Class: Dependabot::Maven::FileParser::RepositoriesFinder

Inherits:

Object

Object
Dependabot::Maven::FileParser::RepositoriesFinder

show all

Defined in:: lib/dependabot/maven/file_parser/repositories_finder.rb

Constant Summary collapse

REPOSITORY_SELECTOR = In theory we should check the artifact type and either look in <repositories> or <pluginRepositories>. In practice it’s unlikely anyone makes this distinction.

"repositories > repository, " \
"pluginRepositories > pluginRepository"

Instance Method Summary collapse

#central_repo_url ⇒ Object
#initialize(pom_fetcher:, dependency_files: [], credentials: [], evaluate_properties: true) ⇒ RepositoriesFinder constructor

A new instance of RepositoriesFinder.
#repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true) ⇒ Object

Collect all repository URLs from this POM and its parents.

Constructor Details

#initialize(pom_fetcher:, dependency_files: [], credentials: [], evaluate_properties: true) ⇒ `RepositoriesFinder`

Returns a new instance of RepositoriesFinder.

# File 'lib/dependabot/maven/file_parser/repositories_finder.rb', line 26

def initialize(pom_fetcher:, dependency_files: [], credentials: [], evaluate_properties: true)
  @pom_fetcher = pom_fetcher
  @dependency_files = dependency_files
  @credentials = credentials

  # We need the option not to evaluate properties so as not to have a
  # circular dependency between this class and the PropertyValueFinder
  # class
  @evaluate_properties = evaluate_properties
  # Aggregates URLs seen in POMs to avoid short term memory loss.
  # For instance a repository in a child POM might apply to the parent too.
  @known_urls = []
end

Instance Method Details

#central_repo_url ⇒ `Object`

# File 'lib/dependabot/maven/file_parser/repositories_finder.rb', line 40

def central_repo_url
  base = @credentials.find { |cred| cred["type"] == "maven_repository" && cred.replaces_base? }
  base ? base["url"] : "https://repo.maven.apache.org/maven2"
end

#repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true) ⇒ `Object`

Collect all repository URLs from this POM and its parents

# File 'lib/dependabot/maven/file_parser/repositories_finder.rb', line 46

def repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true)
  entries = gather_repository_urls(pom: pom, exclude_inherited: exclude_inherited)
  ids = Set.new
  @known_urls += entries.map do |entry|
    next if entry[:id] && ids.include?(entry[:id])

    ids.add(entry[:id]) unless entry[:id].nil?
    entry
  end
  @known_urls = @known_urls.uniq.compact

  urls = urls_from_credentials + @known_urls.reject { |entry| exclude_snapshots && entry[:snapshots] }
                                            .map { |entry| entry[:url] }
  urls += [central_repo_url] unless @known_urls.any? { |entry| entry[:id] == super_pom[:id] }
  urls.uniq
end