From 134a5459cc7c30de0a3bf2dc361ea13bb85fa580 Mon Sep 17 00:00:00 2001 From: Ankit Honey Date: Wed, 14 Aug 2024 13:58:04 -0700 Subject: [PATCH] Added Missing Regex for Allowlist Dependency Files (#10389) * added submodules regex * added missing poetry.lock in updated_files_regex * remove unwanted comma * added better comment * fixed lint error * added regex to support vendor files for bundler and go ecosystem * nested regex and test case added for bundler * regex test case added for cargo * regex test case added for composer * regex test case added for devcontainers * fixed lint issue for bundler #updated_files_regex test * regex test case added for docker * regex test case added for elm, submodules, go, gradle * regex test case added for hex and fix for gradle and github_actions * regex test case added for npm, yarn, nuget, maven and fix for hex * regex test case added for pub, python, swift and regexfix for python * fixed nuget regex error and python lint error * fixed lint issue in gradle ecosystem * added nuget.config and NuGet.Config to test for not updating it * fix the nuget.config case * added feature flag for production rollout * replace ff to use boolean variable passed via api * fixed lint issue in hex and nuget rspec --- .../lib/dependabot/bundler/file_updater.rb | 26 ++++++--- .../dependabot/bundler/file_updater_spec.rb | 46 ++++++++++++++++ cargo/lib/dependabot/cargo/file_updater.rb | 2 +- .../dependabot/cargo/file_updater_spec.rb | 38 +++++++++++++ common/lib/dependabot/file_updaters/base.rb | 4 +- .../lib/dependabot/composer/file_updater.rb | 2 +- .../dependabot/composer/file_updater_spec.rb | 38 +++++++++++++ .../dependabot/devcontainers/file_updater.rb | 4 +- .../devcontainers/file_updater_spec.rb | 40 ++++++++++++++ docker/lib/dependabot/docker/file_updater.rb | 4 +- .../dependabot/docker/file_updater_spec.rb | 43 +++++++++++++++ elm/lib/dependabot/elm/file_updater.rb | 2 +- elm/spec/dependabot/elm/file_updater_spec.rb | 37 +++++++++++++ .../dependabot/git_submodules/file_updater.rb | 15 ++++-- .../git_submodules/file_updater_spec.rb | 40 ++++++++++++++ .../dependabot/github_actions/file_updater.rb | 11 ++-- .../github_actions/file_updater_spec.rb | 38 +++++++++++++ .../lib/dependabot/go_modules/file_updater.rb | 21 +++++--- .../go_modules/file_updater_spec.rb | 41 ++++++++++++++ gradle/lib/dependabot/gradle/file_updater.rb | 14 ++++- .../dependabot/gradle/file_updater_spec.rb | 42 +++++++++++++++ hex/lib/dependabot/hex/file_updater.rb | 20 ++++--- hex/spec/dependabot/hex/file_updater_spec.rb | 40 ++++++++++++++ maven/lib/dependabot/maven/file_updater.rb | 2 +- .../dependabot/maven/file_updater_spec.rb | 43 +++++++++++++++ .../dependabot/npm_and_yarn/file_updater.rb | 29 ++++++---- .../npm_and_yarn/file_updater_spec.rb | 49 +++++++++++++++++ nuget/lib/dependabot/nuget/file_updater.rb | 42 ++++++++++----- .../dependabot/nuget/file_updater_spec.rb | 54 +++++++++++++++++++ pub/lib/dependabot/pub/file_updater.rb | 4 +- pub/spec/dependabot/pub/file_updater_spec.rb | 39 ++++++++++++++ python/lib/dependabot/python/file_updater.rb | 39 +++++++++----- .../dependabot/python/file_updater_spec.rb | 51 ++++++++++++++++++ swift/lib/dependabot/swift/file_updater.rb | 2 +- .../dependabot/swift/file_updater_spec.rb | 41 ++++++++++++++ .../lib/dependabot/terraform/file_updater.rb | 2 +- .../dependabot/terraform/file_updater_spec.rb | 48 +++++++++++++++++ 37 files changed, 937 insertions(+), 76 deletions(-) diff --git a/bundler/lib/dependabot/bundler/file_updater.rb b/bundler/lib/dependabot/bundler/file_updater.rb index d393eba98d4..224b179e91d 100644 --- a/bundler/lib/dependabot/bundler/file_updater.rb +++ b/bundler/lib/dependabot/bundler/file_updater.rb @@ -14,14 +14,24 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/gemspec_updater" require_relative "file_updater/lockfile_updater" - def self.updated_files_regex - [ - /^Gemfile$/, - /^Gemfile\.lock$/, - /^gems\.rb$/, - /^gems\.locked$/, - /^*\.gemspec$/ - ] + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory + %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$}, + # Matches the same files in any subdirectory + %r{^.