Dep: Hook up requirements updater with update checker

lib/dependabot/update_checkers/go/dep.rb

@@ -8,6 +8,7 @@ module Go
       class Dep < Dependabot::UpdateCheckers::Base
         require_relative "dep/file_preparer"
         require_relative "dep/latest_version_finder"
+        require_relative "dep/requirements_updater"
         require_relative "dep/version_resolver"
 
         def latest_version
@@ -39,11 +40,13 @@ def latest_resolvable_version_with_no_unlock
         end
 
         def updated_requirements
-          # If the dependency file needs to be updated we store the updated
-          # requirements on the dependency.
-          #
-          # TODO!
-          dependency.requirements
+          @updated_requirements ||=
+            RequirementsUpdater.new(
+              requirements: dependency.requirements,
+              updated_source: updated_source,
+              latest_version: latest_version&.to_s,
+              latest_resolvable_version: latest_resolvable_version&.to_s
+            ).updated_requirements
         end
 
         private
@@ -150,15 +153,72 @@ def latest_git_tag_is_resolvable?
           @git_tag_resolvable = false
         end
 
+        def updated_source
+          # Never need to update source, unless a git_dependency
+          return dependency_source_details unless git_dependency?
+
+          # Source becomes `nil` if switching to default rubygems
+          return default_source if should_switch_source_from_ref_to_release?
+
+          # Update the git tag if updating a pinned version
+          if git_commit_checker.pinned_ref_looks_like_version? &&
+             latest_git_tag_is_resolvable?
+            new_tag = git_commit_checker.local_tag_for_latest_version
+            return dependency_source_details.merge(ref: new_tag.fetch(:tag))
+          end
+
+          # Otherwise return the original source
+          dependency_source_details
+        end
+
+        def dependency_source_details
+          sources =
+            dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
+
+          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
+
+          sources.first
+        end
+
+        def should_switch_source_from_ref_to_release?
+          return false unless git_dependency?
+          return false if latest_resolvable_version_for_git_dependency.nil?
+          Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
+        end
+
         def git_dependency?
           git_commit_checker.git_dependency?
         end
 
+        def default_source
+          original_declaration =
+            parsed_file(manifest).
+            values_at(*FileParsers::Go::Dep::REQUIREMENT_TYPES).
+            flatten.compact.
+            find { |d| d["name"] == dependency.name }
+
+          {
+            type: "default",
+            source: original_declaration["source"] || dependency.name
+          }
+        end
+
         def git_branch_or_ref_in_release?(release)
           return false unless release
           git_commit_checker.branch_or_ref_in_release?(release)
         end
 
+        def parsed_file(file)
+          @parsed_file ||= {}
+          @parsed_file[file.name] ||= TomlRB.parse(file.content)
+        rescue TomlRB::ParseError
+          raise Dependabot::DependencyFileNotParseable, file.path
+        end
+
+        def manifest
+          @manifest ||= dependency_files.find { |f| f.name == "Gopkg.toml" }
+        end
+
         def git_commit_checker
           @git_commit_checker ||=
             GitCommitChecker.new(

lib/dependabot/update_checkers/go/dep/requirements_updater.rb

@@ -13,10 +13,9 @@ class UnfixableRequirement < StandardError; end
 
           VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
 
-          def initialize(requirements:, library:, updated_source:,
+          def initialize(requirements:, updated_source:,
                          latest_version:, latest_resolvable_version:)
             @requirements = requirements
-            @library = library
             @updated_source = updated_source
 
             if latest_version && version_class.correct?(latest_version)
@@ -46,12 +45,8 @@ def updated_requirements
           attr_reader :requirements, :updated_source,
                       :latest_version, :latest_resolvable_version
 
-          def library?
-            @library
-          end
-
           def updating_from_git_to_version?
-            return false unless updated_source.nil?
+            return false unless updated_source&.fetch(:type) == "default"
             original_source = requirements.map { |r| r[:source] }.compact.first
             original_source&.fetch(:type) == "git"
           end

spec/dependabot/file_parsers/go/dep_spec.rb

@@ -67,23 +67,23 @@
 
         context "that doesn't declare a version" do
           subject(:dependency) do
-            dependencies.find { |d| d.name == "golang.org/x/text" }
+            dependencies.find { |d| d.name == "github.com/dgrijalva/jwt-go" }
           end
           let(:manifest_fixture_name) { "no_version.toml" }
           let(:lockfile_fixture_name) { "no_version.lock" }
 
           it "has the right details" do
             expect(dependency).to be_a(Dependabot::Dependency)
-            expect(dependency.name).to eq("golang.org/x/text")
-            expect(dependency.version).to eq("0.2.0")
+            expect(dependency.name).to eq("github.com/dgrijalva/jwt-go")
+            expect(dependency.version).to eq("1.0.1")
             expect(dependency.requirements).to eq(
               [{
                 requirement: nil,
                 file: "Gopkg.toml",
                 groups: [],
                 source: {
                   type: "default",
-                  source: "golang.org/x/text"
+                  source: "github.com/dgrijalva/jwt-go"
                 }
               }]
             )

spec/dependabot/update_checkers/go/dep/file_preparer_spec.rb

@@ -52,10 +52,10 @@
       source: source
     }]
   end
-  let(:dependency_name) { "golang.org/x/text" }
-  let(:dependency_version) { "0.2.0" }
-  let(:string_req) { "0.2.0" }
-  let(:source) { { type: "default", source: "golang.org/x/text" } }
+  let(:dependency_name) { "github.com/dgrijalva/jwt-go" }
+  let(:source) { { type: "default", source: "github.com/dgrijalva/jwt-go" } }
+  let(:dependency_version) { "1.0.1" }
+  let(:string_req) { "1.0.0" }
 
   describe "#prepared_dependency_files" do
     subject(:prepared_dependency_files) { preparer.prepared_dependency_files }
@@ -71,7 +71,7 @@
         let(:unlock_requirement) { false }
 
         it "doesn't update the requirement" do
-          expect(prepared_manifest_file.content).to include('version = "0.2.0"')
+          expect(prepared_manifest_file.content).to include('version = "1.0.0"')
         end
       end
 
