From 8aad5cac94675139909e923d4225cbf90bfb400a Mon Sep 17 00:00:00 2001 From: Pavan Kumar Date: Sun, 12 Jan 2025 17:06:42 +0000 Subject: [PATCH 1/3] Adding support for path based tag structure in github_actions module --- .../dependabot/github_actions/file_parser.rb | 5 +- .../lib/dependabot/github_actions/version.rb | 9 +- .../github_actions/file_parser_spec.rb | 280 ++++++++++++++++++ .../github_actions/file_updater_spec.rb | 80 +++++ .../github_actions/update_checker_spec.rb | 128 ++++++++ .../dependabot/github_actions/version_spec.rb | 48 +++ .../upload_packs/github-monorepo-path-based | Bin 0 -> 899 bytes .../workflow_monorepo_path_based_semver.yml | 13 + ...orepo_path_based_semver_and_direct_ref.yml | 22 ++ ...low_monorepo_path_based_without_semver.yml | 11 + ...th_based_without_semver_and_direct_ref.yml | 18 ++ 11 files changed, 610 insertions(+), 4 deletions(-) create mode 100644 github_actions/spec/fixtures/git/upload_packs/github-monorepo-path-based create mode 100644 github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver.yml create mode 100644 github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver_and_direct_ref.yml create mode 100644 github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver.yml create mode 100644 github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver_and_direct_ref.yml diff --git a/github_actions/lib/dependabot/github_actions/file_parser.rb b/github_actions/lib/dependabot/github_actions/file_parser.rb index ba80eb1e62..aac4f4ca27 100644 --- a/github_actions/lib/dependabot/github_actions/file_parser.rb +++ b/github_actions/lib/dependabot/github_actions/file_parser.rb @@ -111,9 +111,10 @@ def build_github_dependency(file, string) sig { params(file: Dependabot::DependencyFile, string: String, hostname: String).returns(Dependabot::Dependency) } def github_dependency(file, string, hostname) details = T.must(string.match(GITHUB_REPO_REFERENCE)).named_captures - name = "#{details.fetch(OWNER_KEY)}/#{details.fetch(REPO_KEY)}" + repo_name = "#{details.fetch(OWNER_KEY)}/#{details.fetch(REPO_KEY)}" ref = details.fetch(REF_KEY) version = version_class.new(ref).to_s if version_class.correct?(ref) + name = version_class.path_based?(ref) ? string : repo_name Dependency.new( name: name, version: version, @@ -122,7 +123,7 @@ def github_dependency(file, string, hostname) groups: [], source: { type: "git", - url: "https://#{hostname}/#{name}".downcase, + url: "https://#{hostname}/#{repo_name}".downcase, ref: ref, branch: nil }, diff --git a/github_actions/lib/dependabot/github_actions/version.rb b/github_actions/lib/dependabot/github_actions/version.rb index edcc777f6c..9f0c06593e 100644 --- a/github_actions/lib/dependabot/github_actions/version.rb +++ b/github_actions/lib/dependabot/github_actions/version.rb @@ -24,9 +24,14 @@ def self.new(version) sig { params(version: VersionParameter).returns(VersionParameter) } def self.remove_leading_v(version) - return version unless version.to_s.match?(/\Av([0-9])/) + return version unless version.to_s.match?(/\A(?:.*\/)?v?([0-9])/) - version.to_s.delete_prefix("v") + version.to_s.sub(/\A(?:.*\/)?v?/, "") + end + + sig { params(version: VersionParameter).returns(T::Boolean) } + def self.path_based?(version) + version.to_s.match?(/\A.+\/v?([0-9])/) end sig { override.params(version: VersionParameter).returns(T::Boolean) } diff --git a/github_actions/spec/dependabot/github_actions/file_parser_spec.rb b/github_actions/spec/dependabot/github_actions/file_parser_spec.rb index 4756049feb..8a2f1df983 100644 --- a/github_actions/spec/dependabot/github_actions/file_parser_spec.rb +++ b/github_actions/spec/dependabot/github_actions/file_parser_spec.rb @@ -560,6 +560,286 @@ def mock_service_pack_request(nwo) end end end + + context "with path based semver tag pinned to workflow action" do + let(:workflow_file_fixture_name) { "workflow_monorepo_path_based_semver.yml" } + + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end + + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + end + + it "has dependencies" do + expect(dependencies.count).to be(2) + end + + describe "the path based first dependency" do + subject(:dependency) { dependencies.first } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "init/v1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/v1.0.0" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("gopidesupavan/monorepo-actions/first/init@init/v1.0.0") + expect(dependency.version).to