Skip to content

Commit

Permalink
Fix updating to tags with a branch with same name
Browse files Browse the repository at this point in the history
When detecting whether a workflow file is pinned, we were assuming it's
not pinned if there's a branch that matches the ref specified in the
workflow file.

However, if there's also a tag with the same name, that should probably take
priority, since that's what users will expect in this case.
  • Loading branch information
deivid-rodriguez committed Oct 20, 2022
1 parent 3126006 commit e1a8c49
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 2 deletions.
10 changes: 8 additions & 2 deletions common/lib/dependabot/git_commit_checker.rb
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,14 @@ def pinned?
return true if branch
return true if dependency.version&.start_with?(ref)

# Check the specified `ref` isn't actually a branch
!local_upload_pack.match?(%r{ refs/heads/#{ref}$})
# If the specified `ref` is actually a tag, we're pinned
return true if local_upload_pack.match?(%r{ refs/tags/#{ref}$})

# If the specified `ref` is actually a branch, we're NOT pinned
return false if local_upload_pack.match?(%r{ refs/heads/#{ref}$})

# Otherwise, assume we're pinned
true
end

def pinned_ref_looks_like_version?
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,12 @@
end
end

context "and the latest version being also a branch" do
let(:upload_pack_fixture) { "msbuild" }

it { is_expected.to eq(Dependabot::GithubActions::Version.new("1.1.3")) }
end

context "that is a major-only tag of the the latest version" do
let(:reference) { "v1" }
it { is_expected.to eq(Dependabot::GithubActions::Version.new("v1")) }
Expand Down
68 changes: 68 additions & 0 deletions github_actions/spec/fixtures/git/upload_packs/msbuild
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
001e# service=git-upload-pack
000001560b44c6745b7e81956596964100aadb92d667c497 HEAD multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/master filter object-format=sha1 agent=git/github-gcaaf1c4b6630
005b0fc2502ca49f277016260bdd89c70e0c16a7cf4e refs/heads/dependabot/npm_and_yarn/ajv-6.12.6
006db7835cef05cc81bdb8c67ea14346cdcd7c89fd81 refs/heads/dependabot/npm_and_yarn/json-schema-and-jsprim-0.4.0
005b1d97ad85a9755ff291da008c63fe2b08238535e5 refs/heads/dependabot/npm_and_yarn/tmpl-1.0.5
003c6a8fedefe94395d1c2193b87c6d83224d6e87569 refs/heads/dev
003f0b44c6745b7e81956596964100aadb92d667c497 refs/heads/master
003ffc16ae6170877cd889e5d735ea9d41c2362078b2 refs/heads/v1.0.0
003f8dc49dbd173d2e84b142c0b65eef06ad36ccc82c refs/heads/v1.0.1
003fc26a08ba26249b81327e26f6ef381897b6a8754d refs/heads/v1.0.2
003f9546707e6b8f513d3a2af998e51e3b995c9fbe81 refs/heads/v1.0.3
003fab534842b4bdf384b8aaf93765dc6f721d9f5fab refs/heads/v1.1.0
003fb381dbabab030b2d16c2c87be6e0fdfadb75628a refs/heads/v1.1.1
003fd6496d378fd258c01b23231ffff1e73808f126e7 refs/heads/v1.1.2
003f34cfbaee7f672c76950673338facd8a73f637506 refs/heads/v1.1.3
003e2008f912f56e61277eefaac6d1888b750582aa16 refs/pull/1/head
003f93e160075a116879b0927816549540701146b3e5 refs/pull/11/head
003fc4f3bee2c44d35fbdd918d508c6bca44132fad82 refs/pull/12/head
