Class: Dependabot::GitCommitChecker

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/git_commit_checker.rb

Constant Summary collapse

VERSION_REGEX = 
/
  (?<version>
    (?<=^v)[0-9]+(?:\-[a-z0-9]+)?
    |
    [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)*
  )$
/ix.freeze

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, requirement_class: nil, version_class: nil) ⇒ GitCommitChecker

Returns a new instance of GitCommitChecker.



24
25
26
27
28
29
30
31
32
33
 
# File 'lib/dependabot/git_commit_checker.rb', line 24

def initialize(dependency:, credentials:,
               ignored_versions: [], raise_on_ignored: false,
               requirement_class: nil, version_class: nil)
  @dependency = dependency
  @credentials = credentials
  @ignored_versions = ignored_versions
  @raise_on_ignored = raise_on_ignored
  @requirement_class = requirement_class
  @version_class = version_class
end

Instance Method Details

#branch_or_ref_in_release?(version) ⇒ Boolean

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/dependabot/git_commit_checker.rb', line 71

def branch_or_ref_in_release?(version)
  pinned_ref_in_release?(version) || branch_behind_release?(version)
end

#current_versionObject

rubocop:enable Metrics/AbcSize rubocop:enable Metrics/PerceivedComplexity



122
123
124
125
126
127
 
# File 'lib/dependabot/git_commit_checker.rb', line 122

def current_version
  return unless dependency.version && version_tag?(dependency.version)

  version = dependency.version.match(VERSION_REGEX).named_captures.fetch("version")
  version_class.new(version)
end

#filter_lower_versions(tags) ⇒ Object 



129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/dependabot/git_commit_checker.rb', line 129

def filter_lower_versions(tags)
  return tags unless current_version

  versions = tags.map do |t|
    version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
    version_class.new(version)
  end

  versions.select do |version|
    version > current_version
  end
end

#git_dependency?Boolean

Returns:

  • (Boolean) 


35
36
37
38
39
 
# File 'lib/dependabot/git_commit_checker.rb', line 35

def git_dependency?
  return false if dependency_source_details.nil?

  dependency_source_details.fetch(:type) == "git"
end

#git_repo_reachable?Boolean

Returns:

  • (Boolean) 


153
154
155
156
157
158
 
# File 'lib/dependabot/git_commit_checker.rb', line 153

def git_repo_reachable?
  local_upload_pack
  true
rescue Dependabot::GitDependenciesNotReachable
  false
end

#head_commit_for_current_branchObject

Raises:



75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/dependabot/git_commit_checker.rb', line 75

def head_commit_for_current_branch
  ref = ref_or_branch || "HEAD"

  if pinned?
    return dependency.version ||
           local_repo_git_metadata_fetcher.head_commit_for_ref(ref)
  end

  sha = local_repo_git_metadata_fetcher.head_commit_for_ref(ref)
  return sha if sha

  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
end

#local_tag_for_latest_versionObject

rubocop:disable Metrics/PerceivedComplexity rubocop:disable Metrics/AbcSize



91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/dependabot/git_commit_checker.rb', line 91

def local_tag_for_latest_version
  tags =
    local_tags.
    select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
  filtered = tags.
             reject { |t| tag_included_in_ignore_requirements?(t) }
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
    raise Dependabot::AllVersionsIgnored
  end

  tag = filtered.
        reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
        max_by do |t|
          version = t.name.match(VERSION_REGEX).named_captures.
                    fetch("version")
          version_class.new(version)
        end

  return unless tag

  version = tag.name.match(VERSION_REGEX).named_captures.fetch("version")
  {
    tag: tag.name,
    version: version_class.new(version),
    commit_sha: tag.commit_sha,
    tag_sha: tag.tag_sha
  }
end

#local_tag_for_pinned_versionObject 



142
143
144
145
146
147
148
149
150
151
 
# File 'lib/dependabot/git_commit_checker.rb', line 142

def local_tag_for_pinned_version
  return unless pinned?

  ref = dependency_source_details.fetch(:ref)
  tags = local_tags.select { |t| t.commit_sha == ref && version_class.correct?(t.name) }.
         sort_by { |t| version_class.new(t.name) }
  return if tags.empty?

  tags[-1].name
end

#pinned?Boolean

Returns:

  • (Boolean) 


41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/dependabot/git_commit_checker.rb', line 41

def pinned?
  raise "Not a git dependency!" unless git_dependency?

  ref = dependency_source_details.fetch(:ref)
  branch = dependency_source_details.fetch(:branch)

  return false if ref.nil?
  return false if branch == ref
  return true if branch
  return true if dependency.version&.start_with?(ref)

  # Check the specified `ref` isn't actually a branch
  !local_upload_pack.match?("refs/heads/#{ref}")
end

#pinned_ref_looks_like_commit_sha?Boolean

Returns:

  • (Boolean) 


62
63
64
65
66
67
68
69
 
# File 'lib/dependabot/git_commit_checker.rb', line 62

def pinned_ref_looks_like_commit_sha?
  ref = dependency_source_details.fetch(:ref)
  return false unless ref&.match?(/^[0-9a-f]{6,40}$/)

  return false unless pinned?

  local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
end

#pinned_ref_looks_like_version?Boolean

Returns:

  • (Boolean) 


56
57
58
59
60
 
# File 'lib/dependabot/git_commit_checker.rb', line 56

def pinned_ref_looks_like_version?
  return false unless pinned?

  dependency_source_details.fetch(:ref).match?(VERSION_REGEX)
end