Respect style of each action when updating github actions

dependabot · Sep 20, 2023 · 4a450ca · 4a450ca
1 parent b8bbe7d
commit 4a450ca
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 11 deletions.
diff --git a/common/lib/dependabot/git_commit_checker.rb b/common/lib/dependabot/git_commit_checker.rb
@@ -24,12 +24,13 @@ class GitCommitChecker
 
     def initialize(dependency:, credentials:,
                    ignored_versions: [], raise_on_ignored: false,
-                   consider_version_branches_pinned: false)
+                   consider_version_branches_pinned: false, dependency_source_details: nil)
       @dependency = dependency
       @credentials = credentials
       @ignored_versions = ignored_versions
       @raise_on_ignored = raise_on_ignored
       @consider_version_branches_pinned = consider_version_branches_pinned
+      @dependency_source_details = dependency_source_details
     end
 
     def git_dependency?
@@ -160,7 +161,7 @@ def git_repo_reachable?
     end
 
     def dependency_source_details
-      dependency.source_details(allowed_types: ["git"])
+      @dependency_source_details || dependency.source_details(allowed_types: ["git"])
     end
 
     private

diff --git a/github_actions/lib/dependabot/github_actions/update_checker.rb b/github_actions/lib/dependabot/github_actions/update_checker.rb
@@ -35,12 +35,11 @@ def lowest_resolvable_security_fix_version
       end
 
       def updated_requirements
-        updated = updated_ref
-
         dependency.requirements.map do |req|
+          source = req[:source]
+          updated = updated_ref(source)
           next req unless updated
 
-          source = req[:source]
           current = source[:ref]
 
           # Maintain a short git hash only if it matches the latest
@@ -174,7 +173,7 @@ def filter_lower_tags(tags_array)
           .select { |tag| tag.fetch(:version) > current_version }
       end
 
-      def updated_ref
+      def updated_ref(source)
         # TODO: Support Docker sources
         return unless git_dependency?
 
@@ -183,14 +182,16 @@ def updated_ref
           return new_tag.fetch(:tag)
         end
 
+        source_git_commit_checker = git_commit_checker_for(source)
+
         # Return the git tag if updating a pinned version
-        if git_commit_checker.pinned_ref_looks_like_version? &&
+        if source_git_commit_checker.pinned_ref_looks_like_version? &&
            (new_tag = latest_version_tag)
           return new_tag.fetch(:tag)
         end
 
         # Return the pinned git commit if one is available
-        if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
+        if source_git_commit_checker.pinned_ref_looks_like_commit_sha? &&
            (new_commit_sha = latest_commit_sha)
           return new_commit_sha
         end
@@ -219,12 +220,19 @@ def git_dependency?
       end
 
       def git_commit_checker
-        @git_commit_checker ||= Dependabot::GitCommitChecker.new(
+        @git_commit_checker ||= git_commit_checker_for(nil)
+      end
+
+      def git_commit_checker_for(source)
+        @git_commit_checkers ||= {}
+
+        @git_commit_checkers[source] ||= Dependabot::GitCommitChecker.new(
           dependency: dependency,
           credentials: credentials,
           ignored_versions: ignored_versions,
           raise_on_ignored: raise_on_ignored,
-          consider_version_branches_pinned: true
+          consider_version_branches_pinned: true,
+          dependency_source_details: source
         )
       end
 

diff --git a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb
@@ -913,7 +913,7 @@
           source: {
             type: "git",
             url: "https://github.com/actions/checkout",
-            ref: "v3.5.2",
+            ref: "master",
             branch: nil
           }
         }]