dependabot · jeffwidman · Jul 10, 2023 · Jul 4, 2023 · jeffwidman · Jul 4, 2023
@@ -799,8 +799,8 @@ def security_fix?(dependency)
 StackProf.results("tmp/stackprof-#{Time.now.strftime('%Y-%m-%d-%H:%M')}.dump") if $options[:profile]
 
 puts "🌍 Total requests made: '#{$network_trace_count}'"
-package_manager = fetcher.package_manager_version
-puts "🎈 Package manager version log: #{package_manager}" unless package_manager.nil?
+ecosystem_versions = fetcher.ecosystem_versions
+puts "🎈 Ecosystem Versions log: #{ecosystem_versions}" unless ecosystem_versions.nil?
 
 # rubocop:enable Metrics/BlockLength
 

@@ -23,7 +23,7 @@ def self.required_files_message
         "Repo must contain either a Gemfile, a gemspec, or a gems.rb."
       end
 
-      def package_manager_version
+      def ecosystem_versions
         {
           package_managers: {
             "bundler" => Helpers.detected_bundler_version(lockfile)

@@ -20,7 +20,7 @@ def self.required_files_message
         "Repo must contain a Cargo.toml."
       end
 
-      def package_manager_version
+      def ecosystem_versions
         channel = if rust_toolchain
                     TomlRB.parse(rust_toolchain.content).fetch("toolchain", nil)&.fetch("channel", nil)
                   else

@@ -84,7 +84,7 @@
     end
 
     it "provides the Rust channel" do
-      expect(file_fetcher_instance.package_manager_version).to eq({
+      expect(file_fetcher_instance.ecosystem_versions).to eq({
         package_managers: { "cargo" => "default" }
       })
     end
@@ -115,7 +115,7 @@
     end
 
     it "raises a DependencyFileNotParseable error" do
-      expect { file_fetcher_instance.package_manager_version }.to raise_error(Dependabot::DependencyFileNotParseable)
+      expect { file_fetcher_instance.ecosystem_versions }.to raise_error(Dependabot::DependencyFileNotParseable)
     end
   end
 
@@ -144,7 +144,7 @@
     end
 
     it "provides the Rust channel" do
-      expect(file_fetcher_instance.package_manager_version).to eq({
+      expect(file_fetcher_instance.ecosystem_versions).to eq({
         package_managers: { "cargo" => "1.2.3" }
       })
     end

@@ -102,7 +102,7 @@ def clone_repo_contents
         raise Dependabot::RepoNotFound, source
       end
 
-      def package_manager_version
+      def ecosystem_versions
         nil
       end
 

@@ -14,7 +14,7 @@ def self.required_files_message
         "Repo must contain a go.mod."
       end
 
-      def package_manager_version
+      def ecosystem_versions
         return nil unless go_mod
 
         {

@@ -35,7 +35,7 @@
   end
 
   it "provides the Go modules version" do
-    expect(file_fetcher_instance.package_manager_version).to eq({
+    expect(file_fetcher_instance.ecosystem_versions).to eq({
       package_managers: { "gomod" => "unknown" }
     })
   end
@@ -77,7 +77,7 @@
     end
 
     it "provides the Go modules version" do
-      expect(file_fetcher_instance.package_manager_version).to eq({
+      expect(file_fetcher_instance.ecosystem_versions).to eq({
         package_managers: { "gomod" => "1.19" }
       })
     end

@@ -52,7 +52,7 @@ def clone_repo_contents
         end
       end
 
-      def package_manager_version
+      def ecosystem_versions
         package_managers = {}
 
         package_managers["npm"] = Helpers.npm_version_numeric(package_lock.content) if package_lock

@@ -282,7 +282,7 @@
     end
 
     it "parses the yarn lockfile" do
-      expect(file_fetcher_instance.package_manager_version).to eq(
+      expect(file_fetcher_instance.ecosystem_versions).to eq(
         { package_managers: { "yarn" => 1 } }
       )
     end
@@ -340,7 +340,7 @@
     end
 
     it "parses the shrinkwrap file" do
-      expect(file_fetcher_instance.package_manager_version).to eq(
+      expect(file_fetcher_instance.ecosystem_versions).to eq(
         { package_managers: { "shrinkwrap" => 1 } }
       )
     end
@@ -373,7 +373,7 @@
     end
 
     it "parses the npm lockfile" do
-      expect(file_fetcher_instance.package_manager_version).to eq(
+      expect(file_fetcher_instance.ecosystem_versions).to eq(
         { package_managers: { "npm" => 6 } }
       )
     end
@@ -410,7 +410,7 @@
     end
 
     it "parses the package manager version" do
-      expect(file_fetcher_instance.package_manager_version).to eq(
+      expect(file_fetcher_instance.ecosystem_versions).to eq(
         { package_managers: { "npm" => 6, "yarn" => 1 } }
       )
     end

@@ -119,13 +119,10 @@ def update_dependency_list(dependencies, dependency_files)
       sleep(rand(3.0..10.0)) && retry
     end
 
