Class: Dependabot::Uv::FileFetcher

Inherits:

FileFetchers::Base

• Object
• FileFetchers::Base
• Dependabot::Uv::FileFetcher

Extended by:

T::Helpers, T::Sig

Defined in:

lib/dependabot/uv/file_fetcher.rb

Constant Summary

CHILD_REQUIREMENT_REGEX =

/^-r\s?(?<path>.*\.(?:txt|in))/

CONSTRAINT_REGEX =

/^-c\s?(?<path>.*\.(?:txt|in))/

DEPENDENCY_TYPES =

%w(packages dev-packages).freeze

REQUIREMENT_FILE_PATTERNS =

{
  extensions: [".txt", ".in"],
  filenames: ["uv.lock"]
}.freeze

MAX_FILE_SIZE =

500_000

Class Method Summary

• .required_files_in?(filenames) ⇒ Boolean
• .required_files_message ⇒ Object

Instance Method Summary

• #ecosystem_versions ⇒ Object
• #fetch_files ⇒ Object

Class Method Details

.required_files_in?(filenames) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/uv/file_fetcher.rb', line 31

def self.required_files_in?(filenames)
  return true if filenames.any? { |name| name.end_with?(*REQUIREMENT_FILE_PATTERNS[:extensions]) }

  # If there is a directory of requirements return true
  return true if filenames.include?("requirements")

  # If this repo is using pyproject.toml return true (uv.lock files require a pyproject.toml)
  filenames.include?("pyproject.toml")
end

.required_files_message ⇒ Object

# File 'lib/dependabot/uv/file_fetcher.rb', line 41

def self.required_files_message
  "Repo must contain a requirements.txt, uv.lock, requirements.in, or pyproject.toml" \
end

Instance Method Details

#ecosystem_versions ⇒ Object

# File 'lib/dependabot/uv/file_fetcher.rb', line 45

def ecosystem_versions
  # Hmm... it's weird that this calls file parser methods, but here we are in the file fetcher... for all
  # ecosystems our goal is to extract the user specified versions, so we'll need to do file parsing... so should
  # we move this `ecosystem_versions` metrics method to run in the file parser for all ecosystems? Downside is if
  # file parsing blows up, this metric isn't emitted, but reality is we have to parse anyway... as we want to know
  # the user-specified range of versions, not the version Dependabot chose to run.
  python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
  language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
  Dependabot.logger.info("Dependabot is using Python version '#{language_version_manager.python_major_minor}'.")
  {
    languages: {
      python: {
        # TODO: alternatively this could use `python_requirement_parser.user_specified_requirements` which
        # returns an array... which we could flip to return a hash of manifest name => version
        # string and then check for min/max versions... today it simply defaults to
        # array.first which seems rather arbitrary.
        "raw" => language_version_manager.user_specified_python_version || "unknown",
        "max" => language_version_manager.python_major_minor || "unknown"
      }
    }
  }
end

#fetch_files ⇒ Object

# File 'lib/dependabot/uv/file_fetcher.rb', line 69

def fetch_files
  fetched_files = []

  fetched_files += pyproject_files

  fetched_files += requirements_in_files
  fetched_files += requirement_files if requirements_txt_files.any?

  fetched_files += uv_lock_files
  fetched_files += project_files
  fetched_files << python_version_file if python_version_file

  uniq_files(fetched_files)
end