Skip to content

Commit

Permalink
Merge branch 'main' into fix-docker-requirement-type
Browse files Browse the repository at this point in the history
  • Loading branch information
landongrindheim authored Jun 17, 2024
2 parents 304bad7 + 11ce6b8 commit 6f82dc7
Show file tree
Hide file tree
Showing 7 changed files with 106 additions and 19 deletions.
18 changes: 16 additions & 2 deletions composer/helpers/v2/src/UpdateChecker.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,15 @@
use Composer\Factory;
use Composer\Filter\PlatformRequirementFilter\PlatformRequirementFilterFactory;
use Composer\Installer;
use Composer\Package\Link;
use Composer\Package\PackageInterface;
use Composer\Package\Version\VersionParser;

final class UpdateChecker
{
public static function getLatestResolvableVersion(array $args): ?string
{
[$workingDirectory, $dependencyName, $gitCredentials, $registryCredentials] = $args;
[$workingDirectory, $dependencyName, $gitCredentials, $registryCredentials, $latestAllowableVersion] = $args;

$httpBasicCredentials = [];

Expand Down Expand Up @@ -48,10 +50,22 @@ public static function getLatestResolvableVersion(array $args): ?string
$io->loadConfiguration($config);
}

$package = $composer->getPackage();

$versionParser = new VersionParser();

$constraint = $versionParser->parseConstraints($latestAllowableVersion); // your version constraint
$packageLink = new Link($package->getName(), $dependencyName, $constraint);

$requires = $package->getRequires();
$requires[$dependencyName] = $packageLink;

$package->setRequires($requires);

$install = new Installer(
$io,
$config,
$composer->getPackage(), // @phpstan-ignore-line
$package, // @phpstan-ignore-line
$composer->getDownloadManager(),
$composer->getRepositoryManager(),
$composer->getLocker(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,8 @@ def run_update_checker
Dir.pwd,
dependency.name.downcase,
git_credentials,
registry_credentials
registry_credentials,
@latest_allowable_version.to_s
]
)
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
let(:dependency_name) { "phpdocumentor/reflection-docblock" }
let(:dependency_version) { "2.0.4" }
let(:string_req) { "2.0.4" }
let(:latest_allowable_version) { Gem::Version.new("3.3.2") }

it { is_expected.to eq(Dependabot::Composer::Version.new("3.3.2")) }
end
Expand All @@ -68,12 +69,14 @@
let(:dependency_name) { "phpdocumentor/reflection-docblock" }
let(:dependency_version) { "2.0.4" }
let(:string_req) { "2.0.4" }
let(:latest_allowable_version) { Gem::Version.new("3.3.2") }

it { is_expected.to eq(Dependabot::Composer::Version.new("3.3.2")) }

context "when the minimum version is invalid" do
let(:dependency_version) { "4.2.0" }
let(:string_req) { "4.2.0" }
let(:latest_allowable_version) { Gem::Version.new("4.3.1") }

it { is_expected.to be >= Dependabot::Composer::Version.new("4.3.1") }
end
Expand All @@ -85,6 +88,7 @@
let(:dependency_name) { "phpdocumentor/reflection-docblock" }
let(:dependency_version) { "2.0.4" }
let(:string_req) { "2.0.4" }
let(:latest_allowable_version) { Gem::Version.new("3.2.2") }

it { is_expected.to eq(Dependabot::Composer::Version.new("3.2.2")) }
end
Expand All @@ -103,7 +107,7 @@
context "with a dependency that's provided by another dep" do
let(:project_name) { "provided_dependency" }
let(:string_req) { "^1.0" }
let(:latest_allowable_version) { Gem::Version.new("6.0.0") }
let(:latest_allowable_version) { Gem::Version.new("1.0.0") }
let(:dependency_name) { "php-http/client-implementation" }
let(:dependency_version) { nil }

Expand Down
70 changes: 63 additions & 7 deletions composer/spec/dependabot/composer/update_checker_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,12 @@
describe "#latest_resolvable_version" do
subject(:latest_resolvable_version) { checker.latest_resolvable_version }

