Module: Dependabot::GitCooldownDateResolver

Extended by:
T::Helpers, T::Sig
Defined in:
lib/dependabot/git_cooldown_date_resolver.rb

Overview

Shared logic for resolving release dates from git-based sources for cooldown purposes. Used by ecosystems that rely on git tags (pre-commit, GitHub Actions) rather than package registries.

Priority: GitHub Release published_at > tag creation date (for-each-ref) > commit date.

Including classes must implement:

- `cooldown_source_url` — returns the git source URL
- `cooldown_credentials` — returns the credentials array

Instance Method Summary collapse

Instance Method Details

#cached_github_releasesObject 



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 92

def cached_github_releases
  @cached_github_releases ||= T.let(
    begin
      url = cooldown_source_url
      source = Source.from_url(url)
      if source&.provider == "github"
        client = Dependabot::Clients::GithubWithRetries.for_source(
          source: T.must(source),
          credentials: cooldown_credentials
        )
        client.releases(T.must(source).repo, per_page: 100)
      else
        []
      end
    rescue StandardError => e
      Dependabot.logger.debug("Error fetching GitHub releases: #{e.message}")
      []
    end,
    T.nilable(T::Array[T.untyped]) # rubocop:disable Sorbet/ForbidTUntyped
  )
end

#cooldown_credentialsObject 



31
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 31

def cooldown_credentials; end

#cooldown_source_urlObject 



27
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 27

def cooldown_source_url; end

#github_release_published_at(tag_name) ⇒ Object 



57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 57

def github_release_published_at(tag_name)
  releases = cached_github_releases
  return nil if releases.empty?

  release = releases.find { |r| r.tag_name == tag_name }
  return nil unless release&.published_at

  release.published_at
rescue StandardError => e
  Dependabot.logger.debug("Error fetching GitHub release date for #{tag_name}: #{e.message}")
  nil
end

#normalize_tag_name(tag_name) ⇒ Object 



37
38
39
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 37

def normalize_tag_name(tag_name)
  tag_name.delete_prefix("tags/")
end

#resolve_candidate_date(tag_name, commit_sha) ⇒ Object 



44
45
46
47
48
49
50
51
52
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 44

def resolve_candidate_date(tag_name, commit_sha)
  releases = cached_github_releases
  unless releases.empty?
    release = releases.find { |r| r.tag_name == tag_name }
    return release.published_at if release&.published_at
  end

  tag_creation_date(tag_name, commit_sha)
end

#tag_creation_date(tag_name, commit_sha) ⇒ Object 



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/dependabot/git_cooldown_date_resolver.rb', line 73

def tag_creation_date(tag_name, commit_sha)
  tag_date_str = SharedHelpers.run_shell_command(
    "git for-each-ref --format=\"%(creatordate:iso)\" \"refs/tags/#{tag_name}\"",
    fingerprint: "git for-each-ref --format=\"%(creatordate:iso)\" \"refs/tags/<tag_name>\""
  ).strip

  if tag_date_str.empty?
    tag_date_str = SharedHelpers.run_shell_command(
      "git show --no-patch --format=\"%cd\" --date=iso #{commit_sha}",
      fingerprint: "git show --no-patch --format=\"%cd\" --date=iso <commit_sha>"
    ).strip
  end

  Time.parse(tag_date_str)
end