*\/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$} + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [ + /^Gemfile$/, + /^Gemfile\.lock$/, + /^gems\.rb$/, + /^gems\.locked$/, + /^*\.gemspec$/ + ] + end end # rubocop:disable Metrics/PerceivedComplexity diff --git a/bundler/spec/dependabot/bundler/file_updater_spec.rb b/bundler/spec/dependabot/bundler/file_updater_spec.rb index 347e6b803ec..0bfbac86bbf 100644 --- a/bundler/spec/dependabot/bundler/file_updater_spec.rb +++ b/bundler/spec/dependabot/bundler/file_updater_spec.rb @@ -54,6 +54,52 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "Gemfile", + "Gemfile.lock", + "gems.rb", + "gems.locked", + "some_project.gemspec", + "vendor/cache/business-1.5.0.gem", + "backend/Gemfile", + "backend/Gemfile.lock", + "backend/gems.rb", + "backend/gems.locked" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/cargo/lib/dependabot/cargo/file_updater.rb b/cargo/lib/dependabot/cargo/file_updater.rb index 9e8f0eb12bb..965e68ddf58 100644 --- a/cargo/lib/dependabot/cargo/file_updater.rb +++ b/cargo/lib/dependabot/cargo/file_updater.rb @@ -13,7 +13,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/manifest_updater" require_relative "file_updater/lockfile_updater" - def self.updated_files_regex + def self.updated_files_regex(_ = false) [ /^Cargo\.toml$/, /^Cargo\.lock$/ diff --git a/cargo/spec/dependabot/cargo/file_updater_spec.rb b/cargo/spec/dependabot/cargo/file_updater_spec.rb index 89cc94eb4e2..b9cb6157688 100644 --- a/cargo/spec/dependabot/cargo/file_updater_spec.rb +++ b/cargo/spec/dependabot/cargo/file_updater_spec.rb @@ -55,6 +55,44 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "Cargo.toml", + "Cargo.lock" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/common/lib/dependabot/file_updaters/base.rb b/common/lib/dependabot/file_updaters/base.rb index 1132dc6fd61..5bf5e7958ec 100644 --- a/common/lib/dependabot/file_updaters/base.rb +++ b/common/lib/dependabot/file_updaters/base.rb @@ -28,8 +28,8 @@ class Base sig { returns(T::Hash[Symbol, T.untyped]) } attr_reader :options - sig { overridable.returns(T::Array[Regexp]) } - def self.updated_files_regex + sig { overridable.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) raise NotImplementedError end diff --git a/composer/lib/dependabot/composer/file_updater.rb b/composer/lib/dependabot/composer/file_updater.rb index 62201f533f3..c0675cbafc9 100644 --- a/composer/lib/dependabot/composer/file_updater.rb +++ b/composer/lib/dependabot/composer/file_updater.rb @@ -12,7 +12,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/manifest_updater" require_relative "file_updater/lockfile_updater" - def self.updated_files_regex + def self.updated_files_regex(_ = false) [ /^composer\.json$/, /^composer\.lock$/ diff --git a/composer/spec/dependabot/composer/file_updater_spec.rb b/composer/spec/dependabot/composer/file_updater_spec.rb index 6e62afa8b4e..ed60d05a658 100644 --- a/composer/spec/dependabot/composer/file_updater_spec.rb +++ b/composer/spec/dependabot/composer/file_updater_spec.rb @@ -50,6 +50,44 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "composer.json", + "composer.lock" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/devcontainers/lib/dependabot/devcontainers/file_updater.rb b/devcontainers/lib/dependabot/devcontainers/file_updater.rb index e792014aec3..c841db26de2 100644 --- a/devcontainers/lib/dependabot/devcontainers/file_updater.rb +++ b/devcontainers/lib/dependabot/devcontainers/file_updater.rb @@ -12,8 +12,8 @@ module Devcontainers class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex + sig { override.params(_: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(_ = false) [ /^\.?devcontainer\.json$/, /^\.?devcontainer-lock\.json$/ diff --git a/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb b/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb index 1feac12a7e8..63f0c571a0b 