Bundler 2 [pre-release]: Add UpdateChecker

dependabot · Mar 25, 2021 · 3bd282f · 3bd282f
1 parent 3933918
commit 3bd282f
Show file tree

Hide file tree

Showing 9 changed files with 185 additions and 8 deletions.
diff --git a/bundler/helpers/v2/lib/functions.rb b/bundler/helpers/v2/lib/functions.rb
@@ -83,7 +83,13 @@ def self.depencency_source_latest_git_version(gemfile_name:, dependency_name:,
 
   def self.private_registry_versions(gemfile_name:, dependency_name:, dir:,
                                      credentials:)
-    raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
+    set_bundler_flags_and_credentials(dir: dir, credentials: credentials,
+                                      using_bundler2: false)
+
+    DependencySource.new(
+      gemfile_name: gemfile_name,
+      dependency_name: dependency_name
+    ).private_registry_versions
   end
 
   def self.resolve_version(dependency_name:, dependency_requirements:,
@@ -103,7 +109,26 @@ def self.jfrog_source(dir:, gemfile_name:, credentials:, using_bundler2:)
   end
 
   def self.git_specs(dir:, gemfile_name:, credentials:, using_bundler2:)
-    raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
+    set_bundler_flags_and_credentials(dir: dir, credentials: credentials,
+                                      using_bundler2: using_bundler2)
+
+    git_specs = Bundler::Definition.build(gemfile_name, nil, {}).dependencies.
+                select do |spec|
+      spec.source.is_a?(Bundler::Source::Git)
+    end
+    git_specs.map do |spec|
+      # Piggy-back off some private Bundler methods to configure the
+      # URI with auth details in the same way Bundler does.
+      git_proxy = spec.source.send(:git_proxy)
+      auth_uri = spec.source.uri.gsub("git://", "https://")
+      auth_uri = git_proxy.send(:configured_uri_for, auth_uri)
+      auth_uri += ".git" unless auth_uri.end_with?(".git")
+      auth_uri += "/info/refs?service=git-upload-pack"
+      {
+        uri: spec.source.uri,
+        auth_uri: auth_uri
+      }
+    end
   end
 
   def self.set_bundler_flags_and_credentials(dir:, credentials:,

diff --git a/bundler/spec/dependabot/bundler/update_checker_spec.rb b/bundler/spec/dependabot/bundler/update_checker_spec.rb
@@ -16,7 +16,10 @@
       dependency_files: dependency_files,
       credentials: credentials,
       ignored_versions: ignored_versions,
-      security_advisories: security_advisories
+      security_advisories: security_advisories,
+      options: {
+        bundler_2_available: bundler_2_available?
+      }
     )
   end
   let(:credentials) do
@@ -177,7 +180,7 @@
       it { is_expected.to eq(Gem::Version.new("1.5.0")) }
     end
 
-    context "with a private rubygems source" do
+    context "with a private rubygems source", :bundler_v1_only do
       let(:lockfile_fixture_name) { "specified_source.lock" }
       let(:gemfile_fixture_name) { "specified_source" }
       let(:requirements) do
@@ -218,6 +221,47 @@
       it { is_expected.to eq(Gem::Version.new("1.9.0")) }
     end
 
+    context "with a private rubygems source", :bundler_v2_only do
+      let(:dependency_files) { project_dependency_files("bundler2/specified_source") }
+
+      let(:requirements) do
+        [{
+          file: "Gemfile",
+          requirement: ">= 0",
+          groups: [],
+          source: { type: "rubygems" }
+        }]
+      end
+      let(:registry_url) { "https://repo.fury.io/greysteil/" }
+      let(:gemfury_business_url) do
+        "https://repo.fury.io/greysteil/api/v1/dependencies?gems=business"
+      end
+      before do
+        # We only need to stub out the version callout since it would
+        # otherwise call out to the internet in a shell command
+        allow(Dependabot::Bundler::NativeHelpers).
+          to receive(:run_bundler_subprocess).
+          with({
+                 bundler_version: "2",
+                 function: "dependency_source_type",
+                 args: anything
+               }).and_call_original
+
+        allow(Dependabot::Bundler::NativeHelpers).
+          to receive(:run_bundler_subprocess).
+          with({
+                 bundler_version: "2",
+                 function: "private_registry_versions",
+                 args: anything
+               }).
+          and_return(
+            ["1.5.0", "1.9.0", "1.10.0.beta"]
+          )
+      end
+
+      it { is_expected.to eq(Gem::Version.new("1.9.0")) }
+    end
+
     context "given a git source" do
       let(:lockfile_fixture_name) { "git_source_no_ref.lock" }
       let(:gemfile_fixture_name) { "git_source_no_ref" }
@@ -1282,14 +1326,22 @@
               to_return(status: 401)
           end
 
