class Dependabot::GithubActions::UpdateChecker

Public Instance Methods

latest_resolvable_version() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 16
def latest_resolvable_version
  # Resolvability isn't an issue for GitHub Actions.
  latest_version
end
latest_resolvable_version_with_no_unlock() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 21
def latest_resolvable_version_with_no_unlock
  # No concept of "unlocking" for GitHub Actions (since no lockfile)
  dependency.version
end
latest_version() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 12
def latest_version
  @latest_version ||= fetch_latest_version
end
updated_requirements() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 26
def updated_requirements # rubocop:disable Metrics/PerceivedComplexity
  previous = dependency_source_details
  updated = updated_source
  return dependency.requirements if updated == previous

  # Maintain a short git hash only if it matches the latest
  if previous[:type] == "git" &&
     previous[:url] == updated[:url] &&
     updated[:ref]&.match?(/^[0-9a-f]{6,40}$/) &&
     previous[:ref]&.match?(/^[0-9a-f]{6,40}$/) &&
     updated[:ref]&.start_with?(previous[:ref])
    return dependency.requirements
  end

  dependency.requirements.map { |req| req.merge(source: updated) }
end

Private Instance Methods

current_commit() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 129
def current_commit
  git_commit_checker.head_commit_for_current_branch
end
dependency_source_details() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 113
def dependency_source_details
  sources =
    dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact

  return sources.first if sources.count <= 1

  # If there are multiple source types, or multiple source URLs, then it's
  # unclear how we should proceed
  raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| [s.fetch(:type), s[:url]] }.uniq.count > 1

  # Otherwise it's reasonable to take the first source and use that. This
  # will happen if we have multiple git sources with difference references
  # specified. In that case it's fine to update them all.
  sources.first
end
fetch_latest_version() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 54
def fetch_latest_version
  # TODO: Support Docker sources
  return unless git_dependency?

  fetch_latest_version_for_git_dependency
end
fetch_latest_version_for_git_dependency() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 61
def fetch_latest_version_for_git_dependency
  return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?

  # If the dependency is pinned to a tag that looks like a version then
  # we want to update that tag.
  if git_commit_checker.pinned_ref_looks_like_version? &&
     git_commit_checker.local_tag_for_latest_version
    latest_tag = git_commit_checker.local_tag_for_latest_version
    latest_version = latest_tag.fetch(:version)
    return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s)

    return latest_version
  end

  # If the dependency is pinned to a commit SHA and the latest
  # version-like tag includes that commit then we want to update to that
  # version-like tag. We return a version (not a commit SHA) so that we
  # get nice behaviour in PullRequestCreator::MessageBuilder
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
     (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
     git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
    return latest_tag.fetch(:version)
  end

  # If the dependency is pinned to a tag that doesn't look like a
  # version or a commit SHA then there's nothing we can do.
  nil
end
git_commit_checker() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 137
def git_commit_checker
  @git_commit_checker ||= Dependabot::GitCommitChecker.new(
    dependency: dependency,
    credentials: credentials,
    ignored_versions: ignored_versions,
    raise_on_ignored: raise_on_ignored
  )
end
git_dependency?() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 133
def git_dependency?
  git_commit_checker.git_dependency?
end
latest_version_resolvable_with_full_unlock?() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 45
def latest_version_resolvable_with_full_unlock?
  # Full unlock checks aren't relevant for GitHub Actions
  false
end
shortened_semver_eq?(base, other) click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 146
def shortened_semver_eq?(base, other)
  return false unless base

  base_split = base.split(".")
  other_split = other.split(".")
  return false unless base_split.length <= other_split.length

  other_split[0..base_split.length - 1] == base_split
end
updated_dependencies_after_full_unlock() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 50
def updated_dependencies_after_full_unlock
  raise NotImplementedError
end
updated_source() click to toggle source
# File lib/dependabot/github_actions/update_checker.rb, line 90
def updated_source
  # TODO: Support Docker sources
  return dependency_source_details unless git_dependency?

  # Update the git tag if updating a pinned version
  if git_commit_checker.pinned_ref_looks_like_version? &&
     (new_tag = git_commit_checker.local_tag_for_latest_version) &&
     new_tag.fetch(:commit_sha) != current_commit
    return dependency_source_details.merge(ref: new_tag.fetch(:tag))
  end

  # Update the git commit if updating a pinned commit
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
     (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
     git_commit_checker.branch_or_ref_in_release?(latest_tag[:version]) &&
     (latest_commit = latest_tag.fetch(:commit_sha)) != current_commit
    return dependency_source_details.merge(ref: latest_commit)
  end

  # Otherwise return the original source
  dependency_source_details
end