eq("1.0.0") + expect(dependency.requirements).to eq(expected_requirements) + end + end + + describe "the path based last dependency" do + subject(:dependency) { dependencies.last } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("gopidesupavan/monorepo-actions/first/run@run/v2.0.0") + expect(dependency.version).to eq("2.0.0") + expect(dependency.requirements).to eq(expected_requirements) + end + end + end + + context "with path based without semver tag pinned to workflow action" do + let(:workflow_file_fixture_name) { "workflow_monorepo_path_based_without_semver.yml" } + + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end + + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + end + + it "has dependencies" do + expect(dependencies.count).to be(1) + end + + describe "the path based first dependency" do + subject(:dependency) { dependencies.first } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("gopidesupavan/monorepo-actions/second/exec@exec/1.0.0") + expect(dependency.version).to eq("1.0.0") + expect(dependency.requirements).to eq(expected_requirements) + end + end + end + + context "with mix of path based semver tag pinned to workflow action and direct ref" do + let(:workflow_file_fixture_name) { "workflow_monorepo_path_based_semver_and_direct_ref.yml" } + + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end + + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + mock_service_pack_request("actions/checkout") + end + + it "has dependencies" do + expect(dependencies.count).to be(3) + end + + describe "the path based first dependency" do + subject(:dependency) { dependencies.first } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "init/v1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/v1.0.0" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("gopidesupavan/monorepo-actions/first/init@init/v1.0.0") + expect(dependency.version).to eq("1.0.0") + expect(dependency.requirements).to eq(expected_requirements) + end + end + + describe "the path based last dependency" do + subject(:dependency) { dependencies.last } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/actions/checkout", + ref: "v1", + branch: nil + }, + metadata: { declaration_string: "actions/checkout@v1" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("actions/checkout") + expect(dependency.version).to eq("1") + expect(dependency.requirements).to eq(expected_requirements) + end + end + end + + context "with mix of path based without semver tag pinned to workflow action and direct ref" do + let(:workflow_file_fixture_name) { "workflow_monorepo_path_based_without_semver_and_direct_ref.yml" } + + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end + + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + mock_service_pack_request("actions/checkout") + end + + it "has dependencies" do + expect(dependencies.count).to be(2) + end + + describe "the path based first dependency" do + subject(:dependency) { dependencies.first } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "init/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/1.0.0" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("gopidesupavan/monorepo-actions/first/init@init/1.0.0") + expect(dependency.version).to eq("1.0.0") + expect(dependency.requirements).to eq(expected_requirements) + end + end + + describe "the path based last dependency" do + subject(:dependency) { dependencies.last } + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/actions/checkout", + ref: "v1", + branch: nil + }, + metadata: { declaration_string: "actions/checkout@v1" } + }] + end + + it "has the right details" do + expect(dependency).to be_a(Dependabot::Dependency) + expect(dependency.name).to eq("actions/checkout") + expect(dependency.version).to eq("1") + expect(dependency.requirements).to eq(expected_requirements) + end + end + end end describe "#ecosystem" do diff --git a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb index 1b6ff1addb..614aa6d45d 100644 --- a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb +++ b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb @@ -524,6 +524,86 @@ end end end + + context "with a path based tag with semver" do + let(:workflow_file_body) do + fixture("workflow_files", "workflow_monorepo_path_based_semver.yml") + end + + let(:dependency) do + Dependabot::Dependency.new( + name: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0", + version: "5273d0df9c603edc4284ac8402cf650b4f1f6686", + previous_version: nil, + requirements: [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v3.