-          it "raises a helpful error" do
+          it "raises a helpful error on bundler v1", :bundler_v1_only do
             expect { checker.latest_resolvable_version }.
               to raise_error do |error|
                 expect(error).to be_a(Dependabot::GitDependenciesNotReachable)
                 expect(error.dependency_urls).
                   to eq(["git@github.com:fundingcircle/prius"])
               end
           end
+
+          context "bundler v2", :bundler_v2_only do
+            let(:dependency_files) { project_dependency_files("bundler2/private_git_source") }
+
+            it "updates the dependency" do
+              expect(checker.latest_resolvable_version).to eq(Gem::Version.new("3.4.1"))
+            end
+          end
         end
 
         context "that has a bad reference" do
@@ -1302,13 +1354,21 @@
               to_return(status: 200)
           end
 
-          it "raises a helpful error" do
+          it "raises a helpful error", :bundler_v1_only do
             expect { checker.latest_resolvable_version }.
               to raise_error do |error|
                 expect(error).to be_a Dependabot::GitDependencyReferenceNotFound
                 expect(error.dependency).to eq("prius")
               end
           end
+
+          context "bundler v2", :bundler_v2_only do
+            let(:dependency_files) { project_dependency_files("bundler2/bad_ref") }
+
+            it "updates the dependency" do
+              expect(checker.latest_resolvable_version).to eq(Gem::Version.new("3.4.1"))
+            end
+          end
         end
 
         context "that has a bad branch" do
@@ -1476,14 +1536,23 @@
             to_return(status: 401)
         end
 
-        it "raises a helpful error" do
+        it "raises a helpful error", :bundler_v1_only do
           expect { checker.latest_resolvable_version }.
             to raise_error do |error|
               expect(error).to be_a(Dependabot::GitDependenciesNotReachable)
               expect(error.dependency_urls).
                 to eq(["git://github.com/fundingcircle/prius.git"])
             end
         end
+
+        it "raises a helpful error", :bundler_v2_only do
+          expect { checker.latest_resolvable_version }.
+            to raise_error do |error|
+              expect(error).to be_a(Dependabot::GitDependenciesNotReachable)
+              expect(error.dependency_urls).
+                to eq(["https://github.com/fundingcircle/prius.git"])
+            end
+        end
       end
 
       context "when the git request raises a timeout" do

diff --git a/bundler/spec/fixtures/projects/bundler2/bad_ref/Gemfile b/bundler/spec/fixtures/projects/bundler2/bad_ref/Gemfile
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "business", "~> 1.4.0"
+gem "prius", git: "https://github.com/gocardless/prius"
+gem "statesman", "~> 1.2.0"
diff --git a/bundler/spec/fixtures/projects/bundler2/bad_ref/Gemfile.lock b/bundler/spec/fixtures/projects/bundler2/bad_ref/Gemfile.lock
@@ -0,0 +1,22 @@
+GIT
+  remote: https://github.com/gocardless/prius
+  revision: cff701b3bfb182afc99a85657d7c9f3d6c1ccce1
+  specs:
+    prius (1.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    business (1.4.0)
+    statesman (1.2.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  business (~> 1.4.0)
+  prius!
+  statesman (~> 1.2.0)
+
+BUNDLED WITH
+   2.2.0
diff --git a/bundler/spec/fixtures/projects/bundler2/private_git_source/Gemfile b/bundler/spec/fixtures/projects/bundler2/private_git_source/Gemfile
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "business", "~> 1.4.0"
+gem "prius", git: "git@github.com:fundingcircle/prius"
+gem "statesman", "~> 1.2.0"
diff --git a/bundler/spec/fixtures/projects/bundler2/private_git_source/Gemfile.lock b/bundler/spec/fixtures/projects/bundler2/private_git_source/Gemfile.lock
@@ -0,0 +1,22 @@
+GIT
+  remote: git@github.com:fundingcircle/prius
+  revision: cff701b3bfb182afc99a85657d7c9f3d6c1ccce2
+  specs:
+    prius (1.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    business (1.4.0)
+    statesman (1.2.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  business (~> 1.4.0)
+  prius!
+  statesman (~> 1.2.0)
+
+BUNDLED WITH
+   2.2.0
diff --git a/bundler/spec/fixtures/projects/bundler2/specified_source/Gemfile b/bundler/spec/fixtures/projects/bundler2/specified_source/Gemfile
@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+gem "statesman"
+
+source "https://SECRET_CODES@repo.fury.io/greysteil/" do
+  gem "business"
+end
diff --git a/bundler/spec/fixtures/projects/bundler2/specified_source/Gemfile.lock b/bundler/spec/fixtures/projects/bundler2/specified_source/Gemfile.lock
@@ -0,0 +1,18 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    statesman (2.0.1)
+
+GEM
+  remote: https://SECRET_CODES@repo.fury.io/greysteil/
+    business (1.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  business!
+  statesman
+
+BUNDLED WITH
+   2.2.0
diff --git a/bundler/spec/fixtures/ruby/lockfiles/specified_source.lock b/bundler/spec/fixtures/ruby/lockfiles/specified_source.lock
@@ -1,6 +1,6 @@
 GEM
   remote: https://rubygems.org/
-  remote: https://wxuokzLuQTRgMGtEYMPJ@repo.fury.io/greysteil/
+  remote: https://SECRET_CODES@repo.fury.io/greysteil/
   specs:
     business (1.5.0)
     statesman (2.0.1)