@@ -80,17 +80,17 @@
 
         it "updates the requirement" do
           expect(prepared_manifest_file.content).
-            to include('version = ">= 0.2.0"')
+            to include('version = ">= 1.0.1"')
         end
 
         context "without a lockfile" do
           let(:dependency_files) { [manifest] }
           let(:dependency_version) { nil }
-          let(:string_req) { "0.2.0" }
+          let(:string_req) { "1.0.0" }
 
           it "updates the requirement" do
             expect(prepared_manifest_file.content).
-              to include('version = ">= 0.2.0"')
+              to include('version = ">= 1.0.0"')
           end
         end
 
@@ -101,23 +101,23 @@
 
           it "updates the requirement" do
             expect(prepared_manifest_file.content).
-              to include('version = ">= 0.2.0"')
+              to include('version = ">= 1.0.1"')
           end
 
           context "and a latest_allowable_version" do
             let(:latest_allowable_version) { Gem::Version.new("1.6.0") }
 
             it "updates the requirement" do
               expect(prepared_manifest_file.content).
-                to include('version = ">= 0.2.0, <= 1.6.0"')
+                to include('version = ">= 1.0.1, <= 1.6.0"')
             end
 
             context "that is lower than the current lower bound" do
               let(:latest_allowable_version) { Gem::Version.new("0.1.0") }
 
               it "updates the requirement" do
                 expect(prepared_manifest_file.content).
-                  to include('version = ">= 0.2.0"')
+                  to include('version = ">= 1.0.1"')
               end
             end
           end
@@ -138,6 +138,7 @@
           context "with a branch" do
             let(:manifest_fixture_name) { "branch.toml" }
             let(:lockfile_fixture_name) { "branch.lock" }
+            let(:dependency_name) { "golang.org/x/text" }
             let(:dependency_version) do
               "7dd2c8130f5e924233f5543598300651c386d431"
             end
@@ -172,6 +173,7 @@
             let(:manifest_fixture_name) { "tag_as_revision.toml" }
             let(:lockfile_fixture_name) { "tag_as_revision.lock" }
             let(:dependency_version) { "v0.2.0" }
+            let(:dependency_name) { "golang.org/x/text" }
             let(:string_req) { nil }
             let(:source) do
               {

spec/dependabot/update_checkers/go/dep/requirements_updater_spec.rb

@@ -8,7 +8,6 @@
     described_class.new(
       requirements: requirements,
       updated_source: updated_source,
-      library: library,
       latest_version: latest_version,
       latest_resolvable_version: latest_resolvable_version
     )
@@ -26,7 +25,6 @@
   end
   let(:manifest_req_string) { "^1.4.0" }
 
-  let(:library) { false }
   let(:latest_version) { "1.8.0" }
   let(:latest_resolvable_version) { "1.5.0" }
   let(:version_class) { Dependabot::Utils::Go::Version }
@@ -106,9 +104,7 @@
       end
     end
 
-    context "for a library requirement" do
-      let(:library) { true }
-
+    context "for a library-style update" do
       context "when there is a resolvable version" do
         let(:latest_resolvable_version) { Gem::Version.new("1.5.0") }
 

spec/dependabot/update_checkers/go/dep/version_resolver_spec.rb

@@ -54,10 +54,10 @@
   let(:requirements) do
     [{ file: "Gopkg.toml", requirement: req_str, groups: [], source: source }]
   end
-  let(:dependency_name) { "golang.org/x/text" }
-  let(:dependency_version) { "0.2.0" }
+  let(:dependency_name) { "github.com/dgrijalva/jwt-go" }
+  let(:dependency_version) { "1.0.1" }
   let(:req_str) { nil }
-  let(:source) { { type: "default", source: "golang.org/x/text" } }
+  let(:source) { { type: "default", source: "github.com/dgrijalva/jwt-go" } }
 
   describe "latest_resolvable_version" do
     subject(:latest_resolvable_version) { resolver.latest_resolvable_version }
@@ -68,7 +68,7 @@
       context "that specifies a branch" do
         let(:manifest_fixture_name) { "branch.toml" }
         let(:lockfile_fixture_name) { "branch.lock" }
-
+        let(:dependency_name) { "golang.org/x/text" }
         let(:source) do
           {
             type: "git",
@@ -84,7 +84,7 @@
       context "that specifies a tag as a revision" do
         let(:manifest_fixture_name) { "tag_as_revision.toml" }
         let(:lockfile_fixture_name) { "tag_as_revision.lock" }
-
+        let(:dependency_name) { "golang.org/x/text" }
         let(:source) do
           {
             type: "git",