Switch to using a string representation

brrygrdn · brrygrdn · commit 7af435d095fc · 2026-03-11T17:43:08.000Z
diff --git a/updater/lib/github_api/dependency_submission.rb b/updater/lib/github_api/dependency_submission.rb
@@ -108,10 +108,17 @@ def payload
           url: SNAPSHOT_DETECTOR_URL
         },
         manifests: manifests,
+        # TODO: Move use of metadata to a Dependabot-specific object
+        #
+        # We are using the existing job metadata as a bag-of-values for error handling
+        # and job tracking that is specific to Dependabot-created submissions.
+        #
+        # In future, we should extend the public API schema with a validated object to
+        # harden this contract.
         metadata: {
           status: status.serialize,
           reason: reason,
-          scanned_manifest_paths: scanned_manifest_paths
+          scanned_manifest_path: scanned_manifest_path
         }.compact
       }
     end
@@ -181,23 +188,15 @@ def manifests
       }
     end
 
-    # Returns the manifest paths this snapshot scanned.
+    # Returns a synopsis of the scan performed in the format `ecosystem::manifest_path`, e.g.
+    # - `golang::/`
+    # - `rubygems::rails_app/`
     #
-    # This allows the snapshot service to check the snapshot against those requested
-    # even if the `manifests` property is empty.
-    #
-    # Note: We currently submit each manifest path separately, but we use an array
-    #       to align with the `manifests` property and allow flexibility in future.
     sig do
-      returns(T::Array[T::Hash[Symbol, String]])
+      returns(String)
     end
-    def scanned_manifest_paths
-      [
-        {
-          ecosystem: GithubApi::EcosystemMapper.ecosystem_for(package_manager),
-          manifest_path: File.dirname(manifest_file.path)
-        }
-      ]
+    def scanned_manifest_path
+      "#{GithubApi::EcosystemMapper.ecosystem_for(package_manager)}::#{File.dirname(manifest_file.path)}"
     end
   end
 end
diff --git a/updater/spec/dependabot/update_graph_processor_spec.rb b/updater/spec/dependabot/update_graph_processor_spec.rb
@@ -388,7 +388,7 @@
           # It should contain the expected metadata
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::FAILED.serialize)
           expect(payload[:metadata][:reason]).to eql("dependency_file_not_evaluatable")
-          expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
+          expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/")
         end
 
         it "correctly snapshots the second directory" do
@@ -419,10 +419,7 @@
           # We should have metadata indicating a successful snapshot
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::SUCCESS.serialize)
           expect(payload[:metadata][:reason]).to be_nil
-          expect(payload[:metadata][:scanned_manifest_paths]).to eql(
-            [{ ecosystem: "rubygems",
-               manifest_path: "/subproject" }]
-          )
+          expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/subproject")
         end
       end
     end
@@ -562,7 +559,7 @@
         # It should contain the expected metadata
         expect(payload[:metadata][:status]).to eq(GithubApi::DependencySubmission::SnapshotStatus::SKIPPED.serialize)
         expect(payload[:metadata][:reason]).to eq(GithubApi::DependencySubmission::EMPTY_REASON_NO_MANIFESTS)
-        expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
+        expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/")
       end
 
       update_graph_processor.run
@@ -671,7 +668,7 @@ def fetch_subdependencies(_dependency)
           # We should have metadata indicating a successful snapshot
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::DEGRADED.serialize)
           expect(payload[:metadata][:reason]).to eql(GithubApi::DependencySubmission::DEGRADED_REASON_SUBDEPENDENCY_ERR)
-          expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
+          expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/")
         end
 
         expect(service).to receive(:record_update_job_warning) do |args|
diff --git a/updater/spec/github_api/dependency_submission_spec.rb b/updater/spec/github_api/dependency_submission_spec.rb
@@ -115,7 +115,7 @@
       # Check dependabot-specific metadata keys
       expect(payload[:metadata][:status]).to eql("ok")
       expect(payload[:metadata][:reason]).to be_nil
-      expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
+      expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/")
     end
 
     it "affixes to use the updater sha if available" do
