Run full update in integration test

This sets up the integration test to run an actual update. In order to
do so without using the proxy, we inject the credentials directly into
the `job.json`, which dependabot-updater will then pick up.

This also requires running dependabot-api locally, and creating an
update job which has been transitioned to `processing`, and pulling out
the credentials while it's being transitioned.

The whole process is still a bit cumbersome, but it works!

__tests__/fixtures/job-details/npm.json

@@ -1,47 +1,46 @@
 {
   "data": {
-      "attributes": {
-          "allowed-updates": [
-              {
-                  "dependency-type": "direct",
-                  "update-type": "all"
-              }
-          ],
-          "credentials-metadata": [
-              {
-                  "type": "git_source",
-                  "host": "github.com"
-              }
-          ],
-          "dependencies": null,
-          "existing-pull-requests": [],
-          "ignore-conditions": [],
-          "lockfile-only": false,
-          "max-updater-run-time": 2700,
-          "package-manager": "npm_and_yarn",
-          "source": {
-              "provider": "github",
-              "repo": "dsp-testing/dependabot-all-updates-test",
-              "directory": "/",
-              "branch": null,
-              "api-endpoint": "https://api.github.com/",
-              "hostname": "github.com"
-          },
-          "updating-a-pull-request": false,
-          "update-subdependencies": false,
-          "requirements-update-strategy": null,
-          "security-advisories": [],
-          "security-updates-only": false,
-          "vendor-dependencies": false,
-          "reject-external-code": false,
-          "experiments": {},
-          "commit-message-options": {
-              "include-scope": null,
-              "prefix": null,
-              "prefix-development": null
-          }
+    "attributes": {
+      "allowed-updates": [
+        {
+          "dependency-type": "direct",
+          "update-type": "all"
+        }
+      ],
+      "credentials-metadata": [
+        {
+          "type": "git_source", "host": "github.com"
+        }
+      ],
+      "dependencies": null,
+      "existing-pull-requests": [],
+      "ignore-conditions": [],
+      "lockfile-only": false,
+      "max-updater-run-time": 2700,
+      "package-manager": "npm_and_yarn",
+      "source": {
+        "provider": "github",
+        "repo": "dsp-testing/dependabot-all-updates-test",
+        "directory": "/",
+        "branch": null,
+        "api-endpoint": "https://api.github.com/",
+        "hostname": "github.com"
       },
-      "id": "1001",
-      "type": "update-jobs"
+      "updating-a-pull-request": false,
+      "update-subdependencies": false,
+      "requirements-update-strategy": null,
+      "security-advisories": [],
+      "security-updates-only": false,
+      "vendor-dependencies": false,
+      "reject-external-code": false,
+      "experiments": { "build-pull-request-message": true },
+      "commit-message-options": {
+        "include-scope": null,
+        "prefix": null,
+        "prefix-development": null
+      }
+    },
+    "id": "1",
+    "type": "update-jobs"
   }
 }

__tests__/updater-integration.test.ts

@@ -5,6 +5,19 @@ import {Updater} from '../src/updater'
 
 describe('Updater', () => {
   const docker = new Docker()
+  // To run the js-code itself against API:
+  // const params = {
+  //   jobID: 1,
+  //   jobToken: 'xxx',
+  //   credentialsToken: 'xxx',
+  //   dependabotAPI: 'http://host.docker.internal:3001'
+  // }
+  // const client = axios.create({baseURL: params.dependabotAPI})
+  // const api = new DependabotAPI(client, params)
+  // const updater = new Updater(docker, api)
+
+  // This stubs out API calls from JS, but will run the updater against an API
+  // running on the specified API endpoint.
   const mockDependabotAPI: any = {
     getJobDetails: jest.fn(),
     getCredentials: jest.fn(),

src/dependabot-api.ts

@@ -21,6 +21,7 @@ export type JobDetails = {
   }[]
   id: string
   'package-manager': PackageManager
+  credentials: Credential[] // TODO: Remove these once the proxy is set up
 }
 
 export type Credential = {

src/updater.ts

@@ -62,6 +62,8 @@ export class Updater {
     try {
       const details = await this.dependabotAPI.getJobDetails()
       const credentials = await this.dependabotAPI.getCredentials()
+      // TODO: once the proxy is set up, remove credentials from the job details
+      details['credentials'] = credentials
 
       const files = await this.runFileFetcher(details, credentials)
       if (!files) {
@@ -120,10 +122,10 @@ export class Updater {
     core.info(`running update ${details.id} ${files}`)
     const container = await this.createContainer(details, 'update_files')
     const containerInput: FileUpdaterInput = {
-        base_commit_sha: files.base_commit_sha,
-        base64_dependency_files: files.base64_dependency_files,
-        dependency_files: files.dependency_files,
-        job: details
+      base_commit_sha: files.base_commit_sha,
+      base64_dependency_files: files.base64_dependency_files,
+      dependency_files: files.dependency_files,
+      job: details
     }
     await this.storeContainerInput(container, containerInput)
     await this.runContainer(container)
@@ -138,7 +140,7 @@ export class Updater {
       AttachStdout: true,
       AttachStderr: true,
       Env: [
-        `DEPENDABOT_JOB_ID=${details.id}`,
+        `DEPENDABOT_JOB_ID=${this.dependabotAPI.params.jobID}`,
         `DEPENDABOT_JOB_TOKEN=${this.dependabotAPI.params.jobToken}`,
         `DEPENDABOT_JOB_PATH=${JOB_INPUT_PATH}/${JOB_INPUT_FILENAME}`,
         `DEPENDABOT_OUTPUT_PATH=${JOB_OUTPUT_PATH}`,