| |
| |
|
|
| require "octokit" |
| require "sorbet-runtime" |
|
|
| require "dependabot/clients/github_with_retries" |
| require "dependabot/pull_request_creator/commit_signer" |
| require "dependabot/pull_request_updater" |
|
|
| module Dependabot |
| class PullRequestUpdater |
| class Github |
| extend T::Sig |
|
|
| sig { returns(Dependabot::Source) } |
| attr_reader :source |
|
|
| sig { returns(T::Array[Dependabot::DependencyFile]) } |
| attr_reader :files |
|
|
| sig { returns(String) } |
| attr_reader :base_commit |
|
|
| sig { returns(String) } |
| attr_reader :old_commit |
|
|
| sig { returns(T::Array[Dependabot::Credential]) } |
| attr_reader :credentials |
|
|
| sig { returns(Integer) } |
| attr_reader :pull_request_number |
|
|
| sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) } |
| attr_reader :author_details |
|
|
| sig { returns(T.nilable(String)) } |
| attr_reader :signature_key |
|
|
| sig do |
| params( |
| source: Dependabot::Source, |
| base_commit: String, |
| old_commit: String, |
| files: T::Array[Dependabot::DependencyFile], |
| credentials: T::Array[Dependabot::Credential], |
| pull_request_number: Integer, |
| author_details: T.nilable(T::Hash[Symbol, T.untyped]), |
| signature_key: T.nilable(String) |
| ) |
| .void |
| end |
| def initialize( |
| source:, |
| base_commit:, |
| old_commit:, |
| files:, |
| credentials:, |
| pull_request_number:, |
| author_details: nil, |
| signature_key: nil |
| ) |
| @source = source |
| @base_commit = base_commit |
| @old_commit = old_commit |
| @files = files |
| @credentials = credentials |
| @pull_request_number = pull_request_number |
| @author_details = author_details |
| @signature_key = signature_key |
| end |
|
|
| sig { returns(T.nilable(Sawyer::Resource)) } |
| def update |
| return unless pull_request_exists? |
| return unless branch_exists?(pull_request.head.ref) |
|
|
| commit = create_commit |
| branch = update_branch(commit) |
| update_pull_request_target_branch |
| branch |
| end |
|
|
| private |
|
|
| sig { void } |
| def update_pull_request_target_branch |
| target_branch = source.branch || pull_request.base.repo.default_branch |
| return if target_branch == pull_request.base.ref |
|
|
| T.unsafe(github_client_for_source).update_pull_request( |
| source.repo, |
| pull_request_number, |
| base: target_branch |
| ) |
| rescue Octokit::UnprocessableEntity => e |
| handle_pr_update_error(e) |
| end |
|
|
| sig { params(error: Octokit::Error).void } |
| def handle_pr_update_error(error) |
| |
| return if error.message.match?(/closed pull request/i) |
|
|
| |
| return if error.message.include?("field: base") && |
| source.branch && |
| !branch_exists?(T.must(source.branch)) |
|
|
| raise error |
| end |
|
|
| sig { returns(Dependabot::Clients::GithubWithRetries) } |
| def github_client_for_source |
| @github_client_for_source ||= |
| T.let( |
| Dependabot::Clients::GithubWithRetries.for_source( |
| source: source, |
| credentials: credentials |
| ), |
| T.nilable(Dependabot::Clients::GithubWithRetries) |
| ) |
| end |
|
|
| sig { returns(T::Boolean) } |
| def pull_request_exists? |
| pull_request |
| true |
| rescue Octokit::NotFound |
| false |
| end |
|
|
| sig { returns(T.untyped) } |
| def pull_request |
| @pull_request ||= |
| T.let( |
| T.unsafe(github_client_for_source).pull_request( |
| source.repo, |
| pull_request_number |
| ), |
| T.untyped |
| ) |
| end |
|
|
| sig { params(name: String).returns(T::Boolean) } |
| def branch_exists?(name) |
| T.unsafe(github_client_for_source).branch(source.repo, name) |
| true |
| rescue Octokit::NotFound |
| false |
| end |
|
|
| sig { returns(T.untyped) } |
| def create_commit |
| tree = create_tree |
|
|
