diff --git a/gradle/lib/dependabot/gradle/file_fetcher.rb b/gradle/lib/dependabot/gradle/file_fetcher.rb index d05dd4b76d..20a8e612bc 100644 --- a/gradle/lib/dependabot/gradle/file_fetcher.rb +++ b/gradle/lib/dependabot/gradle/file_fetcher.rb @@ -41,6 +41,14 @@ def all_buildfiles_in_build(root_dir) files += subproject_buildfiles(root_dir) files += dependency_script_plugins(root_dir) files + included_builds(root_dir). + filter do |dir| + buildfile(dir) + rescue Dependabot::DependencyFileNotFound + # ignore included build if its is in a submodule + SUPPORTED_BUILD_FILE_NAMES. + map { |name| clean_join(dir, name) }. + all? { |path| !file_exists_in_submodule?(path) } + end. flat_map { |dir| all_buildfiles_in_build(dir) } end diff --git a/gradle/spec/dependabot/gradle/file_fetcher_spec.rb b/gradle/spec/dependabot/gradle/file_fetcher_spec.rb index 15ed2d43e9..82578ba6f9 100644 --- a/gradle/spec/dependabot/gradle/file_fetcher_spec.rb +++ b/gradle/spec/dependabot/gradle/file_fetcher_spec.rb @@ -274,6 +274,42 @@ def stub_no_content_request(path) )) end end + + context "when the included build is in git submodule" do + before do + stub_content_request("?ref=sha", "contents_java_with_settings.json") + stub_content_request("settings.gradle?ref=sha", "contents_java_settings_1_included_build.json") + stub_content_request("build.gradle?ref=sha", "contents_java_basic_buildfile.json") + stub_content_request("app/build.gradle?ref=sha", "contents_java_basic_buildfile.json") + stub_content_request("included?ref=sha", "contents_submodule.json") + stub_content_request("included/build.gradle?ref=sha", "contents_java_basic_buildfile.json") + end + + it "fetches the main buildfile" do + expect(file_fetcher_instance.files.count).to eq(3) + expect(file_fetcher_instance.files.map(&:name)). + to match_array(%w(build.gradle settings.gradle app/build.gradle)) + end + end + + context "when the included buildfile can't be found" do + before do + stub_content_request("?ref=sha", "contents_java_with_settings.json") + stub_content_request("settings.gradle?ref=sha", "contents_java_settings_1_included_build.json") + stub_content_request("build.gradle?ref=sha", "contents_java_basic_buildfile.json") + stub_content_request("app/build.gradle?ref=sha", "contents_java_basic_buildfile.json") + stub_no_content_request("included?ref=sha") + stub_no_content_request("included/build.gradle?ref=sha") + stub_no_content_request("included/build.gradle.kts?ref=sha") + end + + it "raises dependency file not found" do + expect { file_fetcher_instance.files }.to raise_error do |error| + expect(error).to be_a(Dependabot::DependencyFileNotFound) + expect(error.file_path).to eq("/included/build.gradle") + end + end + end end context "only a settings.gradle" do diff --git a/gradle/spec/fixtures/github/contents_submodule.json b/gradle/spec/fixtures/github/contents_submodule.json new file mode 100644 index 0000000000..f1ea52bd00 --- /dev/null +++ b/gradle/spec/fixtures/github/contents_submodule.json @@ -0,0 +1,17 @@ +{ + "_links": { + "git": "https://api.github.com/repos/gocardless/bump/git/trees/sha", + "html": "https://github.com/gocardless/bump/tree/sha", + "self": "https://api.github.com/repos/gocardless/bump/contents/included?ref=main" + }, + "download_url": null, + "git_url": "https://api.github.com/repos/gocardless/bump/git/trees/sha", + "html_url": "https://github.com/gocardless/bump/tree/sha", + "name": "included", + "path": "included", + "sha": "sha", + "size": 0, + "submodule_git_url": "https://github.com/gocardless/bump.git", + "type": "submodule", + "url": "https://api.github.com/repos/gocardless/bump/contents/included?ref=main" +}