Skip to content

Commit

Permalink
Merge pull request #3349 from dependabot/jurre/bundler-v2-update-checker
Browse files Browse the repository at this point in the history 
Bundler 2 [pre-release]: Add UpdateChecker
  • Loading branch information
@jurre
jurre committed Mar 25, 2021
2 parents 0cfe6c8 + 9d2f19a commit 0733f56
Show file tree
Hide file tree
Showing 8 changed files with 123 additions and 12 deletions.
29 changes: 27 additions & 2 deletions bundler/helpers/v2/lib/functions.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,13 @@ def self.depencency_source_latest_git_version(gemfile_name:, dependency_name:,

def self.private_registry_versions(gemfile_name:, dependency_name:, dir:,
credentials:)
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
set_bundler_flags_and_credentials(dir: dir, credentials: credentials,
using_bundler2: false)

DependencySource.new(
gemfile_name: gemfile_name,
dependency_name: dependency_name
).private_registry_versions
end

def self.resolve_version(dependency_name:, dependency_requirements:,
Expand All @@ -103,7 +109,26 @@ def self.jfrog_source(dir:, gemfile_name:, credentials:, using_bundler2:)
end

def self.git_specs(dir:, gemfile_name:, credentials:, using_bundler2:)
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
set_bundler_flags_and_credentials(dir: dir, credentials: credentials,
using_bundler2: using_bundler2)

git_specs = Bundler::Definition.build(gemfile_name, nil, {}).dependencies.
select do |spec|
spec.source.is_a?(Bundler::Source::Git)
end
git_specs.map do |spec|
# Piggy-back off some private Bundler methods to configure the
# URI with auth details in the same way Bundler does.
git_proxy = spec.source.send(:git_proxy)
auth_uri = spec.source.uri.gsub("git://", "https://")
auth_uri = git_proxy.send(:configured_uri_for, auth_uri)
auth_uri += ".git" unless auth_uri.end_with?(".git")
auth_uri += "/info/refs?service=git-upload-pack"
{
uri: spec.source.uri,
auth_uri: auth_uri
}
end
end

def self.set_bundler_flags_and_credentials(dir:, credentials:,
Expand Down
4 changes: 1 addition & 3 deletions bundler/helpers/v2/spec/functions_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@
RSpec.describe Functions do
# Verify v1 method signatures are exist, but raise as NYI
{
private_registry_versions: [:gemfile_name, :dependency_name, :dir, :credentials ],
jfrog_source: [:dir, :gemfile_name, :credentials, :using_bundler2],
git_specs: [:dir, :gemfile_name, :credentials, :using_bundler2],
jfrog_source: %i(dir gemfile_name credentials using_bundler2)
}.each do |function, kwargs|
describe "::#{function}" do
let(:args) do
Expand Down
42 changes: 36 additions & 6 deletions bundler/spec/dependabot/bundler/update_checker_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,10 @@
dependency_files: dependency_files,
credentials: credentials,
ignored_versions: ignored_versions,
security_advisories: security_advisories
security_advisories: security_advisories,
options: {
bundler_2_available: bundler_2_available?
}
)
end
let(:credentials) do
Expand Down Expand Up @@ -193,20 +196,22 @@
"https://repo.fury.io/greysteil/api/v1/dependencies?gems=business"
end
before do
bundler_version = bundler_2_available? ? "2" : "1"

# We only need to stub out the version callout since it would
# otherwise call out to the internet in a shell command
allow(Dependabot::Bundler::NativeHelpers).
to receive(:run_bundler_subprocess).
with({
bundler_version: "1",
bundler_version: bundler_version,
function: "dependency_source_type",
args: anything
}).and_call_original

allow(Dependabot::Bundler::NativeHelpers).
to receive(:run_bundler_subprocess).
with({
bundler_version: "1",
bundler_version: bundler_version,
function: "private_registry_versions",
args: anything
}).
Expand Down Expand Up @@ -1282,14 +1287,22 @@
to_return(status: 401)
end

it "raises a helpful error" do
it "raises a helpful error on bundler v1", :bundler_v1_only do
expect { checker.latest_resolvable_version }.
to raise_error do |error|
expect(error).to be_a(Dependabot::GitDependenciesNotReachable)
expect(error.dependency_urls).
to eq(["git@github.com:fundingcircle/prius"])
end
end

