From b599bcb315e644261f5350e46741b6b5459c56ae Mon Sep 17 00:00:00 2001 From: ricardojdsilva87 Date: Tue, 3 Dec 2024 21:50:42 +0000 Subject: [PATCH] fix: skip repo if no package manager found (#270) * fix: skip repo if no package manager found * feat: add gradle and devcontainers support + tests * feat: add test for dependabot extra configuration at env level * fix: add registries key if existing configuration dependabot configuration exists --- README.md | 2 +- dependabot_file.py | 20 ++++++++++++++++ env.py | 4 ++++ evergreen.py | 33 ++++++++------------------ test_dependabot_file.py | 51 +++++++++++++++++++++++++++++++++++++---- test_env.py | 20 ++++++++++++++++ 6 files changed, 101 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 4a1df1d..81cd47d 100644 --- a/README.md +++ b/README.md @@ -160,7 +160,7 @@ maven: password: "${{secrets.password}}" ``` -The principal key of each configuration need to match the package managers that the [script is looking for](https://github.com/github/evergreen/blob/main/dependabot_file.py#L78). +The principal key of each configuration need to match the package managers that the [script is looking for](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem). The `dependabot.yaml` created file will look like the following with the `registries:` key added: diff --git a/dependabot_file.py b/dependabot_file.py index f877ec4..c8c5c2c 100644 --- a/dependabot_file.py +++ b/dependabot_file.py @@ -54,6 +54,8 @@ def make_dependabot_config( if extra_dependabot_config: ecosystem_config = extra_dependabot_config.get(ecosystem) if ecosystem_config: + if "registries" not in dependabot_config: + dependabot_config.update({"registries": {}}) dependabot_config["registries"][ecosystem] = ecosystem_config dependabot_config["updates"][-1].update( {"registries": [SingleQuotedScalarString(ecosystem)]} @@ -184,6 +186,7 @@ def build_dependabot_file( ], "docker": ["Dockerfile"], "maven": ["pom.xml"], + "gradle": ["build.gradle", "build.gradle.kts"], } # Detect package managers where manifest files have known names @@ -242,6 +245,23 @@ def build_dependabot_file( break except github3.exceptions.NotFoundError: pass + if "devcontainers" not in exempt_ecosystems_list: + try: + for file in repo.directory_contents(".devcontainer"): + if file[0] == "devcontainer.json": + package_managers_found["devcontainers"] = True + make_dependabot_config( + "devcontainers", + group_dependencies, + schedule, + schedule_day, + labels, + dependabot_file, + extra_dependabot_config, + ) + break + except github3.exceptions.NotFoundError: + pass if any(package_managers_found.values()): return dependabot_file diff --git a/env.py b/env.py index 76e5d47..a5e5396 100644 --- a/env.py +++ b/env.py @@ -344,6 +344,10 @@ def get_env_vars( labels_list = [label.lower().strip() for label in labels_str.split(",")] dependabot_config_file = os.getenv("DEPENDABOT_CONFIG_FILE") + if dependabot_config_file and not os.path.exists(dependabot_config_file): + raise ValueError( + f"No dependabot extra configuration found. Please create one in {dependabot_config_file}" + ) return ( organization, diff --git a/evergreen.py b/evergreen.py index f34ee30..9ddbadc 100644 --- a/evergreen.py +++ b/evergreen.py @@ -1,8 +1,6 @@ """This file contains the main() and other functions needed to open an issue/PR dependabot is not enabled but could be""" -import base64 import io -import os import sys import uuid from datetime import datetime @@ -123,26 +121,15 @@ def main(): # pragma: no cover yaml = ruamel.yaml.YAML() yaml.preserve_quotes = True # If running locally on a computer the local file takes precedence over the one existent on the repository - if os.path.exists(dependabot_config_file): - try: - with open( - dependabot_config_file, "r", encoding="utf-8" - ) as extra_dependabot_config: - extra_dependabot_config = yaml.load(extra_dependabot_config) - except ruamel.yaml.YAMLError as e: - print(f"YAML indentation error: {e}") - continue - else: - try: - extra_dependabot_config = check_existing_config( - repo, dependabot_config_file - ).content - extra_dependabot_config = yaml.load( - base64.b64decode(extra_dependabot_config) - ) - except