Improve error handling for missing dependency versions for github act…

…ions (#11144)
dependabot · Dec 19, 2024 · 6c7a3b7 · 6c7a3b7
1 parent 5fabd3d
commit 6c7a3b7
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 0 deletions.
diff --git a/common/lib/dependabot/errors.rb b/common/lib/dependabot/errors.rb
@@ -144,6 +144,11 @@ def self.parser_error_details(error)
         "error-type": "git_dependencies_not_reachable",
         "error-detail": { "dependency-urls": error.dependency_urls }
       }
+    when Dependabot::UnresolvableVersionError
+      {
+        "error-type": "unresolvable_version",
+        "error-detail": { dependencies: error.dependencies }
+      }
     when Dependabot::NotImplemented
       {
         "error-type": "not_implemented",
@@ -661,6 +666,23 @@ def initialize(dependencies)
     end
   end
 
+  class UnresolvableVersionError < DependabotError
+    extend T::Sig
+
+    sig { returns(T::Array[String]) }
+    attr_reader :dependencies
+
+    sig { params(dependencies: T::Array[String]).void }
+    def initialize(dependencies)
+      @dependencies = dependencies
+
+      msg = "Unable to determine semantic version from tags or commits for dependencies. " \
+            "Dependencies must have a tag or commit that references a semantic version. " \
+            "Affected dependencies: #{@dependencies.join(', ')}"
+      super(msg)
+    end
+  end
+
   class GitDependenciesNotReachable < DependabotError
     extend T::Sig
 

diff --git a/github_actions/lib/dependabot/github_actions/file_parser.rb b/github_actions/lib/dependabot/github_actions/file_parser.rb
@@ -35,6 +35,12 @@ def parse
           dependency_set += workfile_file_dependencies(file)
         end
 
+        dependencies_without_version = dependency_set.dependencies.select { |dep| dep.version.nil? }
+        unless dependencies_without_version.empty?
+          raise UnresolvableVersionError,
+                dependencies_without_version.map(&:name)
+        end
+
         dependency_set.dependencies
       end
 

diff --git a/github_actions/spec/dependabot/github_actions/file_parser_spec.rb b/github_actions/spec/dependabot/github_actions/file_parser_spec.rb
@@ -560,5 +560,26 @@ def mock_service_pack_request(nwo)
         end
       end
     end
+
+    context "with an unresolvable version" do
+      let(:workflow_file_fixture_name) { "unresolved_version.yml" }
+      let(:service_pack_url) do
+        "https://github.com/taiki-e/install-action.git/info/refs" \
+          "?service=git-upload-pack"
+      end
+
+      before do
+        mock_service_pack_request("taiki-e/install-action")
+      end
+
+      it "raises an UnresolvableVersionError error" do
+        expect { parser.parse }.to raise_error(
+          Dependabot::UnresolvableVersionError,
+          "Unable to determine semantic version from tags or commits for dependencies. " \
+          "Dependencies must have a tag or commit that references a semantic version. " \
+          "Affected dependencies: taiki-e/install-action"
+        )
+      end
+    end
   end
 end
diff --git a/github_actions/spec/fixtures/workflow_files/unresolved_version.yml b/github_actions/spec/fixtures/workflow_files/unresolved_version.yml
@@ -0,0 +1,7 @@
+on: [push]
+
+name: Integration
+jobs:
+  chore:
+    steps:
+    - uses: taiki-e/install-action@nextest