context "bundler v2", :bundler_v2_only do
let(:dependency_files) { project_dependency_files("bundler2/private_git_source") }

it "updates the dependency" do
expect(checker.latest_resolvable_version).to eq(Gem::Version.new("3.4.1"))
end
end
end

context "that has a bad reference" do
Expand All @@ -1302,13 +1315,21 @@
to_return(status: 200)
end

it "raises a helpful error" do
it "raises a helpful error", :bundler_v1_only do
expect { checker.latest_resolvable_version }.
to raise_error do |error|
expect(error).to be_a Dependabot::GitDependencyReferenceNotFound
expect(error.dependency).to eq("prius")
end
end

context "bundler v2", :bundler_v2_only do
let(:dependency_files) { project_dependency_files("bundler2/bad_ref") }

it "updates the dependency" do
expect(checker.latest_resolvable_version).to eq(Gem::Version.new("3.4.1"))
end
end
end

context "that has a bad branch" do
Expand Down Expand Up @@ -1476,14 +1497,23 @@
to_return(status: 401)
end

it "raises a helpful error" do
it "raises a helpful error", :bundler_v1_only do
expect { checker.latest_resolvable_version }.
to raise_error do |error|
expect(error).to be_a(Dependabot::GitDependenciesNotReachable)
expect(error.dependency_urls).
to eq(["git://github.com/fundingcircle/prius.git"])
end
end

it "raises a helpful error", :bundler_v2_only do
expect { checker.latest_resolvable_version }.
to raise_error do |error|
expect(error).to be_a(Dependabot::GitDependenciesNotReachable)
expect(error.dependency_urls).
to eq(["https://github.com/fundingcircle/prius.git"])
end
end
end

context "when the git request raises a timeout" do
Expand Down
7 changes: 7 additions & 0 deletions bundler/spec/fixtures/projects/bundler2/bad_ref/Gemfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# frozen_string_literal: true

source "https://rubygems.org"

gem "business", "~> 1.4.0"
gem "prius", git: "https://github.com/gocardless/prius"
gem "statesman", "~> 1.2.0"
22 changes: 22 additions & 0 deletions bundler/spec/fixtures/projects/bundler2/bad_ref/Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
GIT
remote: https://github.com/gocardless/prius
revision: cff701b3bfb182afc99a85657d7c9f3d6c1ccce1
specs:
prius (1.0.0)

GEM
remote: https://rubygems.org/
specs:
business (1.4.0)
statesman (1.2.5)

PLATFORMS
ruby

DEPENDENCIES
business (~> 1.4.0)
prius!
statesman (~> 1.2.0)

BUNDLED WITH
2.2.0
7 changes: 7 additions & 0 deletions bundler/spec/fixtures/projects/bundler2/private_git_source/Gemfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# frozen_string_literal: true

source "https://rubygems.org"

gem "business", "~> 1.4.0"
gem "prius", git: "git@github.com:fundingcircle/prius"
gem "statesman", "~> 1.2.0"
22 changes: 22 additions & 0 deletions bundler/spec/fixtures/projects/bundler2/private_git_source/Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
GIT
remote: git@github.com:fundingcircle/prius
revision: cff701b3bfb182afc99a85657d7c9f3d6c1ccce2
specs:
prius (1.0.0)

GEM
remote: https://rubygems.org/
specs:
business (1.4.0)
statesman (1.2.5)

PLATFORMS
ruby

DEPENDENCIES
business (~> 1.4.0)
prius!
statesman (~> 1.2.0)

BUNDLED WITH
2.2.0
2 changes: 1 addition & 1 deletion bundler/spec/fixtures/ruby/lockfiles/specified_source.lock
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
GEM
remote: https://rubygems.org/
remote: https://wxuokzLuQTRgMGtEYMPJ@repo.fury.io/greysteil/
remote: https://SECRET_CODES@repo.fury.io/greysteil/
specs:
business (1.5.0)
statesman (2.0.1)
Expand Down

0 comments on commit 0733f56

Please sign in to comment.