Class: Dependabot::GitCommitChecker

Inherits:

Object

• Object
• Dependabot::GitCommitChecker

Defined in:

lib/dependabot/git_commit_checker.rb

Constant Summary

VERSION_REGEX =

/
  (?<version>
    (?<=^v)[0-9]+(?:\-[a-z0-9]+)?
    |
    [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)*
  )$
/ix

Instance Method Summary

• #allowed_version_refs ⇒ Object
• #allowed_version_tags ⇒ Object
• #branch_or_ref_in_release?(version) ⇒ Boolean
• #current_version ⇒ Object
• #dependency_source_details ⇒ Object
• #filter_lower_versions(tags) ⇒ Object
• #git_dependency? ⇒ Boolean
• #git_repo_reachable? ⇒ Boolean
• #head_commit_for_current_branch ⇒ Object
• #head_commit_for_local_branch(name) ⇒ Object
• #head_commit_for_pinned_ref ⇒ Object
• #initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false, dependency_source_details: nil) ⇒ GitCommitChecker constructor

  A new instance of GitCommitChecker.

• #local_ref_for_latest_version_matching_existing_precision ⇒ Object
• #local_tag_for_latest_version ⇒ Object
• #local_tag_for_pinned_sha ⇒ Object
• #local_tags_for_allowed_versions ⇒ Object
• #local_tags_for_allowed_versions_matching_existing_precision ⇒ Object
• #most_specific_tag_equivalent_to_pinned_ref ⇒ Object
• #most_specific_version_tag_for_sha(commit_sha) ⇒ Object
• #pinned? ⇒ Boolean
• #pinned_ref_looks_like_commit_sha? ⇒ Boolean
• #pinned_ref_looks_like_version? ⇒ Boolean
• #ref_looks_like_commit_sha?(ref) ⇒ Boolean

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false, dependency_source_details: nil) ⇒ GitCommitChecker

Returns a new instance of GitCommitChecker.

# File 'lib/dependabot/git_commit_checker.rb', line 25

def initialize(dependency:, credentials:,
               ignored_versions: [], raise_on_ignored: false,
               consider_version_branches_pinned: false, dependency_source_details: nil)
  @dependency = dependency
  @credentials = credentials
  @ignored_versions = ignored_versions
  @raise_on_ignored = raise_on_ignored
  @consider_version_branches_pinned = consider_version_branches_pinned
  @dependency_source_details = dependency_source_details
end

Instance Method Details

#allowed_version_refs ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 123

def allowed_version_refs
  allowed_versions(local_refs)
end

#allowed_version_tags ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 119

def allowed_version_tags
  allowed_versions(local_tags)
end

#branch_or_ref_in_release?(version) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 84

def branch_or_ref_in_release?(version)
  pinned_ref_in_release?(version) || branch_behind_release?(version)
end

#current_version ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 127

def current_version
  return unless dependency.version && version_tag?(dependency.version)

  version_from_ref(dependency.version)
end

#dependency_source_details ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 163

def dependency_source_details
  @dependency_source_details || dependency.source_details(allowed_types: ["git"])
end

#filter_lower_versions(tags) ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 133

def filter_lower_versions(tags)
  return tags unless current_version

  versions = tags.map do |t|
    version_from_tag(t)
  end

  versions.select do |version|
    version > current_version
  end
end

#git_dependency? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 36

def git_dependency?
  return false if dependency_source_details.nil?

  dependency_source_details.fetch(:type) == "git"
end

#git_repo_reachable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 156

def git_repo_reachable?
  local_upload_pack
  true
rescue Dependabot::GitDependenciesNotReachable
  false
end

#head_commit_for_current_branch ⇒ Object

Raises:

• (Dependabot::GitDependencyReferenceNotFound)

# File 'lib/dependabot/git_commit_checker.rb', line 88

def head_commit_for_current_branch
  ref = ref_or_branch || "HEAD"

  sha = head_commit_for_local_branch(ref)
  return sha if pinned? || sha

  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
end

#head_commit_for_local_branch(name) ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 97

def head_commit_for_local_branch(name)
  local_repo_git_metadata_fetcher.head_commit_for_ref(name)
end

#head_commit_for_pinned_ref ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 76

def head_commit_for_pinned_ref
  local_repo_git_metadata_fetcher.head_commit_for_ref_sha(ref)
end

#local_ref_for_latest_version_matching_existing_precision ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 101

def local_ref_for_latest_version_matching_existing_precision
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs

  max_local_tag_for_current_precision(allowed_refs)
end

#local_tag_for_latest_version ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 107

def local_tag_for_latest_version
  max_local_tag(allowed_version_tags)
end

#local_tag_for_pinned_sha ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 150

def local_tag_for_pinned_sha
  return @local_tag_for_pinned_sha if defined?(@local_tag_for_pinned_sha)

  @local_tag_for_pinned_sha = most_specific_version_tag_for_sha(ref) if pinned_ref_looks_like_commit_sha?
end

#local_tags_for_allowed_versions ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 115

def local_tags_for_allowed_versions
  allowed_version_tags.map { |t| to_local_tag(t) }
end

#local_tags_for_allowed_versions_matching_existing_precision ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 111

def local_tags_for_allowed_versions_matching_existing_precision
  select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
end

#most_specific_tag_equivalent_to_pinned_ref ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 145

def most_specific_tag_equivalent_to_pinned_ref
  commit_sha = head_commit_for_local_branch(ref)
  most_specific_version_tag_for_sha(commit_sha)
end

#most_specific_version_tag_for_sha(commit_sha) ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 167

def most_specific_version_tag_for_sha(commit_sha)
  tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
                   .sort_by { |t| version_class.new(t.name) }
  return if tags.empty?

  tags[-1].name
end

#pinned? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 42

def pinned?
  raise "Not a git dependency!" unless git_dependency?

  branch = dependency_source_details.fetch(:branch)

  return false if ref.nil?
  return false if branch == ref
  return true if branch
  return true if dependency.version&.start_with?(ref)

  # If the specified `ref` is actually a tag, we're pinned
  return true if local_upload_pack.match?(%r{ refs/tags/#{ref}$})

  # Assume we're pinned unless the specified `ref` is actually a branch
  return true unless local_upload_pack.match?(%r{ refs/heads/#{ref}$})

  # TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
  @consider_version_branches_pinned && version_tag?(ref)
end

#pinned_ref_looks_like_commit_sha? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 68

def pinned_ref_looks_like_commit_sha?
  return false unless ref && ref_looks_like_commit_sha?(ref)

  return false unless pinned?

  local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
end

#pinned_ref_looks_like_version? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 62

def pinned_ref_looks_like_version?
  return false unless pinned?

  version_tag?(ref)
end

#ref_looks_like_commit_sha?(ref) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 80

def ref_looks_like_commit_sha?(ref)
  ref.match?(/^[0-9a-f]{6,40}$/)
end