Added support for .tool-versions file in Gemfile for Ruby projects

bundler/lib/dependabot/bundler/file_fetcher.rb

@@ -44,6 +44,7 @@ def fetch_files
         fetched_files += child_gemfiles
         fetched_files += gemspecs
         fetched_files << ruby_version_file if ruby_version_file
+        fetched_files << tool_versions_file if tool_versions_file
         fetched_files += path_gemspecs
         fetched_files += require_relative_files(fetched_files)
 
@@ -99,9 +100,13 @@ def gemspec_directories
       def ruby_version_file
         return unless gemfile
 
-        @ruby_version_file ||=
-          fetch_file_if_present(".ruby-version")
-          &.tap { |f| f.support_file = true }
+        @ruby_version_file ||= fetch_support_file(".ruby-version")
+      end
+
+      def tool_versions_file
+        return unless gemfile
+
+        @tool_versions_file ||= fetch_support_file(".tool-versions")
       end
 
       def path_gemspecs

bundler/lib/dependabot/bundler/file_parser.rb

@@ -244,6 +244,7 @@ def evaled_gemfiles
           .reject { |f| f.name.end_with?(".specification") }
           .reject { |f| f.name.end_with?(".lock") }
           .reject { |f| f.name.end_with?(".ruby-version") }
+          .reject { |f| f.name.end_with?(".tool-versions") }
           .reject { |f| f.name == "Gemfile" }
           .reject { |f| f.name == "gems.rb" }
           .reject { |f| f.name == "gems.locked" }

bundler/lib/dependabot/bundler/file_parser/file_preparer.rb

@@ -30,6 +30,7 @@ def prepared_dependency_files
             *evaled_gemfiles,
             lockfile,
             ruby_version_file,
+            tool_versions_file,
             *imported_ruby_files,
             *specification_files
           ].compact
@@ -50,6 +51,7 @@ def evaled_gemfiles
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
             .reject { |f| f.name.end_with?(".ruby-version") }
+            .reject { |f| f.name.end_with?(".tool-versions") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }
@@ -72,6 +74,10 @@ def ruby_version_file
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def imported_ruby_files
           dependency_files
             .select { |f| f.name.end_with?(".rb") }

bundler/lib/dependabot/bundler/file_updater.rb

@@ -128,6 +128,7 @@ def evaled_gemfiles
           .reject { |f| f.name.end_with?(".specification") }
           .reject { |f| f.name.end_with?(".lock") }
           .reject { |f| f.name.end_with?(".ruby-version") }
+          .reject { |f| f.name.end_with?(".tool-versions") }
           .reject { |f| f.name == "Gemfile" }
           .reject { |f| f.name == "gems.rb" }
           .reject { |f| f.name == "gems.locked" }

bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb

@@ -92,6 +92,7 @@ def write_temporary_dependency_files
 
           write_gemspecs(top_level_gemspecs)
           write_ruby_version_file
+          write_tool_versions_file
           write_gemspecs(path_gemspecs)
           write_specification_files
           write_imported_ruby_files
@@ -111,6 +112,14 @@ def write_ruby_version_file
           File.write(path, ruby_version_file.content)
         end
 
+        def write_tool_versions_file
+          return unless tool_versions_file
+
+          path = tool_versions_file.name
+          FileUtils.mkdir_p(Pathname.new(path).dirname)
+          File.write(path, tool_versions_file.content)
+        end
+
         def write_gemspecs(files)
           files.each do |file|
             path = file.name
@@ -156,6 +165,10 @@ def ruby_version_file
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def post_process_lockfile(lockfile_body)
           lockfile_body = reorder_git_dependencies(lockfile_body)
           replace_lockfile_ending(lockfile_body)
@@ -266,6 +279,7 @@ def evaled_gemfiles
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
             .reject { |f| f.name.end_with?(".ruby-version") }
+            .reject { |f| f.name.end_with?(".tool-versions") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }

bundler/lib/dependabot/bundler/update_checker/file_preparer.rb

@@ -93,6 +93,7 @@ def prepared_dependency_files
           files += [
             lockfile,
             ruby_version_file,
+            tool_versions_file,
             *imported_ruby_files,
             *specification_files
           ].compact
@@ -128,6 +129,7 @@ def evaled_gemfiles
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
             .reject { |f| f.name.end_with?(".ruby-version") }
+            .reject { |f| f.name.end_with?(".tool-versions") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }
@@ -151,6 +153,10 @@ def ruby_version_file
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def path_gemspecs
           all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
           all - top_level_gemspecs

