Class: Dependabot::Python::MetadataFinder

Inherits:
MetadataFinders::Base
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/python/metadata_finder.rb

Constant Summary collapse

MAIN_PYPI_URL = 
"https://pypi.org/pypi"

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:) ⇒ MetadataFinder

Returns a new instance of MetadataFinder.



28
29
30
31
32
 
# File 'lib/dependabot/python/metadata_finder.rb', line 28

def initialize(dependency:, credentials:)
  super
  @pypi_listing = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
  @parsed_source_urls = T.let({}, T::Hash[String, T.nilable(Dependabot::Source)])
end

Instance Method Details

#homepage_urlObject 



35
36
37
38
39
40
 
# File 'lib/dependabot/python/metadata_finder.rb', line 35

def homepage_url
  pypi_listing.dig("info", "home_page") ||
    pypi_listing.dig("info", "project_urls", "Homepage") ||
    pypi_listing.dig("info", "project_urls", "homepage") ||
    super
end

#maintainer_changesObject 



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/dependabot/python/metadata_finder.rb', line 43

def maintainer_changes
  return unless dependency.previous_version
  return unless dependency.version

  previous_ownership = ownership_for_version(T.must(dependency.previous_version))
  current_ownership = ownership_for_version(T.must(dependency.version))

  if previous_ownership.nil? || current_ownership.nil?
    Dependabot.logger.info("Unable to determine ownership changes for #{dependency.name}")
    return
  end

  previous_org = previous_ownership["organization"]
  current_org = current_ownership["organization"]

  if previous_org != current_org && !(previous_org.nil? && current_org)
    return "The organization that maintains #{dependency.name} on PyPI has " \
           "changed since your current version."
  end

  previous_users = ownership_users(previous_ownership)
  current_users = ownership_users(current_ownership)

  # Warn only when there were previous maintainers and none of them remain
  return unless previous_users.any? && !previous_users.intersect?(current_users)

  "None of the maintainers for your current version of #{dependency.name} are " \
    "listed as maintainers for the new version on PyPI."
end