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } + }], + previous_requirements: [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } + }], + package_manager: "github_actions" + ) + end + its(:content) { is_expected.to include "gopidesupavan/monorepo-actions/first/run@run/v3.0.0\n" } + end + + context "with a path based tag with without semver" do + let(:workflow_file_body) do + fixture("workflow_files", "workflow_monorepo_path_based_without_semver.yml") + end + + let(:dependency) do + Dependabot::Dependency.new( + name: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0", + version: "5273d0df9c603edc4284ac8402cf650b4f1f6686", + previous_version: nil, + requirements: [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }], + previous_requirements: [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }], + package_manager: "github_actions" + ) + end + its(:content) { is_expected.to include "gopidesupavan/monorepo-actions/second/exec@exec/2.0.0\n" } + end end end end diff --git a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb index b69eb50a86..11711294c8 100644 --- a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb +++ b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb @@ -1101,5 +1101,133 @@ expect(updated_requirements).to eq(expected_requirements) end end + + context "when a dependency has a path based tag reference with semver" do + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + end + let(:upload_pack_fixture) { "github-monorepo-path-based" } + let(:dependency) do + Dependabot::Dependency.new( + name: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0", + version: "1.0.0", + requirements: [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0" } + }], + package_manager: "github_actions" + ) + end + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v3.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0" } + }] + end + + it { is_expected.to eq(expected_requirements) } + + # context "when the latest version is being ignored" do + # let(:ignored_versions) { [">= 1.1.0"] } + # let(:expected_requirements) do + # [{ + # requirement: nil, + # groups: [], + # file: ".github/workflows/workflow.yml", + # source: { + # type: "git", + # url: "https://github.com/actions/setup-node", + # ref: "v1.0.4", + # branch: nil + # }, + # metadata: { declaration_string: "actions/setup-node@master" } + # }] + # end + # + # it { is_expected.to eq(expected_requirements) } + # end + end + + context "when a dependency has a path based tag reference without semver" do + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + end + let(:upload_pack_fixture) { "github-monorepo-path-based" } + let(:dependency) do + Dependabot::Dependency.new( + name: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0", + version: "1.0.0", + requirements: [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }], + package_manager: "github_actions" + ) + end + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }] + end + + it { is_expected.to eq(expected_requirements) } + end end end diff --git a/github_actions/spec/dependabot/github_actions/version_spec.rb b/github_actions/spec/dependabot/github_actions/version_spec.rb index fc61fcfb09..98cd4a853b 100644 --- a/github_actions/spec/dependabot/github_actions/version_spec.rb +++ b/github_actions/spec/dependabot/github_actions/version_spec.rb @@ -7,6 +7,8 @@ RSpec.describe Dependabot::GithubActions::Version do semver_version = "v1.2.3" semver_without_v = "1.2.3" + path_based_sem_version = "dummy/v1.2.3" + path_based_sem_without_v = "dummy/1.2.3" describe "#correct?" do it "rejects nil" do @@ -20,6 +22,14 @@ it "accepts semver without v" do expect(described_class.correct?(semver_without_v)).to be(true) end + + it "accepts path based sem version" do + expect(described_class.correct?(path_based_sem_version)).to be(true) + end + + it "accepts path based sem version without v" do + expect(described_class.correct?