Class: Dependabot::Python::FileUpdater::PyprojectPreparer

Inherits:

Object

Object
Dependabot::Python::FileUpdater::PyprojectPreparer

show all

Defined in:: lib/dependabot/python/file_updater/pyproject_preparer.rb

Instance Method Summary collapse

#add_auth_env_vars(credentials) ⇒ Object

For hosted Dependabot token will be nil since the credentials aren’t present.
#freeze_top_level_dependencies_except(dependencies) ⇒ Object

rubocop:disable Metrics/PerceivedComplexity rubocop:disable Metrics/AbcSize.
#initialize(pyproject_content:, lockfile: nil) ⇒ PyprojectPreparer constructor

A new instance of PyprojectPreparer.
#sanitize ⇒ Object
#update_python_requirement(requirement) ⇒ Object

Constructor Details

#initialize(pyproject_content:, lockfile: nil) ⇒ `PyprojectPreparer`

Returns a new instance of PyprojectPreparer.

# File 'lib/dependabot/python/file_updater/pyproject_preparer.rb', line 17

def initialize(pyproject_content:, lockfile: nil)
  @pyproject_content = pyproject_content
  @lockfile = lockfile
end

Instance Method Details

#add_auth_env_vars(credentials) ⇒ `Object`

For hosted Dependabot token will be nil since the credentials aren’t present. This is for those running Dependabot themselves and for dry-run.

# File 'lib/dependabot/python/file_updater/pyproject_preparer.rb', line 24

def add_auth_env_vars(credentials)
  TomlRB.parse(@pyproject_content).dig("tool", "poetry", "source")&.each do |source|
    cred = credentials&.find { |c| c["index-url"] == source["url"] }
    next unless cred

    token = cred.fetch("token", nil)
    next unless token && token.count(":") == 1

    arr = token.split(":")
    # https://python-poetry.org/docs/configuration/#using-environment-variables
    name = source["name"]&.upcase&.gsub(/\W/, "_")
    ENV["POETRY_HTTP_BASIC_#{name}_USERNAME"] = arr[0]
    ENV["POETRY_HTTP_BASIC_#{name}_PASSWORD"] = arr[1]
  end
end

#freeze_top_level_dependencies_except(dependencies) ⇒ `Object`

rubocop:disable Metrics/PerceivedComplexity rubocop:disable Metrics/AbcSize

# File 'lib/dependabot/python/file_updater/pyproject_preparer.rb', line 60

def freeze_top_level_dependencies_except(dependencies)
  return pyproject_content unless lockfile

  pyproject_object = TomlRB.parse(pyproject_content)
  poetry_object = pyproject_object["tool"]["poetry"]
  excluded_names = dependencies.map(&:name) + ["python"]

  Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
    next unless poetry_object[key]

    source_types = %w(directory file url)
    poetry_object.fetch(key).each do |dep_name, _|
      next if excluded_names.include?(normalise(dep_name))

      locked_details = locked_details(dep_name)

      next unless (locked_version = locked_details&.fetch("version"))

      next if source_types.include?(locked_details&.dig("source", "type"))

      if locked_details&.dig("source", "type") == "git"
        poetry_object[key][dep_name] = {
          "git" => locked_details&.dig("source", "url"),
          "rev" => locked_details&.dig("source", "reference")
        }
        subdirectory = locked_details&.dig("source", "subdirectory")
        poetry_object[key][dep_name]["subdirectory"] = subdirectory if subdirectory
      elsif poetry_object[key][dep_name].is_a?(Hash)
        poetry_object[key][dep_name]["version"] = locked_version
      elsif poetry_object[key][dep_name].is_a?(Array)
        # if it has multiple-constraints, locking to a single version is
        # going to result in a bad lockfile, ignore
        next
      else
        poetry_object[key][dep_name] = locked_version
      end
    end
  end

  TomlRB.dump(pyproject_object)
end

#sanitize ⇒ `Object`

# File 'lib/dependabot/python/file_updater/pyproject_preparer.rb', line 51

def sanitize
  # {{ name }} syntax not allowed
  pyproject_content
    .gsub(/\{\{.*?\}\}/, "something")
    .gsub('#{', "{")
end

#update_python_requirement(requirement) ⇒ `Object`

# File 'lib/dependabot/python/file_updater/pyproject_preparer.rb', line 40

def update_python_requirement(requirement)
  pyproject_object = TomlRB.parse(@pyproject_content)
  if (python_specification = pyproject_object.dig("tool", "poetry", "dependencies", "python"))
    python_req = Python::Requirement.new(python_specification)
    unless python_req.satisfied_by?(requirement)
      pyproject_object["tool"]["poetry"]["dependencies"]["python"] = "~#{requirement}"
    end
  end
  TomlRB.dump(pyproject_object)
end

Class: Dependabot::Python::FileUpdater::PyprojectPreparer

Instance Method Summary collapse

Constructor Details

#initialize(pyproject_content:, lockfile: nil) ⇒ PyprojectPreparer

Instance Method Details

#add_auth_env_vars(credentials) ⇒ Object

#freeze_top_level_dependencies_except(dependencies) ⇒ Object

#sanitize ⇒ Object

#update_python_requirement(requirement) ⇒ Object

#initialize(pyproject_content:, lockfile: nil) ⇒ `PyprojectPreparer`

#add_auth_env_vars(credentials) ⇒ `Object`

#freeze_top_level_dependencies_except(dependencies) ⇒ `Object`

#sanitize ⇒ `Object`

#update_python_requirement(requirement) ⇒ `Object`