Merge branch 'main' into deivid-rodriguez/bundler-2.5.5

.github/workflows/ci.yml

@@ -98,3 +98,32 @@ jobs:
       - run: ./bin/lint
       # yamllint is installed in GitHub Actions base runner image: https://github.com/adrienverge/yamllint/pull/588
       - run: yamllint .
+
+  integration:
+    env:
+      DOCKER_BUILDKIT: 1
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Build ecosystem image
+        run: script/build silent
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.21
+      - name: Download Dependabot CLI
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz"
+          tar xzvf *.tar.gz >/dev/null 2>&1
+          ./dependabot --version
+      - name: Run integration tests
+        env:
+          PATH: ${{ github.workspace }}:$PATH
+        run: |
+          cd silent/tests
+          go test ./...

.github/workflows/smoke.yml

@@ -51,7 +51,7 @@ jobs:
           # We end up with, for example: [{core: "bundler", ecosystem: "rubygems", name: "smoke-bundler.yaml"}]
           jq -c '.[]' filtered.json | while read -r i; do
             test=$(echo "$i" | jq -r '.test')
-            jq --argjson i "$i" --arg test "-$test" -r '.[] | select(.name | contains($test)) | {core: ($i | .core), ecosystem: ($i | .ecosystem), name: .name}' tests.json
+            jq --argjson i "$i" --arg test "-$test" -r '.[] | select(.name | contains($test)) | {core: ($i | .core), ecosystem: ($i | .ecosystem), name: .name, sha: .sha }' tests.json
           done | jq -cs . > suites.json
 
           # Set the step output
@@ -68,14 +68,32 @@ jobs:
         with:
           submodules: recursive
 
-      - name: Download CLI and test
+      - name: Download CLI
         run: |
           gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz"
           tar xzvf *.tar.gz >/dev/null 2>&1
           ./dependabot --version
+
+      - name: Restore Smoke Test
+        id: cache-smoke-test
+        uses: actions/cache/restore@v4
+        with:
+          path: smoke.yaml
+          key: ${{ matrix.suite.sha }}-${{ matrix.suite.name }}
+
+      - name: Download test
+        if: steps.cache-smoke-test.outputs.cache-hit != 'true'
+        run: |
           URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests/${{ matrix.suite.name }}
           curl $(gh api $URL --jq .download_url) -o smoke.yaml
 
+      - name: Cache Smoke Test
+        if: steps.cache-smoke-test.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v4
+        with:
+          path: smoke.yaml
+          key: ${{ steps.cache-smoke-test.outputs.cache-primary-key }}
+
       # Download the Proxy cache. The job is ideally 100% cached so no real calls are made.
       # Allowed to fail to get out of checking and egg situations, for example, when adding a new ecosystem.
       - name: Download cache

Dockerfile.updater-core

@@ -96,11 +96,12 @@ COPY --chown=dependabot:dependabot npm_and_yarn/.bundle npm_and_yarn/dependabot-
 COPY --chown=dependabot:dependabot nuget/.bundle nuget/dependabot-nuget.gemspec nuget/
 COPY --chown=dependabot:dependabot pub/.bundle pub/dependabot-pub.gemspec pub/
 COPY --chown=dependabot:dependabot python/.bundle python/dependabot-python.gemspec python/
+COPY --chown=dependabot:dependabot silent/.bundle silent/dependabot-silent.gemspec silent/
 COPY --chown=dependabot:dependabot swift/.bundle swift/dependabot-swift.gemspec swift/
 COPY --chown=dependabot:dependabot terraform/.bundle terraform/dependabot-terraform.gemspec terraform/
 
 # prevent having all the source in every ecosystem image
-RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler swift devcontainers; do \
+RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler silent swift devcontainers; do \
     mkdir -p $ecosystem/lib/dependabot; \
     touch $ecosystem/lib/dependabot/$ecosystem.rb; \
   done

Gemfile

@@ -19,6 +19,7 @@ gem "dependabot-npm_and_yarn", path: "npm_and_yarn"
 gem "dependabot-nuget", path: "nuget"
 gem "dependabot-pub", path: "pub"
 gem "dependabot-python", path: "python"
+gem "dependabot-silent", path: "silent"
 gem "dependabot-swift", path: "swift"
 gem "dependabot-terraform", path: "terraform"
 