100644 --- a/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb +++ b/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb @@ -27,6 +27,46 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "devcontainer.json", + ".devcontainer.json", + "devcontainer-lock.json", + ".devcontainer-lock.json" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_dependency_files) { updater.updated_dependency_files } diff --git a/docker/lib/dependabot/docker/file_updater.rb b/docker/lib/dependabot/docker/file_updater.rb index c0100cffe9f..be67fcbb5b8 100644 --- a/docker/lib/dependabot/docker/file_updater.rb +++ b/docker/lib/dependabot/docker/file_updater.rb @@ -17,8 +17,8 @@ class FileUpdater < Dependabot::FileUpdaters::Base YAML_REGEXP = /^[^\.].*\.ya?ml$/i DOCKER_REGEXP = /dockerfile/i - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex + sig { override.params(_: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(_ = false) [ DOCKER_REGEXP, YAML_REGEXP diff --git a/docker/spec/dependabot/docker/file_updater_spec.rb b/docker/spec/dependabot/docker/file_updater_spec.rb index 135c0050605..370b6ac88ec 100644 --- a/docker/spec/dependabot/docker/file_updater_spec.rb +++ b/docker/spec/dependabot/docker/file_updater_spec.rb @@ -141,6 +141,49 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "Dockerfile", + "dockerfile", + "my_dockerfile", + "myapp.yaml", + "config.yml", + "service.yaml", + "v1_tag.yaml" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/elm/lib/dependabot/elm/file_updater.rb b/elm/lib/dependabot/elm/file_updater.rb index b3012250772..26dedea56da 100644 --- a/elm/lib/dependabot/elm/file_updater.rb +++ b/elm/lib/dependabot/elm/file_updater.rb @@ -9,7 +9,7 @@ module Elm class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/elm_json_updater" - def self.updated_files_regex + def self.updated_files_regex(_ = false) [ /^elm\.json$/ ] diff --git a/elm/spec/dependabot/elm/file_updater_spec.rb b/elm/spec/dependabot/elm/file_updater_spec.rb index 684ff0b0eb1..92ca408ceff 100644 --- a/elm/spec/dependabot/elm/file_updater_spec.rb +++ b/elm/spec/dependabot/elm/file_updater_spec.rb @@ -58,6 +58,43 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "elm.json" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/git_submodules/lib/dependabot/git_submodules/file_updater.rb b/git_submodules/lib/dependabot/git_submodules/file_updater.rb index 355264577ea..53f08e5b92f 100644 --- a/git_submodules/lib/dependabot/git_submodules/file_updater.rb +++ b/git_submodules/lib/dependabot/git_submodules/file_updater.rb @@ -11,9 +11,18 @@ module GitSubmodules class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + /^\.gitmodules$/, # Matches the .gitmodules file in the root directory + %r{^.+/\.git$}, # Matches the .git file inside any submodule directory + %r{^\.git/modules/.+} # Matches any files under .git/modules directory where submodule data is stored + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [] + end end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb b/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb index c5eda319b23..616accf2ff5 100644 --- a/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb +++ b/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb @@ -66,6 +66,46 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + ".gitmodules", + "submodule/.git", + ".git/modules/submodule/config", + ".git/modules/another/config" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/github_actions/lib/dependabot/github_actions/file_updater.rb b/github_actions/lib/dependabot/github_actions/file_updater.rb index 98338624aba..4dbdaa7bef8 100644 --- a/github_actions/lib/dependabot/github_actions/file_updater.rb +++ b/github_actions/lib/dependabot/github_actions/file_updater.rb @@ -12,9 +12,14 @@ module GithubActions class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [%r{\.github/workflows/.+\.ya?ml$}] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [%r{\.github/workflows?/.+\.ya?ml$}] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [%r{\.github/workflows/.+\.ya?ml$}] + end end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb index 003a2f6f312..6aea7061c00 100644 --- a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb +++ b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb @@ -68,6 +68,44 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + ".github/workflow/main.yml", + ".github/workflows/ci-test.yaml", + ".github/workflows/workflow.yml" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/go_modules/lib/dependabot/go_modules/file_updater.rb b/go_modules/lib/dependabot/go_modules/file_updater.rb index 514bcae499c..55217b24175 100644 --- a/go_modules/lib/dependabot/go_modules/file_updater.rb +++ b/go_modules/lib/dependabot/go_modules/file_updater.rb @@ -33,12 +33,21 @@ def initialize(dependencies:, dependency_files:, credentials:, repo_contents_pat use_repo_contents_stub if repo_contents_path.nil? end - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [ - /^go\.mod$/, - /^go\.sum$/ - ] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + /^go\.mod$/, + /^go\.sum$/, + %r{^vendor/.*} + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [ + /^go\.mod$/, + /^go\.sum$/ + ] + end end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/go_modules/spec/dependabot/go_modules/file_updater_spec.rb b/go_modules/spec/dependabot/go_modules/file_updater_spec.rb index 72558293ad4..2fd1a80adb7 100644 --- a/go_modules/spec/dependabot/go_modules/file_updater_spec.rb +++ b/go_modules/spec/dependabot/go_modules/file_updater_spec.rb @@ -67,6 +67,47 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "go.mod", + "go.sum", + "vendor/modules.txt", + "vendor/github.com/example/package/package.go", + "vendor/golang.org/x/text/unicode.go" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/gradle/lib/dependabot/gradle/file_updater.rb b/gradle/lib/dependabot/gradle/file_updater.rb index b459bfc6b03..736cab96eb7 100644 --- a/gradle/lib/dependabot/gradle/file_updater.rb +++ b/gradle/lib/dependabot/gradle/file_updater.rb @@ -17,8 +17,18 @@ class FileUpdater < Dependabot::FileUpdaters::Base SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze - def self.updated_files_regex - [/^build\.gradle(\.kts)?$/, %r{/build\.gradle(\.kts)?$}, %r{/gradle/libs\.versions\.toml$}] + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + # Matches build.gradle or build.gradle.kts in root directory + %r{(^|.*/)build\.gradle(\.kts)?$}, + # Matches gradle/libs.versions.toml in root or any subdirectory + %r{(^|.*/)?gradle/libs\.versions\.toml$} + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [/^build\.gradle(\.kts)?$/, %r{/build\.gradle(\.kts)?$}, %r{/gradle/libs\.versions\.toml$}] + end end def updated_dependency_files diff --git a/gradle/spec/dependabot/gradle/file_updater_spec.rb b/gradle/spec/dependabot/gradle/file_updater_spec.rb index d32207d8fee..b7ee532022a 100644 --- a/gradle/spec/dependabot/gradle/file_updater_spec.rb +++ b/gradle/spec/dependabot/gradle/file_updater_spec.rb @@ -53,6 +53,48 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "build.gradle", + "build.gradle.kts", + "subproject/build.gradle", + "subproject/build.gradle.kts", + "gradle/libs.versions.toml", + "subproject/gradle/libs.versions.toml" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/hex/lib/dependabot/hex/file_updater.rb b/hex/lib/dependabot/hex/file_updater.rb index ecd5aa30192..45b1c74ef1d 100644 --- a/hex/lib/dependabot/hex/file_updater.rb +++ b/hex/lib/dependabot/hex/file_updater.rb @@ -14,12 +14,20 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/mixfile_updater" require_relative "file_updater/lockfile_updater" - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [ - /^mix\.exs$/, - /^mix\.lock$/ - ] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + /^.*mix\.exs$/, + /^.