Skip to content

Commit

Permalink
Actions: backsolve pinned commits
Browse files Browse the repository at this point in the history
  • Loading branch information
@thepwagner
thepwagner committed May 6, 2021
1 parent 39f86ac commit bcf3640
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 8 deletions.
4 changes: 3 additions & 1 deletion common/lib/dependabot/dependency.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,12 @@ def self.register_name_normaliser(package_manager, name_builder)
@name_normalisers[package_manager] = name_builder
end

attr_reader :name, :version, :requirements, :package_manager,
attr_reader :name, :requirements, :package_manager,
:previous_version, :previous_requirements,
:subdependency_metadata

attr_accessor :version

def initialize(name:, requirements:, package_manager:, version: nil,
previous_version: nil, previous_requirements: nil,
subdependency_metadata: [])
Expand Down
17 changes: 16 additions & 1 deletion github_actions/lib/dependabot/github_actions/file_parser.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ def parse
dependency_set += workfile_file_dependencies(file)
end

resolve_git_tags(dependency_set)
dependency_set.dependencies
end

Expand Down Expand Up @@ -67,7 +68,7 @@ def build_github_dependency(file, string)
source: {
type: "git",
url: url,
ref: details.fetch("ref"),
ref: ref,
branch: nil
},
file: file.name,
Expand All @@ -85,6 +86,20 @@ def deep_fetch_uses(json_obj)
end
end

def resolve_git_tags(dependency_set)
dependency_set.dependencies.each do |dep|
next unless dep.version.nil?

git_checker = Dependabot::GitCommitChecker.new(dependency: dep, credentials: credentials)
next unless git_checker.pinned_ref_looks_like_commit_sha?

resolved = git_checker.local_tag_for_pinned_version
next if resolved.nil? || !version_class.correct?(resolved)

dep.version = version_class.new(resolved).to_s
end
end

def deep_fetch_uses_from_hash(json_object)
steps = json_object.fetch("steps", [])

Expand Down
6 changes: 3 additions & 3 deletions github_actions/lib/dependabot/github_actions/update_checker.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,12 @@ def fetch_latest_version_for_git_dependency
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?

# If the dependency is pinned to a tag that looks like a version then
# we want to update that tag. The latest version will then be the SHA
# of the latest tag that looks like a version.
# we want to update that tag.

if git_commit_checker.pinned_ref_looks_like_version? &&
git_commit_checker.local_tag_for_latest_version
latest_tag = git_commit_checker.local_tag_for_latest_version
return latest_tag.fetch(:commit_sha)
return latest_tag.fetch(:version)
end

# If the dependency is pinned to a commit SHA and the latest
Expand Down
6 changes: 3 additions & 3 deletions github_actions/spec/dependabot/github_actions/update_checker_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,11 +165,11 @@

context "given a dependency with a tag reference" do
let(:reference) { "v1.0.1" }
it { is_expected.to eq("5273d0df9c603edc4284ac8402cf650b4f1f6686") }
it { is_expected.to eq(Gem::Version.new("1.1.0")) }

context "and the latest version is being ignored" do
let(:ignored_versions) { [">= 1.1.0"] }
it { is_expected.to eq("fc9ff49b90869a686df00e922af871c12215986a") }
it { is_expected.to eq(Gem::Version.new("1.0.4")) }
end

context "and all versions are being ignored" do
Expand Down Expand Up @@ -225,7 +225,7 @@
context "given a dependency with multiple git refs", :vcr do
include_context "with multiple git sources"

it { is_expected.to eq("aabbfeb2ce60b5bd82389903509092c4648a9713") }
it { is_expected.to eq(Gem::Version.new("2.2.0")) }
end
end

Expand Down

0 comments on commit bcf3640

Please sign in to comment.