fix incorrect parsing of directory when using dependency-group

dependabot · Oct 24, 2024 · b007b47 · b007b47
1 parent 06ea45a
commit b007b47
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 5 deletions.
diff --git a/src/dependabot/update_metadata.test.ts b/src/dependabot/update_metadata.test.ts
@@ -398,6 +398,100 @@ test('it handles branch names with hyphen separator and multiple dependencies',
   expect(updatedDependencies[0].directory).toEqual('/')
 })
 
+test('it handles branch names when it has dependency-group and non-root directory', async () => {
+  const commitMessage = `Bumps the eslint group in /first-package with 1 update: [eslint](https://github.com/eslint/eslint).
+
+
+Updates \`eslint\` from 9.12.0 to 9.13.0
+- [Release notes](https://github.com/eslint/eslint/releases)
+- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
+- [Commits](eslint/[email protected])
+
+---
+updated-dependencies:
+- dependency-name: eslint
+  dependency-type: direct:development
+  update-type: version-update:semver-minor
+  dependency-group: eslint
+...
+
+Signed-off-by: dependabot[bot] <[email protected]>`
+
+  const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
+  const getScore = async () => Promise.resolve(43)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/npm_and_yarn/first-package/eslint-3c401b8a51', 'main', getAlert, getScore)
+
+  expect(updatedDependencies[0].directory).toEqual('/first-package')
+})
+
+test('it handles branch names when it has dependency-group and root directory', async () => {
+  const commitMessage = `Bumps the eslint group in /first-package with 1 update: [eslint](https://github.com/eslint/eslint).
+
+
+Updates \`eslint\` from 9.12.0 to 9.13.0
+- [Release notes](https://github.com/eslint/eslint/releases)
+- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
+- [Commits](eslint/[email protected])
+
+---
+updated-dependencies:
+- dependency-name: eslint
+  dependency-type: direct:development
+  update-type: version-update:semver-minor
+  dependency-group: eslint
+...
+
+Signed-off-by: dependabot[bot] <[email protected]>`
+
+  const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
+  const getScore = async () => Promise.resolve(43)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/npm_and_yarn/first-package/eslint-3c401b8a51', 'main', getAlert, getScore)
+
+  expect(updatedDependencies[0].directory).toEqual('/first-package')
+})
+
+test('it handles branch names when it has dependency-group with multiple dependencies and non-root directory', async () => {
+  const commitMessage = `Bumps the grouped-dependencies group with 3 updates in the /first-package directory: [eslint](https://github.com/eslint/eslint), [rimraf](https://github.com/isaacs/rimraf) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
+
+
+Updates \`eslint\` from 9.12.0 to 9.13.0
+- [Release notes](https://github.com/eslint/eslint/releases)
+- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
+- [Commits](eslint/[email protected])
+
+Updates \`rimraf\` from 5.0.10 to 6.0.1
+- [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md)
+- [Commits](isaacs/[email protected])
+
+Updates \`vitest\` from 1.6.0 to 2.1.3
+- [Release notes](https://github.com/vitest-dev/vitest/releases)
+- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.3/packages/vitest)
+
+---
+updated-dependencies:
+- dependency-name: eslint
+  dependency-type: direct:development
+  update-type: version-update:semver-minor
+  dependency-group: grouped-dependencies
+- dependency-name: rimraf
+  dependency-type: direct:development
+  update-type: version-update:semver-major
+  dependency-group: grouped-dependencies
+- dependency-name: vitest
+  dependency-type: direct:development
+  update-type: version-update:semver-major
+  dependency-group: grouped-dependencies
+...
+
+Signed-off-by: dependabot[bot] <[email protected]>`
+
+  const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
+  const getScore = async () => Promise.resolve(43)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/npm_and_yarn/first-package/grouped-dependencies-b23a7a6750', 'main', getAlert, getScore)
+
+  expect(updatedDependencies[0].directory).toEqual('/first-package')
+})
+
 test('calculateUpdateType should handle all paths', () => {
   expect(updateMetadata.calculateUpdateType('', '')).toEqual('')
   expect(updateMetadata.calculateUpdateType('', '1')).toEqual('')

diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts
@@ -28,7 +28,7 @@ export interface scoreLookup {
     (dependencyName: string, previousVersion: string, newVersion: string, ecosystem: string): Promise<number>;
 }
 
-function branchNameToDirectoryName (chunks: string[], delimiter: string, updatedDependencies: any): string {
+function branchNameToDirectoryName (chunks: string[], delimiter: string, updatedDependencies: any, dependencyGroup: string): string {
   // We can always slice after the first 2 pieces, because they will always contain "dependabot" followed by the name
   // of the package ecosystem. e.g. "dependabot/npm_and_yarn".
   const sliceStart = 2
@@ -39,6 +39,15 @@ function branchNameToDirectoryName (chunks: string[], delimiter: string, updated
     sliceEnd -= 1
   }
 
+  if (dependencyGroup) {
+    // After replacing "/" in the dependency group with the delimiter, which could also be "/", we count how many pieces
+    // the dependency group would split into by the delimiter, and slicing that amount off the end of the branch name.
+    // e.g. "eslint/plugins" and a delimiter of "-" would show up in the branch name as "eslint-plugins".
+    sliceEnd -= dependencyGroup.replace('/', delimiter).split(delimiter).length
+
+    return `/${chunks.slice(sliceStart, sliceEnd).join('/')}`
+  }
+
   // If there is more than 1 dependency name being updated, we assume 1 piece of the branch name will be "and".
   if (updatedDependencies.length > 1) {
     sliceEnd -= 1
@@ -74,7 +83,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
     const dependencyGroup = groupName?.groups?.name ?? ''
 
     if (data['updated-dependencies']) {
-      const dirname = branchNameToDirectoryName(chunks, delim, data['updated-dependencies'])
+      const dirname = branchNameToDirectoryName(chunks, delim, data['updated-dependencies'], dependencyGroup)
 
       return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => {
         const lastVersion = index === 0 ? prev : ''

diff --git a/src/main.test.ts b/src/main.test.ts
@@ -270,7 +270,7 @@ test('it supports returning information about grouped updates', async () => {
         dependencyName: 'github.com/docker/cli',
         dependencyType: 'direct:production',
         updateType: 'version-update:semver-patch',
-        directory: '/',
+        directory: '/gh-base-image',
         packageEcosystem: 'docker',
         targetBranch: 'trunk',
         prevVersion: '',
@@ -286,7 +286,7 @@ test('it supports returning information about grouped updates', async () => {
         dependencyName: 'github.com/docker/docker',
         dependencyType: 'direct:production',
         updateType: 'version-update:semver-patch',
-        directory: '/',
+        directory: '/gh-base-image',
         packageEcosystem: 'docker',
         targetBranch: 'trunk',
         prevVersion: '',
@@ -302,7 +302,7 @@ test('it supports returning information about grouped updates', async () => {
         dependencyName: 'github.com/moby/moby',
         dependencyType: 'direct:production',
         updateType: 'version-update:semver-patch',
-        directory: '/',
+        directory: '/gh-base-image',
         packageEcosystem: 'docker',
         targetBranch: 'trunk',
         prevVersion: '',