Prepare the project for the new bun ecosystem

dependabot · Jan 29, 2025 · b850251 · b850251
1 parent a665aea
commit b850251
Show file tree

Hide file tree

Showing 15 changed files with 1,219 additions and 1 deletion.
diff --git a/Dockerfile.updater-core b/Dockerfile.updater-core
@@ -94,6 +94,7 @@ COPY --chown=dependabot:dependabot github_actions/.bundle github_actions/dependa
 COPY --chown=dependabot:dependabot go_modules/.bundle go_modules/dependabot-go_modules.gemspec go_modules/
 COPY --chown=dependabot:dependabot gradle/.bundle gradle/dependabot-gradle.gemspec gradle/
 COPY --chown=dependabot:dependabot hex/.bundle hex/dependabot-hex.gemspec hex/
+COPY --chown=dependabot:dependabot javascript/.bundle javascript/dependabot-bun.gemspec javascript/
 COPY --chown=dependabot:dependabot maven/.bundle maven/dependabot-maven.gemspec maven/
 COPY --chown=dependabot:dependabot npm_and_yarn/.bundle npm_and_yarn/dependabot-npm_and_yarn.gemspec npm_and_yarn/
 COPY --chown=dependabot:dependabot nuget/.bundle nuget/dependabot-nuget.gemspec nuget/
@@ -104,7 +105,7 @@ COPY --chown=dependabot:dependabot swift/.bundle swift/dependabot-swift.gemspec
 COPY --chown=dependabot:dependabot terraform/.bundle terraform/dependabot-terraform.gemspec terraform/
 
 # prevent having all the source in every ecosystem image
-RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler silent swift devcontainers dotnet_sdk; do \
+RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler silent swift devcontainers dotnet_sdk javascript; do \
     mkdir -p $ecosystem/lib/dependabot; \
     touch $ecosystem/lib/dependabot/$ecosystem.rb; \
   done

diff --git a/Gemfile b/Gemfile
@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "dependabot-bun", path: "javascript"
 gem "dependabot-bundler", path: "bundler"
 gem "dependabot-cargo", path: "cargo"
 gem "dependabot-common", path: "common"

diff --git a/bin/docker-dev-shell b/bin/docker-dev-shell
@@ -190,6 +190,12 @@ docker run --rm -ti \
   -v "$(pwd)/hex/lib:$CODE_DIR/hex/lib" \
   -v "$(pwd)/hex/script:$CODE_DIR/hex/script" \
   -v "$(pwd)/hex/spec:$CODE_DIR/hex/spec" \
+  -v "$(pwd)/javascript/.rubocop.yml:$CODE_DIR/javascript/.rubocop.yml" \
+  -v "$(pwd)/javascript/dependabot-javascript.gemspec:$CODE_DIR/javascript/dependabot-javascript.gemspec" \
+  -v "$(pwd)/javascript/helpers:$CODE_DIR/javascript/helpers" \
+  -v "$(pwd)/javascript/lib:$CODE_DIR/javascript/lib" \
+  -v "$(pwd)/javascript/script:$CODE_DIR/javascript/script" \
+  -v "$(pwd)/javascript/spec:$CODE_DIR/javascript/spec" \
   -v "$(pwd)/maven/.rubocop.yml:$CODE_DIR/maven/.rubocop.yml" \
   -v "$(pwd)/maven/dependabot-maven.gemspec:$CODE_DIR/maven/dependabot-maven.gemspec" \
   -v "$(pwd)/maven/lib:$CODE_DIR/maven/lib" \

diff --git a/bin/dry-run.rb b/bin/dry-run.rb
@@ -63,6 +63,7 @@
 $LOAD_PATH << "./go_modules/lib"
 $LOAD_PATH << "./gradle/lib"
 $LOAD_PATH << "./hex/lib"
+$LOAD_PATH << "./javascript/lib"
 $LOAD_PATH << "./maven/lib"
 $LOAD_PATH << "./npm_and_yarn/lib"
 $LOAD_PATH << "./nuget/lib"
@@ -109,6 +110,7 @@
 require "dependabot/go_modules"
 require "dependabot/gradle"
 require "dependabot/hex"
+require "dependabot/javascript"
 require "dependabot/maven"
 require "dependabot/npm_and_yarn"
 require "dependabot/nuget"

diff --git a/common/lib/dependabot/config/file.rb b/common/lib/dependabot/config/file.rb
@@ -58,6 +58,7 @@ def self.parse(config)
       private
 
       PACKAGE_MANAGER_LOOKUP = T.let({
+        "bun" => "bun",
         "bundler" => "bundler",
         "cargo" => "cargo",
         "composer" => "composer",

