Skip to content

Commit

Permalink
passed deprecation notices into pr creation for all pr creators.
Browse files Browse the repository at this point in the history
  • Loading branch information
kbukum1 committed Aug 13, 2024
1 parent ef0de83 commit 6a673a5
Show file tree
Hide file tree
Showing 9 changed files with 637 additions and 29 deletions.
12 changes: 11 additions & 1 deletion updater/lib/dependabot/updater/group_update_creation.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ class Updater
module GroupUpdateCreation
extend T::Sig
extend T::Helpers
include PullRequestHelpers

abstract!

Expand Down Expand Up @@ -52,6 +53,14 @@ def compile_all_dependency_changes_for(group)
)
original_dependencies = dependency_snapshot.dependencies

notices = []

# Add a deprecation notice if the package manager is deprecated
add_deprecation_notice(
notices: notices,
package_manager: dependency_snapshot.package_manager
)

Dependabot.logger.info("Updating the #{job.source.directory} directory.")
group.dependencies.each do |dependency|
# We still want to update a dependency if it's been updated in another manifest files,
Expand Down Expand Up @@ -108,7 +117,8 @@ def compile_all_dependency_changes_for(group)
job: job,
updated_dependencies: group_changes.updated_dependencies,
updated_dependency_files: group_changes.updated_dependency_files,
dependency_group: group
dependency_group: group,
notices: notices
)

if Experiments.enabled?("dependency_change_validation") && !dependency_change.all_have_previous_version?
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ module Operations
class CreateSecurityUpdatePullRequest
extend T::Sig
include SecurityUpdateHelpers
include PullRequestHelpers

sig { params(job: Job).returns(T::Boolean) }
def self.applies_to?(job:)
Expand Down Expand Up @@ -43,6 +44,8 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
@error_handler = error_handler
# TODO: Collect @created_pull_requests on the Job object?
@created_pull_requests = T.let([], T::Array[T::Array[T::Hash[String, String]]])

@pr_notices = T.let([], T::Array[Dependabot::Notice])
end

# TODO: We currently tolerate multiple dependencies for this operation
Expand All @@ -55,6 +58,12 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
def perform
Dependabot.logger.info("Starting security update job for #{job.source.repo}")

# Add a deprecation notice if the package manager is deprecated
add_deprecation_notice(
notices: @pr_notices,
package_manager: dependency_snapshot.package_manager
)

target_dependencies = dependency_snapshot.job_dependencies

if target_dependencies.empty?
Expand Down Expand Up @@ -169,7 +178,8 @@ def check_and_create_pull_request(dependency)
job: job,
dependency_files: dependency_snapshot.dependency_files,
updated_dependencies: updated_deps,
change_source: checker.dependency
change_source: checker.dependency,
notices: @pr_notices
)

create_pull_request(dependency_change)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ module Operations
class RefreshSecurityUpdatePullRequest
extend T::Sig
include SecurityUpdateHelpers
include PullRequestHelpers

sig { params(job: Job).returns(T::Boolean) }
def self.applies_to?(job:)
Expand All @@ -41,10 +42,21 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
@job = job
@dependency_snapshot = dependency_snapshot
@error_handler = error_handler

@pr_notices = T.let([], T::Array[Dependabot::Notice])
end

sig { void }
def perform
Dependabot.logger.info("Starting update job for #{job.source.repo}")
Dependabot.logger.info("Checking and updating security pull requests...")

# Add a deprecation notice if the package manager is deprecated
add_deprecation_notice(
notices: @pr_notices,
package_manager: dependency_snapshot.package_manager
)

check_and_update_pull_request(dependencies)
rescue StandardError => e
error_handler.handle_dependency_error(error: e, dependency: dependencies.last)
Expand Down Expand Up @@ -142,7 +154,8 @@ def check_and_update_pull_request(dependencies)
job: job,
dependency_files: dependency_snapshot.dependency_files,
updated_dependencies: updated_deps,
change_source: checker.dependency
change_source: checker.dependency,
notices: @pr_notices
)

# NOTE: Gradle, Maven and Nuget dependency names can be case-insensitive
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ module Dependabot
class Updater
module Operations
class RefreshVersionUpdatePullRequest
include PullRequestHelpers

def self.applies_to?(job:)
return false if job.security_updates_only?
# If we haven't been given metadata about the dependencies present
Expand All @@ -31,14 +33,24 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
@dependency_snapshot = dependency_snapshot
@error_handler = error_handler

@pr_notices = T.let([], T::Array[Dependabot::Notice])

return unless job.source.directory.nil? && job.source.directories.count == 1

job.source.directory = job.source.directories.first
end

def perform
Dependabot.logger.info("Starting PR update job for #{job.source.repo}")
Dependabot.logger.info("Starting update job for #{job.source.repo}")
Dependabot.logger.info("Checking and updating versions pull requests...")
dependency = dependencies.last

# Add a deprecation notice if the package manager is deprecated
add_deprecation_notice(
notices: @pr_notices,
package_manager: dependency_snapshot.package_manager
)

check_and_update_pull_request(dependencies)
rescue StandardError => e
error_handler.handle_dependency_error(error: e, dependency: dependency)
Expand All @@ -58,6 +70,7 @@ def dependencies

# rubocop:disable Metrics/AbcSize
# rubocop:disable Metrics/PerceivedComplexity
# rubocop:disable Metrics/MethodLength
def check_and_update_pull_request(dependencies)
if dependencies.count != job.dependencies.count
# If the job dependencies mismatch the parsed dependencies, then
Expand Down Expand Up @@ -99,7 +112,8 @@ def check_and_update_pull_request(dependencies)
job: job,
dependency_files: dependency_snapshot.dependency_files,
updated_dependencies: updated_deps,
change_source: checker.dependency
change_source: checker.dependency,
notices: @pr_notices
)

# NOTE: Gradle, Maven and Nuget dependency names can be case-insensitive
Expand All @@ -121,6 +135,7 @@ def check_and_update_pull_request(dependencies)
end
# rubocop:enable Metrics/AbcSize
# rubocop:enable Metrics/PerceivedComplexity
# rubocop:enable Metrics/MethodLength

def create_pull_request(dependency_change)
Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \
Expand Down
Loading

0 comments on commit 6a673a5

Please sign in to comment.