make DependencySnapshot aware of multiple directories

silent/tests/testdata/su-group-pattern-multidir.txt

@@ -0,0 +1,128 @@
+dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+stderr -count=1 'created \| related-a \( from 1.2.3 to 1.2.4 \), related-b \( from 2.3.4 to 2.3.5 \)'
+stderr -count=1 'created \| dependency-c \( from 2.3.4 to 3.0.0 \)'
+stderr -count=1 'created \| dependency-d \( from 2.3.4 to 3.0.0 \)'
+stdout -count=3 create_pull_request
+pr-created expected-group-foo.json expected-group-bar.json
+pr-created expected-individual-1.json
+pr-created expected-individual-2.json
+
+-- foo/manifest.json --
+{
+  "related-a": { "version": "1.2.3" },
+  "related-b": { "version": "2.3.4" },
+  "dependency-c": { "version": "2.3.4" }
+}
+
+-- bar/manifest.json --
+{
+  "related-a": { "version": "1.2.3" },
+  "related-b": { "version": "2.3.4" },
+  "dependency-d": { "version": "2.3.4" }
+}
+
+-- expected-group-foo.json --
+{
+  "related-a": { "version": "1.2.4" },
+  "related-b": { "version": "2.3.5" },
+  "dependency-c": { "version": "2.3.4" }
+}
+
+-- expected-group-bar.json --
+{
+  "related-a": { "version": "1.2.4" },
+  "related-b": { "version": "2.3.5" },
+  "dependency-d": { "version": "2.3.4" }
+}
+
+-- expected-individual-1.json --
+{
+  "related-a": { "version": "1.2.3" },
+  "related-b": { "version": "2.3.4" },
+  "dependency-c": { "version": "3.0.0" }
+}
+
+-- expected-individual-2.json --
+{
+  "related-a": { "version": "1.2.3" },
+  "related-b": { "version": "2.3.4" },
+  "dependency-d": { "version": "3.0.0" }
+}
+
+-- related-a --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.2.5"
+  ]
+}
+
+-- related-b --
+{
+  "versions": [
+    "2.3.4",
+    "2.3.5"
+  ]
+}
+
+-- dependency-c --
+{
+  "versions": [
+    "2.3.4",
+    "3.0.0"
+  ]
+}
+
+-- dependency-d --
+{
+  "versions": [
+    "2.3.4",
+    "3.0.0"
+  ]
+}
+
+-- input.yml --
+job:
+  package-manager: "silent"
+  dependencies:
+    - related-a
+    - related-b
+    - dependency-c
+    - dependency-d
+  source:
+    directories:
+      - "/foo"
+      - "/bar/normalize-test/.."
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  security-advisories:
+    - dependency-name: related-a
+      affected-versions:
+        - < 1.2.4
+      patched-versions: []
+      unaffected-versions: []
+    - dependency-name: related-b
+      affected-versions:
+        - < 2.3.5
+      patched-versions: []
+      unaffected-versions: []
+    - dependency-name: dependency-c
+      affected-versions:
+        - < 2.3.5
+      patched-versions: []
+      unaffected-versions: []
+    - dependency-name: dependency-d
+      affected-versions:
+        - < 2.3.5
+      patched-versions: []
+      unaffected-versions: []
+  security-updates-only: true
+  dependency-groups:
+    - name: related
+      applies-to: security-updates
+      rules:
+        patterns:
+          - "related-*"

silent/tests/testdata/su-group-pattern.txt

@@ -1,6 +1,7 @@
 dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
 stderr -count=1 'created \| related-a \( from 1.2.3 to 1.2.4 \), related-b \( from 2.3.4 to 2.3.5 \)'
 stderr -count=1 'created \| dependency-c \( from 2.3.4 to 3.0.0 \)'
+stdout -count=2 create_pull_request
 pr-created expected-group.json
 pr-created expected-individual.json
 

silent/tests/testdata/su-group-type.txt

@@ -1,7 +1,7 @@
 dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
-stdout -count=4 create_pull_request
+stdout -count=2 create_pull_request
 pr-created expected-dev-group.json
-#pr-created expected-prod-group.json
+pr-created expected-prod-group.json
 
