passed deprecation notices into pr creation for all pr creators.

dependabot · Aug 13, 2024 · bc3dce1 · bc3dce1
1 parent 243e167
commit bc3dce1
Show file tree

Hide file tree

Showing 9 changed files with 637 additions and 29 deletions.
diff --git a/updater/lib/dependabot/updater/group_update_creation.rb b/updater/lib/dependabot/updater/group_update_creation.rb
@@ -22,6 +22,7 @@ class Updater
     module GroupUpdateCreation
       extend T::Sig
       extend T::Helpers
+      include PullRequestHelpers
 
       abstract!
 
@@ -52,6 +53,14 @@ def compile_all_dependency_changes_for(group)
         )
         original_dependencies = dependency_snapshot.dependencies
 
+        notices = []
+
+        # Add a deprecation notice if the package manager is deprecated
+        add_deprecation_notice(
+          notices: notices,
+          package_manager: dependency_snapshot.package_manager
+        )
+
         Dependabot.logger.info("Updating the #{job.source.directory} directory.")
         group.dependencies.each do |dependency|
           # We still want to update a dependency if it's been updated in another manifest files,
@@ -108,7 +117,8 @@ def compile_all_dependency_changes_for(group)
           job: job,
           updated_dependencies: group_changes.updated_dependencies,
           updated_dependency_files: group_changes.updated_dependency_files,
-          dependency_group: group
+          dependency_group: group,
+          notices: notices
         )
 
         if Experiments.enabled?("dependency_change_validation") && !dependency_change.all_have_previous_version?

diff --git a/updater/lib/dependabot/updater/operations/create_security_update_pull_request.rb b/updater/lib/dependabot/updater/operations/create_security_update_pull_request.rb
@@ -12,6 +12,7 @@ module Operations
       class CreateSecurityUpdatePullRequest
         extend T::Sig
         include SecurityUpdateHelpers
+        include PullRequestHelpers
 
         sig { params(job: Job).returns(T::Boolean) }
         def self.applies_to?(job:)
@@ -43,6 +44,8 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
           @error_handler = error_handler
           # TODO: Collect @created_pull_requests on the Job object?
           @created_pull_requests = T.let([], T::Array[T::Array[T::Hash[String, String]]])
+
+          @pr_notices = T.let([], T::Array[Dependabot::Notice])
         end
 
         # TODO: We currently tolerate multiple dependencies for this operation
@@ -55,6 +58,12 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
         def perform
           Dependabot.logger.info("Starting security update job for #{job.source.repo}")
 
+          # Add a deprecation notice if the package manager is deprecated
+          add_deprecation_notice(
+            notices: @pr_notices,
+            package_manager: dependency_snapshot.package_manager
+          )
+
           target_dependencies = dependency_snapshot.job_dependencies
 
           if target_dependencies.empty?
@@ -169,7 +178,8 @@ def check_and_create_pull_request(dependency)
             job: job,
             dependency_files: dependency_snapshot.dependency_files,
             updated_dependencies: updated_deps,
-            change_source: checker.dependency
+            change_source: checker.dependency,
+            notices: @pr_notices
           )
 
           create_pull_request(dependency_change)

diff --git a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb
@@ -16,6 +16,7 @@ module Operations
       class RefreshSecurityUpdatePullRequest
         extend T::Sig
         include SecurityUpdateHelpers
+        include PullRequestHelpers
 
         sig { params(job: Job).returns(T::Boolean) }
         def self.applies_to?(job:)
@@ -41,10 +42,21 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
           @job = job
           @dependency_snapshot = dependency_snapshot
           @error_handler = error_handler
+
+          @pr_notices = T.let([], T::Array[Dependabot::Notice])
         end
 
         sig { void }
         def perform
+          Dependabot.logger.info("Starting update job for #{job.source.repo}")
+          Dependabot.logger.info("Checking and updating security pull requests...")
+
+          # Add a deprecation notice if the package manager is deprecated
+          add_deprecation_notice(
+            notices: @pr_notices,
+            package_manager: dependency_snapshot.package_manager
+          )
+
           check_and_update_pull_request(dependencies)
         rescue StandardError => e
           error_handler.handle_dependency_error(error: e, dependency: dependencies.last)
@@ -142,7 +154,8 @@ def check_and_update_pull_request(dependencies)
             job: job,
             dependency_files: dependency_snapshot.dependency_files,
             updated_dependencies: updated_deps,
-            change_source: checker.dependency
+            change_source: checker.dependency,
+            notices: @pr_notices
           )
 
           # NOTE: Gradle, Maven and Nuget dependency names can be case-insensitive

diff --git a/updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb b/updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb
@@ -12,6 +12,8 @@ module Dependabot
   class Updater
     module Operations
       class RefreshVersionUpdatePullRequest
+        include PullRequestHelpers
+
         def self.applies_to?(job:)
           return false if job.security_updates_only?
           # If we haven't been given metadata about the dependencies present
@@ -31,14 +33,24 @@ def initialize(service:, job:, dependency_snapshot:, error_handler:)
           @dependency_snapshot = dependency_snapshot
           @error_handler = error_handler
 
+          @pr_notices = T.let([], T::Array[Dependabot::Notice])
+
           return unless job.source.directory.nil? && job.source.directories.count == 1
 
           job.source.directory = job.source.directories.first
         end
 
         def perform
-          Dependabot.logger.info("Starting PR update job for #{job.source.repo}")
+          Dependabot.logger.info("Starting update job for #{job.source.repo}")
+          Dependabot.logger.info("Checking and updating versions pull requests...")
           dependency = dependencies.last
+
+          # Add a deprecation notice if the package manager is deprecated
+          add_deprecation_notice(
+            notices: @pr_notices,
+            package_manager: dependency_snapshot.package_manager
+          )
+
           check_and_update_pull_request(dependencies)
         rescue StandardError => e
           error_handler.handle_dependency_error(error: e, dependency: dependency)
@@ -58,6 +70,7 @@ def dependencies
 
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/PerceivedComplexity
+        # rubocop:disable Metrics/MethodLength
         def check_and_update_pull_request(dependencies)
           if dependencies.count != job.dependencies.count
             # If the job dependencies mismatch the parsed dependencies, then
@@ -99,7 +112,8 @@ def check_and_update_pull_request(dependencies)
             job: job,
             dependency_files: dependency_snapshot.dependency_files,
             updated_dependencies: updated_deps,
-            change_source: checker.dependency
+            change_source: checker.dependency,
+            notices: @pr_notices
           )
 
           # NOTE: Gradle, Maven and Nuget dependency names can be case-insensitive
@@ -121,6 +135,7 @@ def check_and_update_pull_request(dependencies)
         end
         # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
+        # rubocop:enable Metrics/MethodLength
 
         def create_pull_request(dependency_change)
           Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \