class Dependabot::Dep::UpdateChecker::LatestVersionFinder
Attributes
credentials[R]
dependency[R]
dependency_files[R]
ignored_versions[R]
Public Class Methods
new(dependency:, dependency_files:, credentials:, ignored_versions:)
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 15 def initialize(dependency:, dependency_files:, credentials:, ignored_versions:) @dependency = dependency @dependency_files = dependency_files @credentials = credentials @ignored_versions = ignored_versions end
Public Instance Methods
latest_version()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 23 def latest_version @latest_version ||= if git_dependency? then latest_version_for_git_dependency else latest_release_tag_version end end
Private Instance Methods
branch_or_ref_in_release?(release)
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 117 def branch_or_ref_in_release?(release) return false unless release git_commit_checker.branch_or_ref_in_release?(release) end
fetch_latest_release_tag()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 48 def fetch_latest_release_tag # If this is a git dependency then getting the latest tag is trivial if git_dependency? return git_commit_checker. local_tag_for_latest_version&.fetch(:tag) end # If not, we need to find the URL for the source code. path = dependency.requirements. map { |r| r.dig(:source, :source) }.compact.first path ||= dependency.name source_url = git_source(path) return unless source_url # Given a source, we want to find the latest tag. Piggy-back off the # logic in GitCommitChecker to do so. git_dep = Dependency.new( name: dependency.name, version: dependency.version, requirements: [{ file: "Gopkg.toml", groups: [], requirement: nil, source: { type: "git", url: source_url, ref: nil, branch: nil } }], package_manager: dependency.package_manager ) GitCommitChecker. new(dependency: git_dep, credentials: credentials). local_tag_for_latest_version&.fetch(:tag) end
git_commit_checker()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 127 def git_commit_checker @git_commit_checker ||= GitCommitChecker.new( dependency: dependency, credentials: credentials, ignored_versions: ignored_versions ) end
git_dependency?()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 123 def git_dependency? git_commit_checker.git_dependency? end
git_source(path)
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 105 def git_source(path) Dependabot::Dep::PathConverter.git_url_for_path(path) end
latest_release_tag_version()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 35 def latest_release_tag_version return @latest_release_tag_version if @latest_release_tag_lookup_attempted @latest_release_tag_lookup_attempted = true latest_release_str = fetch_latest_release_tag&.sub(/^v?/, "") return unless latest_release_str return unless version_class.correct?(latest_release_str) @latest_release_tag_version = version_class.new(latest_release_str) end
latest_version_for_git_dependency()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 82 def latest_version_for_git_dependency latest_release = latest_release_tag_version # If there's been a release that includes the current pinned ref or # that the current branch is behind, we switch to that release. return latest_release if branch_or_ref_in_release?(latest_release) # Otherwise, if the gem isn't pinned, the latest version is just the # latest commit for the specified branch. return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned? # If the dependency is pinned to a tag that looks like a version # then we want to update that tag. if git_commit_checker.pinned_ref_looks_like_version? latest_tag = git_commit_checker.local_tag_for_latest_version return version_from_tag(latest_tag) end # If the dependency is pinned to a tag that doesn't look like a # version then there's nothing we can do. nil end
lockfile()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 152 def lockfile @lockfile = dependency_files.find { |f| f.name == "Gopkg.lock" } raise "No Gopkg.lock!" unless @lockfile @lockfile end
manifest()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 145 def manifest @manifest ||= dependency_files.find { |f| f.name == "Gopkg.toml" } raise "No Gopkg.lock!" unless @manifest @manifest end
parsed_file(file)
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 136 def parsed_file(file) @parsed_file ||= {} @parsed_file[file.name] ||= TomlRB.parse(file.content) end
version_class()
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 141 def version_class Utils.version_class_for_package_manager(dependency.package_manager) end
version_from_tag(tag)
click to toggle source
# File lib/dependabot/dep/update_checker/latest_version_finder.rb, line 109 def version_from_tag(tag) # To compare with the current version we either use the commit SHA # (if that's what the parser picked up) of the tag name. return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/) tag&.fetch(:tag) end