dependabot · rhyskoedijk · Oct 23, 2024 · Oct 23, 2024
@@ -44,6 +44,7 @@ class Job
       security_advisories
       security_updates_only
       source
+      update_dependency_list_only
       update_subdependencies
       updating_a_pull_request
       vendor_dependencies
@@ -164,6 +165,7 @@ def initialize(attributes) # rubocop:disable Metrics/AbcSize
       @source                         = T.let(build_source(attributes.fetch(:source)), Dependabot::Source)
       @token                          = T.let(attributes.fetch(:token, nil), T.nilable(String))
       @update_subdependencies         = T.let(attributes.fetch(:update_subdependencies), T::Boolean)
+      @update_dependency_list_only    = T.let(attributes.fetch(:update_dependency_list_only, false), T::Boolean)
       @updating_a_pull_request        = T.let(attributes.fetch(:updating_a_pull_request), T::Boolean)
       @vendor_dependencies            = T.let(attributes.fetch(:vendor_dependencies, false), T::Boolean)
       # TODO: Make this hash required
@@ -216,6 +218,11 @@ def update_subdependencies?
       @update_subdependencies
     end
 
+    sig { returns(T::Boolean) }
+    def update_dependency_list_only?
+      @update_dependency_list_only
+    end
+
     sig { returns(T::Boolean) }
     def security_updates_only?
       @security_updates_only

@@ -32,6 +32,11 @@ def perform_job
 
         # Update the service's metadata about this project
         service.update_dependency_list(dependency_snapshot: dependency_snapshot)
+        if job.update_dependency_list_only?
+          # If the job is to only discover dependencies, there's nothing more to do,
+          # skip the updater, mark the job as processed and stop.
+          return service.mark_job_as_processed(dependency_snapshot.base_commit_sha)
+        end
 
         # TODO: Pull fatal error handling handling up into this class
         #

@@ -39,6 +39,7 @@
       lockfile_only: lockfile_only,
       requirements_update_strategy: nil,
       update_subdependencies: false,
+      update_dependency_list_only: update_dependency_list_only,
       updating_a_pull_request: false,
       vendor_dependencies: vendor_dependencies,
       experiments: experiments,
@@ -56,6 +57,7 @@
   let(:package_manager) { "bundler" }
   let(:lockfile_only) { false }
   let(:security_updates_only) { false }
+  let(:update_dependency_list_only) { false }
   let(:allowed_updates) do
     [
       {
@@ -411,6 +413,18 @@
     end
   end
 
+  describe "#update_dependency_list_only?" do
+    subject { job.update_dependency_list_only? }
+
+    it { is_expected.to be(false) }
+
+    context "with update dependency list only allowed" do
+      let(:update_dependency_list_only) { true }
+
+      it { is_expected.to be(true) }
+    end
+  end
+
   describe "#experiments" do
     it "handles nil values" do
       expect(job.experiments).to eq({})

@@ -92,6 +92,37 @@
         perform_job
       end
     end
+
+    context "with update_dependency_list_only" do
+      let(:snapshot) do
+        instance_double(Dependabot::DependencySnapshot,
+                        base_commit_sha: "1c6331732c41e4557a16dacb82534f1d1c831848")
+      end
+      let(:repo_contents_path) { "repo/path" }
+
+      let(:job_definition) do
+        JSON.parse(fixture("file_fetcher_output/update_dependency_list_only_output.json"))
+      end
+
+      before do
+        allow(Dependabot::Environment).to receive(:repo_contents_path).and_return(repo_contents_path)
+        allow(Dependabot::DependencySnapshot).to receive(:create_from_job_definition).and_return(snapshot)
+      end
+
+      it "sends dependency metadata to the service" do
+        expect(service).to receive(:update_dependency_list)
+          .with(dependency_snapshot: snapshot)
+
+        perform_job
+      end
+
+      it "does not delegate to Dependabot::Updater" do
+        expect(Dependabot::Updater)
+          .not_to receive(:new)
+
+        perform_job
+      end
+    end
   end
 
   describe "#perform_job when there is an error parsing the dependency files" do

@@ -0,0 +1,53 @@
+{
+  "job": {
+    "allowed-updates": [],
+    "credentials": [
+      {
+        "type": "git_source",
+        "host": "github.com",
+        "username": "x-access-token",
+        "password": "v1.exampletokenfromgithubinityesitisforsure"
+      }
+    ],
+    "credentials-metadata": [
+      {
+        "type": "git_source",
+        "host": "github.com"
+      }
+    ],
+    "dependencies": null,
+    "directory": "/",
+    "existing-pull-requests": [],
+    "ignore-conditions": [],
+    "security-advisories": [],
+    "package_manager": "bundler",
+    "repo-name": "dependabot-fixtures/dependabot-test-discovery",
+    "source": {
+      "provider": "github",
+      "repo": "dependabot-fixtures/dependabot-test-discovery",
+      "directory": "/",
+      "branch": null,
+      "hostname": "github.com",
+      "api-endpoint": "https://api.github.com/"
+    },
+    "lockfile-only": false,
+    "requirements-update-strategy": null,
+    "update-subdependencies": false,
+    "update_dependency_list_only": true,
+    "updating-a-pull-request": false,
+    "vendor-dependencies": true,
+    "security-updates-only": false
+  },
+  "base64_dependency_files":[
+     {
+        "name":"dependabot-test-discovery.gemspec",
+        "content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n",
+        "directory":"/",
+        "type":"file",
+        "support_file":false,
+        "content_encoding":"utf-8",
+        "deleted":false
+     }
+  ],
+  "base_commit_sha":"1c6331732c41e4557a16dacb82534f1d1c831848"
+}