ruamel.yaml.YAMLError as e: - print(f"YAML indentation error: {e}") - continue + try: + with open( + dependabot_config_file, "r", encoding="utf-8" + ) as extra_dependabot_config: + extra_dependabot_config = yaml.load(extra_dependabot_config) + except ruamel.yaml.YAMLError as e: + print(f"YAML indentation error: {e}") + continue + else: # If no dependabot configuration file is present set the variable empty extra_dependabot_config = None @@ -173,7 +160,7 @@ def main(): # pragma: no cover print("\tNo (new) compatible package manager found") continue - yaml.dump(dependabot_file, stream) + dependabot_file = yaml.dump(dependabot_file, stream) dependabot_file = stream.getvalue() # If dry_run is set, just print the dependabot file diff --git a/test_dependabot_file.py b/test_dependabot_file.py index 8816538..bed3264 100644 --- a/test_dependabot_file.py +++ b/test_dependabot_file.py @@ -205,8 +205,7 @@ def test_build_dependabot_file_with_extra_dependabot_config_file(self): # expected_result maintains existing ecosystem with custom configuration # and adds new ecosystem - extra_dependabot_config = MagicMock() - extra_dependabot_config.content = base64.b64encode( + extra_dependabot_config = yaml.load( b""" npm: type: 'npm' @@ -215,9 +214,6 @@ def test_build_dependabot_file_with_extra_dependabot_config_file(self): password: '${{secrets.password}}' """ ) - extra_dependabot_config = yaml.load( - base64.b64decode(extra_dependabot_config.content) - ) expected_result = yaml.load( b""" @@ -448,6 +444,26 @@ def test_build_dependabot_file_with_maven(self): ) self.assertEqual(result, expected_result) + def test_build_dependabot_file_with_gradle(self): + """Test that the dependabot.yml file is built correctly with gradle""" + repo = MagicMock() + repo.file_contents.side_effect = lambda filename: filename == "build.gradle" + + expected_result = yaml.load( + b""" +version: 2 +updates: + - package-ecosystem: 'gradle' + directory: '/' + schedule: + interval: 'weekly' +""" + ) + result = build_dependabot_file( + repo, False, [], {}, None, "weekly", "", [], None + ) + self.assertEqual(result, expected_result) + def test_build_dependabot_file_with_terraform_with_files(self): """Test that the dependabot.yml file is built correctly with Terraform""" repo = MagicMock() @@ -498,6 +514,31 @@ def test_build_dependabot_file_with_terraform_without_files(self): ) self.assertIsNone(result) + def test_build_dependabot_file_with_devcontainers(self): + """Test that the dependabot.yml file is built correctly with devcontainers""" + repo = MagicMock() + response = MagicMock() + response.status_code = 404 + repo.file_contents.side_effect = github3.exceptions.NotFoundError(resp=response) + repo.directory_contents.side_effect = lambda path: ( + [("devcontainer.json", None)] if path == ".devcontainer" else [] + ) + + expected_result = yaml.load( + b""" +version: 2 +updates: + - package-ecosystem: 'devcontainers' + directory: '/' + schedule: + interval: 'weekly' +""" + ) + result = build_dependabot_file( + repo, False, [], None, None, "weekly", "", [], None + ) + self.assertEqual(result, expected_result) + def test_build_dependabot_file_with_github_actions(self): """Test that the dependabot.yml file is built correctly with GitHub Actions""" repo = MagicMock() diff --git a/test_env.py b/test_env.py index d3e2331..95fc9f1 100644 --- a/test_env.py +++ b/test_env.py @@ -1301,6 +1301,26 @@ def test_get_env_vars_project_id_not_a_number(self): "PROJECT_ID environment variable is not numeric", ) + @patch.dict( + os.environ, + { + "ORGANIZATION": "my_organization", + "GH_TOKEN": "my_token", + "SCHEDULE": "weekly", + "DEPENDABOT_CONFIG_FILE": "config.yaml", + }, + clear=True, + ) + def test_get_env_vars_with_dependabot_config_file_set_but_not_found(self): + """Test that no dependabot file configuration is present and the DEPENDABOT_CONFIG_FILE is set""" + with self.assertRaises(ValueError) as context_manager: + get_env_vars(True) + the_exception = context_manager.exception + self.assertEqual( + str(the_exception), + "No dependabot extra configuration found. Please create one in config.yaml", + ) + if __name__ == "__main__": unittest.main()