CORE_CI_IMAGE:ci--$BRANCH_REF" \
+            --cache-from "$CORE_CI_IMAGE:branch--$BRANCH_REF" \
             .
       - name: Push dependabot-core-ci image to Docker registry
         if: env.DOCKER_LOGGED_IN == 'true'
         run: |
           docker push "$CORE_CI_IMAGE:latest"
-          docker push "$CORE_CI_IMAGE:ci--$BRANCH_REF"
-      - name: Run Python flake8 linting
-        if: matrix.suite.name == 'python'
-        run: |
-          docker run --rm "$CORE_CI_IMAGE" bash -c "pyenv exec flake8 python/helpers/. --count --exclude=./.*,./python/spec/fixtures --show-source --statistics"
-      - name: Run Ruby Rubocop linting
-        run: |
-          docker run --rm "$CORE_CI_IMAGE" bash -c "cd /home/dependabot/dependabot-core/${{ matrix.suite.path }} && bundle exec rubocop ."
-      - name: Run js linting and tests
-        if: matrix.suite.name == 'npm_and_yarn'
-        run: |
-          docker run --rm "$CORE_CI_IMAGE" bash -c "cd /opt/npm_and_yarn && npm run lint"
-          docker run --rm "$CORE_CI_IMAGE" bash -c "cd /opt/npm_and_yarn && npm test"
-      - name: Run bundler v1 native helper specs
-        if: matrix.suite.name == 'bundler1'
-        run: |
-          docker run --rm "$CORE_CI_IMAGE" bash -c \
-            "cd /home/dependabot/dependabot-core/bundler/helpers/v1 && BUNDLER_VERSION=1 bundle install && BUNDLER_VERSION=1 bundle exec rspec spec"
-      - name: Run bundler v2 native helper specs
-        if: matrix.suite.name == 'bundler2'
-        run: |
-          docker run --rm "$CORE_CI_IMAGE" bash -c \
-            "cd /home/dependabot/dependabot-core/bundler/helpers/v2 && BUNDLER_VERSION=2 bundle install && BUNDLER_VERSION=2 bundle exec rspec spec"
-      - name: Run ${{ matrix.suite.name }} tests with rspec
+          docker push "$CORE_CI_IMAGE:branch--$BRANCH_REF"
+      - name: Run ${{ matrix.suite.name }} tests
         run: |
-          docker run --env "CI=true" --env "DEPENDABOT_TEST_ACCESS_TOKEN=$DEPENDABOT_TEST_ACCESS_TOKEN" --env "SUITE_NAME=${{ matrix.suite.name }}" --rm "$CORE_CI_IMAGE" bash -c \
-            "cd /home/dependabot/dependabot-core/${{ matrix.suite.path }} && bundle exec rspec spec"
+          docker run \
+            --env "CI=true" \
+            --env "DEPENDABOT_TEST_ACCESS_TOKEN=${{ secrets.GITHUB_TOKEN }}" \
+            --env "SUITE_NAME=${{ matrix.suite.name }}" \
+            --rm "$CORE_CI_IMAGE" bash -c \
+            "cd /home/dependabot/dependabot-core/${{ matrix.suite.path }} && ./script/ci-test"

.github/workflows/docker.yml

@@ -13,27 +13,29 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-      - name: Pull Docker base image & warm Docker cache
+      - name: Prepare environment variables
         run: |
-          docker pull "dependabot/dependabot-core:latest"
+          echo "BASE_IMAGE=ubuntu:18.04" >> $GITHUB_ENV
+          echo "CORE_IMAGE=dependabot/dependabot-core" >> $GITHUB_ENV
       - name: Build dependabot-core image
         env:
           DOCKER_BUILDKIT: 1
         run: |
           docker build \
-            -t "dependabot/dependabot-core:latest" \
+            -t "$CORE_IMAGE:latest" \
             --build-arg BUILDKIT_INLINE_CACHE=1 \
+            --cache-from "$BASE_IMAGE" \
+            --cache-from "$CORE_IMAGE:latest" \
             .
       - name: Log in to the Docker registry
         run: |
           echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-      - name: Push image to packages (latest)
-        if: "!contains(github.ref, 'refs/tags')"
+      - name: Push latest image
         run: |
-          docker push "dependabot/dependabot-core:latest"
-      - name: Push image to packages (tagged)
+          docker push "$CORE_IMAGE:latest"
+      - name: Push tagged image
         if: "contains(github.ref, 'refs/tags')"
         run: |
           VERSION="$(grep -Eo "[0-9]+\.[0-9]+\.[0-9]+" common/lib/dependabot/version.rb)"
-          docker tag "dependabot/dependabot-core:latest" "dependabot/dependabot-core:$VERSION"
-          docker push "dependabot/dependabot-core:$VERSION"
+          docker tag "$CORE_IMAGE:latest" "$CORE_IMAGE:$VERSION"
+          docker push "$CORE_IMAGE:$VERSION"

