Merge pull request #216 from hkadakia/fix

jmeridth · web-flow · commit 3d7db4c7231e · 2024-09-07T01:30:58.000-05:00
diff --git a/dependabot_file.py b/dependabot_file.py
@@ -65,7 +65,8 @@ def build_dependabot_file(
         "github-actions": False,
     }
     DEFAULT_INDENT = 2  # pylint: disable=invalid-name
-
+    # create a local copy in order to avoid overwriting the global exemption list
+    exempt_ecosystems_list = exempt_ecosystems.copy()
     if existing_config:
         dependabot_file = existing_config.decoded.decode("utf-8")
         ecosystem_line = next(
@@ -86,14 +87,14 @@ def build_dependabot_file(
 updates:
 """
 
-    add_existing_ecosystem_to_exempt_list(exempt_ecosystems, existing_config)
+    add_existing_ecosystem_to_exempt_list(exempt_ecosystems_list, existing_config)
 
     # If there are repository specific exemptions,
     # overwrite the global exemptions for this repo only
     if repo_specific_exemptions and repo.full_name in repo_specific_exemptions:
-        exempt_ecosystems = []
+        exempt_ecosystems_list = []
         for ecosystem in repo_specific_exemptions[repo.full_name]:
-            exempt_ecosystems.append(ecosystem)
+            exempt_ecosystems_list.append(ecosystem)
 
     package_managers = {
         "bundler": ["Gemfile", "Gemfile.lock"],
@@ -118,7 +119,7 @@ def build_dependabot_file(
 
     # Detect package managers where manifest files have known names
     for manager, manifest_files in package_managers.items():
-        if manager in exempt_ecosystems:
+        if manager in exempt_ecosystems_list:
             continue
         for file in manifest_files:
             try:
@@ -132,7 +133,7 @@ def build_dependabot_file(
                 pass
 
     # detect package managers with variable file names
-    if "terraform" not in exempt_ecosystems:
+    if "terraform" not in exempt_ecosystems_list:
         try:
             for file in repo.directory_contents("/"):
                 if file[0].endswith(".tf"):
@@ -143,7 +144,7 @@ def build_dependabot_file(
                     break
         except github3.exceptions.NotFoundError:
             pass
-    if "github-actions" not in exempt_ecosystems:
+    if "github-actions" not in exempt_ecosystems_list:
         try:
             for file in repo.directory_contents(".github/workflows"):
                 if file[0].endswith(".yml") or file[0].endswith(".yaml"):
diff --git a/test_dependabot_file.py b/test_dependabot_file.py
@@ -387,6 +387,81 @@ def test_add_existing_ecosystem_to_exempt_list(self):
         for ecosystem in exempt_ecosystems:
             self.assertIn(ecosystem, exempt_ecosystems)
 
+    def test_build_dependabot_file_for_multiple_repos_with_few_existing_config(self):
+        """
+        Test the case where there are multiple repos with few existing dependabot config
+        """
+        existing_config_repo = MagicMock()
+        existing_config_repo.file_contents.side_effect = (
+            lambda f, filename="Gemfile": f == filename
+        )
+
+        existing_config = MagicMock()
+        existing_config.decoded = b'---\nversion: 2\nupdates:\n  - package-ecosystem: "bundler"\n\
+    directory: "/"\n    schedule:\n      interval: "weekly"\n    commit-message:\n      prefix: "chore(deps)"\n'
+        exempt_ecosystems = []
+        result = build_dependabot_file(
+            existing_config_repo, False, exempt_ecosystems, {}, existing_config
+        )
+        self.assertEqual(result, None)
+
+        no_existing_config_repo = MagicMock()
+        filename_list = ["package.json", "package-lock.json", "yarn.lock"]
+        for filename in filename_list:
+            no_existing_config_repo.file_contents.side_effect = (
+                lambda f, filename=filename: f == filename
+            )
+            expected_result = """---
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+"""
+        result = build_dependabot_file(
+            no_existing_config_repo, False, exempt_ecosystems, {}, None
+        )
+        self.assertEqual(result, expected_result)
+
+    def test_check_multiple_repos_with_no_dependabot_config(self):
+        """
+        Test the case where there is a single repo
+        """
+        mock_repo_1 = MagicMock()
+        mock_repo_1.file_contents.side_effect = lambda filename: filename == "go.mod"
+
+        expected_result = """---
+version: 2
+updates:
+  - package-ecosystem: 'gomod'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+"""
+        exempt_ecosystems = []
+        result = build_dependabot_file(mock_repo_1, False, exempt_ecosystems, {}, None)
+        self.assertEqual(result, expected_result)
+
+        no_existing_config_repo = MagicMock()
+        filename_list = ["package.json", "package-lock.json", "yarn.lock"]
+        for filename in filename_list:
+            no_existing_config_repo.file_contents.side_effect = (
+                lambda f, filename=filename: f == filename
+            )
+            expected_result = """---
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+"""
+        result = build_dependabot_file(
+            no_existing_config_repo, False, exempt_ecosystems, {}, None
+        )
+        self.assertEqual(result, expected_result)
+
 
 if __name__ == "__main__":
     unittest.main()
