diff --git a/bin/dry-run.rb b/bin/dry-run.rb index 9ed9598a23..183fbe2e98 100755 --- a/bin/dry-run.rb +++ b/bin/dry-run.rb @@ -474,10 +474,7 @@ def log_conflicting_dependencies(conflicting_dependencies) commit: $options[:commit] ) -always_clone = Dependabot::Utils - .always_clone_for_package_manager?($package_manager) -vendor_dependencies = $options[:vendor_dependencies] -$repo_contents_path = File.expand_path(File.join("tmp", $repo_name.split("/"))) if vendor_dependencies || always_clone +$repo_contents_path = File.expand_path(File.join("tmp", $repo_name.split("/"))) fetcher_args = { source: $source, diff --git a/common/lib/dependabot/utils.rb b/common/lib/dependabot/utils.rb index bb185bf49a..b19bbbd2f4 100644 --- a/common/lib/dependabot/utils.rb +++ b/common/lib/dependabot/utils.rb @@ -54,18 +54,6 @@ def self.register_requirement_class(package_manager, requirement_class) @cloning_package_managers = T.let(Set[], T::Set[String]) - sig { params(package_manager: String).returns(T::Boolean) } - def self.always_clone_for_package_manager?(package_manager) - @cloning_package_managers.include?(package_manager) - end - - sig { params(package_manager: String).void } - def self.register_always_clone(package_manager) - validate_package_manager!(package_manager) - - @cloning_package_managers << package_manager - end - sig { params(package_manager: String).void } def self.validate_package_manager!(package_manager) # Official package manager diff --git a/devcontainers/lib/dependabot/devcontainers.rb b/devcontainers/lib/dependabot/devcontainers.rb index 7ac8008532..a18c735a6f 100644 --- a/devcontainers/lib/dependabot/devcontainers.rb +++ b/devcontainers/lib/dependabot/devcontainers.rb @@ -18,6 +18,3 @@ require "dependabot/dependency" Dependabot::Dependency .register_production_check("devcontainers", ->(_) { true }) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("devcontainers") diff --git a/go_modules/lib/dependabot/go_modules.rb b/go_modules/lib/dependabot/go_modules.rb index 2f6d2598bc..1d6e5099d0 100644 --- a/go_modules/lib/dependabot/go_modules.rb +++ b/go_modules/lib/dependabot/go_modules.rb @@ -18,6 +18,3 @@ require "dependabot/dependency" Dependabot::Dependency .register_production_check("go_modules", ->(_) { true }) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("go_modules") diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn.rb index f6fbb4c4ec..a09c63f572 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn.rb @@ -25,6 +25,3 @@ groups.include?("dependencies") end ) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("npm_and_yarn") diff --git a/nuget/lib/dependabot/nuget.rb b/nuget/lib/dependabot/nuget.rb index 1df0b4b099..1aad95bc34 100644 --- a/nuget/lib/dependabot/nuget.rb +++ b/nuget/lib/dependabot/nuget.rb @@ -24,5 +24,3 @@ groups.include?("dependencies") end ) - -Dependabot::Utils.register_always_clone("nuget") diff --git a/pub/lib/dependabot/pub.rb b/pub/lib/dependabot/pub.rb index 5ba2dcf6f9..6e98ff6e32 100644 --- a/pub/lib/dependabot/pub.rb +++ b/pub/lib/dependabot/pub.rb @@ -17,6 +17,3 @@ require "dependabot/dependency" Dependabot::Dependency.register_production_check("pub", ->(_) { true }) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("pub") diff --git a/python/lib/dependabot/python.rb b/python/lib/dependabot/python.rb index 3f6eb1251f..ee3813c0e7 100644 --- a/python/lib/dependabot/python.rb +++ b/python/lib/dependabot/python.rb @@ -33,6 +33,3 @@ "pip", ->(name) { Dependabot::Python::NameNormaliser.normalise(name) } ) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("pip") diff --git a/silent/lib/dependabot/silent.rb b/silent/lib/dependabot/silent.rb index 4b68950d8d..1308bb39db 100644 --- a/silent/lib/dependabot/silent.rb +++ b/silent/lib/dependabot/silent.rb @@ -18,6 +18,3 @@ require "dependabot/dependency" Dependabot::Dependency .register_production_check("silent", ->(groups) { groups.empty? || groups.include?