(path_based_sem_without_v)).to be(true) + end end describe "#initialize" do @@ -38,5 +48,43 @@ version_without_v = described_class.new(semver_without_v) expect(version).to eq(version_without_v) end + + it "accepts path based sem version" do + version = described_class.new(path_based_sem_version) + expect(version.to_s).to eq(semver_without_v) + end + + it "accepts path based sem version without v" do + version = described_class.new(path_based_sem_without_v) + expect(version.to_s).to eq(semver_without_v) + end + + it "normalizes path based semver v" do + version = described_class.new(path_based_sem_version) + version_without_v = described_class.new(path_based_sem_without_v) + expect(version).to eq(version_without_v) + end + end + + describe "#path_based" do + it "rejects nil" do + expect(described_class.path_based?(nil)).to be(false) + end + + it "accepts when tag structure like path based with semver" do + expect(described_class.path_based?(path_based_sem_version)).to be(true) + end + + it "accepts when tag structure like path based without semver" do + expect(described_class.path_based?(path_based_sem_without_v)).to be(true) + end + + it "reject when tag structure not like path based with semver" do + expect(described_class.path_based?(semver_version)).to be(false) + end + + it "reject when tag structure not like path based without semver" do + expect(described_class.path_based?(semver_without_v)).to be(false) + end end end diff --git a/github_actions/spec/fixtures/git/upload_packs/github-monorepo-path-based b/github_actions/spec/fixtures/git/upload_packs/github-monorepo-path-based new file mode 100644 index 0000000000000000000000000000000000000000..4f00c0fe92a359ecfd4b6f0a51fd4fa134de0ebe GIT binary patch literal 899 zcmb7=-EJEp5QTf4r$FlU#=s0LRPsfoR_a?s0}M9FnzeSZ)4qMNmBeX!(;^`aKl7b4 zM@q$?#mdXMMBeU78&1b*rZgNWKHbU7QU;95&Hx5V4MYOTCiBS`rU|YPwZ}#V0Z6bx1rl66>C(X?_-o`N(xxOO5<`sB?QQ z7oMnE&8R6-*5sp8n1fTnD~FCD7>*vSLCoYN0E%mKPi5WkPmUXP zFYo1*@PG0*f_@=Dwpw|elEEO6b)s&{Xdji739~1ew6}ST@XkZ2J&?1y7y#>X|Kh|s(iXa7Vi}n^dxNY3GMPL&Wz_o_u7sP105)4<6D%a@<;d)OP|*czymT;H Q@3KXmK6-!`4^rO!2IoB!(*OVf literal 0 HcmV?d00001 diff --git a/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver.yml b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver.yml new file mode 100644 index 0000000000..e7a729e084 --- /dev/null +++ b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver.yml @@ -0,0 +1,13 @@ +on: [push] + +name: Integration +jobs: + chore: + name: Testing chores + runs-on: ubuntu-latest + + steps: + - uses: gopidesupavan/monorepo-actions/first/init@init/v1.0.0 + + - name: run action + uses: gopidesupavan/monorepo-actions/first/run@run/v2.0.0 diff --git a/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver_and_direct_ref.yml b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver_and_direct_ref.yml new file mode 100644 index 0000000000..ca0df7e4f3 --- /dev/null +++ b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_semver_and_direct_ref.yml @@ -0,0 +1,22 @@ +on: [push] + +name: Integration +jobs: + chore: + name: Testing chores + runs-on: ubuntu-latest + + steps: + - uses: gopidesupavan/monorepo-actions/first/init@init/v1.0.0 + + - name: run action + uses: gopidesupavan/monorepo-actions/first/run@run/v2.0.0 + + - uses: actions/checkout@master + + direct: + name: Testing chores + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 diff --git a/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver.yml b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver.yml new file mode 100644 index 0000000000..d1c62aac10 --- /dev/null +++ b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver.yml @@ -0,0 +1,11 @@ +on: [push] + +name: Integration +jobs: + chore: + name: Testing chores + runs-on: ubuntu-latest + + steps: + - name: run exec + uses: gopidesupavan/monorepo-actions/second/exec@exec/1.0.0 diff --git a/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver_and_direct_ref.yml b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver_and_direct_ref.yml new file mode 100644 index 0000000000..34d771e185 --- /dev/null +++ b/github_actions/spec/fixtures/workflow_files/workflow_monorepo_path_based_without_semver_and_direct_ref.yml @@ -0,0 +1,18 @@ +on: [push] + +name: Integration +jobs: + chore: + name: Testing chores + runs-on: ubuntu-latest + + steps: + - uses: gopidesupavan/monorepo-actions/first/init@init/1.0.0 + + direct: + name: Testing chores + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + From c6ba49d6584d56284e21228012cb0ae423ae18c9 