Merge branch 'main' into dev/brettfo/directory-packages-props-not-found

dependabot · Jan 23, 2024 · cbe12b2 · cbe12b2
2 parents 4401f43 + 153ebf0
commit cbe12b2
Show file tree

Hide file tree

Showing 97 changed files with 46,124 additions and 282 deletions.
diff --git a/.github/ci-filters.yml b/.github/ci-filters.yml
@@ -17,6 +17,9 @@ common:
 composer:
   - *shared
   - 'composer/**'
+devcontainers:
+  - *shared
+  - 'devcontainers/**'
 docker:
   - *shared
   - 'docker/**'

diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -10,6 +10,10 @@
 - changed-files:
   - any-glob-to-any-file: composer/**
 
+"L: devcontainers":
+- changed-files:
+  - any-glob-to-any-file: devcontainers/**
+
 "L: docker":
 - changed-files:
   - any-glob-to-any-file: docker/**

diff --git a/.github/smoke-filters.yml b/.github/smoke-filters.yml
@@ -16,6 +16,9 @@ cargo:
 composer:
   - *common
   - 'composer/**'
+devcontainers:
+  - *common
+  - 'devcontainers/**'
 docker:
   - *common
   - 'docker/**'

diff --git a/.github/smoke-matrix.json b/.github/smoke-matrix.json
@@ -14,6 +14,11 @@
     "test": "composer",
     "ecosystem": "composer"
   },
+  {
+    "core": "devcontainers",
+    "test": "devcontainers",
+    "ecosystem": "devcontainers"
+  },
   {
     "core": "docker",
     "test": "docker",

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -37,6 +37,7 @@ jobs:
           - { path: python, name: python, ecosystem: pip }
           - { path: python, name: python_slow, ecosystem: pip }
           - { path: swift, name: swift, ecosystem: swift }
+          - { path: devcontainers, name: devcontainers, ecosystem: devcontainers }
           - { path: terraform, name: terraform, ecosystem: terraform }
 
     steps:

diff --git a/.github/workflows/images-branch.yml b/.github/workflows/images-branch.yml
@@ -67,6 +67,7 @@ jobs:
           - { name: pub, ecosystem: pub }
           - { name: python, ecosystem: pip }
           - { name: swift, ecosystem: swift }
+          - { name: devcontainers, ecosystem: devcontainers }
           - { name: terraform, ecosystem: terraform }
     permissions:
       contents: read

diff --git a/.github/workflows/images-latest.yml b/.github/workflows/images-latest.yml
@@ -48,6 +48,7 @@ jobs:
           - { name: pub, ecosystem: pub }
           - { name: python, ecosystem: pip }
           - { name: swift, ecosystem: swift }
+          - { name: devcontainers, ecosystem: devcontainers }
           - { name: terraform, ecosystem: terraform }
     env:
       COMMIT_SHA: ${{ github.sha }}

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -34,20 +34,8 @@ struggling to understand how anything works please don't hesitate to create an i
 
 ## Contributing new ecosystems
 
-We are not currently accepting new ecosystems into `dependabot-core`, starting in December 2020.
-
-### Why have we paused accepting new ecosystems?
-
-Dependabot has grown dramatically in the last few years since integrating with GitHub. We are now [used by millions of repositories](https://octoverse.github.com/#securing-software) across [16 package managers](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems). We aim to provide the best user experience
-possible for each of these, but we have found we've lacked the capacity – and in some cases the in-house expertise – to support new ecosystems in the last year. We want to be
-confident we can support each ecosystem we merge.
-
-In the immediate future, we want to focus more of our resources on merging improvements to the ecosystems we already support. This does not mean that we are stopping work or investing less in this space - in fact, we're investing more, to make it a great user experience. This tough call means we can also provide a better experience for our contributors, where PRs don't go stale while waiting for a review.
-
 If you are an ecosystem maintainer and are interested in integrating with Dependabot, and are willing to help provide the expertise necessary to build and support it, please open an issue and let us know.
 