diff --git a/javascript/.bundle/config b/javascript/.bundle/config
@@ -0,0 +1 @@
+BUNDLE_GEMFILE: "../dependabot-updater/Gemfile"
diff --git a/javascript/.gitignore b/javascript/.gitignore
@@ -0,0 +1,7 @@
+.bundle/*
+!.bundle/config
+/.env
+/tmp
+/dependabot-*.gem
+/helpers/node_modules
+/helpers/install-dir
diff --git a/javascript/.rubocop.yml b/javascript/.rubocop.yml
@@ -0,0 +1 @@
+inherit_from: ../.rubocop.yml
diff --git a/javascript/Dockerfile b/javascript/Dockerfile
@@ -0,0 +1,66 @@
+FROM ghcr.io/dependabot/dependabot-updater-core
+
+# Check for updates at https://github.com/nodejs/corepack/releases
+ARG COREPACK_VERSION=0.30.0
+
+# Check for updates at https://github.com/pnpm/pnpm/releases
+ARG PNPM_VERSION=9.15.3
+
+# Check for updates at https://github.com/yarnpkg/berry/releases
+ARG YARN_VERSION=4.5.3
+
+# Check for updates at https://github.com/oven-sh/bun/releases
+ARG BUN_VERSION=1.2
+
+# See https://github.com/nodesource/distributions#installation-instructions
+ARG NODEJS_VERSION=20
+
+# Check for updates at https://github.com/npm/cli/releases
+# This version should be compatible with the Node.js version declared above. See https://nodejs.org/en/download/releases as well
+# TODO: Upgrade to 9.6.7 depending on the outcome of https://github.com/npm/cli/issues/6742
+ARG NPM_VERSION=9.6.5
+
+# Install Node and npm
+RUN mkdir -p /etc/apt/keyrings \
+  && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+  && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODEJS_VERSION}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends \
+  nodejs \
+  && rm -rf /var/lib/apt/lists/* \
+  && npm install -g corepack@$COREPACK_VERSION \
+  && npm install -g corepack@$COREPACK_VERSION bun@$BUN_VERSION \
+  && rm -rf ~/.npm
+
+USER dependabot
+
+# Install pnpm and set it to a stable version
+RUN corepack install pnpm@$PNPM_VERSION --global
+
+# Install yarn berry and set it to a stable version
+RUN corepack install yarn@$YARN_VERSION --global
+
+# Install npm and set it to a stable version
+RUN corepack install npm@$NPM_VERSION --global
+
+ENV DEPENDABOT_NATIVE_HELPERS_PATH="/opt"
+COPY --chown=dependabot:dependabot npm_and_yarn/helpers /opt/npm_and_yarn/helpers
+RUN bash /opt/npm_and_yarn/helpers/build
+
+# START: HACKY WORKAROUND FOR NPM GIT INSTALLS SPAWNING CHILD PROCESS
+
+# TODO: Remove these hacks once we've deprecated npm 6 support as it no longer
+# spawns a child process to npm install git dependencies.
+
+# Create the config file manually instead of using yarn/npm config set as this
+# executes the package manager outputs to every job log
+COPY --chown=dependabot:dependabot updater/config/.yarnrc updater/config/.npmrc $DEPENDABOT_HOME/
+
+# For Yarn Berry we can set this via an environment variable
+ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
+
+# END: HACKY WORKAROUND FOR NPM GIT INSTALLS SPAWNING CHILD PROCESS
+
+COPY --chown=dependabot:dependabot npm_and_yarn $DEPENDABOT_HOME/npm_and_yarn
+COPY --chown=dependabot:dependabot common $DEPENDABOT_HOME/common
+COPY --chown=dependabot:dependabot updater $DEPENDABOT_HOME/dependabot-updater
diff --git a/javascript/dependabot-bun.gemspec b/javascript/dependabot-bun.gemspec
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  common_gemspec =
+    Bundler.load_gemspec_uncached("../common/dependabot-common.gemspec")
+
+  spec.name         = "dependabot-bun"
+  spec.summary      = "Provides Dependabot support for Bun"
+  spec.description  = "Dependabot-bun provides support for bumping Javascript libraries using bun via " \
+                      "Dependabot. " \
+                      "If you want support for multiple package managers, you probably want the meta-gem " \
+                      "dependabot-omnibus."
+
+  spec.author       = common_gemspec.author
+  spec.email        = common_gemspec.email
+  spec.homepage     = common_gemspec.homepage
+  spec.license      = common_gemspec.license
+
+  spec.metadata = {
+    "bug_tracker_uri" => common_gemspec.metadata["bug_tracker_uri"],
+    "changelog_uri" => common_gemspec.metadata["changelog_uri"]
+  }
+
+  spec.version = common_gemspec.version
+  spec.required_ruby_version = common_gemspec.required_ruby_version
+  spec.required_rubygems_version = common_gemspec.required_ruby_version
+
+  spec.require_path = "lib"
+  spec.files        = []
+
+  spec.add_dependency "dependabot-common", Dependabot::VERSION
+  spec.add_dependency "zeitwerk", "~> 2.7"
+
+  common_gemspec.development_dependencies.each do |dep|
+    spec.add_development_dependency dep.name, *dep.requirement.as_list
+  end
+
+  next unless File.exist?("../.gitignore")
+
+  spec.files += `git -C #{__dir__} ls-files lib helpers -z`.split("\x0")
+end
diff --git a/javascript/script/ci-test b/javascript/script/ci-test
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+set -e
+
+bundle install
+bundle exec turbo_tests --verbose
diff --git a/javascript/spec/spec_helper.rb b/javascript/spec/spec_helper.rb
@@ -0,0 +1,12 @@
+# typed: true
+# frozen_string_literal: true
+
+def common_dir
+  @common_dir ||= Gem::Specification.find_by_name("dependabot-common").gem_dir
+end
+
+def require_common_spec(path)
+  require "#{common_dir}/spec/dependabot/#{path}"
+end
+
+require "#{common_dir}/spec/spec_helper.rb"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		BUNDLE_GEMFILE: "../dependabot-updater/Gemfile"