Multi-directory support

Author: gmazzo

gradle/lib/dependabot/gradle/file_fetcher.rb

@@ -24,7 +24,7 @@ class FileFetcher < Dependabot::FileFetchers::Base
         T.let(%w(settings.gradle settings.gradle.kts).freeze, T::Array[String])
 
       SUPPORTED_WRAPPER_PROPERTIES_FILE_PATH =
-        %w(/gradle/wrapper/gradle-wrapper.properties).freeze
+        %w(gradle/wrapper/gradle-wrapper.properties).freeze
 
       # For now Gradle only supports library .toml files in the main gradle folder
       SUPPORTED_VERSION_CATALOG_FILE_PATH =
@@ -149,8 +149,6 @@ def subproject_buildfiles(root_dir)
 
       sig { params(root_dir: String).returns(T.nilable(DependencyFile)) }
       def wrapper_properties_file(root_dir)
-        return nil unless root_dir == "."
-
         gradle_wrapper_properties_file(root_dir)
       rescue Dependabot::DependencyFileNotFound
         # Wrapper file is optional for Gradle

gradle/lib/dependabot/gradle/update_checker/requirements_updater.rb

@@ -115,27 +115,36 @@ def update_dynamic_requirement(req_string)
 
         sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         def updated_distribution_requirements
-          req_version = T.must(requirements[0])
+          version = T.let(nil, T.nilable(String))
+          distribution_url = T.let(nil, T.nilable(String))
+          checksum = T.let(nil, T.nilable(String))
+          checksum_url = T.let(nil, T.nilable(String))
 
-          requirement = req_version[:requirement]
-          updated_requirement = update_exact_requirement(requirement)
-
-          distribution_url = req_version[:source][:url]
-          updated_distribution_url = distribution_url.gsub(requirement, updated_requirement)
-
-          req_version = req_version.merge(
-            requirement: updated_requirement,
-            source: req_version[:source].merge(url: updated_distribution_url)
-          )
-          return [req_version] unless requirements.size > 1
-
-          req_checksum = T.must(requirements[1])
-          checksum_url, checksum = DistributionsFinder.resolve_checksum(updated_distribution_url)
-          req_checksum = req_checksum.merge(
-            requirement: checksum,
-            source: req_checksum[:source].merge(url: checksum_url)
-          )
-          [req_version, req_checksum]
+          requirements.map do |req|
+            source = req[:source]
+            next req unless source
+
+            case source[:property]
+            when "distributionUrl"
+              if version.nil?
+                requirement = req[:requirement]
+                version = update_exact_requirement(requirement)
+                distribution_url = source[:url].gsub(requirement, version)
+              end
+              req.merge(
+                requirement: version,
+                source: source.merge(url: distribution_url)
+              )
+            when "distributionUrlSha256Sum"
+              checksum_url, checksum = DistributionsFinder.resolve_checksum(T.must(distribution_url)) if checksum.nil?
+              req.merge(
+                requirement: checksum,
+                source: source.merge(url: checksum_url)
+              )
+            else
+              next req
+            end
+          end
         end
 
         sig { override.returns(T::Class[Version]) }

gradle/spec/dependabot/gradle/file_fetcher_spec.rb

@@ -136,6 +136,7 @@ def stub_no_content_request(path)
         before do
           stub_content_request("buildSrc?ref=sha", "contents_java.json")
           stub_content_request("buildSrc/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
+          stub_no_content_request("buildSrc/gradle/wrapper?ref=sha")
           stub_no_content_request("buildSrc/gradle.lockfile?ref=sha")
         end
 
