Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try to find pnpm-lock.yaml file upwards on tree structure #10806

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,20 @@ def pnpm_lock
return @pnpm_lock if defined?(@pnpm_lock)

@pnpm_lock ||= T.let(fetch_file_if_present(PNPMPackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))

return @pnpm_lock if @pnpm_lock || directory == "/"

# Loop through parent directories looking for a pnpm-lock
(1..directory.split("/").count).each do |i|
@pnpm_lock = fetch_file_from_host(("../" * i) + PNPMPackageManager::LOCKFILE_NAME)
.tap { |f| f.support_file = true }
break if @pnpm_lock
rescue Dependabot::DependencyFileNotFound
# Ignore errors (pnpm_lock.yaml may not be present)
nil
end

@pnpm_lock
end

sig { returns(T.nilable(DependencyFile)) }
Expand Down
68 changes: 68 additions & 0 deletions npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,62 @@
.to_return(status: 404)
end

context "when source points to nested project" do
let(:repo) { "dependabot-fixtures/projects/pnpm/workspace_v9" }
let(:directory) { "/packages/package1" }

before do
stub_request(:get, File.join(url, "packages/package1?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "contents_js_pnpm_workspace.json"),
headers: json_header
)
stub_request(:get, File.join(url, "packages/package1/package.json?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "package_json_content.json"),
headers: json_header
)
# FileFetcher will iterate trying to find `.npmrc` upwards in the folder tree
stub_request(:get, File.join(url, "packages/.npmrc?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 404,
body: nil,
headers: json_header
)
stub_request(:get, File.join(url, ".npmrc?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "package_json_content.json"),
headers: json_header
)
# FileFetcher will iterate trying to find `pnpm-lock.yaml` upwards in the folder tree
stub_request(:get, File.join(url, "packages/pnpm-lock.yaml?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 404,
body: nil,
headers: json_header
)
stub_request(:get, File.join(url, "pnpm-lock.yaml?ref=sha"))
.with(headers: { "Authorization" => "token token" })
.to_return(
status: 200,
body: fixture("github", "pnpm_lock_quotes_content.json"),
headers: json_header
)
end

it "fetches the pnpm-lock.yaml file at the root of the monorepo" do
expect(file_fetcher_instance.files.map(&:name)).to include("../../pnpm-lock.yaml")
end
end

context "when using older than 5.4 lockfile format" do
before do
stub_request(:get, File.join(url, "pnpm-lock.yaml?ref=sha"))
Expand Down Expand Up @@ -1195,6 +1251,12 @@
".yarnrc?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
stub_request(
:get,
"https://api.github.com/repos/gocardless/bump/contents/" \
"pnpm-lock.yaml?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
end

it "fetches package.json from the workspace dependencies" do
Expand Down Expand Up @@ -1758,6 +1820,12 @@
".yarnrc?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
stub_request(
:get,
"https://api.github.com/repos/gocardless/bump/contents/" \
"pnpm-lock.yaml?ref=sha"
).with(headers: { "Authorization" => "token token" })
.to_return(status: 404)
end

it "fetches package.json from the workspace dependencies" do
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
[
{
"name": "package.json",
"path": "package.json",
"sha": "58166807d223462b6b44dd016e0b31edb390d3f4",
"size": 329,
"url": "https://api.github.com/repos/org/repo/contents/package.json?ref=main",
"html_url": "https://github.com/org/repo/blob/main/package.json",
"git_url": "https://api.github.com/repos/org/repo/git/blobs/58166807d223462b6b44dd016e0b31edb390d3f4",
"download_url": "https://raw.githubusercontent.com/org/repo/main/package.json?token=ABMwe0apDiKCctWHnEHnszRBAebVHjQnks5WJWD9wA%3D%3D",
"type": "file",
"_links": {
"self": "https://api.github.com/repos/org/repo/contents/package.json?ref=main",
"git": "https://api.github.com/repos/org/repo/git/blobs/58166807d223462b6b44dd016e0b31edb390d3f4",
"html": "https://github.com/org/repo/blob/main/package.json"
}
}
]
Loading