Update checkers¶ ↑
Update checkers check whether a given dependency is up-to-date. If it isn't, they augment it with details of the version to update to.
There is a Dependabot::UpdateCheckers
class for each language Dependabot
supports.
Public API¶ ↑
Each Dependabot::UpdateCheckers
class implements the following methods:
Method | Description |
---|---|
`#up_to_date?` | Returns a boolean for whether the dependency this instance was created with is currently at the latest version. |
`#can_update?` | Returns a boolean for whether the dependency this instance was created with needs updating. This will be true if the dependency and/or its requirements can be updated to support a newer version whilst keeping the dependency files it came from resolvable. |
`#updated_dependencies` | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous values are stored on the instance as `previous_version` and `previous_requirements`. |
`#latest_version` | See the "Writing an update checker" section. |
`#latest_resolvable_version` | See the "Writing an update checker" section. |
`#updated_requirements` | See the "Writing an update checker" section. |
An integration might look as follows:
require 'dependabot/update_checkers' dependency = dependencies.first update_checker_class = Dependabot::UpdateCheckers::Ruby::Bundler update_checker = update_checker_class.new( dependency: dependency, dependency_files: files, credentials: [{ "type" => "git_source", "host" => "github.com", "username" => "x-access-token", "password" => "token" }] ) puts "Update needed for #{dependency.name}? "\ "#{update_checker.can_update?(requirements_to_update: :own)}"
Writing an update checker for a new language¶ ↑
All new update checkers should inherit from Dependabot::UpdateCheckers::Base
and implement the following methods:
Method | Description |
---|---|
`#latest_version` | The latest version of the dependency, ignoring resolvability. This is used to short-circuit update checking when the dependency is already at the latest version (since checking resolvability is typically slow). |
`#latest_resolvable_version` | The latest version of the dependency that will still allow the full dependency set to resolve. |
`#latest_resolvable_version_with_no_unlock` | The latest version of the dependency that satisfies the dependency's current version constraints and will still allow the full dependency set to resolve. |
`#updated_requirements` | An updated set of requirements for the dependency that should replace the existing requirements in the manifest file. Use by the file updater class when updating the manifest file. |
`#latest_version_resolvable_with_full_unlock?` | A boolean for whether the latest version can be resolved if all other dependencies are unlocked in the manifest file. Can be set to always return `false` if multi-dependency updates aren't yet supported. |
`#updated_dependencies_after_full_unlock` | And updated set of dependencies after a full unlock and update has taken place. Not required if `latest_version_resolvable_with_full_unlock?` always returns false. |
To ensure the above are implemented, you should include it_behaves_like "a dependency update checker"
in your specs for the new update checker.
Writing update checkers generally gets tricky when resolvability has to be taken into account. It is almost always easiest to do so in the language your update checker relates to, so you may wish to shell out to that language. See UpdateCheckers::Php::Composer
for an example of how to do so.