Class: Dependabot::GitCommitChecker

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/git_commit_checker.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary collapse

VERSION_REGEX = 
/
  (?<version>
    (?<=^v)[0-9]+(?:\-[a-z0-9]+)?
    |
    [12][0-9]{3}(?:0[1-9]|1[0-2])(?:0[1-9]|[12][0-9]|3[01])
    |
    [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)*
  )$
/ix
VERSION_TAG_MATCH_PATTERN =

String pattern for matching version tags with optional prefixes (e.g., “v1.2.3” matches “1.2.3”)

"(?:[^0-9\\.]|\\A)%s\\z"

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false, dependency_source_details: nil) ⇒ GitCommitChecker

Returns a new instance of GitCommitChecker.



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/dependabot/git_commit_checker.rb', line 47

def initialize(
  dependency:,
  credentials:,
  ignored_versions: [],
  raise_on_ignored: false,
  consider_version_branches_pinned: false,
  dependency_source_details: nil
)
  @dependency = dependency
  @credentials = credentials
  @ignored_versions = ignored_versions
  @raise_on_ignored = raise_on_ignored
  @consider_version_branches_pinned = consider_version_branches_pinned
  @dependency_source_details = dependency_source_details
end

Instance Method Details

#all_version_tagsObject 



284
285
286
 
# File 'lib/dependabot/git_commit_checker.rb', line 284

def all_version_tags
  allowed_versions(local_tags, filter_by_prefix: false)
end

#allowed_version_refsObject 



198
199
200
 
# File 'lib/dependabot/git_commit_checker.rb', line 198

def allowed_version_refs
  allowed_versions(local_refs)
end

#allowed_version_tagsObject 



193
194
195
 
# File 'lib/dependabot/git_commit_checker.rb', line 193

def allowed_version_tags
  allowed_versions(local_tags)
end

#branch_or_ref_in_release?(version) ⇒ Boolean

Returns:

  • (Boolean) 


144
145
146
 
# File 'lib/dependabot/git_commit_checker.rb', line 144

def branch_or_ref_in_release?(version)
  pinned_ref_in_release?(version) || branch_behind_release?(version)
end

#current_versionObject 



203
204
205
206
207
 
# File 'lib/dependabot/git_commit_checker.rb', line 203

def current_version
  return unless dependency.version && version_tag?(T.must(dependency.version))

  version_from_ref(T.must(dependency.version))
end

#dependency_source_detailsObject 



254
255
256
 
# File 'lib/dependabot/git_commit_checker.rb', line 254

def dependency_source_details
  @dependency_source_details || dependency.source_details(allowed_types: ["git"])
end

#filter_lower_versions(tags) ⇒ Object 



210
211
212
213
214
215
216
217
218
219
220
 
# File 'lib/dependabot/git_commit_checker.rb', line 210

def filter_lower_versions(tags)
  return tags unless current_version

  versions = tags.map do |t|
    version_from_tag(t)
  end

  versions.select do |version|
    version > current_version
  end
end

#git_dependency?Boolean

Returns:

  • (Boolean) 


64
65
66
67
68
 
# File 'lib/dependabot/git_commit_checker.rb', line 64

def git_dependency?
  return false if dependency_source_details.nil?

  dependency_source_details&.fetch(:type) == "git"
end

#git_repo_reachable?Boolean

Returns:

  • (Boolean) 


246
247
248
249
250
251
 
# File 'lib/dependabot/git_commit_checker.rb', line 246

def git_repo_reachable?
  local_upload_pack
  true
rescue Dependabot::GitDependenciesNotReachable
  false
end

#head_commit_for_current_branchObject

Raises:



149
150
151
152
153
154
155
156
 
# File 'lib/dependabot/git_commit_checker.rb', line 149

def head_commit_for_current_branch
  ref = ref_or_branch || "HEAD"

  sha = head_commit_for_local_branch(ref)
  return sha if pinned? || sha

  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
end

#head_commit_for_local_branch(name) ⇒ Object 



159
160
161
 
# File 'lib/dependabot/git_commit_checker.rb', line 159

def head_commit_for_local_branch(name)
  local_repo_git_metadata_fetcher.head_commit_for_ref(name)
end

#head_commit_for_pinned_refObject 



108
109
110
 
# File 'lib/dependabot/git_commit_checker.rb', line 108

def head_commit_for_pinned_ref
  local_repo_git_metadata_fetcher.head_commit_for_ref_sha(T.must(ref))
end

#local_ref_for_latest_version_lower_precisionObject 



171
172
173
174
175
 
# File 'lib/dependabot/git_commit_checker.rb', line 171

def local_ref_for_latest_version_lower_precision
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs

  max_local_tag_for_lower_precision(allowed_refs)
end

#local_ref_for_latest_version_matching_existing_precisionObject 



164
165
166
167
168
 
# File 'lib/dependabot/git_commit_checker.rb', line 164

def local_ref_for_latest_version_matching_existing_precision
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs

  max_local_tag_for_current_precision(allowed_refs)
end

#local_tag_for_latest_versionObject 



178
179
180
 
# File 'lib/dependabot/git_commit_checker.rb', line 178

def local_tag_for_latest_version
  max_local_tag(allowed_version_tags)
end

#local_tag_for_pinned_shaObject 



229
230
231
232
233
234
235
236
 
# File 'lib/dependabot/git_commit_checker.rb', line 229

def local_tag_for_pinned_sha
  return unless pinned_ref_looks_like_commit_sha?

