dependabot · feelepxyz · Jan 27, 2022 · Jan 17, 2021
@@ -8,7 +8,6 @@
 use Composer\Factory;
 use Composer\Installer;
 use Composer\Package\PackageInterface;
-use Composer\Util\Filesystem;
 
 final class UpdateChecker
 {
@@ -48,30 +47,22 @@ public static function getLatestResolvableVersion(array $args): ?string
             $io->loadConfiguration($config);
         }
 
-        $installationManager = new DependabotInstallationManager($composer->getLoop(), $io);
-
-        $fs = new Filesystem(null);
-        $binaryInstaller = new Installer\BinaryInstaller($io, rtrim($composer->getConfig()->get('bin-dir'), '/'), $composer->getConfig()->get('bin-compat'), $fs);
-
-        $installationManager->addInstaller(new Installer\LibraryInstaller($io, $composer, null, $fs, $binaryInstaller));
-        $installationManager->addInstaller(new Installer\PluginInstaller($io, $composer, $fs, $binaryInstaller));
-        $installationManager->addInstaller(new Installer\MetapackageInstaller($io));
-
         $install = new Installer(
             $io,
             $config,
             $composer->getPackage(),  // @phpstan-ignore-line
             $composer->getDownloadManager(),
             $composer->getRepositoryManager(),
             $composer->getLocker(),
-            $installationManager,
+            $composer->getInstallationManager(),
             $composer->getEventDispatcher(),
             $composer->getAutoloadGenerator()
         );
 
         // For all potential options, see UpdateCommand in composer
         $install
             ->setUpdate(true)
+            ->setInstall(false)
             ->setDevMode(true)
             ->setUpdateAllowTransitiveDependencies(Request::UPDATE_LISTED_WITH_TRANSITIVE_DEPS)
             ->setDumpAutoloader(false)
@@ -86,7 +77,7 @@ public static function getLatestResolvableVersion(array $args): ?string
 
         $install->run();
 
-        $installedPackages = $installationManager->getInstalledPackages();
+        $installedPackages = $composer->getLocker()->getLockedRepository(true)->getPackages();
 
         $updatedPackage = current(array_filter($installedPackages, static function (PackageInterface $package) use ($dependencyName): bool {
             return $package->getName() === $dependencyName;

@@ -78,6 +78,7 @@ public static function update(array $args): array
         $install
             ->setWriteLock(true)
             ->setUpdate(true)
+            ->setInstall(false)
             ->setDevMode(true)
             ->setUpdateAllowList([$dependencyName])
             ->setUpdateAllowTransitiveDependencies(Request::UPDATE_LISTED_WITH_TRANSITIVE_DEPS)

@@ -311,37 +311,8 @@
       let(:project_name) { "env_variable" }
 
       context "that hasn't been provided" do
-        it "raises a MissingEnvironmentVariable error" do
-          expect { updated_lockfile_content }.to raise_error do |error|
-            expect(error).to be_a(Dependabot::MissingEnvironmentVariable)
-            expect(error.message).to eq("Missing environment variable ACF_PRO_KEY")
-          end
-        end
-      end
-
-      context "that has been provided" do
-        let(:updater) do
-          described_class.new(
-            dependency_files: files,
-            dependencies: [dependency],
-            credentials: [{
-              "type" => "git_source",
-              "host" => "github.com",
-              "username" => "x-access-token",
-              "password" => "token"
-            }, {
-              "type" => "php_environment_variable",
-              "env-key" => "ACF_PRO_KEY",
-              "env-value" => "example_key"
-            }]
-          )
-        end
-
-        it "runs just fine (we get a 404 here because our key is wrong)" do
-          expect { updated_lockfile_content }.to raise_error do |error|
-            expect(error).to be_a(Dependabot::DependencyFileNotResolvable)
-            expect(error.message).to include("404")
-          end
+        it "does not attempt to download and has details of the updated item" do
+          expect(updated_lockfile_content).to include("\"version\":\"5.9.2\"")
         end
       end
     end
@@ -544,11 +515,8 @@
           }]
         end
 
-        it "raises a helpful errors" do
-          expect { updated_lockfile_content }.to raise_error do |error|
-            expect(error).to be_a Dependabot::PrivateSourceAuthenticationFailure
-            expect(error.source).to eq("nova.laravel.com")
-          end
+        it "does not attempt to download and has details of the updated item" do
+          expect(updated_lockfile_content).to include("\"version\":\"v2.0.9\"")
         end
       end
     end
@@ -577,11 +545,8 @@
         )
       end
 
-      it "raises a helpful errors" do
-        expect { updated_lockfile_content }.to raise_error do |error|
-          expect(error).to be_a Dependabot::GitDependencyReferenceNotFound
-          expect(error.dependency).to eq("monolog/monolog")
-        end
+      it "does not attempt to install it and has details of the updated item" do
+        expect(updated_lockfile_content).to include("\"version\":\"v1.6.0\"")
       end
     end
 
@@ -609,12 +574,8 @@
         )
       end
 
-      it "raises a helpful errors" do
-        expect { updated_lockfile_content }.to raise_error do |error|
-          expect(error).to be_a Dependabot::GitDependencyReferenceNotFound
-          expect(error.dependency).
-            to eq("monolog/monolog")
-        end
+      it "does not attempt to install it and has details of the updated item" do
+        expect(updated_lockfile_content).to include("\"version\":\"v1.6.0\"")
       end
     end