Gemfile.lock

@@ -119,6 +119,12 @@ PATH
     dependabot-python (0.242.1)
       dependabot-common (= 0.242.1)
 
+PATH
+  remote: silent
+  specs:
+    dependabot-silent (0.242.1)
+      dependabot-common (= 0.242.1)
+
 PATH
   remote: swift
   specs:
@@ -362,6 +368,7 @@ DEPENDENCIES
   dependabot-nuget!
   dependabot-pub!
   dependabot-python!
+  dependabot-silent!
   dependabot-swift!
   dependabot-terraform!
   gpgme (~> 2.0)

Rakefile

@@ -31,6 +31,7 @@ GEMSPECS = %w(
   python/dependabot-python.gemspec
   pub/dependabot-pub.gemspec
   omnibus/dependabot-omnibus.gemspec
+  silent/dependabot-silent.gemspec
   swift/dependabot-swift.gemspec
   devcontainers/dependabot-devcontainers.gemspec
 ).freeze

bundler/helpers/v2/monkey_patches/definition_ruby_version_patch.rb

@@ -4,6 +4,14 @@
 require "bundler/definition"
 
 module BundlerDefinitionRubyVersionPatch
+  def ruby_version
+    super || begin
+      Bundler::RubyVersion.from_string(File.read(".ruby-version", chomp: true))
+    rescue SystemCallError
+      # .ruby-version doesn't exist, fallback to the Ruby Dependabot runs
+    end
+  end
+
   def source_requirements
     if ruby_version
       requested_version = ruby_version.gem_version

bundler/lib/dependabot/bundler/file_fetcher.rb

@@ -98,7 +98,6 @@ def gemspec_directories
 
       def ruby_version_file
         return unless gemfile
-        return unless gemfile.content.include?(".ruby-version")
 
         @ruby_version_file ||=
           fetch_file_if_present(".ruby-version")

bundler/spec/dependabot/bundler/file_fetcher_spec.rb

@@ -31,6 +31,15 @@
   end
 
   before { allow(file_fetcher_instance).to receive(:commit).and_return("sha") }
+  before do
+    stub_request(:get, File.join(url, ".ruby-version?ref=sha"))
+      .with(headers: { "Authorization" => "token token" })
+      .to_return(
+        status: 200,
+        body: fixture("github", "ruby_version_content.json"),
+        headers: { "content-type" => "application/json" }
+      )
+  end
 
   context "with a directory" do
     let(:directory) { "/test" }
@@ -63,9 +72,9 @@
     end
 
     it "fetches the files as normal" do
-      expect(file_fetcher_instance.files.count).to eq(2)
+      expect(file_fetcher_instance.files.count).to eq(3)
       expect(file_fetcher_instance.files.map(&:name))
-        .to match_array(%w(Gemfile Gemfile.lock))
+        .to match_array(%w(Gemfile Gemfile.lock .ruby-version))
     end
 
     context "that can't be found" do
@@ -146,16 +155,6 @@
         )
     end
 
-    before do
-      stub_request(:get, url + ".ruby-version?ref=sha")
-        .with(headers: { "Authorization" => "token token" })
-        .to_return(
-          status: 200,
-          body: fixture("github", "ruby_version_content.json"),
-          headers: { "content-type" => "application/json" }
-        )
-    end
-
     it "fetches the ruby-version file" do
       expect(file_fetcher_instance.files.count).to eq(3)
       expect(file_fetcher_instance.files.map(&:name))
@@ -191,9 +190,9 @@
     end
 
     it "fetches the ruby-version file" do
-      expect(file_fetcher_instance.files.count).to eq(2)
+      expect(file_fetcher_instance.files.count).to eq(3)
       expect(file_fetcher_instance.files.map(&:name))
-        .to eq(%w(gems.rb gems.locked))
+        .to eq(%w(gems.rb gems.locked .ruby-version))
     end
   end
 
@@ -246,7 +245,7 @@
       end
 
       it "fetches the path dependency" do
-        expect(file_fetcher_instance.files.count).to eq(3)
+        expect(file_fetcher_instance.files.count).to eq(4)
         expect(file_fetcher_instance.files.map(&:name))
           .to include("../constants.rb")
       end
@@ -299,7 +298,7 @@
       end
 
       it "fetches gemspec from path dependency" do
-        expect(file_fetcher_instance.files.count).to eq(3)
+        expect(file_fetcher_instance.files.count).to eq(4)
         expect(file_fetcher_instance.files.map(&:name))
           .to include("plugins/bump-core/bump-core.gemspec")
       end
@@ -348,7 +347,7 @@
         end
 
         it "fetches gemspec from path dependency" do
-          expect(file_fetcher_instance.files.count).to eq(4)
+          expect(file_fetcher_instance.files.count).to eq(5)
           expect(file_fetcher_instance.files.map(&:name))
             .to include("plugins/bump-core/bump-core/bump-core.gemspec")
           expect(file_fetcher_instance.files.map(&:name))
@@ -403,7 +402,7 @@
         end
 
         it "fetches gemspec from path dependency" do
-          expect(file_fetcher_instance.files.count).to eq(3)
+          expect(file_fetcher_instance.files.count).to eq(4)
           expect(file_fetcher_instance.files.map(&:name))
             .to include("plugins/bump-core/bump-core.gemspec")
         end
@@ -418,10 +417,18 @@
               body: fixture("github", "contents_ruby_no_lockfile.json"),
               headers: { "content-type" => "application/json" }
             )
+
+          stub_request(:get, url + ".ruby-version?ref=sha")
+            .with(headers: { "Authorization" => "token token" })
+            .to_return(
+              status: 200,
+              body: fixture("github", "ruby_version_content.json"),
+              headers: { "content-type" => "application/json" }
+            )
         end
 
         it "fetches gemspec from path dependency" do
-          expect(file_fetcher_instance.files.count).to eq(2)
+          expect(file_fetcher_instance.files.count).to eq(3)
           expect(file_fetcher_instance.files.map(&:name))
             .to include("plugins/bump-core/bump-core.gemspec")
         end
@@ -468,7 +475,7 @@
         end
 
         it "fetches the .specification from path dependency" do
-          expect(file_fetcher_instance.files.count).to eq(3)
+          expect(file_fetcher_instance.files.count).to eq(4)
           expect(file_fetcher_instance.files.map(&:name))
             .to include("plugins/bump-core/.specification")
         end
@@ -526,7 +533,7 @@
       end
 
       it "quietly ignores the error" do
-        expect(file_fetcher_instance.files.count).to eq(2)
+        expect(file_fetcher_instance.files.count).to eq(3)
       end
     end
   end
@@ -693,7 +700,7 @@
     end
 
     it "fetches gemspec" do
-      expect(file_fetcher_instance.files.count).to eq(3)
+      expect(file_fetcher_instance.files.count).to eq(4)
       expect(file_fetcher_instance.files.map(&:name))
         .to include("business.gemspec")
     end
@@ -731,7 +738,7 @@
       end
 
       it "fetches gemspec" do
-        expect(file_fetcher_instance.files.count).to eq(2)
+        expect(file_fetcher_instance.files.count).to eq(3)
         expect(file_fetcher_instance.files.map(&:name))
           .to include("dev/business.gemspec")
       end
@@ -766,7 +773,7 @@
     end
 
     it "fetches gemspec" do
-      expect(file_fetcher_instance.files.count).to eq(2)
+      expect(file_fetcher_instance.files.count).to eq(3)
       expect(file_fetcher_instance.files.map(&:name))
         .to include("business.gemspec")
     end
@@ -808,7 +815,7 @@
     end
 
     it "fetches gemspecs" do
-      expect(file_fetcher_instance.files.count).to eq(3)
+      expect(file_fetcher_instance.files.count).to eq(4)
       expect(file_fetcher_instance.files.map(&:name))
         .to include("business.gemspec")
       expect(file_fetcher_instance.files.map(&:name))