@@ -167,6 +168,7 @@ def stub_no_content_request(path)
             stub_content_request("?ref=sha", "contents_java_with_buildsrc_and_settings.json")
             stub_content_request("settings.gradle?ref=sha", "contents_java_settings_explicit_buildsrc.json")
             stub_content_request("included?ref=sha", "contents_java.json")
+            stub_no_content_request("included/gradle/wrapper?ref=sha")
             stub_content_request("included/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
             stub_no_content_request("included/gradle.lockfile?ref=sha")
           end
@@ -191,6 +193,7 @@ def stub_no_content_request(path)
           stub_content_request("app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("app/gradle.lockfile?ref=sha")
           stub_content_request("included?ref=sha", "contents_java_with_settings.json")
+          stub_no_content_request("included/gradle/wrapper?ref=sha")
           stub_content_request("included/settings.gradle?ref=sha", "contents_java_simple_settings.json")
           stub_content_request("included/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/gradle.lockfile?ref=sha")
@@ -218,12 +221,14 @@ def stub_no_content_request(path)
           stub_content_request("app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("app/gradle.lockfile?ref=sha")
           stub_content_request("included?ref=sha", "contents_java_with_settings.json")
+          stub_no_content_request("included/gradle/wrapper?ref=sha")
           stub_content_request("included/settings.gradle?ref=sha", "contents_java_simple_settings.json")
           stub_content_request("included/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/gradle.lockfile?ref=sha")
           stub_content_request("included/app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/app/gradle.lockfile?ref=sha")
           stub_content_request("included2?ref=sha", "contents_java_with_settings.json")
+          stub_no_content_request("included2/gradle/wrapper?ref=sha")
           stub_content_request("included2/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included2/gradle.lockfile?ref=sha")
           stub_content_request("included2/settings.gradle?ref=sha", "contents_java_simple_settings.json")
@@ -253,22 +258,26 @@ def stub_no_content_request(path)
           stub_content_request("app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("app/gradle.lockfile?ref=sha")
           stub_content_request("included?ref=sha", "contents_java_with_settings.json")
+          stub_no_content_request("included/gradle/wrapper?ref=sha")
           stub_content_request("included/settings.gradle?ref=sha", "contents_java_settings_1_included_build.json")
           stub_content_request("included/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/gradle.lockfile?ref=sha")
           stub_content_request("included/app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/app/gradle.lockfile?ref=sha")
           stub_content_request("included/included?ref=sha", "contents_java_with_settings.json")
+          stub_no_content_request("included/included/gradle/wrapper?ref=sha")
           stub_content_request("included/included/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/included/gradle.lockfile?ref=sha")
           stub_content_request("included/included/settings.gradle?ref=sha",
                                "contents_java_settings_1_included_build.json")
           stub_content_request("included/included/app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/included/app/gradle.lockfile?ref=sha")
           stub_content_request("included/included/included?ref=sha", "contents_java_with_buildsrc.json")
+          stub_no_content_request("included/included/included/gradle/wrapper?ref=sha")
           stub_content_request("included/included/included/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("included/included/included/gradle.lockfile?ref=sha")
           stub_content_request("included/included/included/buildSrc?ref=sha", "contents_java.json")
+          stub_no_content_request("included/included/included/buildSrc/gradle/wrapper?ref=sha")
           stub_content_request("included/included/included/buildSrc/build.gradle?ref=sha",
                                "contents_java_basic_buildfile.json")
         end
@@ -298,6 +307,7 @@ def stub_no_content_request(path)
           stub_content_request("app/build.gradle?ref=sha", "contents_java_basic_buildfile.json")
           stub_no_content_request("app/gradle.lockfile?ref=sha")
           stub_content_request("included?ref=sha", "contents_java.json")
+          stub_no_content_request("included/gradle/wrapper?ref=sha")
           stub_content_request("included/build.gradle?ref=sha", "contents_java_buildfile_with_script_plugins.json")
           stub_no_content_request("included/gradle.lockfile?ref=sha")
           stub_content_request("included/gradle/dependencies.gradle?ref=sha", "contents_java_simple_settings.json")