*mix\.lock$/ + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [ + /^mix\.exs$/, + /^mix\.lock$/ + ] + end end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/hex/spec/dependabot/hex/file_updater_spec.rb b/hex/spec/dependabot/hex/file_updater_spec.rb index 50de57bcc58..90dafa1fb6b 100644 --- a/hex/spec/dependabot/hex/file_updater_spec.rb +++ b/hex/spec/dependabot/hex/file_updater_spec.rb @@ -56,6 +56,46 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "mix.exs", + "mix.lock", + "apps/dependabot_business/mix.exs", + "apps/dependabot_web/mix.exs" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/maven/lib/dependabot/maven/file_updater.rb b/maven/lib/dependabot/maven/file_updater.rb index ac0c12d5311..5e50c30a3f7 100644 --- a/maven/lib/dependabot/maven/file_updater.rb +++ b/maven/lib/dependabot/maven/file_updater.rb @@ -11,7 +11,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/declaration_finder" require_relative "file_updater/property_value_updater" - def self.updated_files_regex + def self.updated_files_regex(_ = false) [ /^pom\.xml$/, %r{/pom\.xml$}, /.*\.xml$/, %r{/.*\.xml$}, diff --git a/maven/spec/dependabot/maven/file_updater_spec.rb b/maven/spec/dependabot/maven/file_updater_spec.rb index 85538fc1f9f..6f31df0e9fd 100644 --- a/maven/spec/dependabot/maven/file_updater_spec.rb +++ b/maven/spec/dependabot/maven/file_updater_spec.rb @@ -78,6 +78,49 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "pom.xml", + "subproject/pom.xml", + "extensions.xml", + "subproject/extensions.xml", + "somefile.xml", + "subproject/somefile.xml", + "configs/pom.xml", + "configs/somefile.xml" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb index 7cfac79f307..a87e03a8cfb 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb @@ -30,15 +30,26 @@ def sentry_context end end - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [ - /^package\.json$/, - /^package-lock\.json$/, - /^npm-shrinkwrap\.json$/, - /^yarn\.lock$/, - /^pnpm-lock\.yaml$/ - ] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + %r{^(?:.*\/)?package\.json$}, + %r{^(?:.*\/)?package-lock\.json$}, + %r{^(?:.*\/)?npm-shrinkwrap\.json$}, + %r{^(?:.*\/)?yarn\.lock$}, + %r{^(?:.*\/)?pnpm-lock\.yaml$} + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [ + /^package\.json$/, + /^package-lock\.json$/, + /^npm-shrinkwrap\.json$/, + /^yarn\.lock$/, + /^pnpm-lock\.yaml$/ + ] + end end sig { override.returns(T::Array[DependencyFile]) } diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb index 326d97cd8cb..2064dc71d2c 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb @@ -63,6 +63,55 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "package.json", + "package-lock.json", + "npm-shrinkwrap.json", + "yarn.lock", + "pnpm-lock.yaml", + "subdirectory/package.json", + "subdirectory/package-lock.json", + "subdirectory/npm-shrinkwrap.json", + "subdirectory/yarn.lock", + "subdirectory/pnpm-lock.yaml", + "apps/dependabot_business/package.json", + "packages/package1/package.json", + "packages/package2/yarn.lock" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "Gemfile", + "Gemfile.lock" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/nuget/lib/dependabot/nuget/file_updater.rb b/nuget/lib/dependabot/nuget/file_updater.rb index 9477b83c2cd..76b9ab9588c 100644 --- a/nuget/lib/dependabot/nuget/file_updater.rb +++ b/nuget/lib/dependabot/nuget/file_updater.rb @@ -16,19 +16,35 @@ module Nuget class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [ - %r{^[^/]*\.([a-z]{2})?proj$}, - /^packages\.config$/i, - /^app\.config$/i, - /^web\.config$/i, - /^global\.json$/i, - /^dotnet-tools\.json$/i, - /^Directory\.Build\.props$/i, - /^Directory\.Build\.targets$/i, - /^Packages\.props$/i - ] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + /^.*\.([a-z]{2})?proj$/, + /^packages\.config$/i, + /^app\.config$/i, + /^web\.config$/i, + /^global\.json$/i, + /^dotnet-tools\.json$/i, + /^Directory\.Build\.props$/i, + /^Directory\.Build\.targets$/i, + /^Packages\.props$/i + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [ + %r{^[^/]*\.([a-z]{2})?proj$}, + /^.*\.