Merge branch 'main' into azure-devops-support

dependabot · Dec 21, 2023 · 9042fb6 · 9042fb6
2 parents 1061b56 + 97066f1
commit 9042fb6
Show file tree

Hide file tree

Showing 6 changed files with 145 additions and 57 deletions.
diff --git a/go.mod b/go.mod
@@ -12,6 +12,7 @@ require (
 	github.com/moby/sys/signal v0.7.0
 	github.com/spf13/cobra v1.8.0
 	gopkg.in/yaml.v3 v3.0.1
+	rsc.io/script v0.0.2-0.20231205190631-334f6c18cff3
 )
 
 require (
@@ -35,11 +36,11 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
-	golang.org/x/tools v0.10.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gotest.tools/v3 v3.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -90,8 +90,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -102,8 +102,8 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -123,8 +123,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
-golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -138,3 +138,5 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo=
 gotest.tools/v3 v3.3.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
+rsc.io/script v0.0.2-0.20231205190631-334f6c18cff3 h1:2vM6uMBq2/Dou/Wzu2p+yUFkuI3lgMbX0UYfVnzh0ck=
+rsc.io/script v0.0.2-0.20231205190631-334f6c18cff3/go.mod h1:cKBjCtFBBeZ0cbYFRXkRoxP+xGqhArPa9t3VWhtXfzU=
diff --git a/testdata/scripts/basic.txt b/testdata/scripts/basic.txt
@@ -0,0 +1,27 @@
+# Build the dummy Dockerfile
+exec docker build -qt dummy-updater .
+
+# Run the dependabot command
+dependabot update go_modules dependabot/cli --updater-image dummy-updater
+
+# assert the dummy is working
+stderr 'bin/run arguments: fetch_files'
+stderr 'bin/run arguments: update_files'
+
+-- Dockerfile --
+FROM ubuntu:22.04
+
+RUN useradd dependabot
+
+COPY --chown=dependabot --chmod=755 update-ca-certificates /usr/bin/update-ca-certificates
+COPY --chown=dependabot --chmod=755 run bin/run
+
+-- update-ca-certificates --
+#!/usr/bin/env bash
+
+echo "Updated those certificates for ya"
+
+-- run --
+#!/usr/bin/env bash
+
+echo "bin/run arguments: $@"
diff --git a/testdata/scripts/input.txt b/testdata/scripts/input.txt
@@ -0,0 +1,36 @@
+# This test tries to verify that the proper job.json is written based on command line arguments.
+
+exec docker build -qt input-verify-updater .
+
+dependabot update go_modules dependabot/cli --updater-image input-verify-updater
+stderr '"package-manager":"go_modules"'
+stderr '"repo":"dependabot/cli"'
+
+dependabot update go_modules dependabot/cli --commit 1278c8d7503f9881eb969959446e2c3a5a0cce2d --updater-image input-verify-updater
+stderr '"commit":"1278c8d7503f9881eb969959446e2c3a5a0cce2d"'
+
+! dependabot update go_modules dependabot/cli --commit unknown --updater-image input-verify-updater
+stderr 'commit must be a SHA, or not provided'
+
+dependabot update go_modules dependabot/cli --dep golang.org/x/image --updater-image input-verify-updater
+stderr '"allowed-updates":\[\{"dependency-name":"golang.org/x/image"\}\]'
+
+-- Dockerfile --
+FROM ubuntu:22.04
+
+RUN useradd dependabot
+
+COPY --chown=dependabot --chmod=755 update-ca-certificates /usr/bin/update-ca-certificates
+COPY --chown=dependabot --chmod=755 run bin/run
+
+-- update-ca-certificates --
+#!/usr/bin/env bash
+
+echo "Updated those certificates for ya"
+
+-- run --
+#!/usr/bin/env bash
+
+echo "Not sure why but unless I echo here the json doesn't output"
+
+cat /home/dependabot/dependabot-updater/job.json
diff --git a/tests/dependabot_test.go b/tests/dependabot_test.go
@@ -0,0 +1,71 @@
+package tests
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"rsc.io/script"
+	"rsc.io/script/scripttest"
+	"testing"
+)
+
+func TestDependabot(t *testing.T) {
+	ctx := context.Background()
+	engine := &script.Engine{
+		Conds: scripttest.DefaultConds(),
+		Cmds:  Commands(),
+		Quiet: !testing.Verbose(),
+	}
+	env := []string{
+		"PATH=" + os.Getenv("PATH"),
+	}
+	scripttest.Test(t, ctx, engine, env, "../testdata/scripts/*.txt")
+}
+
+// Commands returns the commands that can be used in the scripts.
+// Each line of the scripts are <command> <args...>
+// So if you enter "dependabot update go_modules rsc/quote", it will run
+// the Dependabot() function with args "update go_modules rsc/quote".
+// When you use "echo" in the scripts it's actually running the echo command
+// from the scripttest package.
+func Commands() map[string]script.Cmd {
+	commands := scripttest.DefaultCmds()
+
+	// additional Dependabot commands
+	commands["dependabot"] = Dependabot()
+
+	return commands
+}
+
+// Dependabot runs the Dependabot CLI. TODO Should this build once then execute thereafter?
+func Dependabot() script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "runs the Dependabot CLI",
+			Args:    "[<package_manager> <repo> | -f <input.yml>] [flags]",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			if len(args) == 0 {
+				return nil, script.ErrUsage
+			}
+
+			args = append([]string{"run", "../cmd/dependabot/dependabot.go"}, args...)
+			execCmd := exec.Command("go", args...)
+
+			var execOut, execErr bytes.Buffer
+			execCmd.Stdout = &execOut
+			execCmd.Stderr = &execErr
+
+			if err := execCmd.Start(); err != nil {
+				return nil, fmt.Errorf("failed to run dependabot: %w", err)
+			}
+
+			wait := func(*script.State) (stdout, stderr string, err error) {
+				err = execCmd.Wait()
+				return execOut.String(), execErr.String(), err
+			}
+			return wait, nil
+		})
+}
diff --git a/tests/integration_test.go b/tests/integration_test.go