Class: Dependabot::GitCommitChecker
- Inherits:
-
Object
- Object
- Dependabot::GitCommitChecker
- Defined in:
- lib/dependabot/git_commit_checker.rb
Constant Summary collapse
- VERSION_REGEX =
/ (?<version> (?<=^v)[0-9]+(?:\-[a-z0-9]+)? | [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)* )$ /ix
Instance Method Summary collapse
- #allowed_version_refs ⇒ Object
- #allowed_version_tags ⇒ Object
- #branch_or_ref_in_release?(version) ⇒ Boolean
- #current_version ⇒ Object
- #filter_lower_versions(tags) ⇒ Object
- #git_dependency? ⇒ Boolean
- #git_repo_reachable? ⇒ Boolean
- #head_commit_for_current_branch ⇒ Object
- #head_commit_for_local_branch(name) ⇒ Object
- #head_commit_for_pinned_ref ⇒ Object
-
#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false) ⇒ GitCommitChecker
constructor
A new instance of GitCommitChecker.
- #local_ref_for_latest_version_matching_existing_precision ⇒ Object
- #local_tag_for_latest_version ⇒ Object
- #local_tag_for_pinned_sha ⇒ Object
- #local_tags_for_allowed_versions ⇒ Object
- #local_tags_for_allowed_versions_matching_existing_precision ⇒ Object
- #most_specific_tag_equivalent_to_pinned_ref ⇒ Object
- #pinned? ⇒ Boolean
- #pinned_ref_looks_like_commit_sha? ⇒ Boolean
- #pinned_ref_looks_like_version? ⇒ Boolean
- #ref_looks_like_commit_sha?(ref) ⇒ Boolean
Constructor Details
#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false) ⇒ GitCommitChecker
Returns a new instance of GitCommitChecker.
24 25 26 27 28 29 30 31 32 |
# File 'lib/dependabot/git_commit_checker.rb', line 24 def initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, consider_version_branches_pinned: false) @dependency = dependency @credentials = credentials @ignored_versions = ignored_versions @raise_on_ignored = raise_on_ignored @consider_version_branches_pinned = consider_version_branches_pinned end |
Instance Method Details
#allowed_version_refs ⇒ Object
124 125 126 |
# File 'lib/dependabot/git_commit_checker.rb', line 124 def allowed_version_refs allowed_versions(local_refs) end |
#allowed_version_tags ⇒ Object
120 121 122 |
# File 'lib/dependabot/git_commit_checker.rb', line 120 def allowed_versions() end |
#branch_or_ref_in_release?(version) ⇒ Boolean
85 86 87 |
# File 'lib/dependabot/git_commit_checker.rb', line 85 def branch_or_ref_in_release?(version) pinned_ref_in_release?(version) || branch_behind_release?(version) end |
#current_version ⇒ Object
128 129 130 131 132 |
# File 'lib/dependabot/git_commit_checker.rb', line 128 def current_version return unless dependency.version && version_tag?(dependency.version) version_from_ref(dependency.version) end |
#filter_lower_versions(tags) ⇒ Object
134 135 136 137 138 139 140 141 142 143 144 |
# File 'lib/dependabot/git_commit_checker.rb', line 134 def filter_lower_versions() return unless current_version versions = .map do |t| version_from_tag(t) end versions.select do |version| version > current_version end end |
#git_dependency? ⇒ Boolean
34 35 36 37 38 |
# File 'lib/dependabot/git_commit_checker.rb', line 34 def git_dependency? return false if dependency_source_details.nil? dependency_source_details.fetch(:type) == "git" end |
#git_repo_reachable? ⇒ Boolean
158 159 160 161 162 163 |
# File 'lib/dependabot/git_commit_checker.rb', line 158 def git_repo_reachable? local_upload_pack true rescue Dependabot::GitDependenciesNotReachable false end |
#head_commit_for_current_branch ⇒ Object
89 90 91 92 93 94 95 96 |
