Test for Nuget auth fix

.github/workflows/codeql.yml

@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript', 'ruby', 'csharp' ]
+        language: [ 'ruby' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Use only 'java' to analyze code written in Java, Kotlin or both
         # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both

.github/workflows/updater.yml

@@ -103,21 +103,7 @@ jobs:
         .
 
     - name: Log into registry
-      if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }}
       run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
 
-    - name: Push image (latest, ShortSha)
-      if: ${{ (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags') }}
-      run: |
-        docker push "ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:latest"
-        docker push "ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:$GITVERSION_SHORTSHA"
-
     - name: Push image (NuGetVersionV2)
-      if: ${{ !startsWith(github.ref, 'refs/pull') }}
       run: docker push "ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:$GITVERSION_NUGETVERSIONV2"
-
-    - name: Push image (major, minor)
-      if: startsWith(github.ref, 'refs/tags')
-      run: |
-        docker push "ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:$GITVERSION_MAJOR.$GITVERSION_MINOR"
-        docker push "ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:$GITVERSION_MAJOR"

updater/Gemfile

@@ -8,10 +8,10 @@ source "https://rubygems.org"
 # They are so many, our reference won't be found for it to be updated.
 # Hence adding the branch.
 
-gem "dependabot-omnibus", "~>0.242.1"
+# gem "dependabot-omnibus", "~>0.242.1"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", branch: "main"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", tag: "v0.232.0"
-# gem "dependabot-omnibus", github: "dependabot/dependabot-core", ref: "ffde6f6"
+gem "dependabot-omnibus", github: "dependabot/dependabot-core", ref: "43204b1"
 
 gem "http", "~> 5.2"
 gem "octokit", "6.1.1"

updater/Gemfile.lock

@@ -1,32 +1,8 @@
-GEM
-  remote: https://rubygems.org/
+GIT
+  remote: https://github.com/dependabot/dependabot-core.git
+  revision: 43204b1ae6fb5f3483d1806b7e8fbd5b1cedf81b
+  ref: 43204b1
   specs:
-    addressable (2.8.6)
-      public_suffix (>= 2.0.2, < 6.0)
-    ast (2.4.2)
-    aws-eventstream (1.3.0)
-    aws-partitions (1.883.0)
-    aws-sdk-codecommit (1.64.0)
-      aws-sdk-core (~> 3, >= 3.191.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.191.0)
-      aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.8)
-      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ecr (1.69.0)
-      aws-sdk-core (~> 3, >= 3.191.0)
-      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.8.0)
-      aws-eventstream (~> 1, >= 1.0.2)
-    base64 (0.2.0)
-    bigdecimal (3.1.6)
-    citrus (3.0.2)
-    commonmarker (0.23.10)
-    concurrent-ruby (1.2.3)
-    crack (1.0.0)
-      bigdecimal
-      rexml
     dependabot-bundler (0.242.1)
       dependabot-common (= 0.242.1)
     dependabot-cargo (0.242.1)
@@ -104,6 +80,34 @@ GEM
       dependabot-common (= 0.242.1)
     dependabot-terraform (0.242.1)
       dependabot-common (= 0.242.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.889.0)
+    aws-sdk-codecommit (1.64.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-core (3.191.1)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.651.0)
+      aws-sigv4 (~> 1.8)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-ecr (1.69.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.8.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.2.0)
+    citrus (3.0.2)
+    commonmarker (0.23.10)
+    concurrent-ruby (1.2.3)
+    crack (0.4.5)
+      rexml
     diff-lcs (1.5.1)
     docker_registry2 (1.18.0)
       rest-client (>= 1.8.0)
@@ -123,9 +127,7 @@ GEM
     gitlab (4.19.0)
       httparty (~> 0.20)
       terminal-table (>= 1.5.1)
-    google-protobuf (3.25.2-aarch64-linux)
-    google-protobuf (3.25.2-arm64-darwin)
-    google-protobuf (3.25.2-x86_64-linux)
+    google-protobuf (3.25.2)
     googleapis-common-protos-types (1.11.0)
       google-protobuf (~> 3.18)
     hashdiff (1.1.0)
@@ -150,15 +152,15 @@ GEM
       rake (~> 13.0)
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.1205)
+    mime-types-data (3.2024.0206)
     mini_mime (1.1.5)
     multi_xml (0.6.0)
     netrc (0.11.0)
-    nokogiri (1.16.0-aarch64-linux)
+    nokogiri (1.16.2-aarch64-linux)
       racc (~> 1.4)
-    nokogiri (1.16.0-arm64-darwin)
+    nokogiri (1.16.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.0-x86_64-linux)
+    nokogiri (1.16.2-x86_64-linux)
       racc (~> 1.4)
     octokit (6.1.1)
       faraday (>= 1, < 3)
@@ -255,7 +257,7 @@ GEM
       faraday (>= 0.17.3, < 3)
     sentry-ruby (5.16.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-    sorbet-runtime (0.5.11219)
+    sorbet-runtime (0.5.11247)
     stringio (3.1.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
@@ -275,7 +277,7 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
-  dependabot-omnibus (~> 0.242.1)
+  dependabot-omnibus!
   http (~> 5.2)
   octokit (= 6.1.1)
   opentelemetry-exporter-otlp (~> 0.26)

updater/bin/update_script.rb

@@ -486,7 +486,7 @@ def show_diff(original_file, updated_file)
 ##############################
 # Fetch the dependency files #
 ##############################
-clone = $options[:vendor_dependencies] || Dependabot::Utils.always_clone_for_package_manager?($package_manager)
+clone = true
 $options[:repo_contents_path] ||= File.expand_path(File.join("tmp", $repo_name.split("/"))) if clone
 fetcher_args = {
   source: $source,

updater/lib/dependabot/job.rb

@@ -125,8 +125,7 @@ def initialize(attributes)
     end
 
     def clone?
-      vendor_dependencies? ||
-        Dependabot::Utils.always_clone_for_package_manager?(@package_manager)
+      true
     end
 
     # Some Core components test for a non-nil repo_contents_path as an implicit

updater/spec/dependabot/job_spec.rb

@@ -418,42 +418,6 @@
     end
   end
 
-  describe "#clone?" do
-    subject { job.clone? }
-
-    it { is_expected.to eq(false) }
-
-    context "with vendoring configuration enabled" do
-      let(:vendor_dependencies) { true }
-
-      it { is_expected.to eq(true) }
-    end
-
-    context "for ecosystems that always clone" do
-      let(:vendor_dependencies) { false }
-      let(:dependencies) do
-        [
-          Dependabot::Dependency.new(
-            name: "github.com/pkg/errors",
-            package_manager: "dummy",
-            version: "v1.8.0",
-            requirements: [
-              {
-                file: "go.mod",
-                requirement: "v1.8.0",
-                groups: [],
-                source: nil
-              }
-            ]
-          )
-        ]
-      end
-      let(:package_manager) { "dummy" }
-
-      it { is_expected.to eq(true) }
-    end
-  end
-
   describe "#security_fix?" do
     subject { job.security_fix?(dependency) }
 

updater/spec/support/dummy_package_manager/dummy.rb

@@ -20,6 +20,3 @@
     groups.any? { |g| g.include?("prod") }
   end
 )
-
-require "dependabot/utils"
-Dependabot::Utils.register_always_clone("dummy")