003fc9ef9479351644e79a048f53964bbd9d357ead05 refs/pull/14/head
003f9c9a1a34a4c6a9f36400e23e479b9c33ec98a4bb refs/pull/15/head
003ff05df80b32f8b835cfbd3b002f3bb3f59f9a4d43 refs/pull/16/head
003f341cfb53e30b7748ba6bfdf007e641462556042a refs/pull/17/head
003f0d4f73260bc92ffdfd6052dd962cc5ccb954575b refs/pull/19/head
003f06c9a7f31c273c6a22e43aa4e92c2a185a4d9dee refs/pull/21/head
003fe82103acef14ac8c7dd76d6997a4ba7cfda1bcfc refs/pull/22/head
004028d2c305055d6141bd15ff04523719117a574a48 refs/pull/22/merge
003f0b5643901b0999aee1e981a4ae1c8bbf7e90484d refs/pull/23/head
003fa0858ffef3d2e5dd0a5d785f4875c4b6285add75 refs/pull/25/head
003fcbeaa72a9f112eb29acac0430556277b10e00a49 refs/pull/31/head
003f4813f144a2145028fee526004a6b6aac0c2d80a5 refs/pull/37/head
003f1c5a706e2695e453c6919dd43f598dbd445b73d6 refs/pull/39/head
003ff00648bcdcfd5713fb8347b4f927ad51fbafc8c7 refs/pull/40/head
003f7626c90a395f6403e9bf21ea09cd14ef7f000931 refs/pull/46/head
003fbabd7930ed54e6f5cb5f9ee592b6031216cb4255 refs/pull/51/head
003f9afe006fef5dd1c8b6ab1eae71caec99bb2f7e5c refs/pull/52/head
003f047d9a067883f2e2ea6cd9a08bbc2b2d6bbeddb5 refs/pull/53/head
003f455ec54ae7025c970e5fc4dc9a14283e7298883f refs/pull/56/head
003f412f2703681bd1e2107f511ab857c92252afb803 refs/pull/57/head
003e43cd4ebaecd8cd9bf7c95fc18edbdba1252d7482 refs/pull/6/head
003f9546707e6b8f513d3a2af998e51e3b995c9fbe81 refs/pull/60/head
003f2cbcfcb79598175f7aebe742012225f5a8657d31 refs/pull/61/head
003f1d97ad85a9755ff291da008c63fe2b08238535e5 refs/pull/62/head
00402667aad3e9773cef990d798a6286b44fd72b17f4 refs/pull/62/merge
003f84e0d709b2c782782b075c1f5a7173b76b6115b2 refs/pull/65/head
003f281b95dea87d381cd268f481dc51b7ef5da8fa04 refs/pull/66/head
0040cd91c225762ecb1e922c2b7474c80b35be65019c refs/pull/66/merge
003fce3de01b52669a228622f9e280b9f068c7cf4163 refs/pull/68/head
003f0fc2502ca49f277016260bdd89c70e0c16a7cf4e refs/pull/75/head
00402f7844feb6aa4bf20998c09b4b94ba3b261d970a refs/pull/75/merge
003f7a1ab92e6cf81d5a6b4797ad4c4dd0cfcb428e80 refs/pull/87/head
003f50f8578df565ecf193e9bbbf6acd76c66b34d92e refs/pull/89/head
003e70efaa8b2d06055da6239191f0ae35144119b4c5 refs/pull/9/head
003fd6496d378fd258c01b23231ffff1e73808f126e7 refs/pull/90/head
003fb7835cef05cc81bdb8c67ea14346cdcd7c89fd81 refs/pull/91/head
00408199e0cbd1e75594a89361cf458ee38b093fa95a refs/pull/91/merge
003f71b0754fb20d8beb7590e2cd1a91a12bbda4324f refs/pull/92/head
003f34cfbaee7f672c76950673338facd8a73f637506 refs/pull/94/head
003a127f7c3fc66419bb77fc6703c497db0e1e3e8c74 refs/tags/v1
003d34cfbaee7f672c76950673338facd8a73f637506 refs/tags/v1^{}
003e8dc49dbd173d2e84b142c0b65eef06ad36ccc82c refs/tags/v1.0.1
003ec26a08ba26249b81327e26f6ef381897b6a8754d refs/tags/v1.0.2
003e9546707e6b8f513d3a2af998e51e3b995c9fbe81 refs/tags/v1.0.3
003c4ec49e314e52344e4b6e3aba15a3c519f7129419 refs/tags/v1.1
003f34cfbaee7f672c76950673338facd8a73f637506 refs/tags/v1.1^{}
003ed6496d378fd258c01b23231ffff1e73808f126e7 refs/tags/v1.1.2
003e905a7b699b34b9b34158ec6b839167581ce1db62 refs/tags/v1.1.3
004134cfbaee7f672c76950673338facd8a73f637506 refs/tags/v1.1.3^{}
0000

0 comments on commit e1a8c49

Please sign in to comment.