[WIP] instrument package manager versions

dependabot · Mar 16, 2021 · 5038e89 · 5038e89
1 parent 564ca68
commit 5038e89
Show file tree

Hide file tree

Showing 8 changed files with 96 additions and 0 deletions.
diff --git a/bundler/lib/dependabot/bundler/file_parser.rb b/bundler/lib/dependabot/bundler/file_parser.rb
@@ -23,6 +23,7 @@ def parse
         dependency_set += gemspec_dependencies
         dependency_set += lockfile_dependencies
         check_external_code(dependency_set.dependencies)
+        instrument_package_manager_version
         dependency_set.dependencies
       end
 
@@ -42,6 +43,17 @@ def git_source?(dependencies)
         end
       end
 
+      def instrument_package_manager_version
+        version = Helpers.actual_bundler_version(lockfile) # TODO: Replace with `bundler_version` once implemented
+        Dependabot.instrument(
+          "dependabot.file_parser.package_manager_version_parsed",
+          ecosystem: "bundler",
+          package_managers: {
+            "bundler" => version
+          }
+        )
+      end
+
       def gemfile_dependencies
         dependencies = DependencySet.new
 

diff --git a/bundler/lib/dependabot/bundler/helpers.rb b/bundler/lib/dependabot/bundler/helpers.rb
@@ -11,6 +11,14 @@ module Helpers
       def self.bundler_version(_lockfile)
         V1
       end
+
+      # TODO: Replace with bundler_version once it is implemented
+      def self.actual_bundler_version(lockfile)
+        return V1 unless lockfile
+        return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
+
+        V1
+      end
     end
   end
 end
diff --git a/bundler/spec/dependabot/bundler/file_parser_spec.rb b/bundler/spec/dependabot/bundler/file_parser_spec.rb
@@ -724,5 +724,18 @@
         end
       end
     end
+
+    it "instruments the package manager version" do
+      events = []
+      Dependabot.subscribe("dependabot.file_parser.package_manager_version_parsed") do |*args|
+        events << ActiveSupport::Notifications::Event.new(*args)
+      end
+
+      parser.parse
+
+      expect(events.last.payload).to eq(
+        { ecosystem: "bundler", package_managers: { "bundler" => "1" } }
+      )
+    end
   end
 end
diff --git a/common/dependabot-common.gemspec b/common/dependabot-common.gemspec
@@ -21,6 +21,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.5.0"
   spec.required_rubygems_version = ">= 2.7.3"
 
+  spec.add_dependency "activesupport", ">= 6.0.0"
   spec.add_dependency "aws-sdk-codecommit", "~> 1.28"
   spec.add_dependency "aws-sdk-ecr", "~> 1.5"
   spec.add_dependency "bundler", ">= 1.16", "< 3.0.0"

diff --git a/common/lib/dependabot/file_parsers/base.rb b/common/lib/dependabot/file_parsers/base.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "dependabot/notifications"
+
 module Dependabot
   module FileParsers
     class Base

diff --git a/common/lib/dependabot/notifications.rb b/common/lib/dependabot/notifications.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "active_support/notifications"
+
+module Dependabot
+  def self.instrument(name, payload = {})
+    ActiveSupport::Notifications.instrument(name, payload)
+  end
+
+  def self.subscribe(pattern = nil, callback = nil, &block)
+    ActiveSupport::Notifications.subscribe(pattern, callback, &block)
+  end
+end
diff --git a/python/lib/dependabot/python/file_parser.rb b/python/lib/dependabot/python/file_parser.rb
@@ -46,6 +46,8 @@ def parse
         dependency_set += requirement_dependencies if requirement_files.any?
         dependency_set += setup_file_dependencies if setup_file
 
+        instrument_package_manager_version
+
         dependency_set.dependencies
       end
 
@@ -104,6 +106,38 @@ def requirement_dependencies
         dependencies
       end
 
+      def instrument_package_manager_version
+        package_managers = {}
+        package_managers["poetry"] = poetry_version if using_poetry?
+        package_managers["pipenv"] = pipenv_version if pipfile
+        package_managers["setup_py"] = setup_py_version if setup_file
+        package_managers["pip"] = pip_version if requirement_files.any?
+
+        Dependabot.instrument(
+          "dependabot.file_parser.package_manager_version_parsed",
+          ecosystem: "python",
+          package_managers: package_managers
+        )
+      end
+
+      # TODO: get actual versions
+
+      def poetry_version
+        "unknown"
+      end
+
+      def pipenv_version
+        "unknown"
+      end
+
+      def pip_version
+        "unknown"
+      end
+
+      def setup_py_version
+        "unknown"
+      end
+
       def group_from_filename(filename)
         if filename.include?("dev") then ["dev-dependencies"]
         else ["dependencies"]

diff --git a/python/spec/dependabot/python/file_parser_spec.rb b/python/spec/dependabot/python/file_parser_spec.rb
@@ -1237,5 +1237,18 @@
         expect { dependencies }.to raise_error(Dependabot::UnexpectedExternalCode)
       end
     end
+
+    it "instruments the package manager version" do
+      events = []
+      Dependabot.subscribe("dependabot.file_parser.package_manager_version_parsed") do |*args|
+        events << ActiveSupport::Notifications::Event.new(*args)
+      end
+
+      parser.parse
+
+      expect(events.last.payload).to eq(
+        { ecosystem: "python", package_managers: { "pip" => "unknown" } }
+      )
+    end
   end
 end