([a-z]{2})?proj$/, + /^packages\.config$/i, + /^app\.config$/i, + /^web\.config$/i, + /^global\.json$/i, + /^dotnet-tools\.json$/i, + /^Directory\.Build\.props$/i, + /^Directory\.Build\.targets$/i, + /^Packages\.props$/i + ] + end end sig { params(original_content: T.nilable(String), updated_content: String).returns(T::Boolean) } diff --git a/nuget/spec/dependabot/nuget/file_updater_spec.rb b/nuget/spec/dependabot/nuget/file_updater_spec.rb index 2ad439d5ef5..be715767104 100644 --- a/nuget/spec/dependabot/nuget/file_updater_spec.rb +++ b/nuget/spec/dependabot/nuget/file_updater_spec.rb @@ -110,6 +110,60 @@ def intercept_native_tools(discovery_content_hash:) end end + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "project.csproj", + "library.fsproj", + "app.vbproj", + "packages.config", + "app.config", + "web.config", + "global.json", + "dotnet-tools.json", + "Directory.Build.props", + "Directory.Build.targets", + "Packages.props", + "Proj1/Proj1/Proj1.csproj" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json", + "Gemfile", + "Gemfile.lock", + "NuGet.Config", + "nuget.config", + "Proj1/Proj1/NuGet.Config", + "Proj1/Proj1/test/nuGet.config" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do before do intercept_native_tools( diff --git a/pub/lib/dependabot/pub/file_updater.rb b/pub/lib/dependabot/pub/file_updater.rb index 83d1bc8edf4..2e1ae18ea7b 100644 --- a/pub/lib/dependabot/pub/file_updater.rb +++ b/pub/lib/dependabot/pub/file_updater.rb @@ -13,8 +13,8 @@ class FileUpdater < Dependabot::FileUpdaters::Base include Dependabot::Pub::Helpers - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex + sig { override.params(_: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(_ = false) [ /^pubspec\.yaml$/, /^pubspec\.lock$/ diff --git a/pub/spec/dependabot/pub/file_updater_spec.rb b/pub/spec/dependabot/pub/file_updater_spec.rb index eac37910f23..6597193dc52 100644 --- a/pub/spec/dependabot/pub/file_updater_spec.rb +++ b/pub/spec/dependabot/pub/file_updater_spec.rb @@ -72,6 +72,45 @@ def lockfile(files) files.find { |f| f.name == "pubspec.lock" }.content end + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "pubspec.yaml", + "pubspec.lock" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "requirements.txt", + "package-lock.json", + "package.json", + "Gemfile", + "Gemfile.lock" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files unlock none" do let(:dependency) do Dependabot::Dependency.new( diff --git a/python/lib/dependabot/python/file_updater.rb b/python/lib/dependabot/python/file_updater.rb index cc02c3160b4..d597bec6af0 100644 --- a/python/lib/dependabot/python/file_updater.rb +++ b/python/lib/dependabot/python/file_updater.rb @@ -17,18 +17,33 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/poetry_file_updater" require_relative "file_updater/requirement_file_updater" - sig { override.returns(T::Array[Regexp]) } - def self.updated_files_regex - [ - /^Pipfile$/, - /^Pipfile\.lock$/, - /.*\.txt$/, - /.*\.in$/, - /^setup\.py$/, - /^setup\.cfg$/, - /^pyproject\.toml$/, - /^pyproject\.lock$/ - ] + sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } + def self.updated_files_regex(allowlist_enabled = false) + if allowlist_enabled + [ + /^.*Pipfile$/, # Match Pipfile at any level + /^.*Pipfile\.lock$/, # Match Pipfile.lock at any level + /^.*\.txt$/, # Match any .txt files (e.g., requirements.txt) at any level + /^.*\.in$/, # Match any .in files at any level + /^.*setup\.py$/, # Match setup.py at any level + /^.*setup\.cfg$/, # Match setup.cfg at any level + /^.*pyproject\.toml$/, # Match pyproject.toml at any level + /^.*pyproject\.lock$/, # Match pyproject.lock at any level + /^.*poetry\.lock$/ # Match poetry.lock at any level + ] + else + # Old regex. After 100% rollout of the allowlist, this will be removed. + [ + /^Pipfile$/, + /^Pipfile\.lock$/, + /.*\.txt$/, + /.