-    def record_package_manager_version(package_managers)
-      api_url = "#{base_url}/update_jobs/#{job_id}/record_package_manager_version"
+    def record_ecosystem_versions(ecosystem_versions)
+      api_url = "#{base_url}/update_jobs/#{job_id}/record_ecosystem_versions"
       body = {
-        data: {
-          ecosystem: "deprecated",
-          "package-managers": package_managers
-        }
+        data: { ecosystem_versions: ecosystem_versions }
       }
       response = http_client.post(api_url, json: body)
       raise ApiError, response.body if response.code >= 400

@@ -22,12 +22,9 @@ def perform_job
         raise "base commit SHA not found" unless @base_commit_sha
 
         # We don't set this flag in GHES because there's no point in recording versions since we can't access that data.
-        # TODO: The flag is named `record_ecosystem_versions` because `package_manager_version` is getting renamed to
-        # to that shortly... but splitting into separate PR's for lower risk/easiery testability. Once the follow-on PR
-        # with the rename lands, the name confusion will disappear.
         if Experiments.enabled?(:record_ecosystem_versions)
-          version = file_fetcher.package_manager_version
-          api_client.record_package_manager_version(version[:package_managers]) unless version.nil?
+          ecosystem_versions = file_fetcher.ecosystem_versions
+          api_client.record_ecosystem_versions(ecosystem_versions) unless ecosystem_versions.nil?
         end
 
         dependency_files

@@ -24,7 +24,7 @@ def initialize(client:)
     def_delegators :client,
                    :mark_job_as_processed,
                    :update_dependency_list,
-                   :record_package_manager_version,
+                   :record_ecosystem_versions,
                    :increment_metric
 
     def create_pull_request(dependency_change, base_commit_sha)

@@ -384,12 +384,12 @@
     end
   end
 
-  describe "record_package_manager_version" do
-    let(:url) { "http://example.com/update_jobs/1/record_package_manager_version" }
+  describe "ecosystem_versions" do
+    let(:url) { "http://example.com/update_jobs/1/record_ecosystem_versions" }
     before { stub_request(:post, url).to_return(status: 204) }
 
     it "hits the correct endpoint" do
-      client.record_package_manager_version({ "bundler" => "2" })
+      client.record_ecosystem_versions({ "ruby" => { "min" => 3, "max" => 3.2 } })
 
       expect(WebMock).
         to have_requested(:post, url).

@@ -17,7 +17,7 @@
 
     allow(api_client).to receive(:mark_job_as_processed)
     allow(api_client).to receive(:record_update_job_error)
-    allow(api_client).to receive(:record_package_manager_version)
+    allow(api_client).to receive(:record_ecosystem_versions)
 
     allow(Dependabot::Environment).to receive(:output_path).and_return(File.join(Dir.mktmpdir, "output.json"))
     allow(Dependabot::Environment).to receive(:job_id).and_return(job_id)
@@ -109,9 +109,6 @@
         allow_any_instance_of(Dependabot::Bundler::FileFetcher).
           to receive(:files).
           and_raise(exception)
-        allow_any_instance_of(Dependabot::Bundler::FileFetcher).
-          to receive(:package_manager_version).
-          and_return(nil)
       end
 
       it "retries the job when the rate-limit is reset and reports api error" do

@@ -51,14 +51,13 @@
                     mark_job_as_processed: nil,
                     update_dependency_list: nil,
                     record_update_job_error: nil,
-                    record_package_manager_version: nil,
+                    record_ecosystem_versions: nil,
                     increment_metric: nil)
   end
   let(:file_fetcher) do
     instance_double(Dependabot::FileFetchers::Base,
                     files: dependency_files,
-                    commit: "sha",
-                    package_manager_version: nil)
+                    commit: "sha")
   end
   let(:message_builder) do
     instance_double(Dependabot::PullRequestCreator::MessageBuilder, message: nil)
@@ -79,8 +78,6 @@
 
     # Stub Dependabot object with instance doubles
     allow(Dependabot::ApiClient).to receive(:new).and_return(api_client)
-    # Recording the package manager happens via an observer so the instantiated `api_client` does not receive this call
-    allow_any_instance_of(Dependabot::ApiClient).to receive(:record_package_manager_version)
     allow(Dependabot::FileFetchers).to receive_message_chain(:for_package_manager, :new).and_return(file_fetcher)
     allow(Dependabot::PullRequestCreator::MessageBuilder).to receive(:new).and_return(message_builder)
 

@@ -160,7 +160,7 @@
   describe "Instance methods delegated to @client" do
     {
       mark_job_as_processed: %w(mock_sha),
-      record_package_manager_version: %w(mock_package_managers)
+      record_ecosystem_versions: %w(mock_ecosystem_versions)
     }.each do |method, arguments|
       before { allow(mock_client).to receive(method) }
-Original file line number
+Diff line change
@@ Expand Up / @@ -102,7 +102,7 @@ def clone_repo_contents @@
             raise Dependabot::RepoNotFound, source
           end
-          def package_manager_version
+          def ecosystem_versions
             nil
           end
@@ Expand Down @@