Class: Dependabot::GitCommitChecker

Inherits:

Object

• Object
• Dependabot::GitCommitChecker

Defined in:

lib/dependabot/git_commit_checker.rb

Constant Summary

VERSION_REGEX =

/
  (?<version>
    (?<=^v)[0-9]+(?:\-[a-z0-9]+)?
    |
    [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)*
  )$
/ix

Instance Method Summary

• #allowed_version_refs ⇒ Object
• #allowed_version_tags ⇒ Object
• #branch_or_ref_in_release?(version) ⇒ Boolean
• #current_version ⇒ Object
• #filter_lower_versions(tags) ⇒ Object
• #git_dependency? ⇒ Boolean
• #git_repo_reachable? ⇒ Boolean
• #head_commit_for_current_branch ⇒ Object
• #head_commit_for_local_branch(name) ⇒ Object
• #head_commit_for_pinned_ref ⇒ Object
• #initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false) ⇒ GitCommitChecker constructor

  A new instance of GitCommitChecker.

• #local_ref_for_latest_version_matching_existing_precision ⇒ Object
• #local_tag_for_latest_version ⇒ Object
• #local_tag_for_pinned_sha ⇒ Object
• #local_tags_for_allowed_versions ⇒ Object
• #local_tags_for_allowed_versions_matching_existing_precision ⇒ Object
• #most_specific_tag_equivalent_to_pinned_ref ⇒ Object
• #pinned? ⇒ Boolean
• #pinned_ref_looks_like_commit_sha? ⇒ Boolean
• #pinned_ref_looks_like_version? ⇒ Boolean
• #ref_looks_like_commit_sha?(ref) ⇒ Boolean

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false) ⇒ GitCommitChecker

Returns a new instance of GitCommitChecker.

# File 'lib/dependabot/git_commit_checker.rb', line 24

def initialize(dependency:, credentials:,
               ignored_versions: [], raise_on_ignored: false,
               consider_version_branches_pinned: false)
  @dependency = dependency
  @credentials = credentials
  @ignored_versions = ignored_versions
  @raise_on_ignored = raise_on_ignored
  @consider_version_branches_pinned = consider_version_branches_pinned
end

Instance Method Details

#allowed_version_refs ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 124

def allowed_version_refs
  allowed_versions(local_refs)
end

#allowed_version_tags ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 120

def allowed_version_tags
  allowed_versions(local_tags)
end

#branch_or_ref_in_release?(version) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 85

def branch_or_ref_in_release?(version)
  pinned_ref_in_release?(version) || branch_behind_release?(version)
end

#current_version ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 128

def current_version
  return unless dependency.version && version_tag?(dependency.version)

  version_from_ref(dependency.version)
end

#filter_lower_versions(tags) ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 134

def filter_lower_versions(tags)
  return tags unless current_version

  versions = tags.map do |t|
    version_from_tag(t)
  end

  versions.select do |version|
    version > current_version
  end
end

#git_dependency? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 34

def git_dependency?
  return false if dependency_source_details.nil?

  dependency_source_details.fetch(:type) == "git"
end

#git_repo_reachable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 158

def git_repo_reachable?
  local_upload_pack
  true
rescue Dependabot::GitDependenciesNotReachable
  false
end

#head_commit_for_current_branch ⇒ Object

Raises:

• (Dependabot::GitDependencyReferenceNotFound)

# File 'lib/dependabot/git_commit_checker.rb', line 89

def head_commit_for_current_branch
  ref = ref_or_branch || "HEAD"

  sha = head_commit_for_local_branch(ref)
  return sha if pinned? || sha

  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
end

#head_commit_for_local_branch(name) ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 98

def head_commit_for_local_branch(name)
  local_repo_git_metadata_fetcher.head_commit_for_ref(name)
end

#head_commit_for_pinned_ref ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 72

def head_commit_for_pinned_ref
  ref = dependency_source_details.fetch(:ref)
  local_repo_git_metadata_fetcher.head_commit_for_ref_sha(ref)
end

#local_ref_for_latest_version_matching_existing_precision ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 102

def local_ref_for_latest_version_matching_existing_precision
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs

  max_local_tag_for_current_precision(allowed_refs)
end

#local_tag_for_latest_version ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 108

def local_tag_for_latest_version
  max_local_tag(allowed_version_tags)
end

#local_tag_for_pinned_sha ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 151

def local_tag_for_pinned_sha
  return unless pinned_ref_looks_like_commit_sha?

  commit_sha = dependency_source_details.fetch(:ref)
  most_specific_version_tag_for_sha(commit_sha)
end

#local_tags_for_allowed_versions ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 116

def local_tags_for_allowed_versions
  allowed_version_tags.map { |t| to_local_tag(t) }
end

#local_tags_for_allowed_versions_matching_existing_precision ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 112

def local_tags_for_allowed_versions_matching_existing_precision
  select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
end

#most_specific_tag_equivalent_to_pinned_ref ⇒ Object

# File 'lib/dependabot/git_commit_checker.rb', line 146

def most_specific_tag_equivalent_to_pinned_ref
  commit_sha = head_commit_for_local_branch(dependency_source_details.fetch(:ref))
  most_specific_version_tag_for_sha(commit_sha)
end

#pinned? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 40

def pinned?
  raise "Not a git dependency!" unless git_dependency?

  ref = dependency_source_details.fetch(:ref)
  branch = dependency_source_details.fetch(:branch)

  return false if ref.nil?
  return false if branch == ref
  return true if branch
  return true if dependency.version&.start_with?(ref)

  # If the specified `ref` is actually a tag, we're pinned
  return true if local_upload_pack.match?(%r{ refs/tags/#{ref}$})

  # Assume we're pinned unless the specified `ref` is actually a branch
  return true unless local_upload_pack.match?(%r{ refs/heads/#{ref}$})

  # TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
  @consider_version_branches_pinned && version_tag?(ref)
end

#pinned_ref_looks_like_commit_sha? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 67

def pinned_ref_looks_like_commit_sha?
  ref = dependency_source_details.fetch(:ref)
  ref_looks_like_commit_sha?(ref)
end

#pinned_ref_looks_like_version? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 61

def pinned_ref_looks_like_version?
  return false unless pinned?

  version_tag?(dependency_source_details.fetch(:ref))
end

#ref_looks_like_commit_sha?(ref) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/git_commit_checker.rb', line 77

def ref_looks_like_commit_sha?(ref)
  return false unless ref&.match?(/^[0-9a-f]{6,40}$/)

  return false unless pinned?

  local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
end