Metadata finders¶ ↑
Metadata finders look up metadata about a dependency, such as its GitHub URL.
There is a Dependabot::MetadataFinders
class for each language Dependabot
supports.
Public API¶ ↑
Each Dependabot::MetadataFinders
class exposes the following methods:
Method | Description |
---|---|
`#source_url` | A link to the source data for the dependency. |
`#homepage_url` | A link to the homepage for the dependency. |
`#commits_url` | A link to a commit diff between the previous version of the dependency and the new version. |
`#commits` | A list of commits between the previous version of the dependency and the new version. |
`#changelog_url` | A link to the changelog for the dependency. |
`#changelog_text` | The relevant text from the changelog. |
`#release_url` | A link to the release notes for this version of the dependency. |
`#release_text` | The relevant text from the release notes |
`#upgrade_guide_url` | A link to the upgrade guide for this upgrade (if it exists). |
`#upgrade_guide_text` | The text of the upgrade guide for this upgrade (if it exists). |
An integration might look as follows:
require 'dependabot/metadata_finders' dependency = update_checker.updated_dependency metadata_finder_class = Dependabot::MetadataFinders::Ruby::Bundler metadata_finder = metadata_finder_class.new( dependency: dependency, credentials: credentials ) puts "Changelog for #{dependency.name} is at #{metadata_finder.changelog_url}"
Writing a metadata finder for a new language¶ ↑
All new metadata finders should inherit from Dependabot::MetadataFinders::Base
and implement the following methods:
Method | Description |
---|---|
`#look_up_source` | Private method that returns a `Dependabot::Source` object. Generally the source details are extracted from a source code URL provided by the language's dependency registry, but sometimes it's already know from parsing the dependency file. |
To ensure the above are implemented, you should include it_behaves_like "a dependency metadata finder"
in your specs for the new metadata finder.