 -- manifest.json --
 {

silent/tests/testdata/vu-group-multidir-all.txt

@@ -0,0 +1,82 @@
+dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+stderr 'created \| dependency-a \( from 1.2.3 to 1.2.5 \), dependency-b \( from 2.2.3 to 2.2.5 \)'
+pr-created foo/expected.json bar/expected.json
+
+-- foo/manifest.json --
+{
+  "dependency-a": { "version": "1.2.3" },
+  "dependency-b": { "version": "2.2.3" },
+  "no-update": { "version": "1.2.3" }
+}
+
+-- bar/manifest.json --
+{
+  "dependency-b": { "version": "2.2.3" },
+  "dependency-c": { "version": "3.2.3" },
+  "no-update": { "version": "1.2.3" }
+}
+
+-- foo/expected.json --
+{
+  "dependency-a": { "version": "1.2.5" },
+  "dependency-b": { "version": "2.2.5" },
+  "no-update": { "version": "1.2.3" }
+}
+
+-- bar/expected.json --
+{
+  "dependency-b": { "version": "2.2.5" },
+  "dependency-c": { "version": "3.2.5" },
+  "no-update": { "version": "1.2.3" }
+}
+
+-- dependency-a --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.2.5"
+  ]
+}
+
+-- dependency-b --
+{
+  "versions": [
+    "2.2.3",
+    "2.2.4",
+    "2.2.5"
+  ]
+}
+
+-- dependency-c --
+{
+  "versions": [
+    "3.2.3",
+    "3.2.4",
+    "3.2.5"
+  ]
+}
+
+-- no-update --
+{
+  "versions": [
+    "1.2.3"
+  ]
+}
+
+-- input.yml --
+job:
+  package-manager: "silent"
+  source:
+    directories:
+      - "/foo"
+      - "/bar"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  dependency-groups:
+    - name: first
+      rules:
+        patterns:
+          - "*"

silent/tests/testdata/vu-group-multidir-pattern.txt

@@ -0,0 +1,99 @@
+dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+stdout -count=3 'create_pull_request'
+pr-created foo/expected-group.json bar/expected-group.json
+pr-created foo/expected-individual.json
+pr-created bar/expected-individual.json
+
+# Tests that the related dependencies are updated together, and the others get individual PRs.
+
+-- foo/manifest.json --
+{
+  "related-a": { "version": "1.2.3" },
+  "related-b": { "version": "1.2.3" },
+  "dependency-a": { "version": "1.2.3" }
+}
+
+-- bar/manifest.json --
+{
+  "related-c": { "version": "1.2.3" },
+  "dependency-a": { "version": "1.2.3" }
+}
+
+-- foo/expected-group.json --
+{
+  "related-a": { "version": "1.2.5" },
+  "related-b": { "version": "1.2.5" },
+  "dependency-a": { "version": "1.2.3" }
+}
+
+-- bar/expected-group.json --
+{
+  "related-c": { "version": "1.2.5" },
+  "dependency-a": { "version": "1.2.3" }
+}
+
+-- foo/expected-individual.json --
+{
+  "related-a": { "version": "1.2.3" },
+  "related-b": { "version": "1.2.3" },
+  "dependency-a": { "version": "1.2.5" }
+}
+
+-- bar/expected-individual.json --
+{
+  "related-c": { "version": "1.2.3" },
+  "dependency-a": { "version": "1.2.5" }
+}
+
+-- dependency-a --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.2.5"
+  ]
+}
+
+-- related-a --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.2.5"
+  ]
+}
+
+-- related-b --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.2.5"
+  ]
+}
+
+-- related-c --
+{
+  "versions": [
+    "1.2.3",
+    "1.2.4",
+    "1.2.5"
+  ]
+}
+
+-- input.yml --
+job:
+  package-manager: "silent"
+  source:
+    directories:
+      - "/foo"
+      - "/bar"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  dependency-groups:
+    - name: related
+      rules:
+        patterns:
+          - "related-*"