Class: Dependabot::GitCommitChecker

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/git_commit_checker.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary collapse

VERSION_REGEX = 
/
  (?<version>
    (?<=^v)[0-9]+(?:\-[a-z0-9]+)?
    |
    [12][0-9]{3}(?:0[1-9]|1[0-2])(?:0[1-9]|[12][0-9]|3[01])
    |
    [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)*
  )$
/ix
VERSION_TAG_MATCH_PATTERN =

String pattern for matching version tags with optional prefixes (e.g., “v1.2.3” matches “1.2.3”)

"(?:[^0-9\\.]|\\A)%s\\z"

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false, dependency_source_details: nil) ⇒ GitCommitChecker

Returns a new instance of GitCommitChecker.



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/dependabot/git_commit_checker.rb', line 46

def initialize(
  dependency:,
  credentials:,
  ignored_versions: [],
  raise_on_ignored: false,
  consider_version_branches_pinned: false,
  dependency_source_details: nil
)
  @dependency = dependency
  @credentials = credentials
  @ignored_versions = ignored_versions
  @raise_on_ignored = raise_on_ignored
  @consider_version_branches_pinned = consider_version_branches_pinned
  @dependency_source_details = dependency_source_details
end

Instance Method Details

#all_version_tagsObject 



283
284
285
 
# File 'lib/dependabot/git_commit_checker.rb', line 283

def all_version_tags
  allowed_versions(local_tags, filter_by_prefix: false)
end

#allowed_version_refsObject 



197
198
199
 
# File 'lib/dependabot/git_commit_checker.rb', line 197

def allowed_version_refs
  allowed_versions(local_refs)
end

#allowed_version_tagsObject 



192
193
194
 
# File 'lib/dependabot/git_commit_checker.rb', line 192

def allowed_version_tags
  allowed_versions(local_tags)
end

#branch_or_ref_in_release?(version) ⇒ Boolean

Returns:

  • (Boolean) 


143
144
145
 
# File 'lib/dependabot/git_commit_checker.rb', line 143

def branch_or_ref_in_release?(version)
  pinned_ref_in_release?(version) || branch_behind_release?(version)
end

#current_versionObject 



202
203
204
205
206
 
# File 'lib/dependabot/git_commit_checker.rb', line 202

def current_version
  return unless dependency.version && version_tag?(T.must(dependency.version))

  version_from_ref(T.must(dependency.version))
end

#dependency_source_detailsObject 



253
254
255
 
# File 'lib/dependabot/git_commit_checker.rb', line 253

def dependency_source_details
  @dependency_source_details || dependency.source_details(allowed_types: ["git"])
end

#filter_lower_versions(tags) ⇒ Object 



209
210
211
212
213
214
215
216
217
218
219
 
# File 'lib/dependabot/git_commit_checker.rb', line 209

def filter_lower_versions(tags)
  return tags unless current_version

  versions = tags.map do |t|
    version_from_tag(t)
  end

  versions.select do |version|
    version > current_version
  end
end

#git_dependency?Boolean

Returns:

  • (Boolean) 


63
64
65
66
67
 
# File 'lib/dependabot/git_commit_checker.rb', line 63

def git_dependency?
  return false if dependency_source_details.nil?

  dependency_source_details&.fetch(:type) == "git"
end

#git_repo_reachable?Boolean

Returns:

  • (Boolean) 


245
246
247
248
249
250
 
# File 'lib/dependabot/git_commit_checker.rb', line 245

def git_repo_reachable?
  local_upload_pack
  true
rescue Dependabot::GitDependenciesNotReachable
  false
end

#head_commit_for_current_branchObject

Raises:



148
149
150
151
152
153
154
155
 
# File 'lib/dependabot/git_commit_checker.rb', line 148

def head_commit_for_current_branch
  ref = ref_or_branch || "HEAD"

  sha = head_commit_for_local_branch(ref)
  return sha if pinned? || sha

  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
end

#head_commit_for_local_branch(name) ⇒ Object 



158
159
160
 
# File 'lib/dependabot/git_commit_checker.rb', line 158

def head_commit_for_local_branch(name)
  local_repo_git_metadata_fetcher.head_commit_for_ref(name)
end

#head_commit_for_pinned_refObject 



107
108
109
 
# File 'lib/dependabot/git_commit_checker.rb', line 107

def head_commit_for_pinned_ref
  local_repo_git_metadata_fetcher.head_commit_for_ref_sha(T.must(ref))
end

#local_ref_for_latest_version_lower_precisionObject 



170
171
172
173
174
 
# File 'lib/dependabot/git_commit_checker.rb', line 170

def local_ref_for_latest_version_lower_precision
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs

  max_local_tag_for_lower_precision(allowed_refs)
end

#local_ref_for_latest_version_matching_existing_precisionObject 



163
164
165
166
167
 
# File 'lib/dependabot/git_commit_checker.rb', line 163

def local_ref_for_latest_version_matching_existing_precision
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs

  max_local_tag_for_current_precision(allowed_refs)
end

#local_tag_for_latest_versionObject 



177
178
179
 
# File 'lib/dependabot/git_commit_checker.rb', line 177

def local_tag_for_latest_version
  max_local_tag(allowed_version_tags)
end

#local_tag_for_pinned_shaObject 



228
229
230
231
232
233
234
235
 
# File 'lib/dependabot/git_commit_checker.rb', line 228

def local_tag_for_pinned_sha
  return unless pinned_ref_looks_like_commit_sha?

