Dep: Add first version of latest_resolvable_version method

dependabot · Jul 22, 2018 · 098c39b · 098c39b
1 parent 8008496
commit 098c39b
Show file tree

Hide file tree

Showing 7 changed files with 202 additions and 6 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: dependabot/dependabot-core:0.1.21
+      - image: dependabot/dependabot-core:0.1.22
     working_directory: ~/dependabot-core
     steps:
       - checkout

diff --git a/Dockerfile b/Dockerfile
@@ -79,6 +79,13 @@ RUN echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu bionic main" >> /etc/ap
     && mv composer.phar /usr/local/bin/composer
 
 
+### GO
+
+RUN curl -O https://dl.google.com/go/go1.10.3.linux-amd64.tar.gz && \
+    tar xvf go1.10.3.linux-amd64.tar.gz && \
+    mv go /usr/local
+
+
 ### Elixir
 
 # Install Erlang, Elixir and Hex

diff --git a/lib/dependabot/file_parsers/go/dep.rb b/lib/dependabot/file_parsers/go/dep.rb
@@ -30,7 +30,7 @@ def manifest_dependencies
           dependency_set = DependencySet.new
 
           REQUIREMENT_TYPES.each do |type|
-            parsed_file(manifest).fetch(type, {}).each do |details|
+            parsed_file(manifest).fetch(type, []).each do |details|
               dependency_set << Dependency.new(
                 name: details.fetch("name"),
                 version: nil,
@@ -51,7 +51,7 @@ def manifest_dependencies
         def lockfile_dependencies
           dependency_set = DependencySet.new
 
-          parsed_file(lockfile).fetch("projects", {}).each do |details|
+          parsed_file(lockfile).fetch("projects", []).each do |details|
             dependency_set << Dependency.new(
               name: details.fetch("name"),
               version: version_from_lockfile(details),

diff --git a/lib/dependabot/update_checkers/go/dep/version_resolver.rb b/lib/dependabot/update_checkers/go/dep/version_resolver.rb
@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require "toml-rb"
+require "dependabot/shared_helpers"
+require "dependabot/update_checkers/go/dep"
+require "dependabot/errors"
+
+module Dependabot
+  module UpdateCheckers
+    module Go
+      class Dep
+        class VersionResolver
+          def initialize(dependency:, dependency_files:, credentials:)
+            @dependency = dependency
+            @dependency_files = dependency_files
+            @credentials = credentials
+          end
+
+          def latest_resolvable_version
+            @latest_resolvable_version ||= fetch_latest_resolvable_version
+          end
+
+          private
+
+          attr_reader :dependency, :dependency_files, :credentials
+
+          def fetch_latest_resolvable_version
+            updated_version =
+              Dir.chdir(go_dir) do
+                write_temporary_dependency_files
+
+                SharedHelpers.with_git_configured(credentials: credentials) do
+                  # Shell out to dep, which handles everything for us, and does
+                  # so without doing an install (so it's fast).
+                  command = "dep ensure -update --no-vendor #{dependency.name}"
+                  run_shell_command(command)
+                end
+
+                new_lockfile_content = File.read("Gopkg.lock")
+
+                get_version_from_lockfile(new_lockfile_content)
+              end
+
+            FileUtils.rm_rf(go_dir)
+            updated_version
+          end
+
+          def get_version_from_lockfile(lockfile_content)
+            package = TomlRB.parse(lockfile_content).fetch("projects").
+                      find { |p| p["name"] == dependency.name }
+
+            if package["version"]
+              version_class.new(package["version"].sub(/^v?/, ""))
+            else
+              package.fetch("revision")
+            end
+          end
+
+          def run_shell_command(command)
+            raw_response = nil
+            IO.popen(command, err: %i(child out)) do |process|
+              raw_response = process.read
+            end
+
+            # Raise an error with the output from the shell session if dep
+            # returns a non-zero status
+            return if $CHILD_STATUS.success?
+            raise SharedHelpers::HelperSubprocessFailed.new(
+              raw_response,
+              command
+            )
+          end
+
+          def write_temporary_dependency_files
+            dependency_files.each do |file|
+              path = file.name
+              FileUtils.mkdir_p(Pathname.new(path).dirname)
+              File.write(file.name, file.content)
+            end
+
+            File.write("hello.go", dummy_app_content)
+          end
+
+          def go_dir
+            # Work in a directory called "$HOME/go/src/dependabot-tmp".
+            # TODO: This should pick up what the user's actual GOPATH is.
+            go_dir = File.join(Dir.home, "go", "src", "dependabot-tmp")
+            FileUtils.mkdir_p(go_dir)
+            go_dir
+          end
+
+          def dummy_app_content
+            "package main\n\nimport \"fmt\"\n\nfunc main() {\n"\
+            "  fmt.Printf(\"hello, world\\n\")\n}"
+          end
+
+          def version_class
+            Utils.version_class_for_package_manager(dependency.package_manager)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/dependabot/file_parsers/go/dep_spec.rb b/spec/dependabot/file_parsers/go/dep_spec.rb
@@ -75,7 +75,7 @@
           it "has the right details" do
             expect(dependency).to be_a(Dependabot::Dependency)
             expect(dependency.name).to eq("golang.org/x/text")
-            expect(dependency.version).to eq("0.3.0")
+            expect(dependency.version).to eq("0.2.0")
             expect(dependency.requirements).to eq(
               [{
                 requirement: nil,