gradle/spec/dependabot/gradle/file_parser_spec.rb

@@ -818,12 +818,12 @@
     end
 
     describe "wrapper properties file" do
-      shared_examples "wrapper_properties_test" do |version, type, checksum|
+      shared_examples "wrapper_properties_test" do |folder, version, type, checksum|
         describe "gradle #{version}, distribution #{type}" do
           let(:files) do
             [
               Dependabot::DependencyFile.new(
-                name: "gradle/wrapper/gradle-wrapper.properties",
+                name: "#{folder}gradle/wrapper/gradle-wrapper.properties",
                 content: fixture("wrapper_properties_file",
                                  "gradle-wrapper-#{version}-#{type}#{checksum ? '-checksum' : ''}.properties")
               )
@@ -839,7 +839,7 @@
               requirements = [
                 {
                   requirement: version,
-                  file: "gradle/wrapper/gradle-wrapper.properties",
+                  file: "#{folder}gradle/wrapper/gradle-wrapper.properties",
                   groups: [],
                   source: {
                     type: "gradle-distribution",
@@ -851,7 +851,7 @@
               if checksum
                 requirements << {
                   requirement: checksum,
-                  file: "gradle/wrapper/gradle-wrapper.properties",
+                  file: "#{folder}gradle/wrapper/gradle-wrapper.properties",
                   groups: [],
                   source: {
                     type: "gradle-distribution",
@@ -870,11 +870,14 @@
         end
       end
 
-      it_behaves_like "wrapper_properties_test", "8.14.2", "bin", nil
-      it_behaves_like "wrapper_properties_test", "8.14.2", "all", nil
-      it_behaves_like "wrapper_properties_test", "9.0.0", "bin",
+      it_behaves_like "wrapper_properties_test", "/", "8.14.2", "bin", nil
+      it_behaves_like "wrapper_properties_test", "/", "8.14.2", "all", nil
+      it_behaves_like "wrapper_properties_test", "/", "9.0.0", "bin",
                       "8fad3d78296ca518113f3d29016617c7f9367dc005f932bd9d93bf45ba46072b"
-      it_behaves_like "wrapper_properties_test", "9.0.0", "all",
+      it_behaves_like "wrapper_properties_test", "/", "9.0.0", "all",
+                      "f759b8dd5204e2e3fa4ca3e73f452f087153cf81bac9561eeb854229cc2c5365"
+      it_behaves_like "wrapper_properties_test", "/buildSrc/", "8.14.2", "bin", nil
+      it_behaves_like "wrapper_properties_test", "/buildSrc/", "9.0.0", "all",
                       "f759b8dd5204e2e3fa4ca3e73f452f087153cf81bac9561eeb854229cc2c5365"
     end
 

gradle/spec/dependabot/gradle/update_checker/requirements_updater_spec.rb

@@ -226,6 +226,48 @@
           ])
         end
       end
+
+      context "when multiple properties files" do
+        let(:requirements) do
+          [distribution_req, checksum_req, distribution_req.merge(
+            file: "another/gradle/wrapper/gradle-wrapper.properties"
+          )]
+        end
+
+        it "does not update the requirement" do
+          expect(updater.updated_requirements).not_to eq(requirements)
+          expect(updater.updated_requirements).to eq([
+            {
+              requirement: "9.0.0",
+              file: "gradle/wrapper/gradle-wrapper.properties",
+              source: {
+                type: "gradle-distribution",
+                url: "https://services.gradle.org/distributions/gradle-9.0.0-all.zip",
+                property: "distributionUrl"
+              },
+              groups: []
+            }, {
+              requirement: "f759b8dd5204e2e3fa4ca3e73f452f087153cf81bac9561eeb854229cc2c5365",
+              file: "gradle/wrapper/gradle-wrapper.properties",
+              source: {
+                type: "gradle-distribution",
+                url: "https://services.gradle.org/distributions/gradle-9.0.0-all.zip.sha256",
+                property: "distributionUrlSha256Sum"
+              },
+              groups: []
+            }, {
+              requirement: "9.0.0",
+              file: "another/gradle/wrapper/gradle-wrapper.properties",
+              source: {
+                type: "gradle-distribution",
+                url: "https://services.gradle.org/distributions/gradle-9.0.0-all.zip",
+                property: "distributionUrl"
+              },
+              groups: []
+            }
+          ])
+        end
+      end
     end
   end
 end