*\.in$/, + /^setup\.py$/, + /^setup\.cfg$/, + /^pyproject\.toml$/, + /^pyproject\.lock$/ + ] + end end sig { override.returns(T::Array[DependencyFile]) } diff --git a/python/spec/dependabot/python/file_updater_spec.rb b/python/spec/dependabot/python/file_updater_spec.rb index bb92ae6f9a6..2254fe64117 100644 --- a/python/spec/dependabot/python/file_updater_spec.rb +++ b/python/spec/dependabot/python/file_updater_spec.rb @@ -57,6 +57,57 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + + let(:allowlist_enabled) { true } + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "Pipfile", + "Pipfile.lock", + "requirements.txt", + "constraints.txt", + "some_dependency.in", + "setup.py", + "setup.cfg", + "pyproject.toml", + "pyproject.lock", + "poetry.lock", + "subdirectory/Pipfile", + "subdirectory/requirements.txt", + "requirements/test.in", + "requirements/test.txt" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "package-lock.json", + "package.json", + "Gemfile", + "Gemfile.lock" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_files) { updater.updated_dependency_files } diff --git a/swift/lib/dependabot/swift/file_updater.rb b/swift/lib/dependabot/swift/file_updater.rb index fc5e7fd72d1..92ece7fe17a 100644 --- a/swift/lib/dependabot/swift/file_updater.rb +++ b/swift/lib/dependabot/swift/file_updater.rb @@ -9,7 +9,7 @@ module Dependabot module Swift class FileUpdater < Dependabot::FileUpdaters::Base - def self.updated_files_regex + def self.updated_files_regex(_ = false) [ /Package(@swift-\d(\.\d){0,2})?\.swift/, /^Package\.resolved$/ diff --git a/swift/spec/dependabot/swift/file_updater_spec.rb b/swift/spec/dependabot/swift/file_updater_spec.rb index 0e26f8dd300..86ddfa2499d 100644 --- a/swift/spec/dependabot/swift/file_updater_spec.rb +++ b/swift/spec/dependabot/swift/file_updater_spec.rb @@ -27,6 +27,47 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "Package.swift", + "Package@swift-5.swift", + "Package@swift-5.0.swift", + "Package@swift-5.0.1.swift", + "Package.resolved" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "package-lock.json", + "package.json", + "Gemfile", + "Gemfile.lock" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_dependency_files) { updater.updated_dependency_files } diff --git a/terraform/lib/dependabot/terraform/file_updater.rb b/terraform/lib/dependabot/terraform/file_updater.rb index 3515a6aae52..4874affcd47 100644 --- a/terraform/lib/dependabot/terraform/file_updater.rb +++ b/terraform/lib/dependabot/terraform/file_updater.rb @@ -20,7 +20,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?\S+)\"/m GIT_HTTPS_PREFIX = %r{^git::https://} - def self.updated_files_regex + def self.updated_files_regex(_ = false) [/\.tf$/, /\.hcl$/] end diff --git a/terraform/spec/dependabot/terraform/file_updater_spec.rb b/terraform/spec/dependabot/terraform/file_updater_spec.rb index b967e66d955..c4ed9f12970 100644 --- a/terraform/spec/dependabot/terraform/file_updater_spec.rb +++ b/terraform/spec/dependabot/terraform/file_updater_spec.rb @@ -27,6 +27,54 @@ it_behaves_like "a dependency file updater" + describe "#updated_files_regex" do + subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } + let(:allowlist_enabled) { false } # default value + + it "is not empty" do + expect(updated_files_regex).not_to be_empty + end + + context "when files match the regex patterns" do + it "returns true for files that should be updated" do + matching_files = [ + "main.tf", + "variables.tf", + "outputs.tf", + "config.hcl", + "nested/directory/main.tf", + "nested/directory/config.hcl", + "terraform/main.tf", + "submodules/terraform/config.hcl", + "hashicorp/consul/aws/main.tf", + "hashicorp/consul/aws/config.hcl", + "terraform-aws-modules/iam/aws/main.tf", + "terraform-aws-modules/iam/aws/config.hcl" + ] + + matching_files.each do |file_name| + expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) + end + end + + it "returns false for files that should not be updated" do + non_matching_files = [ + "README.md", + ".github/workflow/main.yml", + "some_random_file.rb", + "package-lock.json", + "package.json", + "Gemfile", + "Gemfile.lock" + ] + + non_matching_files.each do |file_name| + expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) + end + end + end + end + describe "#updated_dependency_files" do subject(:updated_dependency_files) { updater.updated_dependency_files }