# setting the latest allowable version to 1.22.0
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("1.22.0"))
end

it "returns a non-normalized version, following semver" do
expect(latest_resolvable_version.segments.count).to eq(3)
end
Expand All @@ -209,7 +215,7 @@
context "when the user is ignoring the latest version" do
let(:ignored_versions) { [">= 1.22.0.a, < 4.0"] }

it { is_expected.to eq(Gem::Version.new("1.21.0")) }
it { is_expected.to eq(Gem::Version.new("1.22.0")) }
end

context "without a lockfile" do
Expand All @@ -228,6 +234,12 @@
}]
end

# setting the latest allowable version to 4.3.0
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("4.3.0"))
end

it { is_expected.to be >= Gem::Version.new("4.3.0") }
end

Expand All @@ -244,26 +256,32 @@
}]
end

# setting the latest allowable version to 5.2.45
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("5.2.45"))
end

it { is_expected.to be >= Gem::Version.new("5.2.45") }

context "when as a platform requirement" do
let(:project_name) { "old_php_platform" }

it { is_expected.to eq(Gem::Version.new("5.4.36")) }
it { is_expected.to eq(Gem::Version.new("5.2.45")) }

context "when an extension is specified that we don't have" do
let(:project_name) { "missing_extension" }

it "pretends the missing extension is there" do
expect(latest_resolvable_version)
.to eq(Dependabot::Composer::Version.new("5.4.36"))
.to eq(Dependabot::Composer::Version.new("5.2.45"))
end
end

context "when the platform requirement only specifies an extension" do
let(:project_name) { "bad_php" }

it { is_expected.to eq(Gem::Version.new("5.4.36")) }
it { is_expected.to eq(Gem::Version.new("5.2.45")) }
end
end
end
Expand All @@ -281,6 +299,12 @@
}]
end

# setting the latest allowable version to 5.2.45
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("5.2.45"))
end

it { is_expected.to be >= Gem::Version.new("5.2.45") }
end
end
Expand Down Expand Up @@ -465,6 +489,8 @@
v1_metadata_url = "https://repo.packagist.org/p/#{dependency_name.downcase}.json"
# v1 url doesn't always return 404 for missing packages
stub_request(:get, v1_metadata_url).to_return(status: 200, body: '{"error":{"code":404,"message":"Not Found"}}')
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("2.4.2"))
end

it "is between 2.0.0 and 3.0.0" do
Expand All @@ -487,6 +513,12 @@
end
let(:ignored_versions) { [">= 2.8.0"] }

# set latest allowable version from registry to 2.1.7
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("2.1.7"))
end

it "is the highest resolvable version" do
expect(latest_resolvable_version).to eq(Gem::Version.new("2.1.7"))
end
Expand Down Expand Up @@ -554,12 +586,16 @@
context "when there is no lockfile" do
let(:project_name) { "version_conflict_on_update_without_lockfile" }

it { is_expected.to be_nil }
it "raises a helpful error" do
expect { latest_resolvable_version }.to raise_error(Dependabot::DependencyFileNotResolvable)
end

context "when the conflict comes from a loose PHP version" do
let(:project_name) { "version_conflict_library" }

it { is_expected.to be_nil }
it "raises a helpful error" do
expect { latest_resolvable_version }.to raise_error(Dependabot::DependencyFileNotResolvable)
end
end
end
end
Expand Down Expand Up @@ -650,6 +686,12 @@
}]
end

# set latest allowable version from registry to 1.3.0
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("1.3.0"))
end

# Alternatively, this could raise an error. Either behaviour would be
# fine - the below is just what we get with Composer at the moment
# because we disabled downloading the files in
Expand Down Expand Up @@ -728,6 +770,8 @@
status: 200,
body: fixture("wpackagist_response.json")
)
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("3.0.2"))
end

it { is_expected.to be >= Gem::Version.new("3.0.2") }
Expand All @@ -746,7 +790,13 @@
}]
end

it { is_expected.to be >= Gem::Version.new("5.2.30") }
# set latest allowable version from registry to 5.2.7
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("5.2.7"))
end

it { is_expected.to be >= Gem::Version.new("5.2.7") }
end

context "when a sub-dependency would block the update" do
Expand All @@ -762,6 +812,12 @@
}]
end

