Class: Dependabot::Uv::FileFetcher

Inherits:
FileFetchers::Base
  • Object
show all
Extended by:
T::Helpers, T::Sig
Defined in:
lib/dependabot/uv/file_fetcher.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary collapse

CHILD_REQUIREMENT_REGEX = 
/^-r\s?(?<path>.*\.(?:txt|in))/
CONSTRAINT_REGEX = 
/^-c\s?(?<path>.*\.(?:txt|in))/
DEPENDENCY_TYPES = 
%w(packages dev-packages).freeze
REQUIREMENT_FILE_PATTERNS = 
T.let(
  {
    extensions: [".txt", ".in"],
    filenames: ["uv.lock"]
  }.freeze,
  T::Hash[Symbol, T::Array[String]]
)
README_FILENAMES =

Projects that use README files for metadata may use any of these common names

T.let(%w(README.md README.rst README.txt README).freeze, T::Array[String])
MAX_FILE_SIZE = 
500_000

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.required_files_in?(filenames) ⇒ Boolean

Returns:

  • (Boolean) 


41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/dependabot/uv/file_fetcher.rb', line 41

def self.required_files_in?(filenames)
  return true if filenames.any? do |name|
    T.must(REQUIREMENT_FILE_PATTERNS[:extensions]).any? do |ext|
      name.end_with?(ext)
    end
  end

  # If there is a directory of requirements return true
  return true if filenames.include?("requirements")

  # If this repo is using pyproject.toml return true (uv.lock files require a pyproject.toml)
  filenames.include?("pyproject.toml")
end

.required_files_messageObject 



56
57
58
 
# File 'lib/dependabot/uv/file_fetcher.rb', line 56

def self.required_files_message
  "Repo must contain a requirements.txt, uv.lock, requirements.in, or pyproject.toml" \
end

Instance Method Details

#ecosystem_versionsObject 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/dependabot/uv/file_fetcher.rb', line 61

def ecosystem_versions
  # Hmm... it's weird that this calls file parser methods, but here we are in the file fetcher... for all
  # ecosystems our goal is to extract the user specified versions, so we'll need to do file parsing... so should
  # we move this `ecosystem_versions` metrics method to run in the file parser for all ecosystems? Downside is if
  # file parsing blows up, this metric isn't emitted, but reality is we have to parse anyway... as we want to know
  # the user-specified range of versions, not the version Dependabot chose to run.
  python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
  language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
  Dependabot.logger.info("Dependabot is using Python version '#{language_version_manager.python_version}'.")
  {
    languages: {
      python: {
        # TODO: alternatively this could use `python_requirement_parser.user_specified_requirements` which
        # returns an array... which we could flip to return a hash of manifest name => version
        # string and then check for min/max versions... today it simply defaults to
        # array.first which seems rather arbitrary.
        "raw" => language_version_manager.user_specified_python_version || "unknown",
        "max" => language_version_manager.python_major_minor || "unknown"
      }
    }
  }
end

#fetch_filesObject 



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/dependabot/uv/file_fetcher.rb', line 85

def fetch_files
  fetched_files = []

  fetched_files += pyproject_files
  # Fetch README support files if referenced in pyproject metadata
  fetched_files += readme_files

  fetched_files += requirements_in_files
  fetched_files += requirement_files if requirements_txt_files.any?

  fetched_files += uv_lock_files
  fetched_files += project_files
  fetched_files << python_version_file if python_version_file

  uniques = uniq_files(fetched_files)
  filtered_files = uniques.reject do |file|
    Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
  end

  filtered_files
end