("prod") }) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("silent") diff --git a/swift/lib/dependabot/swift.rb b/swift/lib/dependabot/swift.rb index 82b4284b37..a58131f7e6 100644 --- a/swift/lib/dependabot/swift.rb +++ b/swift/lib/dependabot/swift.rb @@ -18,6 +18,3 @@ require "dependabot/dependency" Dependabot::Dependency .register_production_check("swift", ->(_) { true }) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("swift") diff --git a/terraform/lib/dependabot/terraform.rb b/terraform/lib/dependabot/terraform.rb index 1f9435282b..6ab7f2de7e 100644 --- a/terraform/lib/dependabot/terraform.rb +++ b/terraform/lib/dependabot/terraform.rb @@ -19,9 +19,6 @@ Dependabot::Dependency .register_production_check("terraform", ->(_) { true }) -require "dependabot/utils" -Dependabot::Utils.register_always_clone("terraform") - Dependabot::Dependency .register_display_name_builder( "terraform", diff --git a/updater/lib/dependabot/job.rb b/updater/lib/dependabot/job.rb index a8a46f351c..8de77eb3a7 100644 --- a/updater/lib/dependabot/job.rb +++ b/updater/lib/dependabot/job.rb @@ -125,8 +125,7 @@ def initialize(attributes) end def clone? - vendor_dependencies? || - Dependabot::Utils.always_clone_for_package_manager?(@package_manager) + true end # Some Core components test for a non-nil repo_contents_path as an implicit diff --git a/updater/spec/dependabot/file_fetcher_command_spec.rb b/updater/spec/dependabot/file_fetcher_command_spec.rb index dae1e31bde..3e7d67ecb1 100644 --- a/updater/spec/dependabot/file_fetcher_command_spec.rb +++ b/updater/spec/dependabot/file_fetcher_command_spec.rb @@ -54,15 +54,6 @@ expect(dependency_file["content_encoding"]).to eq("utf-8") end - it "does not clone the repo", vcr: true do - expect_any_instance_of(Dependabot::Bundler::FileFetcher) - .not_to receive(:clone_repo_contents) - - expect(api_client).not_to receive(:mark_job_as_processed) - - perform_job - end - context "when the fetcher raises a ToolVersionNotSupported error", vcr: true do before do allow_any_instance_of(Dependabot::Bundler::FileFetcher) diff --git a/updater/spec/dependabot/integration_spec.rb b/updater/spec/dependabot/integration_spec.rb deleted file mode 100644 index 94b9d22134..0000000000 --- a/updater/spec/dependabot/integration_spec.rb +++ /dev/null @@ -1,468 +0,0 @@ -# typed: false -# frozen_string_literal: true - -require "spec_helper" -require "support/dependency_file_helpers" - -require "dependabot/dependency" -require "dependabot/dependency_file" -require "dependabot/file_fetchers" - -require "dependabot/file_fetcher_command" -require "dependabot/update_files_command" - -require "dependabot/api_client" - -RSpec.describe "Dependabot Updates" do - include DependencyFileHelpers - - let(:fetch_files) { Dependabot::FileFetcherCommand.new } - let(:update_files) { Dependabot::UpdateFilesCommand.new } - - let(:run_job) do - fetch_files.run - update_files.run - end - - before { WebMock.disable! } - after { WebMock.enable! } - - let(:job_id) { 1 } - let(:fetch_job_definition) do - # for the fetch step, the definition is just the parameters - { - "job" => job_parameters - } - end - - let(:update_job_definition) do - # for the update step, we expect the base commit sha and files to be prepared - # by the previous step - fetch_job_definition.merge({ - "base_commit_sha" => "sha", - "base64_dependency_files" => encode_dependency_files(dependency_files) - }) - end - - let(:api_client) do - api_client = instance_double(Dependabot::ApiClient, - create_pull_request: nil, - update_pull_request: nil, - close_pull_request: nil, - mark_job_as_processed: nil, - update_dependency_list: nil, - record_update_job_error: nil, - record_update_job_unknown_error: nil, - record_ecosystem_versions: nil, - increment_metric: nil) - allow(api_client).to receive(:is_a?).with(Dependabot::ApiClient).and_return(true) - api_client - end - let(:file_fetcher) do - instance_double(Dependabot::FileFetchers::Base, - files: dependency_files, - commit: "sha") - end - let(:message_builder) do - instance_double(Dependabot::PullRequestCreator::MessageBuilder, message: nil) - end - - before do - # Stub out the environment - allow(Dependabot::Environment).to receive(:job_id).and_return(job_id) - allow(Dependabot::Environment).to receive(:job_definition).and_return( - fetch_job_definition, - update_job_definition - ) - allow(Dependabot::Environment).to receive(:output_path).and_return( - File.join(Dir.mktmpdir("fetch"), "output.json"), - File.join(Dir.mktmpdir("update"), "output.json") - ) - allow(Dependabot::Environment).to receive(:job_token).and_return("token") - - # Stub Dependabot object with instance doubles - allow(Dependabot::ApiClient).to receive(:new).and_return(api_client) - allow(Dependabot::FileFetchers).to receive_message_chain(:for_package_manager, :new).and_return(file_fetcher) - allow(Dependabot::PullRequestCreator::MessageBuilder).to receive(:new).and_return(message_builder) - allow(file_fetcher).to receive(:ecosystem_versions).and_return(nil) - - allow(Dependabot.logger).to receive(:info).and_call_original - end - - describe "bundler" do - let(:dependency_files) do - [ - Dependabot::DependencyFile.new( - name: "Gemfile", - content: fixture("bundler/original/Gemfile"), - directory: "/" - ), - Dependabot::DependencyFile.new( - name: "Gemfile.lock", - content: fixture("bundler/original/Gemfile.lock"), - directory: "/" - ) - ] - end - - let(:job_parameters) do - { - "token" => "token", - "dependencies" => nil, - "allowed_updates" => [ - { - "dependency-type" => "direct", - "update-type" => "all" - }, - { - "dependency-type" => "indirect", - "update-type" => "security" - } - ], - "existing_pull_requests" => [], - "ignore_conditions" => [], - "security_advisories" => [], - "package_manager" => "bundler", - "source" => { - "provider" => "github", - "repo" => "dependabot-fixtures/dependabot-test-ruby-package", - "directory" => "/", - "api-endpoint" => "https://api.github.com/", - "hostname" => "github.com", - "branch" => nil - }, - "credentials-metadata" => [{ - "type" => "git_source", - "host" => "github.com" - }], - "lockfile_only" => false, - "requirements_update_strategy" => nil, - "update_subdependencies" => false, - "updating_a_pull_request" => false, - "vendor_dependencies" => false, - "security_updates_only" => false, - "dependency_groups" => [] - } - end - - it "updates dependencies correctly" do - expect(api_client) - .to receive(:create_pull_request) do |dependency_change, commit_sha| - dep = Dependabot::Dependency.new( - name: "dummy-pkg-b", - package_manager: "bundler", - version: "1.2.0", - previous_version: "1.1.0", - requirements: [ - { requirement: "~> 1.2.0", - groups: [:default], - source: nil, - file: "Gemfile" } - ], - previous_requirements: [ - { requirement: "~> 1.1.0", - groups: [:default], - source: nil, - file: "Gemfile" } - ] - ) - expect(dependency_change.updated_dependencies).to eql([dep]) - expect(dependency_change.updated_dependency_files_hash).to eq( - [ - { - "name" => "Gemfile", - "content" => fixture("bundler/updated/Gemfile"), - "directory" => "/", - "type" => "file", - "mode" => "100644", - "support_file" => false, - "content_encoding" => "utf-8", - "deleted" => false, - "operation" => "update" - }, - { - "name" => "Gemfile.lock", - "content" => fixture("bundler/updated/Gemfile.lock"), - "directory" => "/", - "type" => "file", - "mode" => "100644", - "support_file" => false, - "content_encoding" => "utf-8", - "deleted" => false, - "operation" => "update" - } - ] - ) - expect(commit_sha).to eq("sha") - end - run_job - end - - it "summarizes the changes" do - expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| - expect(log_message).to include("created", "dummy-pkg-b ( from 1.1.0 to 1.2.0 )") - end - - run_job - end - - context "when there is an exception that blocks PR creation (cloud)" do - before do - allow(api_client).to receive(:create_pull_request).and_raise(StandardError, "oh no!") - Dependabot::Experiments.register(:record_ecosystem_versions, true) - Dependabot::Experiments.register(:record_update_job_unknown_error, true) - end - - after do - Dependabot::Experiments.reset! - end - - it "notifies Dependabot API of the problem" do - expect(api_client).to receive(:record_update_job_error) - .with({ error_type: "unknown_error", error_details: nil }) - - expect(api_client).to receive(:record_update_job_unknown_error) - .with( - { error_type: "unknown_error", - error_details: { - "error-backtrace" => an_instance_of(String), - "error-message" => "oh no!", - "error-class" => "StandardError", - "package-manager" => "bundler", - "job-id" => 1, - "job-dependency_group" => [] - } } - ) - - expect { run_job }.to output(/oh no!/).to_stdout_from_any_process - end - - it "indicates there was an error in the summary" do - expect(Dependabot.logger).not_to receive(:info).with(/Changes to Dependabot Pull Requests/) - expect(Dependabot.logger).to receive(:info).with(/Dependabot encountered '1' error/) - - expect { run_job }.to output(/oh no!/).to_stdout_from_any_process - end - - it "does not raise an exception" do - expect { run_job }.to output(/oh no!/).to_stdout_from_any_process - end - - context "when GITHUB_ACTIONS is set" do - before do - allow(Dependabot::Environment).to receive(:github_actions?) { "true" } - end - - it "raises an exception" do - expect { run_job }.to raise_error(Dependabot::RunFailure) - .and output(/oh no!/).to_stdout_from_any_process - end - end - end - - context "when there is an exception that blocks PR creation (ghes)" do - before do - allow(api_client).to receive(:create_pull_request).and_raise(StandardError, "oh no!") - end - - it "notifies Dependabot API of the problem" do - expect(api_client).to receive(:record_update_job_error) - .with({ error_type: "unknown_error", error_details: nil }) - - expect(api_client).to_not receive(:record_update_job_unknown_error) - expect { run_job }.to output(/oh no!/).to_stdout_from_any_process - end - - it "indicates there was an error in the summary" do - expect(Dependabot.logger).not_to receive(:info).with(/Changes to Dependabot Pull Requests/) - expect(Dependabot.logger).to receive(:info).with(/Dependabot encountered '1' error/) - - expect { run_job }.to output(/oh no!/).to_stdout_from_any_process - end - - it "does not raise an exception" do - expect { run_job }.to output(/oh no!/).to_stdout_from_any_process - end - - context "when GITHUB_ACTIONS is set" do - before do - allow(Dependabot::Environment).to receive(:github_actions?) { "true" } - end - - it "raises an exception" do - expect { run_job }.to raise_error(Dependabot::RunFailure) - .and output(/oh no!