  @local_tag_for_pinned_sha = T.let(
    most_specific_version_tag_for_sha(ref),
    T.nilable(String)
  )
end

#local_tags_for_allowed_versionsObject 



188
189
190
 
# File 'lib/dependabot/git_commit_checker.rb', line 188

def local_tags_for_allowed_versions
  allowed_version_tags.filter_map { |t| to_local_tag(t) }
end

#local_tags_for_allowed_versions_matching_existing_precisionObject 



183
184
185
 
# File 'lib/dependabot/git_commit_checker.rb', line 183

def local_tags_for_allowed_versions_matching_existing_precision
  select_matching_existing_precision(allowed_version_tags).filter_map { |t| to_local_tag(t) }
end

#max_local_tag(tags) ⇒ Object 



277
278
279
280
281
 
# File 'lib/dependabot/git_commit_checker.rb', line 277

def max_local_tag(tags)
  max_version_tag = tags.max_by { |t| version_from_tag(t) }

  to_local_tag(max_version_tag)
end

#most_specific_tag_equivalent_to_pinned_refObject 



223
224
225
226
 
# File 'lib/dependabot/git_commit_checker.rb', line 223

def most_specific_tag_equivalent_to_pinned_ref
  commit_sha = head_commit_for_local_branch(T.must(ref))
  most_specific_version_tag_for_sha(commit_sha)
end

#most_specific_version_tag_for_sha(commit_sha) ⇒ Object 



264
265
266
267
268
269
 
# File 'lib/dependabot/git_commit_checker.rb', line 264

def most_specific_version_tag_for_sha(commit_sha)
  tags = local_tags_matching_sha(commit_sha)
  return if tags.empty?

  tags[-1]&.name
end

#most_specific_version_tags_for_sha(commit_sha) ⇒ Object 



272
273
274
 
# File 'lib/dependabot/git_commit_checker.rb', line 272

def most_specific_version_tags_for_sha(commit_sha)
  local_tags_matching_sha(commit_sha).map(&:name)
end

#pinned?Boolean

Returns:

  • (Boolean) 


72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/dependabot/git_commit_checker.rb', line 72

def pinned?
  raise "Not a git dependency!" unless git_dependency?

  branch = dependency_source_details&.fetch(:branch)

  return false if ref.nil?
  return false if branch == ref
  return true if branch
  return true if dependency.version&.start_with?(T.must(ref))
  return true if ref_matches_tag?

  # Assume we're pinned unless the specified `ref` is actually a branch
  return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})

  # TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
  @consider_version_branches_pinned && version_tag?(T.must(ref))
end

#pinned_ref_looks_like_commit_sha?Boolean

Returns:

  • (Boolean) 


99
100
101
102
103
104
105
 
# File 'lib/dependabot/git_commit_checker.rb', line 99

def pinned_ref_looks_like_commit_sha?
  return false unless ref && ref_looks_like_commit_sha?(T.must(ref))

  return false unless pinned?

  local_repo_git_metadata_fetcher.head_commit_for_ref(T.must(ref)).nil?
end

#pinned_ref_looks_like_version?Boolean

Returns:

  • (Boolean) 


92
93
94
95
96
 
# File 'lib/dependabot/git_commit_checker.rb', line 92

def pinned_ref_looks_like_version?
  return false unless pinned?

  version_tag?(T.must(ref))
end

#ref_details(ref) ⇒ Object 



121
122
123
124
125
126
127
128
129
130
131
 
# File 'lib/dependabot/git_commit_checker.rb', line 121

def ref_details(ref)
  T.must(
    T.let(
      GitMetadataFetcher.new(
        url: dependency.source_details&.fetch(:url, nil),
        credentials: credentials
      ).ref_details_for_pinned_ref(ref),
      T.nilable(Excon::Response)
    )
  )
end

#ref_details_for_pinned_refObject 



134
135
136
 
# File 'lib/dependabot/git_commit_checker.rb', line 134

def ref_details_for_pinned_ref
  ref_details(ref_pinned)
end

#ref_looks_like_commit_sha?(ref) ⇒ Boolean

Returns:

  • (Boolean) 


139
140
141
 
# File 'lib/dependabot/git_commit_checker.rb', line 139

def ref_looks_like_commit_sha?(ref)
  ref.match?(/^[0-9a-f]{6,40}$/)
end

#refs_for_tag_with_detailObject 



259
260
261
 
# File 'lib/dependabot/git_commit_checker.rb', line 259

def refs_for_tag_with_detail
  local_repo_git_metadata_fetcher.refs_for_tag_with_detail
end

#tagsObject 



113
114
115
116
117
118
 
# File 'lib/dependabot/git_commit_checker.rb', line 113

def tags
  GitMetadataFetcher.new(
    url: dependency.source_details&.fetch(:url, nil),
    credentials: credentials
  ).tags
end

#version_for_pinned_shaObject 



239
240
241
242
243
 
# File 'lib/dependabot/git_commit_checker.rb', line 239

def version_for_pinned_sha
  return unless local_tag_for_pinned_sha && version_class.correct?(local_tag_for_pinned_sha)

  version_class.new(local_tag_for_pinned_sha)
end