Mon Sep 17 00:00:00 2001 From: Pavan Kumar Date: Sun, 12 Jan 2025 18:54:02 +0000 Subject: [PATCH 2/3] Fix linter offenses --- .../lib/dependabot/github_actions/version.rb | 6 +- .../github_actions/update_checker_spec.rb | 148 ++++++++---------- 2 files changed, 67 insertions(+), 87 deletions(-) diff --git a/github_actions/lib/dependabot/github_actions/version.rb b/github_actions/lib/dependabot/github_actions/version.rb index 9f0c06593e..9c25a27fa1 100644 --- a/github_actions/lib/dependabot/github_actions/version.rb +++ b/github_actions/lib/dependabot/github_actions/version.rb @@ -24,14 +24,14 @@ def self.new(version) sig { params(version: VersionParameter).returns(VersionParameter) } def self.remove_leading_v(version) - return version unless version.to_s.match?(/\A(?:.*\/)?v?([0-9])/) + return version unless version.to_s.match?(%r{\A(?:.*/)?v?([0-9])}) - version.to_s.sub(/\A(?:.*\/)?v?/, "") + version.to_s.sub(%r{\A(?:.*/)?v?}, "") end sig { params(version: VersionParameter).returns(T::Boolean) } def self.path_based?(version) - version.to_s.match?(/\A.+\/v?([0-9])/) + version.to_s.match?(%r{\A.+/v?([0-9])}) end sig { override.params(version: VersionParameter).returns(T::Boolean) } diff --git a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb index 11711294c8..b57e5fd0ab 100644 --- a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb +++ b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb @@ -1107,80 +1107,41 @@ "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ "?service=git-upload-pack" end - before do - stub_request(:get, service_pack_url) - .to_return( - status: 200, - body: fixture("git", "upload_packs", "github-monorepo-path-based"), - headers: { - "content-type" => "application/x-git-upload-pack-advertisement" - } - ) - end let(:upload_pack_fixture) { "github-monorepo-path-based" } let(:dependency) do Dependabot::Dependency.new( name: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0", version: "1.0.0", requirements: [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "run/v1.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0" } - }], + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0" } + }], package_manager: "github_actions" ) end - let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "run/v3.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v3.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v1.0.0" } + }] end - it { is_expected.to eq(expected_requirements) } - - # context "when the latest version is being ignored" do - # let(:ignored_versions) { [">= 1.1.0"] } - # let(:expected_requirements) do - # [{ - # requirement: nil, - # groups: [], - # file: ".github/workflows/workflow.yml", - # source: { - # type: "git", - # url: "https://github.com/actions/setup-node", - # ref: "v1.0.4", - # branch: nil - # }, - # metadata: { declaration_string: "actions/setup-node@master" } - # }] - # end - # - # it { is_expected.to eq(expected_requirements) } - # end - end - - context "when a dependency has a path based tag reference without semver" do - let(:service_pack_url) do - "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ - "?service=git-upload-pack" - end before do stub_request(:get, service_pack_url) .to_return( @@ -1191,40 +1152,59 @@ } ) end + + it { is_expected.to eq(expected_requirements) } + end + + context "when a dependency has a path based tag reference without semver" do + let(:service_pack_url) do + "https://github.com/gopidesupavan/monorepo-actions.git/info/refs" \ + "?service=git-upload-pack" + end let(:upload_pack_fixture) { "github-monorepo-path-based" } let(:dependency) do Dependabot::Dependency.new( name: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0", version: "1.0.0", requirements: [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "exec/1.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } - }], + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }], package_manager: "github_actions" ) end - let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "exec/2.