# setting the latest allowable version to 5.6.23
before do
allow(checker).to receive(:latest_version_from_registry)
.and_return(Gem::Version.new("5.6.23"))
end

# 5.5.0 series and up require an update to illuminate/contracts
it { is_expected.to be >= Gem::Version.new("5.6.23") }
end
Expand Down
2 changes: 1 addition & 1 deletion go_modules/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM docker.io/library/golang:1.22.3-bookworm as go
FROM docker.io/library/golang:1.22.4-bookworm as go

FROM ghcr.io/dependabot/dependabot-updater-core
ARG TARGETARCH
Expand Down
13 changes: 11 additions & 2 deletions maven/lib/dependabot/maven/utils/auth_headers_finder.rb
Original file line number Diff line number Diff line change
@@ -1,14 +1,20 @@
# typed: true
# typed: strict
# frozen_string_literal: true

require "sorbet-runtime"

module Dependabot
module Maven
module Utils
class AuthHeadersFinder
extend T::Sig

sig { params(credentials: T::Array[Dependabot::Credential]).void }
def initialize(credentials)
@credentials = credentials
end

sig { params(maven_repo_url: String).returns(T::Hash[String, String]) }
def auth_headers(maven_repo_url)
cred =
credentials.select { |c| c["type"] == "maven_repository" }
Expand All @@ -28,10 +34,12 @@ def auth_headers(maven_repo_url)

private

sig { returns(T::Array[Dependabot::Credential]) }
attr_reader :credentials

sig { params(maven_repo_url: T.any(URI::Generic, String)).returns(T::Hash[T.untyped, T.untyped]) }
def gitlab_auth_headers(maven_repo_url)
return {} unless gitlab_maven_repo?(URI(maven_repo_url).path)
return {} unless gitlab_maven_repo?(T.must(URI(maven_repo_url).path))

cred =
credentials.select { |c| c["type"] == "git_source" }
Expand All @@ -47,6 +55,7 @@ def gitlab_auth_headers(maven_repo_url)
{ "Private-Token" => cred.fetch("password") }
end

sig { params(maven_repo_path: String).returns(T::Boolean) }
def gitlab_maven_repo?(maven_repo_path)
gitlab_maven_repo_reg = %r{^/api/v4.*/packages/maven/?$}
maven_repo_path.match?(gitlab_maven_repo_reg)
Expand Down
13 changes: 8 additions & 5 deletions terraform/lib/dependabot/terraform/requirement.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# typed: true
# typed: strict
# frozen_string_literal: true

require "sorbet-runtime"
Expand All @@ -11,13 +11,15 @@
module Dependabot
module Terraform
class Requirement < Dependabot::Requirement
extend T::Sig
# Override regex PATTERN from Gem::Requirement to add support for the
# optional 'v' prefix to release tag names, which Terraform supports.
# https://www.terraform.io/docs/registry/modules/publish.html#requirements
OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*".freeze
OPERATORS = T.let(OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze, String)
PATTERN_RAW = T.let("\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*".freeze, String)
PATTERN = /\A#{PATTERN_RAW}\z/

sig { params(obj: T.any(String, Gem::Version)).returns(T::Array[T.any(String, Version)]) }
def self.parse(obj)
return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)

Expand All @@ -28,19 +30,20 @@ def self.parse(obj)

return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"

[matches[1] || "=", Terraform::Version.new(T.must(matches[2]))]
[matches[1] || "=", Terraform::Version.new(matches[2])]
end

# For consistency with other languages, we define a requirements array.
# Terraform doesn't have an `OR` separator for requirements, so it
# always contains a single element.
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
def self.requirements_array(requirement_string)
[new(requirement_string)]
[new(requirement_string.to_s)]
end

# Patches Gem::Requirement to make it accept requirement strings like
# "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
sig { params(requirements: T.any(String, T::Array[String])).void }
def initialize(*requirements)
requirements = requirements.flatten.flat_map do |req_string|
req_string.split(",").map(&:strip)
Expand Down

0 comments on commit 6f82dc7

Please sign in to comment.