Skip to content

Commit 0e420ef

Browse files
committed
add support for hex aliases
1 parent 93d8484 commit 0e420ef

File tree

9 files changed

+140
-3
lines changed

9 files changed

+140
-3
lines changed

hex/helpers/lib/parse_deps.exs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ defmodule Parser do
2929
defp build_dependency(nil, dep) do
3030
%{
3131
name: dep.app,
32+
package_name: dep.opts[:hex] || dep.app,
3233
from: Path.relative_to_cwd(dep.from),
3334
groups: [],
3435
requirement: normalise_requirement(dep.requirement),
@@ -42,6 +43,7 @@ defmodule Parser do
4243

4344
%{
4445
name: dep.app,
46+
package_name: dep.opts[:hex] || dep.app,
4547
from: Path.relative_to_cwd(dep.from),
4648
version: version,
4749
groups: groups,

hex/lib/dependabot/hex/file_parser.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,8 @@ def parse
4343
source: dep["source"] && symbolize_keys(dep["source"]),
4444
file: dep["from"]
4545
}],
46-
package_manager: "hex"
46+
package_manager: "hex",
47+
metadata: { hex_package: dep["package_name"] }
4748
)
4849
end
4950

hex/lib/dependabot/hex/metadata_finder.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,9 @@ def find_source_from_git_url
6060
def hex_listing
6161
return @hex_listing unless @hex_listing.nil?
6262

63-
response = Dependabot::RegistryClient.get(url: "https://hex.pm/api/packages/#{dependency.name}")
63+
response = Dependabot::RegistryClient.get(
64+
url: "https://hex.pm/api/packages/#{dependency.metadata[:hex_package] || dependency.name}"
65+
)
6466
@hex_listing = T.let(JSON.parse(response.body), T.nilable(T::Hash[String, T.untyped]))
6567
end
6668
end

hex/lib/dependabot/hex/package/package_details_fetcher.rb

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,10 @@ class PackageDetailsFetcher
2727
def initialize(dependency:)
2828
@dependency = dependency
2929

30-
@dependency_url = T.let("https://hex.pm/api/packages/#{dependency.name}", T.nilable(String))
30+
@dependency_url = T.let(
31+
"https://hex.pm/api/packages/#{dependency.metadata[:hex_package] || dependency.name}",
32+
T.nilable(String)
33+
)
3134
end
3235

3336
sig { returns(Dependabot::Dependency) }

hex/spec/dependabot/hex/file_parser_spec.rb

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -451,6 +451,43 @@
451451
end
452452
end
453453

454+
context "with a hex package name alias" do
455+
let(:mixfile_fixture_name) { "hex_alias" }
456+
let(:lockfile_fixture_name) { "hex_alias" }
457+
458+
its(:length) { is_expected.to eq(2) }
459+
460+
describe "the aliased dependency" do
461+
subject(:dependency) { dependencies.find { |d| d.name == "pulsar" } }
462+
463+
it "has the right details" do
464+
expect(dependency).to be_a(Dependabot::Dependency)
465+
expect(dependency.name).to eq("pulsar")
466+
expect(dependency.version).to eq("2.8.7")
467+
expect(dependency.requirements).to eq(
468+
[{
469+
requirement: "~> 2.8.7",
470+
file: "mix.exs",
471+
groups: [],
472+
source: nil
473+
}]
474+
)
475+
end
476+
477+
it "stores the hex package name in metadata" do
478+
expect(dependency.metadata[:hex_package]).to eq("pulsar_elixir")
479+
end
480+
end
481+
482+
describe "the non-aliased dependency" do
483+
subject(:dependency) { dependencies.find { |d| d.name == "plug" } }
484+
485+
it "defaults hex_package to the dependency name" do
486+
expect(dependency.metadata[:hex_package]).to eq("plug")
487+
end
488+
end
489+
end
490+
454491
context "with reject_external_code" do
455492
let(:reject_external_code) { true }
456493