-We hope to be able to accept community contributions for ecosystem support again soon.
-
 ### What's next?
 
 In `dependabot-core`, each ecosystem implementation is in its own gem so you can use Dependabot for a language

diff --git a/Dockerfile.updater-core b/Dockerfile.updater-core
@@ -83,6 +83,7 @@ COPY --chown=dependabot:dependabot common/lib/dependabot.rb common/lib/dependabo
 COPY --chown=dependabot:dependabot bundler/.bundle bundler/dependabot-bundler.gemspec bundler/
 COPY --chown=dependabot:dependabot cargo/.bundle cargo/dependabot-cargo.gemspec cargo/
 COPY --chown=dependabot:dependabot composer/.bundle composer/dependabot-composer.gemspec composer/
+COPY --chown=dependabot:dependabot devcontainers/.bundle devcontainers/dependabot-devcontainers.gemspec devcontainers/
 COPY --chown=dependabot:dependabot docker/.bundle docker/dependabot-docker.gemspec docker/
 COPY --chown=dependabot:dependabot elm/.bundle elm/dependabot-elm.gemspec elm/
 COPY --chown=dependabot:dependabot git_submodules/.bundle git_submodules/dependabot-git_submodules.gemspec git_submodules/
@@ -99,7 +100,7 @@ COPY --chown=dependabot:dependabot swift/.bundle swift/dependabot-swift.gemspec
 COPY --chown=dependabot:dependabot terraform/.bundle terraform/dependabot-terraform.gemspec terraform/
 
 # prevent having all the source in every ecosystem image
-RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler swift; do \
+RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler swift devcontainers; do \
     mkdir -p $ecosystem/lib/dependabot; \
     touch $ecosystem/lib/dependabot/$ecosystem.rb; \
   done

diff --git a/Gemfile b/Gemfile
@@ -2,24 +2,25 @@
 
 source "https://rubygems.org"
 
-gemspec path: "bundler"
-gemspec path: "cargo"
-gemspec path: "common"
-gemspec path: "composer"
-gemspec path: "docker"
-gemspec path: "elm"
-gemspec path: "github_actions"
-gemspec path: "git_submodules"
-gemspec path: "go_modules"
-gemspec path: "gradle"
-gemspec path: "hex"
-gemspec path: "maven"
-gemspec path: "npm_and_yarn"
-gemspec path: "nuget"
-gemspec path: "pub"
-gemspec path: "python"
-gemspec path: "swift"
-gemspec path: "terraform"
+gem "dependabot-bundler", path: "bundler"
+gem "dependabot-cargo", path: "cargo"
+gem "dependabot-common", path: "common"
+gem "dependabot-composer", path: "composer"
+gem "dependabot-devcontainers", path: "devcontainers"
+gem "dependabot-docker", path: "docker"
+gem "dependabot-elm", path: "elm"
+gem "dependabot-github_actions", path: "github_actions"
+gem "dependabot-git_submodules", path: "git_submodules"
+gem "dependabot-go_modules", path: "go_modules"
+gem "dependabot-gradle", path: "gradle"
+gem "dependabot-hex", path: "hex"
+gem "dependabot-maven", path: "maven"
+gem "dependabot-npm_and_yarn", path: "npm_and_yarn"
+gem "dependabot-nuget", path: "nuget"
+gem "dependabot-pub", path: "pub"
+gem "dependabot-python", path: "python"
+gem "dependabot-swift", path: "swift"
+gem "dependabot-terraform", path: "terraform"
 
 # Sorbet
 gem "sorbet", "0.5.11178", group: :development
@@ -28,12 +29,17 @@ gem "tapioca", "0.11.14", require: false, group: :development
 common_gemspec = File.expand_path("common/dependabot-common.gemspec", __dir__)
 
 deps_shared_with_common = %w(
+  debug
   gpgme
   rake
+  rspec-its
+  rspec-sorbet
   rubocop
   rubocop-performance
   rubocop-sorbet
   stackprof
+  turbo_tests
+  vcr
   webmock
   webrick
 )