Merge pull request #7722 from dependabot/deivid-rodriguez/swift-scp-uris

Support SCP-style URIs in Swift updater
dependabot · Aug 7, 2023 · 8b9d943 · 8b9d943
2 parents f9754d4 + 1302362
commit 8b9d943
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 5 deletions.
diff --git a/common/lib/dependabot/git_metadata_fetcher.rb b/common/lib/dependabot/git_metadata_fetcher.rb
@@ -177,7 +177,7 @@ def skip_git_suffix(uri)
       # (GitHub, GitLab, BitBucket) work with or without the suffix.
       # That change has other ramifications, so it'd be better if Azure started supporting ".git"
       # like all the other providers.
-      uri = "https://#{uri.split('git@').last.sub(%r{:/?}, '/')}" if uri.start_with?("git@")
+      uri = SharedHelpers.scp_to_standard(uri)
       uri = URI(uri)
       hostname = uri.hostname.to_s
       hostname == "dev.azure.com" || hostname.end_with?(".visualstudio.com")
@@ -186,8 +186,7 @@ def skip_git_suffix(uri)
     # Add in username and password if present in credentials.
     # Credentials are never present for production Dependabot.
     def uri_with_auth(uri)
-      # Handle SCP-style git URIs
-      uri = "https://#{uri.split('git@').last.sub(%r{:/?}, '/')}" if uri.start_with?("git@")
+      uri = SharedHelpers.scp_to_standard(uri)
       uri = URI(uri)
       cred = credentials.select { |c| c["type"] == "git_source" }.
              find { |c| uri.host == c["host"] }

diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb
@@ -191,6 +191,13 @@ def self.with_git_configured(credentials:)
       reset_global_git_config(backup_git_config_path)
     end
 
+    # Handle SCP-style git URIs
+    def self.scp_to_standard(uri)
+      return uri unless uri.start_with?("git@")
+
+      "https://#{uri.split('git@').last.sub(%r{:/?}, '/')}"
+    end
+
     def self.credential_helper_path
       File.join(__dir__, "../../bin/git-credential-store-immutable")
     end

diff --git a/swift/lib/dependabot/swift/file_parser/dependency_parser.rb b/swift/lib/dependabot/swift/file_parser/dependency_parser.rb
@@ -49,7 +49,7 @@ def subdependencies(data, level: 0)
 
         def all_dependencies(data, level: 0)
           identity = data["identity"]
-          url = data["url"]
+          url = SharedHelpers.scp_to_standard(data["url"])
           name = normalize(url)
           version = data["version"]
 

diff --git a/swift/lib/dependabot/swift/file_parser/manifest_parser.rb b/swift/lib/dependabot/swift/file_parser/manifest_parser.rb
@@ -20,7 +20,7 @@ def requirements
             # TODO: Support pinning to specific revisions
             next if requirement.start_with?("branch:", ".branch(", "revision:", ".revision(")
 
-            url == source[:url]
+            SharedHelpers.scp_to_standard(url) == source[:url]
           end
 
           return [] unless found

diff --git a/swift/spec/dependabot/swift/file_parser_spec.rb b/swift/spec/dependabot/swift/file_parser_spec.rb
@@ -228,4 +228,25 @@
 
     it_behaves_like "parse"
   end
+
+  context "with SCP-style URIs" do
+    let(:project_name) { "scp" }
+
+    let(:expectations) do
+      [
+        {
+          identity: "dummyswiftpackage",
+          name: "github.com/marcoeidinger/dummyswiftpackage",
+          url: "https://github.com/MarcoEidinger/DummySwiftPackage.git",
+          version: "1.0.0",
+          requirement: ">= 1.0.0, < 2.0.0",
+          declaration_string:
+            ".package(url: \"git@github.com:MarcoEidinger/DummySwiftPackage.git\", .upToNextMajor(from: \"1.0.0\"))",
+          requirement_string: ".upToNextMajor(from: \"1.0.0\")"
+        }
+      ]
+    end
+
+    it_behaves_like "parse"
+  end
 end
diff --git a/swift/spec/fixtures/projects/scp/Package.resolved b/swift/spec/fixtures/projects/scp/Package.resolved
@@ -0,0 +1,14 @@
+{
+  "pins" : [
+    {
+      "identity" : "dummyswiftpackage",
+      "kind" : "remoteSourceControl",
+      "location" : "git@github.com:MarcoEidinger/DummySwiftPackage.git",
+      "state" : {
+        "revision" : "039d607a58040dc8ef3c4e065b4cecfc3d7f95f4",
+        "version" : "1.0.0"
+      }
+    }
+  ],
+  "version" : 2
+}
diff --git a/swift/spec/fixtures/projects/scp/Package.swift b/swift/spec/fixtures/projects/scp/Package.swift
@@ -0,0 +1,24 @@
+// swift-tools-version: 5.8
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "swift-package-monitored-by-dependabot",
+    products: [
+        // Products define the executables and libraries a package produces, making them visible to other packages.
+        .library(
+            name: "swift-package-monitored-by-dependabot",
+            targets: ["swift-package-monitored-by-dependabot"]),
+    ],
+    dependencies: [.package(url: "git@github.com:MarcoEidinger/DummySwiftPackage.git", .upToNextMajor(from: "1.0.0")),
+    ],
+    targets: [
+        // Targets are the basic building blocks of a package, defining a module or a test suite.
+        // Targets can depend on other targets in this package and products from dependencies.
+        .target(
+            name: "swift-package-monitored-by-dependabot",
+            dependencies: [.product(name: "DummySwiftPackage", package: "DummySwiftPackage")]
+        )
+    ]
+)
diff --git a/...Sources/swift-package-monitored-by-dependabot/swift_package_monitored_by_dependabot.swift b/...Sources/swift-package-monitored-by-dependabot/swift_package_monitored_by_dependabot.swift
@@ -0,0 +1,2 @@
+// The Swift Programming Language
+// https://docs.swift.org/swift-book