From 3b1250bdbe8e7caa971e359cf2e7b5d31691ce3f Mon Sep 17 00:00:00 2001 From: Ekin Dursun Date: Mon, 25 Mar 2024 19:58:13 +0300 Subject: [PATCH 1/2] Support Poetry non-package mode (#9323) Starting with version 1.8, Poetry has a non-package mode for projects using Poetry not for building and publishing packages but only for dependency management. name, version, description and authors fields are optional in non-package mode. Co-authored-by: AbdulFattaah Popoola --- .../file_parser/pyproject_files_parser.rb | 4 +++- .../pyproject_files_parser_spec.rb | 8 +++++++ .../poetry_non_package_mode.toml | 22 +++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 python/spec/fixtures/pyproject_files/poetry_non_package_mode.toml diff --git a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb index b62f9b5e49..986bd242db 100644 --- a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb @@ -160,7 +160,9 @@ def using_poetry? end def missing_poetry_keys - %w(name version description authors).reject { |key| poetry_root.key?(key) } + package_mode = poetry_root.fetch("package-mode", true) + required_keys = package_mode ? %w(name version description authors) : [] + required_keys.reject { |key| poetry_root.key?(key) } end def using_pep621? diff --git a/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb b/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb index df4fb171e8..5a73273f79 100644 --- a/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb +++ b/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb @@ -121,6 +121,14 @@ expect(dependency_names).to include("pytest") end end + + context "with non-package mode" do + let(:pyproject_fixture_name) { "poetry_non_package_mode.toml" } + + it "parses correctly with no metadata" do + expect { parser.dependency_set }.to_not raise_error + end + end end context "with a lockfile" do diff --git a/python/spec/fixtures/pyproject_files/poetry_non_package_mode.toml b/python/spec/fixtures/pyproject_files/poetry_non_package_mode.toml new file mode 100644 index 0000000000..1bac261cc6 --- /dev/null +++ b/python/spec/fixtures/pyproject_files/poetry_non_package_mode.toml @@ -0,0 +1,22 @@ +[tool.poetry] +package-mode = false + +[tool.poetry.dependencies] +python = "^3.6 || ^3.7" +geopy = "^1.13" +Pillow = "^5.1" +requests = "^2.18" + +[tool.poetry.dev-dependencies] +black = "^18.5" +flake8 = "^3.5" +flake8-comprehensions = "^1.4" +httmock = "^1.2" +hypothesis = "^3.56" +mypy = "^0.600" +pytest = "^3.5" +pytest-cov = "^2.5" +pytest-mock = "^1.9" +pytest-sugar = "^0.9" +pytest-random-order = "^0.7" +tox = "^3.0" From 634b2faf75e0daa8575fa38fe1fd517dac1e9893 Mon Sep 17 00:00:00 2001 From: Jake Coffman Date: Mon, 25 Mar 2024 14:58:56 -0500 Subject: [PATCH 2/2] add and update tests around group update failures (#9363) --- .../tests/testdata/vu-group-err-creation.txt | 57 +++++++++++++++ silent/tests/testdata/vu-group-err-update.txt | 71 +++++++++++++++++++ silent/tests/testdata/vu-group-failure.txt | 43 ----------- 3 files changed, 128 insertions(+), 43 deletions(-) create mode 100644 silent/tests/testdata/vu-group-err-creation.txt create mode 100644 silent/tests/testdata/vu-group-err-update.txt delete mode 100644 silent/tests/testdata/vu-group-failure.txt diff --git a/silent/tests/testdata/vu-group-err-creation.txt b/silent/tests/testdata/vu-group-err-creation.txt new file mode 100644 index 0000000000..9bc29f2b58 --- /dev/null +++ b/silent/tests/testdata/vu-group-err-creation.txt @@ -0,0 +1,57 @@ +! dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent +# It fails to update "dont-update-any-files" +stdout -count=1 record_update_job_error + +# It updates "dependency-a" to 1.3.0 +stdout -count=1 create_pull_request + +stderr -count=1 'Error processing dont-update-any-files' +pr-created expected.json + +# Testing if one