Add scanned_manifests_path metadata to snapshots

Author: brrygrdn

updater/lib/github_api/dependency_submission.rb

@@ -110,7 +110,8 @@ def payload
         manifests: manifests,
         metadata: {
           status: status.serialize,
-          reason: reason
+          reason: reason,
+          scanned_manifest_paths: scanned_manifest_paths
         }.compact
       }
     end
@@ -179,5 +180,24 @@ def manifests
         }
       }
     end
+
+    # Returns the manifest paths this snapshot scanned.
+    #
+    # This allows the snapshot service to check the snapshot against those requested
+    # even if the `manifests` property is empty.
+    #
+    # Note: We currently submit each manifest path separately, but we use an array
+    #       to align with the `manifests` property and allow flexibility in future.
+    sig do
+      returns(T::Array[T::Hash[Symbol, String]])
+    end
+    def scanned_manifest_paths
+      [
+        {
+          ecosystem: GithubApi::EcosystemMapper.ecosystem_for(package_manager),
+          manifest_path: File.dirname(manifest_file.path)
+        }
+      ]
+    end
   end
 end

updater/spec/dependabot/update_graph_processor_spec.rb

@@ -388,6 +388,7 @@
           # It should contain the expected metadata
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::FAILED.serialize)
           expect(payload[:metadata][:reason]).to eql("dependency_file_not_evaluatable")
+          expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
         end
 
         it "correctly snapshots the second directory" do
@@ -418,6 +419,10 @@
           # We should have metadata indicating a successful snapshot
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::SUCCESS.serialize)
           expect(payload[:metadata][:reason]).to be_nil
+          expect(payload[:metadata][:scanned_manifest_paths]).to eql(
+            [{ ecosystem: "rubygems",
+               manifest_path: "/subproject" }]
+          )
         end
       end
     end
@@ -557,6 +562,7 @@
         # It should contain the expected metadata
         expect(payload[:metadata][:status]).to eq(GithubApi::DependencySubmission::SnapshotStatus::SKIPPED.serialize)
         expect(payload[:metadata][:reason]).to eq(GithubApi::DependencySubmission::EMPTY_REASON_NO_MANIFESTS)
+        expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
       end
 
       update_graph_processor.run
@@ -665,6 +671,7 @@ def fetch_subdependencies(_dependency)
           # We should have metadata indicating a successful snapshot
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::DEGRADED.serialize)
           expect(payload[:metadata][:reason]).to eql(GithubApi::DependencySubmission::DEGRADED_REASON_SUBDEPENDENCY_ERR)
+          expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
         end
 
         expect(service).to receive(:record_update_job_warning) do |args|

updater/spec/github_api/dependency_submission_spec.rb

@@ -111,6 +111,11 @@
       expect(payload[:detector][:version]).to eq(Dependabot::VERSION)
       expect(payload[:job][:correlator]).to eq("dependabot-bundler")
       expect(payload[:job][:id]).to eq("9999")
+
+      # Check dependabot-specific metadata keys
+      expect(payload[:metadata][:status]).to eql("ok")
+      expect(payload[:metadata][:reason]).to be_nil
+      expect(payload[:metadata][:scanned_manifest_paths]).to eql([{ ecosystem: "rubygems", manifest_path: "/" }])
     end
 
     it "affixes to use the updater sha if available" do