| options = author_details&.any? ? { author: author_details } : {} |
|
|
| if options[:author]&.any? && signature_key |
| options[:author][:date] = Time.now.utc.iso8601 |
| options[:signature] = commit_signature(tree, options[:author]) |
| end |
|
|
| begin |
| T.unsafe(github_client_for_source).create_commit( |
| source.repo, |
| commit_message, |
| tree.sha, |
| base_commit, |
| options |
| ) |
| rescue Octokit::UnprocessableEntity => e |
| raise unless e.message == "Tree SHA does not exist" |
|
|
| |
| |
| retry_count ||= 0 |
| retry_count += 1 |
| raise if retry_count > 10 |
|
|
| sleep(rand(1..1.99)) |
| retry |
| end |
| end |
|
|
| sig { returns(T.untyped) } |
| def create_tree |
| file_trees = files.map do |file| |
| if file.type == "submodule" |
| { |
| path: file.path.sub(%r{^/}, ""), |
| mode: Dependabot::DependencyFile::Mode::SUBMODULE, |
| type: "commit", |
| sha: file.content |
| } |
| else |
| content = if file.operation == Dependabot::DependencyFile::Operation::DELETE |
| { sha: nil } |
| elsif file.binary? |
| sha = T.unsafe(github_client_for_source).create_blob( |
| source.repo, file.content, "base64" |
| ) |
| { sha: sha } |
| else |
| { content: file.content } |
| end |
|
|
| { |
| path: file.realpath, |
| mode: Dependabot::DependencyFile::Mode::FILE, |
| type: "blob" |
| }.merge(content) |
| end |
| end |
|
|
| T.unsafe(github_client_for_source).create_tree( |
| source.repo, |
| file_trees, |
| base_tree: base_commit |
| ) |
| end |
|
|
| BRANCH_PROTECTION_ERROR_MESSAGES = T.let( |
| [ |
| /protected branch/i, |
| /not authorized to push/i, |
| /must not contain merge commits/i, |
| /required status check/i, |
| /cannot force-push to this branch/i, |
| /pull request for this branch has been added to a merge queue/i, |
| |
| /commits must have verified signatures/i, |
| /changes must be made through a pull request/i |
| ].freeze, |
| T::Array[Regexp] |
| ) |
|
|
| sig { params(commit: T.untyped).returns(T.untyped) } |
| def update_branch(commit) |
| T.unsafe(github_client_for_source).update_ref( |
| source.repo, |
| "heads/" + pull_request.head.ref, |
| commit.sha, |
| true |
| ) |
| rescue Octokit::UnprocessableEntity => e |
| |
| return nil if e.message.match?(/Reference does not exist/i) |
| return nil if e.message.match?(/Reference cannot be updated/i) |
|
|
| raise BranchProtected, e.message if BRANCH_PROTECTION_ERROR_MESSAGES.any? { |msg| e.message.match?(msg) } |
|
|
| raise |
| end |
|
|
| sig { returns(String) } |
| def commit_message |
| fallback_message = |
| "#{pull_request.title}" \ |
| "\n\n" \ |
| "Dependabot couldn't find the original pull request head commit, " \ |
| "#{old_commit}." |
|
|
| |
| |
| commit_being_updated&.message || fallback_message |
| end |
|
|
| sig { returns(T.untyped) } |
| def commit_being_updated |
| return @commit_being_updated if defined?(@commit_being_updated) |
|
|
| @commit_being_updated = |
| T.let( |
| if pull_request.commits == 1 |
| T.unsafe(github_client_for_source) |
| .git_commit(source.repo, pull_request.head.sha) |
| else |
| commits = |
| T.unsafe(github_client_for_source) |
| .pull_request_commits(source.repo, pull_request_number) |
|
|
| commit = commits.find { |c| c.sha == old_commit } |
| commit&.commit |
| end, |
| T.untyped |
| ) |
| end |
|
|
| sig { params(tree: T.untyped, author_details_with_date: T::Hash[Symbol, T.untyped]).returns(String) } |
| def commit_signature(tree, author_details_with_date) |
| PullRequestCreator::CommitSigner.new( |
| author_details: author_details_with_date, |
| commit_message: commit_message, |
| tree_sha: tree.sha, |
| parent_sha: base_commit, |
| signature_key: T.must(signature_key) |
| ).signature |
| end |
| end |
| end |
| end |
|
|