dependency fails to update, the other dependencies are still updated in a grouped update. +# See the silent ecosystem code for special handling of a dependency named "dont-update-any-files". + +-- manifest.json -- +{ + "dependency-a": { "version": "1.2.3"}, + "dont-update-any-files": { "version": "1.0.0" } +} + +-- expected.json -- +{ + "dependency-a": { "version": "1.3.0"}, + "dont-update-any-files": { "version": "1.0.0" } +} + +-- dont-update-any-files -- +{ + "versions": [ + "1.0.0", + "1.0.1" + ] +} + +-- dependency-a -- +{ + "versions": [ + "1.2.3", + "1.2.4", + "1.3.0" + ] +} + +-- input.yml -- +job: + package-manager: "silent" + source: + directory: "/" + provider: example + hostname: example.com + api-endpoint: https://example.com/api/v3 + repo: dependabot/smoke-tests + dependency-groups: + - name: dev + rules: + # specifically not using semver rules (update-types) for this test + patterns: + - "*" diff --git a/silent/tests/testdata/vu-group-err-update.txt b/silent/tests/testdata/vu-group-err-update.txt new file mode 100644 index 0000000000..c2b3737ef0 --- /dev/null +++ b/silent/tests/testdata/vu-group-err-update.txt @@ -0,0 +1,71 @@ +! dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent +# It fails to update "dont-update-any-files" +stdout -count=1 record_update_job_error + +# It closes the previous PR since it no longer includes "dont-update-any-files" +stdout -count=1 close_pull_request + +# It creates a new PR with the updated "dependency-a" +stdout -count=1 create_pull_request + +stderr 'Error processing dont-update-any-files' +pr-created expected.json + +# Testing what happens when a rebase job fails to update one dependency. +# See the silent ecosystem code for special handling of a dependency named "dont-update-any-files". + +-- manifest.json -- +{ + "dependency-a": { "version": "1.2.3"}, + "dont-update-any-files": {"version": "1.0.0"} +} + +-- expected.json -- +{ + "dependency-a": { "version": "1.3.0"}, + "dont-update-any-files": {"version": "1.0.0"} +} + +-- dont-update-any-files -- +{ + "versions": [ + "1.0.0", + "1.0.1" + ] +} + +-- dependency-a -- +{ + "versions": [ + "1.2.3", + "1.2.4", + "1.3.0" + ] +} + +-- input.yml -- +job: + package-manager: "silent" + source: + directory: "/" + provider: example + hostname: example.com + api-endpoint: https://example.com/api/v3 + repo: dependabot/smoke-tests + dependency-groups: + - name: all-group + rules: + patterns: + - "*" + dependencies: + - dependency-a + - dont-update-any-files + updating-a-pull-request: true + dependency-group-to-refresh: all-group + existing-group-pull-requests: + - dependency-group-name: all-group + dependencies: + - dependency-name: dependency-a + dependency-version: 1.2.0 + - dependency-name: dont-update-any-files + dependency-version: 0.9.0 diff --git a/silent/tests/testdata/vu-group-failure.txt b/silent/tests/testdata/vu-group-failure.txt deleted file mode 100644 index db3ae5b840..0000000000 --- a/silent/tests/testdata/vu-group-failure.txt +++ /dev/null @@ -1,43 +0,0 @@ -! dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent -# Testing that no individual PRs are created if there is a failure. -! stdout create_pull_request -stderr 'Error processing dont-update-any-files' - --- manifest.json -- -{ - "dependency-a": "1.2.3", - "dont-update-any-files": "1.0.0" -} - --- dont-update-any-files -- -{ - "versions": [ - "1.0.0", - "1.0.1" - ] -} - --- dependency-a -- -{ - "versions": [ - "1.2.3", - "1.2.4", - "1.3.0" - ] -} - --- input.yml -- -job: - package-manager: "silent" - source: - directory: "/" - provider: example - hostname: example.com - api-endpoint: https://example.com/api/v3 - repo: dependabot/smoke-tests - dependency-groups: - - name: dev - rules: - # specifically not using semver rules (update-types) for this test - patterns: - - "*"