  @local_tag_for_pinned_sha = T.let(
    most_specific_version_tag_for_sha(ref),
    T.nilable(String)
  )
end

#local_tags_for_allowed_versionsObject 



187
188
189
 
# File 'lib/dependabot/git_commit_checker.rb', line 187

def local_tags_for_allowed_versions
  allowed_version_tags.filter_map { |t| to_local_tag(t) }
end

#local_tags_for_allowed_versions_matching_existing_precisionObject 



182
183
184
 
# File 'lib/dependabot/git_commit_checker.rb', line 182

def local_tags_for_allowed_versions_matching_existing_precision
  select_matching_existing_precision(allowed_version_tags).filter_map { |t| to_local_tag(t) }
end

#max_local_tag(tags) ⇒ Object 



276
277
278
279
280
 
# File 'lib/dependabot/git_commit_checker.rb', line 276

def max_local_tag(tags)
  max_version_tag = tags.max_by { |t| version_from_tag(t) }

  to_local_tag(max_version_tag)
end

#most_specific_tag_equivalent_to_pinned_refObject 



222
223
224
225
 
# File 'lib/dependabot/git_commit_checker.rb', line 222

def most_specific_tag_equivalent_to_pinned_ref
  commit_sha = head_commit_for_local_branch(T.must(ref))
  most_specific_version_tag_for_sha(commit_sha)
end

#most_specific_version_tag_for_sha(commit_sha) ⇒ Object 



263
264
265
266
267
268
 
# File 'lib/dependabot/git_commit_checker.rb', line 263

def most_specific_version_tag_for_sha(commit_sha)
  tags = local_tags_matching_sha(commit_sha)
  return if tags.empty?

  tags[-1]&.name
end

#most_specific_version_tags_for_sha(commit_sha) ⇒ Object 



271
272
273
 
# File 'lib/dependabot/git_commit_checker.rb', line 271

def most_specific_version_tags_for_sha(commit_sha)
  local_tags_matching_sha(commit_sha).map(&:name)
end

#pinned?Boolean

Returns:

  • (Boolean) 


71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/dependabot/git_commit_checker.rb', line 71

def pinned?
  raise "Not a git dependency!" unless git_dependency?

  branch = dependency_source_details&.fetch(:branch)

  return false if ref.nil?
  return false if branch == ref
  return true if branch
  return true if dependency.version&.start_with?(T.must(ref))
  return true if ref_matches_tag?

  # Assume we're pinned unless the specified `ref` is actually a branch
  return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})

  # TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
  @consider_version_branches_pinned && version_tag?(T.must(ref))
end

#pinned_ref_looks_like_commit_sha?Boolean

Returns:

  • (Boolean) 


98
99
100
101
102
103
104
 
# File 'lib/dependabot/git_commit_checker.rb', line 98

def pinned_ref_looks_like_commit_sha?
  return false unless ref && ref_looks_like_commit_sha?(T.must(ref))

  return false unless pinned?

  local_repo_git_metadata_fetcher.head_commit_for_ref(T.must(ref)).nil?
end

#pinned_ref_looks_like_version?Boolean

Returns:

  • (Boolean) 


91
92
93
94
95
 
# File 'lib/dependabot/git_commit_checker.rb', line 91

def pinned_ref_looks_like_version?
  return false unless pinned?

  version_tag?(T.must(ref))
end

#ref_details(ref) ⇒ Object 



120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/dependabot/git_commit_checker.rb', line 120

def ref_details(ref)
  T.must(
    T.let(
      GitMetadataFetcher.new(
        url: dependency.source_details&.fetch(:url, nil),
        credentials: credentials
      ).ref_details_for_pinned_ref(ref),
      T.nilable(Excon::Response)
    )
  )
end

#ref_details_for_pinned_refObject 



133
134
135
 
# File 'lib/dependabot/git_commit_checker.rb', line 133

def ref_details_for_pinned_ref
  ref_details(ref_pinned)
end

#ref_looks_like_commit_sha?(ref) ⇒ Boolean

Returns:

  • (Boolean) 


138
139
140
 
# File 'lib/dependabot/git_commit_checker.rb', line 138

def ref_looks_like_commit_sha?(ref)
  ref.match?(/^[0-9a-f]{6,40}$/)
end

#refs_for_tag_with_detailObject 



258
259
260
 
# File 'lib/dependabot/git_commit_checker.rb', line 258

def refs_for_tag_with_detail
  local_repo_git_metadata_fetcher.refs_for_tag_with_detail
end

#tagsObject 



112
113
114
115
116
117
 
# File 'lib/dependabot/git_commit_checker.rb', line 112

def tags
  GitMetadataFetcher.new(
    url: dependency.source_details&.fetch(:url, nil),
    credentials: credentials
  ).tags
end

#version_for_pinned_shaObject 



238
239
240
241
242
 
# File 'lib/dependabot/git_commit_checker.rb', line 238

def version_for_pinned_sha
  return unless local_tag_for_pinned_sha && version_class.correct?(local_tag_for_pinned_sha)

  version_class.new(local_tag_for_pinned_sha)
end