bundler/spec/dependabot/bundler/file_fetcher_spec.rb

@@ -39,6 +39,14 @@
         body: fixture("github", "ruby_version_content.json"),
         headers: { "content-type" => "application/json" }
       )
+
+    stub_request(:get, File.join(url, ".tool-versions?ref=sha"))
+      .with(headers: { "Authorization" => "token token" })
+      .to_return(
+        status: 200,
+        body: fixture("github", "tool_versions_content.json"),
+        headers: { "content-type" => "application/json" }
+      )
   end
 
   context "with a directory" do
@@ -162,6 +170,40 @@
     end
   end
 
+  context "with a .tool-versions file" do
+    before do
+      stub_request(:get, url + "?ref=sha")
+        .with(headers: { "Authorization" => "token token" })
+        .to_return(
+          status: 200,
+          body: fixture("github", "contents_ruby_tool_versions.json"),
+          headers: { "content-type" => "application/json" }
+        )
+
+      stub_request(:get, url + "Gemfile?ref=sha")
+        .with(headers: { "Authorization" => "token token" })
+        .to_return(
+          status: 200,
+          body: fixture("github", "gemfile_with_ruby_tool_versions_content.json"),
+          headers: { "content-type" => "application/json" }
+        )
+
+      stub_request(:get, url + "Gemfile.lock?ref=sha")
+        .with(headers: { "Authorization" => "token token" })
+        .to_return(
+          status: 200,
+          body: fixture("github", "gemfile_lock_content.json"),
+          headers: { "content-type" => "application/json" }
+        )
+    end
+
+    it "fetches the tool-versions file" do
+      expect(file_fetcher_instance.files.count).to eq(3)
+      expect(file_fetcher_instance.files.map(&:name))
+        .to include(".tool-versions")
+    end
+  end
+
   context "with a gems.rb rather than a Gemfile" do
     before do
       stub_request(:get, url + "?ref=sha")

bundler/spec/dependabot/bundler/file_parser/file_preparer_spec.rb

@@ -55,6 +55,16 @@
       its(:content) { is_expected.to eq("2.2.0\n") }
     end
 
+    describe "the updated tool versions file" do
+      subject do
+        prepared_dependency_files.find { |f| f.name == ".tool-versions" }
+      end
+
+      let(:dependency_files) { bundler_project_dependency_files("tool_versions_file") }
+
+      its(:content) { is_expected.to eq("ruby 2.2.0\n") }
+    end
+
     describe "the updated .specification file" do
       subject do
         prepared_dependency_files.find { |f| f.name == "plugins/example/.specification" }

bundler/spec/dependabot/bundler/file_updater_spec.rb

@@ -532,6 +532,24 @@
         end
       end
 
+      context "given a Gemfile that loads a .tool-versions file" do
+        let(:project_name) { "tool_versions_file" }
+        let(:updater) do
+          described_class.new(
+            dependency_files: dependency_files,
+            dependencies: [dependency],
+            credentials: [{
+              "type" => "git_source",
+              "host" => "github.com"
+            }]
+          )
+        end
+
+        it "locks the updated gem to the latest version" do
+          expect(file.content).to include "business (1.5.0)"
+        end
+      end
+
       context "when the Gemfile.lock didn't have a BUNDLED WITH line" do
         let(:project_name) { "no_bundled_with" }
 

bundler/spec/dependabot/bundler/update_checker/latest_version_finder_spec.rb

@@ -201,6 +201,12 @@
         its([:version]) { is_expected.to eq(Gem::Version.new("1.5.0")) }
       end
 
+      context "given a Gemfile that loads a .tool-versions file" do
+        let(:dependency_files) { bundler_project_dependency_files("tool_versions_file") }
+
+        its([:version]) { is_expected.to eq(Gem::Version.new("1.5.0")) }
+      end
+
       context "with a gemspec and a Gemfile" do
         let(:dependency_files) { bundler_project_dependency_files("gemfile_small_example") }