hex/spec/dependabot/hex/metadata_finder_spec.rb

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,5 +110,32 @@
110110
it { is_expected.to be_nil }
111111
end
112112
end
113+
114+
context "when the dependency has a hex package name alias" do
115+
let(:dependency) do
116+
Dependabot::Dependency.new(
117+
name: "pulsar",
118+
version: "2.8.7",
119+
requirements: [{
120+
file: "mix.exs",
121+
requirement: "~> 2.8.7",
122+
groups: [],
123+
source: nil
124+
}],
125+
package_manager: "hex",
126+
metadata: { hex_package: "pulsar_elixir" }
127+
)
128+
end
129+
130+
let(:hex_url) { "https://hex.pm/api/packages/pulsar_elixir" }
131+
let(:hex_response) do
132+
fixture("registry_api", "phoenix_response.json")
133+
end
134+
135+
it "queries the hex.pm API using the hex package name" do
136+
source_url
137+
expect(WebMock).to have_requested(:get, hex_url).once
138+
end
139+
end
113140
end
114141
end

hex/spec/dependabot/hex/package/package_details_fetcher_spec.rb

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,5 +68,41 @@
6868
expect(fetcher.fetch_package_releases).to eq([])
6969
end
7070
end
71+
72+
context "when the dependency has a hex package name alias" do
73+
let(:dependency) do
74+
Dependabot::Dependency.new(
75+
name: "pulsar",
76+
version: "2.8.7",
77+
requirements: [{
78+
file: "mix.exs",
79+
requirement: "~> 2.8.7",
80+
groups: [],
81+
source: nil
82+
}],
83+
package_manager: "hex",
84+
metadata: { hex_package: "pulsar_elixir" }
85+
)
86+
end
87+
88+
let(:response) do
89+
instance_double(
90+
Excon::Response,
91+
status: 200,
92+
body:
93+
fixture("package_fetch_response", "hex-parser.json")
94+
)
95+
end
96+
97+
before do
98+
allow(Dependabot::RegistryClient).to receive(:get).and_return(response)
99+
end
100+
101+
it "queries the hex.pm API using the hex package name" do
102+
fetcher.fetch_package_releases
103+
expect(Dependabot::RegistryClient).to have_received(:get)
104+
.with(url: "https://hex.pm/api/packages/pulsar_elixir")
105+
end
106+
end
71107
end
72108
end
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
%{
2+
"mime": {:hex, :mime, "1.2.0", "78adaa84832b3680de06f88f0997e3ead3b451a440d183d688085be2d709b534", [:mix], [], "hexpm", "b24d1d704209b760aeac161255c8031c5160de1a5cb7dd28bb84ef5bda2ba29e"},
3+
"plug": {:hex, :plug, "1.3.5", "7503bfcd7091df2a9761ef8cecea666d1f2cc454cbbaf0afa0b6e259203b7031", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm", "141058cca1fa800128391ece7f442f71a7b42a7411e6eaa56dc8f85283c8dde7"},
4+
"pulsar": {:hex, :pulsar_elixir, "2.8.7", "aabbccdd11223344556677889900aabbccdd11223344556677889900aabbccdd", [:mix], [], "hexpm", "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"},
5+
}
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
defmodule DependabotTest.Mixfile do
2+
use Mix.Project
3+
4+
def project do
5+
[
6+
app: :dependabot_test,
7+
version: "0.1.0",
8+
elixir: "~> 1.5",
9+
start_permanent: Mix.env == :prod,
10+
deps: deps()
11+
]
12+
end
13+
14+
def application do
15+
[extra_applications: [:logger]]
16+
end
17+
18+
defp deps do
19+
[
20+
{:plug, "~> 1.3.0"},
21+
{:pulsar, "~> 2.8.7", hex: :pulsar_elixir}
22+
]
23+
end
24+
end

0 commit comments

Comments
 (0)