Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gomod: Do not attempt to parse transitive dependencies #2880

Merged
merged 5 commits into from
Dec 22, 2020
Merged

gomod: Do not attempt to parse transitive dependencies #2880

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2faebff
Stop parsing unrequired indirect go packages
jurre Dec 16, 2020
65b4ab1
Do not parse indirect go mod dependencies as we cannot update them
jurre Dec 18, 2020
18d48b4
Do not attempt to go get modules when parsing go.mod file
jurre Dec 22, 2020
aabc3e3
Remove unnecessary git credentials and dummypkg
jurre Dec 22, 2020
cdf0fdd
Update comment to match new implementation
jurre Dec 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 26 additions & 29 deletions go_modules/lib/dependabot/go_modules/file_parser.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,36 +59,33 @@ def dependency_from_details(details)
def required_packages
@required_packages ||=
SharedHelpers.in_a_temporary_directory do |path|
SharedHelpers.with_git_configured(credentials: credentials) do
# Create a fake empty module for each local module so that
# `go list` works, even if some modules have been `replace`d with
# a local module that we don't have access to.
local_replacements.each do |_, stub_path|
Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
FileUtils.touch(File.join(stub_path, "go.mod"))
end

File.write("go.mod", go_mod_content)
File.write("main.go", "package dummypkg\n func main() {}\n")

command = "go mod edit -json"

# Turn off the module proxy for now, as it's causing issues with
# private git dependencies
env = { "GOPRIVATE" => "*" }

stdout, stderr, status = Open3.capture3(env, command)
handle_parser_error(path, stderr) unless status.success?
JSON.parse(stdout)["Require"]
rescue Dependabot::DependencyFileNotResolvable
# We sometimes see this error if a host times out.
# In such cases, retrying (a maximum of 3 times) may fix it.
retry_count ||= 0
raise if retry_count >= 3

retry_count += 1
retry
# Create a fake empty module for each local module so that
# `go list` works, even if some modules have been `replace`d with
jurre marked this conversation as resolved.
Show resolved Hide resolved
# a local module that we don't have access to.
local_replacements.each do |_, stub_path|
Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
FileUtils.touch(File.join(stub_path, "go.mod"))
end

File.write("go.mod", go_mod_content)

command = "go mod edit -json"

# Turn off the module proxy for now, as it's causing issues with
# private git dependencies
env = { "GOPRIVATE" => "*" }

stdout, stderr, status = Open3.capture3(env, command)
handle_parser_error(path, stderr) unless status.success?
JSON.parse(stdout)["Require"]
rescue Dependabot::DependencyFileNotResolvable
# We sometimes see this error if a host times out.
# In such cases, retrying (a maximum of 3 times) may fix it.
retry_count ||= 0
raise if retry_count >= 3

retry_count += 1
retry
end
end

Expand Down