diff --git a/spec/dependabot/update_checkers/go/dep/version_resolver_spec.rb b/spec/dependabot/update_checkers/go/dep/version_resolver_spec.rb
@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+require "dependabot/dependency_file"
+require "dependabot/update_checkers/go/dep/version_resolver"
+
+RSpec.describe Dependabot::UpdateCheckers::Go::Dep::VersionResolver do
+  subject(:resolver) do
+    described_class.new(
+      dependency: dependency,
+      dependency_files: dependency_files,
+      credentials: credentials
+    )
+  end
+
+  let(:credentials) do
+    [{
+      "type" => "git_source",
+      "host" => "github.com",
+      "username" => "x-access-token",
+      "password" => "token"
+    }]
+  end
+  let(:dependency_files) do
+    [
+      Dependabot::DependencyFile.new(
+        name: "Gopkg.toml",
+        content: fixture("go", "gopkg_tomls", manifest_fixture_name)
+      ),
+      Dependabot::DependencyFile.new(
+        name: "Gopkg.lock",
+        content: fixture("go", "gopkg_locks", lockfile_fixture_name)
+      )
+    ]
+  end
+  let(:manifest_fixture_name) { "no_version.toml" }
+  let(:lockfile_fixture_name) { "no_version.lock" }
+  let(:dependency) do
+    Dependabot::Dependency.new(
+      name: dependency_name,
+      version: dependency_version,
+      requirements: requirements,
+      package_manager: "cargo"
+    )
+  end
+  let(:dependency) do
+    Dependabot::Dependency.new(
+      name: dependency_name,
+      version: dependency_version,
+      requirements: requirements,
+      package_manager: "dep"
+    )
+  end
+  let(:requirements) do
+    [{ file: "Gopkg.toml", requirement: req_str, groups: [], source: source }]
+  end
+  let(:dependency_name) { "golang.org/x/text" }
+  let(:dependency_version) { "0.2.0" }
+  let(:req_str) { nil }
+  let(:source) { { type: "default", source: "golang.org/x/text" } }
+
+  describe "latest_resolvable_version" do
+    subject(:latest_resolvable_version) { resolver.latest_resolvable_version }
+
+    it { is_expected.to be >= Gem::Version.new("0.3.0") }
+
+    context "with a git dependency" do
+      context "that specifies a branch" do
+        let(:manifest_fixture_name) { "branch.toml" }
+        let(:lockfile_fixture_name) { "branch.lock" }
+
+        let(:source) do
+          {
+            type: "git",
+            url: "https://github.com/golang/text",
+            branch: "master",
+            ref: nil
+          }
+        end
+
+        it { is_expected.to eq("0605a8320aceb4207a5fb3521281e17ec2075476") }
+      end
+    end
+  end
+end
diff --git a/spec/fixtures/go/gopkg_locks/no_version.lock b/spec/fixtures/go/gopkg_locks/no_version.lock
@@ -17,8 +17,8 @@
     "unicode/cldr",
     "unicode/norm"
   ]
-  revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
-  version = "v0.3.0"
+  revision = "c4d099d611ac3ded35360abf03581e13d91c828f"
+  version = "v0.2.0"
 
 [solve-meta]
   analyzer-name = "dep"