Skip to content

Commit 3bbe1bc

Browse files
zkoppertCopilot
andcommitted
fix: address code review feedback from Copilot
- Use collections.abc.Mapping instead of dict for cooldown type check to support ruamel.yaml CommentedMap - Use ordered tuple for cooldown days keys to ensure deterministic YAML output order - Fix make_dependabot_config return type annotation (-> None) since it mutates in place and callers ignore the return value - Remove dead yaml.dump call from make_dependabot_config - Update test for extra config YAML error to test at loading stage Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 5395284 commit 3bbe1bc

3 files changed

Lines changed: 27 additions & 24 deletions

File tree

dependabot_file.py

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import base64
44
import copy
55
import io
6+
from collections.abc import Mapping
67

78
import github3
89
import ruamel.yaml
@@ -19,9 +20,13 @@
1920
stream = io.StringIO()
2021

2122

22-
VALID_COOLDOWN_DAYS_KEYS = frozenset(
23-
{"default-days", "semver-major-days", "semver-minor-days", "semver-patch-days"}
23+
COOLDOWN_DAYS_KEYS_ORDERED = (
24+
"default-days",
25+
"semver-major-days",
26+
"semver-minor-days",
27+
"semver-patch-days",
2428
)
29+
VALID_COOLDOWN_DAYS_KEYS = frozenset(COOLDOWN_DAYS_KEYS_ORDERED)
2530
VALID_COOLDOWN_KEYS = VALID_COOLDOWN_DAYS_KEYS | {"include", "exclude"}
2631
MAX_COOLDOWN_LIST_ITEMS = 150
2732
MIN_COOLDOWN_DAYS = 1
@@ -38,7 +43,7 @@ def validate_cooldown_config(cooldown):
3843
Raises:
3944
ValueError: if the cooldown configuration is invalid
4045
"""
41-
if not isinstance(cooldown, dict):
46+
if not isinstance(cooldown, Mapping):
4247
raise ValueError("Cooldown configuration must be a mapping")
4348

4449
unknown_keys = set(cooldown.keys()) - VALID_COOLDOWN_KEYS
@@ -93,9 +98,11 @@ def make_dependabot_config(
9398
dependabot_config,
9499
extra_dependabot_config,
95100
cooldown=None,
96-
) -> str:
101+
) -> None:
97102
"""
98-
Make the dependabot configuration for a specific package ecosystem
103+
Make the dependabot configuration for a specific package ecosystem.
104+
105+
Mutates dependabot_config in place by appending an update entry.
99106
100107
Args:
101108
ecosystem: the package ecosystem to make the dependabot configuration for
@@ -106,9 +113,6 @@ def make_dependabot_config(
106113
dependabot_config: extra dependabot configs
107114
extra_dependabot_config: File with the configuration to add dependabot configs (ex: private registries)
108115
cooldown: optional cooldown configuration dict to delay version update PRs
109-
110-
Returns:
111-
str: the dependabot configuration for the package ecosystem
112116
"""
113117

114118
dependabot_config["updates"].append(
@@ -166,7 +170,7 @@ def make_dependabot_config(
166170

167171
if cooldown:
168172
cooldown_config = {}
169-
for key in VALID_COOLDOWN_DAYS_KEYS:
173+
for key in COOLDOWN_DAYS_KEYS_ORDERED:
170174
if key in cooldown:
171175
cooldown_config[key] = cooldown[key]
172176
for list_key in ("include", "exclude"):
@@ -176,8 +180,6 @@ def make_dependabot_config(
176180
]
177181
dependabot_config["updates"][-1].update({"cooldown": cooldown_config})
178182

179-
return yaml.dump(dependabot_config, stream)
180-
181183

182184
def build_dependabot_file(
183185
repo,

test_cooldown.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import unittest
44

55
from dependabot_file import validate_cooldown_config
6+
from ruamel.yaml import YAML
67

78

89
class TestValidateCooldownConfig(unittest.TestCase):
@@ -12,6 +13,12 @@ def test_valid_default_days_only(self):
1213
"""Test valid cooldown with just default-days"""
1314
validate_cooldown_config({"default-days": 3})
1415

16+
def test_valid_ruamel_commented_map(self):
17+
"""Test that ruamel.yaml CommentedMap is accepted as a valid mapping"""
18+
yaml = YAML()
19+
cooldown = yaml.load(b"default-days: 5\nsemver-major-days: 14\n")
20+
validate_cooldown_config(cooldown)
21+
1522
def test_valid_all_days(self):
1623
"""Test valid cooldown with all day parameters"""
1724
validate_cooldown_config(

test_dependabot_file.py

Lines changed: 7 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -160,26 +160,20 @@ def test_build_dependabot_file_with_weird_space_indent_existing_config_bundler_w
160160
def test_build_dependabot_file_with_incorrect_indentation_in_extra_dependabot_config_file(
161161
self,
162162
):
163-
"""Test incorrect indentation on extra_dependabot_config"""
164-
repo = MagicMock()
165-
repo.file_contents.side_effect = lambda f, filename="Gemfile": f == filename
166-
167-
# expected_result maintains existing ecosystem with custom configuration
168-
# and adds new ecosystem
169-
extra_dependabot_config = MagicMock()
170-
extra_dependabot_config.content = base64.b64encode(b"""
163+
"""Test incorrect indentation on extra_dependabot_config is caught during YAML loading"""
164+
# In production, extra_dependabot_config is loaded from a file via
165+
# ruamel.yaml in evergreen.py before being passed to build_dependabot_file.
166+
# Verify that malformed YAML raises an error at the loading stage.
167+
yaml_loader = ruamel.yaml.YAML()
168+
with self.assertRaises(ruamel.yaml.YAMLError):
169+
yaml_loader.load(b"""
171170
npm:
172171
type: 'npm'
173172
url: 'https://yourprivateregistry/npm/'
174173
username: '${{secrets.username}}'
175174
password: '${{secrets.password}}'
176175
""")
177176

178-
with self.assertRaises(ruamel.yaml.YAMLError):
179-
build_dependabot_file(
180-
repo, False, [], {}, None, "weekly", "", [], extra_dependabot_config
181-
)
182-
183177
@patch.dict(os.environ, {"DEPENDABOT_CONFIG_FILE": "dependabot-config.yaml"})
184178
def test_build_dependabot_file_with_extra_dependabot_config_file(self):
185179
"""Test that the dependabot.yaml file is built correctly with extra configurations from extra_dependabot_config"""

0 commit comments

Comments
 (0)