Merge branch 'main' into dependabot/pip/python/helpers/plette-1.0.0

python/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -160,7 +160,9 @@ def using_poetry?
         end
 
         def missing_poetry_keys
-          %w(name version description authors).reject { |key| poetry_root.key?(key) }
+          package_mode = poetry_root.fetch("package-mode", true)
+          required_keys = package_mode ? %w(name version description authors) : []
+          required_keys.reject { |key| poetry_root.key?(key) }
         end
 
         def using_pep621?

python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb

@@ -121,6 +121,14 @@
           expect(dependency_names).to include("pytest")
         end
       end
+
+      context "with non-package mode" do
+        let(:pyproject_fixture_name) { "poetry_non_package_mode.toml" }
+
+        it "parses correctly with no metadata" do
+          expect { parser.dependency_set }.to_not raise_error
+        end
+      end
     end
 
     context "with a lockfile" do

python/spec/fixtures/pyproject_files/poetry_non_package_mode.toml

@@ -0,0 +1,22 @@
+[tool.poetry]
+package-mode = false
+
+[tool.poetry.dependencies]
+python = "^3.6 || ^3.7"
+geopy = "^1.13"
+Pillow = "^5.1"
+requests = "^2.18"
+
+[tool.poetry.dev-dependencies]
+black = "^18.5"
+flake8 = "^3.5"
+flake8-comprehensions = "^1.4"
+httmock = "^1.2"
+hypothesis = "^3.56"
+mypy = "^0.600"
+pytest = "^3.5"
+pytest-cov = "^2.5"
+pytest-mock = "^1.9"
+pytest-sugar = "^0.9"
+pytest-random-order = "^0.7"
+tox = "^3.0"

silent/tests/testdata/vu-group-err-creation.txt

@@ -0,0 +1,57 @@
+! dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+# It fails to update "dont-update-any-files"
+stdout -count=1 record_update_job_error
+
+# It updates "dependency-a" to 1.3.0
+stdout -count=1 create_pull_request
+
+stderr -count=1 'Error processing dont-update-any-files'
+pr-created expected.json
+
+# Testing if one dependency fails to update, the other dependencies are still updated in a grouped update.
+# See the silent ecosystem code for special handling of a dependency named "dont-update-any-files".
+
+-- manifest.json --
+{
+  "dependency-a": { "version": "1.2.3"},
+  "dont-update-any-files": { "version": "1.0.0" }
+}
+
+-- expected.json --
+{
+  "dependency-a": { "version": "1.3.0"},
+  "dont-update-any-files": { "version": "1.0.0" }
+}
+
+-- dont-update-any-files --
+{
+  "versions": [
+    "1.0.0",
+    "1.0.1"
+  ]
+}
+
+-- dependency-a --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.3.0"
+  ]
+}
+
+-- input.yml --
+job:
+  package-manager: "silent"
+  source:
+    directory: "/"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  dependency-groups:
+    - name: dev
+      rules:
+        # specifically not using semver rules (update-types) for this test
+        patterns:
+         - "*"

silent/tests/testdata/vu-group-err-update.txt

@@ -0,0 +1,71 @@
+! dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+# It fails to update "dont-update-any-files"
+stdout -count=1 record_update_job_error
+
+# It closes the previous PR since it no longer includes "dont-update-any-files"
+stdout -count=1 close_pull_request
+
+# It creates a new PR with the updated "dependency-a"
+stdout -count=1 create_pull_request
+
+stderr 'Error processing dont-update-any-files'
+pr-created expected.json
+
+# Testing what happens when a rebase job fails to update one dependency.
+# See the silent ecosystem code for special handling of a dependency named "dont-update-any-files".
+
+-- manifest.json --
+{
+  "dependency-a": { "version": "1.2.3"},
+  "dont-update-any-files": {"version": "1.0.0"}
+}
+
+-- expected.json --
+{
+  "dependency-a": { "version": "1.3.0"},
+  "dont-update-any-files": {"version": "1.0.0"}
+}
+
+-- dont-update-any-files --
+{
+  "versions": [
+    "1.0.0",
+    "1.0.1"
+  ]
+}
+
+-- dependency-a --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.3.0"
+  ]
+}
+
+-- input.yml --
+job:
+  package-manager: "silent"
+  source:
+    directory: "/"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  dependency-groups:
+    - name: all-group
+      rules:
+        patterns:
+         - "*"
+  dependencies:
+    - dependency-a
+    - dont-update-any-files
+  updating-a-pull-request: true
+  dependency-group-to-refresh: all-group
+  existing-group-pull-requests:
+    - dependency-group-name: all-group
+      dependencies:
+        - dependency-name: dependency-a
+          dependency-version: 1.2.0
+        - dependency-name: dont-update-any-files
+          dependency-version: 0.9.0