.gitignore

@@ -28,3 +28,5 @@ vendor
 **/bin/helper
 /.core-bash_history
 coverage/
+.ruby-gemset
+.ruby-version

CHANGELOG.md

@@ -1,3 +1,68 @@
+## v0.142.1, 16 April 2021
+
+- Update npm from 7.7.4 to 7.10.0
+- build(deps): bump flake8 from 3.9.0 to 3.9.1 in /python/helpers
+- Azure: Raise PullRequestUpdateFailed error when failing to update PR @milind009
+- Fix Dockerfile.development
+- build(deps): bump cython from 0.29.22 to 0.29.23 in /python/helpers
+
+## v0.142.0, 15 April 2021
+
+- Dockerfile: set WORKDIR to /home/dependabot to avoid permission errors when
+  consumers of the dependabot-core image run bundle install @baseballlover723
+- Dockerfile: Cache composer installs & install ca-certificates
+- Dockerfile: shallow clone pyenv
+- npm/yarn: Always use registry source when available
+- build(deps-dev): bump eslint-config-prettier in /npm_and_yarn/helpers
+
+## v0.141.1, 13 April 2021
+
+- Remove bundler/v1/.bundle
+- Remove helpers ignore
+- Remove python versions from ci image and split copy
+- build(deps): bump npm from 6.14.12 to 6.14.13 in /npm_and_yarn/helpers
+- fix(go mod): capture module mismatch error
+
+## v0.141.0, 12 April 2021
+
+- Dockerfile: create a `dependabot` user and drop privileges
+  This is a potentially BREAKING change for consumers of the `dependabot/dependabot-core` docker image.
+- Maven/Gradle: Add option to use Gitlab access token for authentication against maven repositories @gringostar
+- common: raise Dependabot::OutOfDisk on more out of space errors
+- Bump eslint from 7.23.0 to 7.24.0
+
+## v0.140.3, 9 April 2021
+
+- fix(Go mod): detect when remote end hangs up
+
+## v0.140.2, 8 April 2021
+
+- Go mod: Handle repo not found errors projects https://github.com/dependabot/dependabot-core/pull/3456
+
+## v0.140.1, 8 April 2021
+
+- Python: Disabled poetry experimental new installer @honnix
+- GitLab: Implement delete/create action in client @jerbob92
+
+## v0.140.0, 7 April 2021
+
+- Bundler: Detecting and using the correct major Bundler version is now enabled by default
+- Python: Add versions 3.8.9, 3.9.3 and 3.9.4
+- Bump friendsofphp/php-cs-fixer in /composer/helpers/v1
+- Bump friendsofphp/php-cs-fixer in /composer/helpers/v2
+
+## v0.139.2, 6 April 2021
+
+- Cargo: fix error when upgrading to a version with a build annotation (e.g. `0.7.0+zstd.1.4.9`)
+- Maven: fix error when comparing string and integer versions
+- Generate alternatives for every git source (thanks @jerbob92)
+- CI: performance improvements
+- Bump phpstan/phpstan from 0.12.82 to 0.12.83 in /composer/helpers/v2
+- Bump phpstan/phpstan from 0.12.82 to 0.12.83 in /composer/helpers/v1
+- Bump composer/composer from 2.0.11 to 2.0.12 in /composer/helpers/v2
+- Bump composer/composer from 1.10.20 to 1.10.21 in /composer/helpers/v1
+- Bump @npmcli/arborist from 2.2.9 to 2.3.0 in /npm_and_yarn/helpers
+
 ## v0.139.1, 30 March 2021
 
 - Pull Requests: Fix github redirect for www.github.com links