# File 'lib/dependabot/git_commit_checker.rb', line 89 def head_commit_for_current_branch ref = ref_or_branch || "HEAD" sha = head_commit_for_local_branch(ref) return sha if pinned? || sha raise Dependabot::GitDependencyReferenceNotFound, dependency.name end |
#head_commit_for_local_branch(name) ⇒ Object
98 99 100 |
# File 'lib/dependabot/git_commit_checker.rb', line 98 def head_commit_for_local_branch(name) .head_commit_for_ref(name) end |
#head_commit_for_pinned_ref ⇒ Object
72 73 74 75 |
# File 'lib/dependabot/git_commit_checker.rb', line 72 def head_commit_for_pinned_ref ref = dependency_source_details.fetch(:ref) .head_commit_for_ref_sha(ref) end |
#local_ref_for_latest_version_matching_existing_precision ⇒ Object
102 103 104 105 106 |
# File 'lib/dependabot/git_commit_checker.rb', line 102 def local_ref_for_latest_version_matching_existing_precision allowed_refs = local_tag_for_pinned_sha ? : allowed_version_refs max_local_tag_for_current_precision(allowed_refs) end |
#local_tag_for_latest_version ⇒ Object
108 109 110 |
# File 'lib/dependabot/git_commit_checker.rb', line 108 def local_tag_for_latest_version max_local_tag() end |
#local_tag_for_pinned_sha ⇒ Object
151 152 153 154 155 156 |
# File 'lib/dependabot/git_commit_checker.rb', line 151 def local_tag_for_pinned_sha return unless pinned_ref_looks_like_commit_sha? commit_sha = dependency_source_details.fetch(:ref) most_specific_version_tag_for_sha(commit_sha) end |
#local_tags_for_allowed_versions ⇒ Object
116 117 118 |
# File 'lib/dependabot/git_commit_checker.rb', line 116 def .map { |t| to_local_tag(t) } end |
#local_tags_for_allowed_versions_matching_existing_precision ⇒ Object
112 113 114 |
# File 'lib/dependabot/git_commit_checker.rb', line 112 def select_matching_existing_precision().map { |t| to_local_tag(t) } end |
#most_specific_tag_equivalent_to_pinned_ref ⇒ Object
146 147 148 149 |
# File 'lib/dependabot/git_commit_checker.rb', line 146 def most_specific_tag_equivalent_to_pinned_ref commit_sha = head_commit_for_local_branch(dependency_source_details.fetch(:ref)) most_specific_version_tag_for_sha(commit_sha) end |
#pinned? ⇒ Boolean
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/dependabot/git_commit_checker.rb', line 40 def pinned? raise "Not a git dependency!" unless git_dependency? ref = dependency_source_details.fetch(:ref) branch = dependency_source_details.fetch(:branch) return false if ref.nil? return false if branch == ref return true if branch return true if dependency.version&.start_with?(ref) # If the specified `ref` is actually a tag, we're pinned return true if local_upload_pack.match?(%r{ refs/tags/#{ref}$}) # Assume we're pinned unless the specified `ref` is actually a branch return true unless local_upload_pack.match?(%r{ refs/heads/#{ref}$}) # TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems @consider_version_branches_pinned && version_tag?(ref) end |
#pinned_ref_looks_like_commit_sha? ⇒ Boolean
67 68 69 70 |
# File 'lib/dependabot/git_commit_checker.rb', line 67 def pinned_ref_looks_like_commit_sha? ref = dependency_source_details.fetch(:ref) ref_looks_like_commit_sha?(ref) end |
#pinned_ref_looks_like_version? ⇒ Boolean
61 62 63 64 65 |
# File 'lib/dependabot/git_commit_checker.rb', line 61 def pinned_ref_looks_like_version? return false unless pinned? version_tag?(dependency_source_details.fetch(:ref)) end |
#ref_looks_like_commit_sha?(ref) ⇒ Boolean
77 78 79 80 81 82 83 |
# File 'lib/dependabot/git_commit_checker.rb', line 77 def ref_looks_like_commit_sha?(ref) return false unless ref&.match?(/^[0-9a-f]{6,40}$/) return false unless pinned? .head_commit_for_ref(ref).nil? end |