fix: Ensure exemption list of ecosystem is not overwritten

[hkadakia]

Pull Request

Proposed Changes

Currently we pass in the env variable directly when building a dependabot config file. When iterating through multiple repos, there is a possibility that if one of the previous repos has an existing dependabot config, we land up adding those to the exemption list in order to not add that config again to the dependabot.yml file. We land up using the same exempt_ecosystem for all the foll. repos resulting in skipping of creating that dependabot.yml.

This fix always passes in a copy of the original exempt_ecosystems environment variable ensuring the original data is not over written.

Checking hello-gh-actions for compatible package managers
before adding exempt_ecosystems:  []
existing_config:  <Contents [.github/dependabot.yaml]>
 exempt_ecosystems:  ['gomod', 'docker', 'github-actions']
repo: hello-gh-actions manager: bundler
repo: hello-gh-actions manager: npm
repo: hello-gh-actions manager: pip
repo: hello-gh-actions manager: cargo
repo: hello-gh-actions manager: gomod
repo: hello-gh-actions manager: composer
repo: hello-gh-actions manager: mix
repo: hello-gh-actions manager: nuget
repo: hello-gh-actions manager: docker
	No (new) compatible package manager found
Checking test for compatible package managers
before adding exempt_ecosystems:  ['gomod', 'docker', 'github-actions']
existing_config:  None
 exempt_ecosystems:  ['gomod', 'docker', 'github-actions']
repo: test manager: bundler
repo: test manager: npm
repo: test manager: pip
repo: test manager: cargo
repo: test manager: gomod
repo: test manager: composer
repo: test manager: mix
repo: test manager: nuget
repo: test manager: docker
	No (new) compatible package manager found

In the example above, the first repo hello-gh-actions already has a dependabot.yml file with gomod, docker & github-actions package manager. The test repo on the other hand does not have any dependabot.yml file and the expectation is for evergreen to create a pull request but as you see from the example it assumes the same ecosystems are added to the exempt list and skips adding the pull request.

Below is my evergreen.yml config:

 - name: Run evergreen action
    uses: github/evergreen@ff2f3ffd6bf88d33354f49a79ecbffd1d0cf98c9 #v1.12.0
    env:
      GH_TOKEN: ${{ secrets.GH_TOKEN }}
      ORGANIZATION: <orgid>
      TITLE: "Add dependabot configuration"
      TYPE: pull
      BATCH_SIZE: 10
      ENABLE_SECURITY_UPDATES: true
      UPDATE_EXISTING: true

Readiness Checklist

Author/Contributor

• If documentation is needed for this change, has that been included in this pull request
• run make lint and fix any issues that you have introduced
• run make test and ensure you have test coverage for the lines you are introducing
• If publishing new data to the public (scorecards, security scan results, code quality results, live dashboards, etc.), please request review from @jeffrey-luszcz

Reviewer

• Label as either fix, documentation, enhancement, infrastructure, maintenance or breaking

[jmeridth]

@hkadakia thank you for catching this. Would you be willing to add a test? I see your manual testing. Thank you for that. Gave great context.

[hkadakia]

@hkadakia thank you for catching this. Would you be willing to add a test? I see your manual testing. Thank you for that. Gave great context.

Sure. I'll work on it as soon as I can.

[hkadakia]

@jmeridth Added the unit test. In order to ensure we correctly test/exercise the code, moved the copy from the calling function to within the function. Please let me know if any more changes.

[jmeridth]

@hkadakia some linting errors. once fixed I'm good with merging this. Thank you very much for the contribution including tests.

[zkoppert]

Wow! Big learning opportunity for me here. Thanks for finding and fixing this.

I'm adding "overwriting env data when passing and returning to functions" to my personal code review checklist as I think this is something I could easily do again if I'm not careful about it.