/).to_stdout_from_any_process - end - end - end - - context "when there is an exception that does not block PR creation" do - before do - # Pre-populate an updater error - update_files.service.record_update_job_error( - error_type: :epoch_error, - error_details: { - message: "What is fortran doing here?!" - } - ) - end - - it "indicates both the pr creation and error in the summary" do - expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| - expect(log_message).to include("created", "dummy-pkg-b ( from 1.1.0 to 1.2.0 )") - expect(log_message).to include("Dependabot encountered '1' error") - end - - run_job - end - - it "does not raise an exception" do - expect { run_job }.not_to raise_error - end - - context "when GITHUB_ACTIONS is set" do - before do - allow(Dependabot::Environment).to receive(:github_actions?) { "true" } - end - - it "raises an exception" do - expect { run_job }.to raise_error(Dependabot::RunFailure) - end - end - end - end - - describe "bundler git dependencies" do - let(:dependency_files) do - [ - Dependabot::DependencyFile.new( - name: "Gemfile", - content: fixture("bundler_git/original/Gemfile"), - directory: "/" - ), - Dependabot::DependencyFile.new( - name: "Gemfile.lock", - content: fixture("bundler_git/original/Gemfile.lock"), - directory: "/" - ) - ] - end - - let(:job_parameters) do - { - "token" => "token", - "dependencies" => nil, - "allowed_updates" => [ - { - "dependency-type" => "direct", - "update-type" => "all" - }, - { - "dependency-type" => "indirect", - "update-type" => "security" - } - ], - "existing_pull_requests" => [], - "ignore_conditions" => [], - "security_advisories" => [], - "package_manager" => "bundler", - "source" => { - "provider" => "github", - "repo" => "dependabot-fixtures/dependabot-test-ruby-package", - "directory" => "/", - "api-endpoint" => "https://api.github.com/", - "hostname" => "github.com", - "branch" => nil - }, - "credentials-metadata" => [{ - "type" => "git_source", - "host" => "github.com" - }], - "lockfile_only" => false, - "requirements_update_strategy" => nil, - "update_subdependencies" => false, - "updating_a_pull_request" => false, - "vendor_dependencies" => false, - "security_updates_only" => false - } - end - - it "updates dependencies correctly" do - expect(api_client) - .to receive(:create_pull_request) do |dependency_change, commit_sha| - dep = Dependabot::Dependency.new( - name: "dummy-git-dependency", - package_manager: "bundler", - version: "c0e25c2eb332122873f73acb3b61fb2e261cfd8f", - previous_version: "20151f9b67c8a04461fa0ee28385b6187b86587b", - requirements: [ - { requirement: ">= 0", - groups: [:default], - source: { - type: "git", - branch: nil, - ref: "v1.1.0", - url: "git@github.com:dependabot-fixtures/ruby-dummy-git-" \ - "dependency.git" - }, - file: "Gemfile" } - ], - previous_requirements: [ - { requirement: ">= 0", - groups: [:default], - source: { - type: "git", - branch: nil, - ref: "v1.0.0", - url: "git@github.com:dependabot-fixtures/ruby-dummy-git-" \ - "dependency.git" - }, - file: "Gemfile" } - ] - ) - expect(dependency_change.updated_dependencies).to eql([dep]) - expect(dependency_change.updated_dependency_files_hash).to eq( - [ - { - "name" => "Gemfile", - "content" => fixture("bundler_git/updated/Gemfile"), - "directory" => "/", - "type" => "file", - "mode" => "100644", - "support_file" => false, - "content_encoding" => "utf-8", - "deleted" => false, - "operation" => "update" - }, - { - "name" => "Gemfile.lock", - "content" => fixture("bundler_git/updated/Gemfile.lock"), - "directory" => "/", - "type" => "file", - "mode" => "100644", - "support_file" => false, - "content_encoding" => "utf-8", - "deleted" => false, - "operation" => "update" - } - ] - ) - expect(commit_sha).to eq("sha") - end - run_job - end - - it "summarizes the changes" do - expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| - expect(log_message).to include( - "created", - "dummy-git-dependency", - "from v1.0.0", - "to v1.1.0" - ) - end - - run_job - end - end -end diff --git a/updater/spec/dependabot/job_spec.rb b/updater/spec/dependabot/job_spec.rb index bc0021b500..411c7f4a2f 100644 --- a/updater/spec/dependabot/job_spec.rb +++ b/updater/spec/dependabot/job_spec.rb @@ -443,42 +443,6 @@ end end - describe "#clone?" do - subject { job.clone? } - - it { is_expected.to eq(false) } - - context "with vendoring configuration enabled" do - let(:vendor_dependencies) { true } - - it { is_expected.to eq(true) } - end - - context "for ecosystems that always clone" do - let(:vendor_dependencies) { false } - let(:dependencies) do - [ - Dependabot::Dependency.new( - name: "github.com/pkg/errors", - package_manager: "dummy", - version: "v1.8.0", - requirements: [ - { - file: "go.mod", - requirement: "v1.8.0", - groups: [], - source: nil - } - ] - ) - ] - end - let(:package_manager) { "dummy" } - - it { is_expected.to eq(true) } - end - end - describe "#security_fix?" do subject { job.security_fix?(dependency) } diff --git a/updater/spec/fixtures/bundler_git/original/Gemfile b/updater/spec/fixtures/bundler_git/original/Gemfile deleted file mode 100644 index d27ea892f0..0000000000 --- a/updater/spec/fixtures/bundler_git/original/Gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -gem "dummy-git-dependency", git: "git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git", ref: "v1.0.0" diff --git a/updater/spec/fixtures/bundler_git/original/Gemfile.lock b/updater/spec/fixtures/bundler_git/original/Gemfile.lock deleted file mode 100644 index cfe797d21a..0000000000 --- a/updater/spec/fixtures/bundler_git/original/Gemfile.lock +++ /dev/null @@ -1,21 +0,0 @@ -GIT - remote: git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git - revision: 20151f9b67c8a04461fa0ee28385b6187b86587b - ref: v1.0.0 - specs: - dummy-git-dependency (1.0.0) - -GEM - remote: https://rubygems.org/ - specs: - -PLATFORMS - aarch64-linux - x86_64-darwin-19 - x86_64-linux - -DEPENDENCIES - dummy-git-dependency! - -BUNDLED WITH - 2.2.11 diff --git a/updater/spec/fixtures/bundler_git/updated/Gemfile b/updater/spec/fixtures/bundler_git/updated/Gemfile deleted file mode 100644 index ab88c81480..0000000000 --- a/updater/spec/fixtures/bundler_git/updated/Gemfile +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -gem "dummy-git-dependency", git: "git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git", ref: "v1.1.0" diff --git a/updater/spec/fixtures/bundler_git/updated/Gemfile.lock b/updater/spec/fixtures/bundler_git/updated/Gemfile.lock deleted file mode 100644 index 94a2f0d5ca..0000000000 --- a/updater/spec/fixtures/bundler_git/updated/Gemfile.lock +++ /dev/null @@ -1,21 +0,0 @@ -GIT - remote: git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git - revision: c0e25c2eb332122873f73acb3b61fb2e261cfd8f - ref: v1.1.0 - specs: - dummy-git-dependency (1.1.0) - -GEM - remote: https://rubygems.org/ - specs: - -PLATFORMS - aarch64-linux - x86_64-darwin-19 - x86_64-linux - -DEPENDENCIES - dummy-git-dependency! - -BUNDLED WITH - 2.2.11 diff --git a/updater/spec/support/dummy_package_manager/dummy.rb b/updater/spec/support/dummy_package_manager/dummy.rb index 54ec983a10..f0fc7bf549 100644 --- a/updater/spec/support/dummy_package_manager/dummy.rb +++ b/updater/spec/support/dummy_package_manager/dummy.rb @@ -20,6 +20,3 @@ groups.any? { |g| g.include?("prod") } end ) - -require "dependabot/utils" -Dependabot::Utils.register_always_clone("dummy")