Skip to content

Commit

Permalink
Merge branch 'main' into fix-handled-dependencies-for-multidir
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakecoffman
jakecoffman committed May 17, 2024
2 parents 0f84b35 + ac97d9a commit 5ac8e00
Show file tree
Hide file tree
Showing 215 changed files with 16,277 additions and 5,606 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
"ghcr.io/devcontainers/features/github-cli": "latest",
"ghcr.io/devcontainers/features/node": "lts",
"ghcr.io/devcontainers/features/go": "latest",
"ghcr.io/devcontainers/features/ruby": "3.1.4",
"ghcr.io/devcontainers/features/ruby": "3.3.1",
"ghcr.io/devcontainers/features/rust": "latest",
"ghcr.io/devcontainers/features/dotnet": "latest",
"ghcr.io/devcontainers/features/sshd:1": {
Expand Down
4 changes: 4 additions & 0 deletions .editorconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,7 @@ indent_style = tab

[*.php]
indent_size = 4

[*.py]
indent_size = 4
max_line_length = 80
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,11 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
submodules: recursive

- uses: dorny/paths-filter@v3
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes
with:
filters: .github/ci-filters.yml
Expand Down Expand Up @@ -74,7 +74,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
submodules: recursive
# using bundler as the test updater
Expand All @@ -91,8 +91,8 @@ jobs:
env:
BUNDLE_GEMFILE: updater/Gemfile
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
with:
bundler-cache: true
- run: ./bin/lint
Expand All @@ -105,13 +105,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
submodules: recursive
- name: Build ecosystem image
run: script/build silent
- name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.21
- name: Download Dependabot CLI
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/gems-bump-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
steps:
- name: Generate token
id: generate_token
uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_APP_ID }}
private-key: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_PRIVATE_KEY }}
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/images-latest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Latest images
env:
UPDATER_IMAGE: "ghcr.io/dependabot/dependabot-updater-"
on: # yamllint disable-line rule:truthy
on: # yamllint disable-line rule:truthy
push:
branches:
- main
Expand All @@ -27,6 +27,7 @@ jobs:
needs: date-version
permissions:
contents: read
id-token: write
packages: write
strategy:
fail-fast: false
Expand Down Expand Up @@ -60,6 +61,8 @@ jobs:
with:
submodules: recursive

- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0

- name: Build the dependabot-updater-<ecosystem> image
# despite the script input being $NAME, the resulting image is dependabot-updater-${ECOSYSTEM}
run: script/build ${NAME}
Expand All @@ -74,7 +77,10 @@ jobs:
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

- name: Push the images to GHCR
run: docker push --all-tags "${UPDATER_IMAGE}${ECOSYSTEM}"
run: |
docker push --all-tags "${UPDATER_IMAGE}${ECOSYSTEM}"
# All tags should resolve to the same digest so we only need to look up one of them
cosign sign --yes $(cosign triangulate --type=digest "${UPDATER_IMAGE}${ECOSYSTEM}:latest")
- name: Set summary
run: |
Expand Down
8 changes: 7 additions & 1 deletion .github/workflows/images-updater-core.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Updater-Core image
env:
UPDATER_CORE_IMAGE: "ghcr.io/dependabot/dependabot-updater-core"
on: # yamllint disable-line rule:truthy
on: # yamllint disable-line rule:truthy
push:
branches:
- main
Expand All @@ -14,12 +14,16 @@ jobs:
if: github.repository == 'dependabot/dependabot-core'
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive

- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0

- name: Build dependabot-updater-core image
run: script/build common
- name: Log in to GHCR
Expand All @@ -28,6 +32,8 @@ jobs:
- name: Push latest image
run: |
docker push "$UPDATER_CORE_IMAGE:latest"
cosign sign --yes $(cosign triangulate --type=digest "$UPDATER_CORE_IMAGE:latest")
- name: Push tagged image
if: contains(github.ref, 'refs/tags')
run: |
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/scorecards.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Scorecard analysis

on: # yamllint disable-line rule:truthy
push:
branches:
- main
schedule:
- cron: "30 1 * * 6" # https://crontab.guru/#30_1_*_*_6

permissions: read-all

jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed for Code scanning upload
security-events: write
# Needed for GitHub OIDC token if publish_results is true
id-token: write

steps:
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
persist-credentials: false

- uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true

- uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
sarif_file: results.sarif
134 changes: 4 additions & 130 deletions .rubocop.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
---
inherit_from: .rubocop_todo.yml

require:
- rubocop-performance
- rubocop-rspec
Expand All @@ -12,6 +14,8 @@ AllCops:
- "*/spec/fixtures/**/*"
- "vendor/**/*"
- "dry-run/**/*"
- "bundler/helpers/v1/patched_bundler"
- "bundler/helpers/spec_helpers/*"
NewCops: enable
TargetRubyVersion: 3.1
SuggestExtensions: false
Expand Down Expand Up @@ -347,136 +351,6 @@ RSpec:
Include:
- "**/spec/**/*"

# TODO: Fix these and re-enable
RSpec/FilePath:
Enabled: false
RSpec/SpecFilePathFormat:
Enabled: false
RSpec/MessageSpies:
Enabled: false
RSpec/ExampleLength:
Enabled: false
RSpec/MultipleExpectations:
Enabled: false
RSpec/NestedGroups:
Enabled: false
RSpec/SharedExamples:
Enabled: false
RSpec/NotToNot:
Enabled: false
RSpec/StubbedMock:
Enabled: false
RSpec/ContextWording:
Enabled: false
RSpec/BeEq:
Enabled: false
RSpec/MultipleMemoizedHelpers:
Enabled: false
RSpec/VerifiedDoubleReference:
Enabled: false
RSpec/ExampleWording:
Enabled: false
RSpec/EmptyLineAfterFinalLet:
Enabled: false
RSpec/VerifiedDoubles:
Enabled: false
RSpec/ReceiveMessages:
Enabled: false
RSpec/LeadingSubject:
Enabled: false
RSpec/SubjectStub:
Enabled: false
RSpec/ImplicitSubject:
Enabled: false
RSpec/ExcessiveDocstringSpacing:
Enabled: false
RSpec/DescribedClass:
Enabled: false
RSpec/EmptyLineAfterSubject:
Enabled: false
RSpec/PredicateMatcher:
Enabled: false
RSpec/MessageChain:
Enabled: false
RSpec/BeEql:
Enabled: false
RSpec/UnspecifiedException:
Enabled: false
RSpec/AnyInstance:
Enabled: false
RSpec/MetadataStyle:
Enabled: false
RSpec/LetBeforeExamples:
Enabled: false
RSpec/RepeatedExampleGroupDescription:
Enabled: false
RSpec/NamedSubject:
Enabled: false
RSpec/MatchArray:
Enabled: false
RSpec/RepeatedExample:
Enabled: false
RSpec/ScatteredLet:
Enabled: false
RSpec/EmptyLineAfterExampleGroup:
Enabled: false
RSpec/OverwritingSetup:
Enabled: false
RSpec/HooksBeforeExamples:
Enabled: false
RSpec/ExpectActual:
Enabled: false
RSpec/EmptyLineAfterHook:
Enabled: false
RSpec/IndexedLet:
Enabled: false
RSpec/EmptyLineAfterExample:
Enabled: false
RSpec/IteratedExpectation:
Enabled: false
RSpec/ContextMethod:
Enabled: false
RSpec/ScatteredSetup:
Enabled: false
RSpec/InstanceVariable:
Enabled: false
RSpec/RepeatedExampleGroupBody:
Enabled: false
RSpec/BeforeAfterAll:
Enabled: false
RSpec/BeEmpty:
Enabled: false
RSpec/ContainExactly:
Enabled: false
RSpec/DescribeClass:
Enabled: false
RSpec/EmptyExampleGroup:
Enabled: false
RSpec/ExpectInHook:
Enabled: false
RSpec/SubjectDeclaration:
Enabled: false
RSpec/VoidExpect:
Enabled: false
RSpec/BeNil:
Enabled: false
RSpec/PendingWithoutReason:
Enabled: false
RSpec/Focus:
Enabled: false
RSpec/ImplicitExpect:
Enabled: false
RSpec/HookArgument:
Enabled: false
RSpec/MultipleDescribes:
Enabled: false
RSpec/RepeatedDescription:
Enabled: false
RSpec/ExpectChange:
Enabled: false
RSpec/MultipleSubjects:
Enabled: false

# TODO these were temporarily disabled during the Ruby 2.7 -> 3.1 upgrade
# in order to keep the upgrade diff small, they will be enabled/fixed in
# a follow-on PR.
Expand Down
Loading

0 comments on commit 5ac8e00

Please sign in to comment.