Class: Dependabot::GithubActions::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::GithubActions::UpdateChecker

Extended by:

T::Sig

Defined in:

lib/dependabot/github_actions/update_checker.rb,
lib/dependabot/github_actions/update_checker/latest_version_finder.rb

Defined Under Namespace

Classes: LatestVersionFinder

Instance Method Summary

• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #updated_requirements ⇒ Object

Instance Method Details

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/github_actions/update_checker.rb', line 30

def latest_resolvable_version
  # Resolvability isn't an issue for GitHub Actions.
  latest_version
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/github_actions/update_checker.rb', line 36

def latest_resolvable_version_with_no_unlock
  # No concept of "unlocking" for GitHub Actions (since no lockfile)
  dependency.version
end

#latest_version ⇒ Object

# File 'lib/dependabot/github_actions/update_checker.rb', line 22

def latest_version
  @latest_version ||= T.let(
    T.must(latest_version_finder).latest_release,
    T.nilable(T.any(String, Gem::Version))
  )
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/github_actions/update_checker.rb', line 42

def lowest_resolvable_security_fix_version
  # Resolvability isn't an issue for GitHub Actions.
  lowest_security_fix_version
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/github_actions/update_checker.rb', line 48

def lowest_security_fix_version
  @lowest_security_fix_version ||= T.let(
    T.must(latest_version_finder).lowest_security_fix_release&.fetch(:version),
    T.nilable(Dependabot::Version)
  )
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/github_actions/update_checker.rb', line 56

def updated_requirements
  dependency.requirements.map do |req|
    source = req[:source]
    updated = updated_ref(source)
    next req unless updated

    current = source[:ref]

    # Maintain a short git hash only if it matches the latest
    if req[:type] == "git" &&
       git_commit_checker.ref_looks_like_commit_sha?(updated) &&
       git_commit_checker.ref_looks_like_commit_sha?(current) &&
       updated.start_with?(current)
      next req
    end

    new_source = source.merge(ref: updated)
    req.merge(source: new_source)
  end
end