Skip to content

Start updating Gradle lockfiles #12287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 27 commits into from
Jun 16, 2025
Merged

Start updating Gradle lockfiles #12287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
89bbc02
Update Gradle.lockfile's
ryanbrandenburg May 16, 2025
e681069
Lint
ryanbrandenburg May 21, 2025
06f75c9
PR feedback
ryanbrandenburg Jun 4, 2025
e26b97b
Fix proxy issues with Gradle lockfiles
ryanbrandenburg Jun 10, 2025
59ea9f3
Remove unneeded fixtures
ryanbrandenburg Jun 10, 2025
90c96bc
Revert point in time change
ryanbrandenburg Jun 10, 2025
e731169
Lint cleanup
ryanbrandenburg Jun 10, 2025
d6441a5
Lint cleanup
ryanbrandenburg Jun 10, 2025
dcb140a
Lint cleanup
ryanbrandenburg Jun 10, 2025
488c908
Merge branch 'main' of https://github.com/dependabot/dependabot-core …
ryanbrandenburg Jun 10, 2025
2602768
Lint cleanup
ryanbrandenburg Jun 10, 2025
e6ef7c2
Sorbet
ryanbrandenburg Jun 10, 2025
4a79456
Try to fix tests
ryanbrandenburg Jun 10, 2025
c59b6b3
LockfileUpdater position
ryanbrandenburg Jun 10, 2025
0a72f4f
handle env more cleanly
ryanbrandenburg Jun 10, 2025
fe09f24
lockfile updater
ryanbrandenburg Jun 10, 2025
fabf184
stub lockfiles
ryanbrandenburg Jun 10, 2025
00a8e99
stub lockfiles
ryanbrandenburg Jun 11, 2025
f431af8
Cleanup refactoring failures
ryanbrandenburg Jun 11, 2025
817d289
Lint cleanup
ryanbrandenburg Jun 11, 2025
8917ae1
Expermient flag
ryanbrandenburg Jun 11, 2025
3fafd91
PRFeedback
ryanbrandenburg Jun 11, 2025
48bef17
Linter fix
ryanbrandenburg Jun 11, 2025
1da637f
Extra end
ryanbrandenburg Jun 11, 2025
1a6c1f1
Merge branch 'main' into dev/rybrande/GradleCLI
ryanbrandenburg Jun 11, 2025
2207274
Merge branch 'main' into dev/rybrande/GradleCLI
kbukum1 Jun 13, 2025
f16417e
Merge branch 'main' into dev/rybrande/GradleCLI
kbukum1 Jun 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion gradle/.rubocop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ Sorbet/StrictSigil:
- lib/dependabot/gradle/file_parser/repositories_finder.rb
- lib/dependabot/gradle/file_parser.rb
- lib/dependabot/gradle/file_updater/property_value_updater.rb
- lib/dependabot/gradle/file_updater.rb
- lib/dependabot/gradle/update_checker/multi_dependency_updater.rb
- lib/dependabot/gradle/update_checker/version_finder.rb
- lib/dependabot/gradle/update_checker.rb
Expand Down
36 changes: 36 additions & 0 deletions gradle/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,43 @@
FROM ghcr.io/dependabot/dependabot-updater-core

# Install Java
RUN apt-get update && apt-get install -y --no-install-recommends \
openjdk-21-jdk \
# avoids keytool usage
ca-certificates-java \
wget \
# we need to allow the dependabot user to write to these files for when update-ca-certificates is run
&& chgrp dependabot /etc/default/cacerts \
&& chmod g+rw /etc/default/cacerts \
&& chgrp dependabot /etc/ssl/certs/java/cacerts \
&& chmod g+rw /etc/ssl/certs/java/cacerts \
&& rm -rf /var/lib/apt/lists/*

# Install Gradle
ENV GRADLE_HOME=/opt/gradle
ENV GRADLE_VERSION=8.14.2
ARG GRADLE_DOWNLOAD_SHA256=7197a12f450794931532469d4ff21a59ea2c1cd59a3ec3f89c035c3c420a6999
RUN set -o errexit -o nounset \
&& echo "Downloading Gradle" \
&& wget --no-verbose --output-document=gradle.zip "https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" \
\
&& echo "Checking Gradle download hash" \
&& echo "${GRADLE_DOWNLOAD_SHA256} *gradle.zip" | sha256sum -c - \
\
&& echo "Installing Gradle" \
&& unzip gradle.zip \
&& rm gradle.zip \
&& mv "gradle-${GRADLE_VERSION}" "${GRADLE_HOME}/" \
&& ln -s "${GRADLE_HOME}/bin/gradle" /usr/bin/gradle

USER dependabot

ENV PATH=/usr/bin/gradle:$PATH

RUN set -o errexit -o nounset \
&& echo "Testing Gradle installation" \
&& gradle --version

COPY --chown=dependabot:dependabot maven $DEPENDABOT_HOME/maven
COPY --chown=dependabot:dependabot gradle $DEPENDABOT_HOME/gradle
COPY --chown=dependabot:dependabot common $DEPENDABOT_HOME/common
Expand Down
30 changes: 29 additions & 1 deletion gradle/lib/dependabot/gradle/file_fetcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ class FileFetcher < Dependabot::FileFetchers::Base
require_relative "file_parser"
require_relative "file_fetcher/settings_file_parser"

SUPPORTED_LOCK_FILE_NAMES = T.let(%w(gradle.lockfile).freeze, T::Array[String])

SUPPORTED_BUILD_FILE_NAMES =
T.let(%w(build.gradle build.gradle.kts).freeze, T::Array[String])

Expand All @@ -38,6 +40,7 @@ class FileFetcher < Dependabot::FileFetchers::Base
def initialize(source:, credentials:, repo_contents_path: nil, options: {})
super

@lockfile_name = T.let(T.must(SUPPORTED_LOCK_FILE_NAMES.first), String)
@buildfile_name = T.let(nil, T.nilable(String))
end

Expand All @@ -62,8 +65,10 @@ def fetch_files

sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
def all_buildfiles_in_build(root_dir)
files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir)].compact
files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir), lockfile(root_dir)]
.compact
files += subproject_buildfiles(root_dir)
files += subproject_lockfiles(root_dir)
files += dependency_script_plugins(root_dir)
files + included_builds(root_dir)
.flat_map { |dir| all_buildfiles_in_build(dir) }
Expand Down Expand Up @@ -93,6 +98,24 @@ def clean_join(parts)
Pathname.new(File.join(parts)).cleanpath.to_path
end

sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
def subproject_lockfiles(root_dir)
return [] unless settings_file(root_dir)

subproject_paths =
SettingsFileParser
.new(settings_file: T.must(settings_file(root_dir)))
.subproject_paths

subproject_paths.filter_map do |path|
lockfile_path = File.join(root_dir, path, @lockfile_name)
fetch_file_from_host(lockfile_path)
rescue Dependabot::DependencyFileNotFound
# Gradle itself doesn't worry about missing subprojects, so we don't
nil
end
end

sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
def subproject_buildfiles(root_dir)
return [] unless settings_file(root_dir)
Expand Down Expand Up @@ -155,6 +178,11 @@ def file_exists_in_submodule?(path)
false
end

sig { params(dir: String).returns(T.nilable(DependencyFile)) }
def lockfile(dir)
fetch_file_if_present(File.join(dir, @lockfile_name))
end

sig { params(dir: String).returns(T.nilable(DependencyFile)) }
def buildfile(dir)
file = find_first(dir, SUPPORTED_BUILD_FILE_NAMES) || return
Expand Down
Loading
Loading