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }] + end + + before do + stub_request(:get, service_pack_url) + .to_return( + status: 200, + body: fixture("git", "upload_packs", "github-monorepo-path-based"), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) end it { is_expected.to eq(expected_requirements) } From 5463710ccd91c9077bf5ffcbf2fde0cd25d7b23f Mon Sep 17 00:00:00 2001 From: Pavan Kumar Date: Sun, 12 Jan 2025 18:58:36 +0000 Subject: [PATCH 3/3] Fix linter offenses --- .../github_actions/file_parser_spec.rb | 154 +++++++++--------- .../github_actions/file_updater_spec.rb | 46 +++--- 2 files changed, 101 insertions(+), 99 deletions(-) diff --git a/github_actions/spec/dependabot/github_actions/file_parser_spec.rb b/github_actions/spec/dependabot/github_actions/file_parser_spec.rb index 8a2f1df983..6f24d41268 100644 --- a/github_actions/spec/dependabot/github_actions/file_parser_spec.rb +++ b/github_actions/spec/dependabot/github_actions/file_parser_spec.rb @@ -589,17 +589,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "init/v1.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/v1.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "init/v1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/v1.0.0" } + }] end it "has the right details" do @@ -615,17 +615,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "run/v2.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } + }] end it "has the right details" do @@ -665,17 +665,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "exec/1.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }] end it "has the right details" do @@ -716,17 +716,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "init/v1.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/v1.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "init/v1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/v1.0.0" } + }] end it "has the right details" do @@ -742,17 +742,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/actions/checkout", - ref: "v1", - branch: nil - }, - metadata: { declaration_string: "actions/checkout@v1" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/actions/checkout", + ref: "v1", + branch: nil + }, + metadata: { declaration_string: "actions/checkout@v1" } + }] end it "has the right details" do @@ -793,17 +793,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "init/1.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/1.0.0" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "init/1.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/init@init/1.0.0" } + }] end it "has the right details" do @@ -819,17 +819,17 @@ def mock_service_pack_request(nwo) let(:expected_requirements) do [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/actions/checkout", - ref: "v1", - branch: nil - }, - metadata: { declaration_string: "actions/checkout@v1" } - }] + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/actions/checkout", + ref: "v1", + branch: nil + }, + metadata: { declaration_string: "actions/checkout@v1" } + }] end it "has the right details" do diff --git a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb index 614aa6d45d..965c5d7374 100644 --- a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb +++ b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb @@ -536,17 +536,17 @@ version: "5273d0df9c603edc4284ac8402cf650b4f1f6686", previous_version: nil, requirements: [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "run/v3.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } - }], + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "run/v3.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/first/run@run/v2.0.0" } + }], previous_requirements: [{ requirement: nil, groups: [], @@ -562,6 +562,7 @@ package_manager: "github_actions" ) end + its(:content) { is_expected.to include "gopidesupavan/monorepo-actions/first/run@run/v3.0.0\n" } end @@ -576,17 +577,17 @@ version: "5273d0df9c603edc4284ac8402cf650b4f1f6686", previous_version: nil, requirements: [{ - requirement: nil, - groups: [], - file: ".github/workflows/workflow.yml", - source: { - type: "git", - url: "https://github.com/gopidesupavan/monorepo-actions", - ref: "exec/2.0.0", - branch: nil - }, - metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } - }], + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/gopidesupavan/monorepo-actions", + ref: "exec/2.0.0", + branch: nil + }, + metadata: { declaration_string: "gopidesupavan/monorepo-actions/second/exec@exec/1.0.0" } + }], previous_requirements: [{ requirement: nil, groups: [], @@ -602,6 +603,7 @@ package_manager: "github_actions" ) end + its(:content) { is_expected.to include "gopidesupavan/monorepo-actions/second/exec@exec/2.0.0\n" } end end