Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try to find pnpm-lock.yaml file upwards on tree structure #10806

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+100 −0
Open

Try to find pnpm-lock.yaml file upwards on tree structure #10806

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
30ee1e7
Try to find pnpm-lock.yaml file upwards on tree structure
Yurickh Oct 17, 2024
3d6dfee
Address linting changes
Yurickh Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,20 @@ def pnpm_lock
return @pnpm_lock if defined?(@pnpm_lock)

@pnpm_lock ||= T.let(fetch_file_if_present("pnpm-lock.yaml"), T.nilable(DependencyFile))

return @pnpm_lock if @pnpm_lock || directory == "/"

# Loop through parent directories looking for a pnpm-lock
(1..directory.split("/").count).each do |i|
@pnpm_lock = fetch_file_from_host(("../" * i) + "pnpm-lock.yaml")
.tap { |f| f.support_file = true }
break if @pnpm_lock
rescue Dependabot::DependencyFileNotFound
# Ignore errors (pnpm_lock.yaml may not be present)
nil
end

@pnpm_lock
end

sig { returns(T.nilable(DependencyFile)) }
Expand Down
68 changes: 68 additions & 0 deletions npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,62 @@
.to_return(status: 404)
end

context "when source points to nested project" do
let(:repo) { "dependabot-fixtures/projects/pnpm/workspace_v9" }
let(:directory) { "/packages/package1" }

before do
stub_request(:get, File.join(url, "packages/package1?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "contents_js_pnpm_workspace.json"),
headers: json_header
)
stub_request(:get, File.join(url, "packages/package1/package.json?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "package_json_content.json"),
headers: json_header
)
# FileFetcher will iterate trying to find `.npmrc` upwards in the folder tree
stub_request(:get, File.join(url, "packages/.npmrc?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 404,
body: nil,
headers: json_header
)
stub_request(:get, File.join(url, ".npmrc?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "package_json_content.json"),
headers: json_header
)
# FileFetcher will iterate trying to find `pnpm-lock.yaml` upwards in the folder tree
stub_request(:get, File.join(url, "packages/pnpm-lock.yaml?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 404,
body: nil,
headers: json_header
)
stub_request(:get, File.join(url, "pnpm-lock.yaml?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "pnpm_lock_quotes_content.json"),
headers: json_header
)
end

it "fetches the pnpm-lock.yaml file at the root of the monorepo" do
expect(file_fetcher_instance.files.map(&:name)).to include("../../pnpm-lock.yaml")
end
end

context "when using older than 5.4 lockfile format" do
before do
stub_request(:get, File.join(url, "pnpm-lock.yaml?ref=sha"))
Expand Down Expand Up @@ -1192,6 +1248,12 @@
".yarnrc?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
stub_request(
:get,
"https://api.github.com/repos/gocardless/bump/contents/" \
"pnpm-lock.yaml?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
end

it "fetches package.json from the workspace dependencies" do
Expand Down Expand Up @@ -1755,6 +1817,12 @@
".yarnrc?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
stub_request(
:get,
"https://api.github.com/repos/gocardless/bump/contents/" \
"pnpm-lock.yaml?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
end

it "fetches package.json from the workspace dependencies" do
Expand Down
18 changes: 18 additions & 0 deletions npm_and_yarn/spec/fixtures/github/contents_js_pnpm_workspace.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
[
{
"name": "package.json",
"path": "package.json",
"sha": "58166807d223462b6b44dd016e0b31edb390d3f4",
"size": 329,
"url": "https://api.github.com/repos/org/repo/contents/package.json?ref=main",
"html_url": "https://github.com/org/repo/blob/main/package.json",
"git_url": "https://api.github.com/repos/org/repo/git/blobs/58166807d223462b6b44dd016e0b31edb390d3f4",
"download_url": "https://raw.githubusercontent.com/org/repo/main/package.json?token=ABMwe0apDiKCctWHnEHnszRBAebVHjQnks5WJWD9wA%3D%3D",
"type": "file",
"_links": {
"self": "https://api.github.com/repos/org/repo/contents/package.json?ref=main",
"git": "https://api.github.com/repos/org/repo/git/blobs/58166807d223462b6b44dd016e0b31edb390d3f4",
"html": "https://github.com/org/repo/blob/main/package.json"
}
}
]
Loading