From d18227f99b949983479e0bb8687e23a34b9898bc Mon Sep 17 00:00:00 2001 From: Jurre Stender Date: Mon, 26 Jul 2021 13:29:10 +0200 Subject: [PATCH] Run full update in integration test This sets up the integration test to run an actual update. In order to do so without using the proxy, we inject the credentials directly into the `job.json`, which dependabot-updater will then pick up. This also requires running dependabot-api locally, and creating an update job which has been transitioned to `processing`, and pulling out the credentials while it's being transitioned. The whole process is still a bit cumbersome, but it works! --- __tests__/fixtures/job-details/npm.json | 83 ++++++++++++------------- __tests__/updater-integration.test.ts | 13 ++++ src/dependabot-api.ts | 1 + src/updater.ts | 12 ++-- 4 files changed, 62 insertions(+), 47 deletions(-) diff --git a/__tests__/fixtures/job-details/npm.json b/__tests__/fixtures/job-details/npm.json index 4e8ac53..c4b5ed6 100644 --- a/__tests__/fixtures/job-details/npm.json +++ b/__tests__/fixtures/job-details/npm.json @@ -1,47 +1,46 @@ { "data": { - "attributes": { - "allowed-updates": [ - { - "dependency-type": "direct", - "update-type": "all" - } - ], - "credentials-metadata": [ - { - "type": "git_source", - "host": "github.com" - } - ], - "dependencies": null, - "existing-pull-requests": [], - "ignore-conditions": [], - "lockfile-only": false, - "max-updater-run-time": 2700, - "package-manager": "npm_and_yarn", - "source": { - "provider": "github", - "repo": "dsp-testing/dependabot-all-updates-test", - "directory": "/", - "branch": null, - "api-endpoint": "https://api.github.com/", - "hostname": "github.com" - }, - "updating-a-pull-request": false, - "update-subdependencies": false, - "requirements-update-strategy": null, - "security-advisories": [], - "security-updates-only": false, - "vendor-dependencies": false, - "reject-external-code": false, - "experiments": {}, - "commit-message-options": { - "include-scope": null, - "prefix": null, - "prefix-development": null - } + "attributes": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + } + ], + "credentials-metadata": [ + { + "type": "git_source", "host": "github.com" + } + ], + "dependencies": null, + "existing-pull-requests": [], + "ignore-conditions": [], + "lockfile-only": false, + "max-updater-run-time": 2700, + "package-manager": "npm_and_yarn", + "source": { + "provider": "github", + "repo": "dsp-testing/dependabot-all-updates-test", + "directory": "/", + "branch": null, + "api-endpoint": "https://api.github.com/", + "hostname": "github.com" }, - "id": "1001", - "type": "update-jobs" + "updating-a-pull-request": false, + "update-subdependencies": false, + "requirements-update-strategy": null, + "security-advisories": [], + "security-updates-only": false, + "vendor-dependencies": false, + "reject-external-code": false, + "experiments": { "build-pull-request-message": true }, + "commit-message-options": { + "include-scope": null, + "prefix": null, + "prefix-development": null + } + }, + "id": "1", + "type": "update-jobs" } } diff --git a/__tests__/updater-integration.test.ts b/__tests__/updater-integration.test.ts index fe5850f..1e6eb57 100644 --- a/__tests__/updater-integration.test.ts +++ b/__tests__/updater-integration.test.ts @@ -5,6 +5,19 @@ import {Updater} from '../src/updater' describe('Updater', () => { const docker = new Docker() + // To run the js-code itself against API: + // const params = { + // jobID: 1, + // jobToken: 'xxx', + // credentialsToken: 'xxx', + // dependabotAPI: 'http://host.docker.internal:3001' + // } + // const client = axios.create({baseURL: params.dependabotAPI}) + // const api = new DependabotAPI(client, params) + // const updater = new Updater(docker, api) + + // This stubs out API calls from JS, but will run the updater against an API + // running on the specified API endpoint. const mockDependabotAPI: any = { getJobDetails: jest.fn(), getCredentials: jest.fn(), diff --git a/src/dependabot-api.ts b/src/dependabot-api.ts index ac4bdf8..ffab5c9 100644 --- a/src/dependabot-api.ts +++ b/src/dependabot-api.ts @@ -21,6 +21,7 @@ export type JobDetails = { }[] id: string 'package-manager': PackageManager + credentials: Credential[] // TODO: Remove these once the proxy is set up } export type Credential = { diff --git a/src/updater.ts b/src/updater.ts index 35b1f36..a221993 100644 --- a/src/updater.ts +++ b/src/updater.ts @@ -62,6 +62,8 @@ export class Updater { try { const details = await this.dependabotAPI.getJobDetails() const credentials = await this.dependabotAPI.getCredentials() + // TODO: once the proxy is set up, remove credentials from the job details + details['credentials'] = credentials const files = await this.runFileFetcher(details, credentials) if (!files) { @@ -120,10 +122,10 @@ export class Updater { core.info(`running update ${details.id} ${files}`) const container = await this.createContainer(details, 'update_files') const containerInput: FileUpdaterInput = { - base_commit_sha: files.base_commit_sha, - base64_dependency_files: files.base64_dependency_files, - dependency_files: files.dependency_files, - job: details + base_commit_sha: files.base_commit_sha, + base64_dependency_files: files.base64_dependency_files, + dependency_files: files.dependency_files, + job: details } await this.storeContainerInput(container, containerInput) await this.runContainer(container) @@ -138,7 +140,7 @@ export class Updater { AttachStdout: true, AttachStderr: true, Env: [ - `DEPENDABOT_JOB_ID=${details.id}`, + `DEPENDABOT_JOB_ID=${this.dependabotAPI.params.jobID}`, `DEPENDABOT_JOB_TOKEN=${this.dependabotAPI.params.jobToken}`, `DEPENDABOT_JOB_PATH=${JOB_INPUT_PATH}/${JOB_INPUT_FILENAME}`, `DEPENDABOT_OUTPUT_PATH=${JOB_OUTPUT_PATH}`,