Merge pull request #14439 from dependabot/brrygrdn/dg-9769-use-manifest-directory

brrygrdn · web-flow · commit aebed6bf8242 · 2026-03-13T20:03:55.000Z
Avoid sheering off directories by using manifest_file.directory
diff --git a/updater/lib/github_api/dependency_submission.rb b/updater/lib/github_api/dependency_submission.rb
@@ -190,13 +190,13 @@ def manifests
 
     # Returns a synopsis of the scan performed in the format `ecosystem::manifest_path`, e.g.
     # - `golang::/`
-    # - `rubygems::rails_app/`
+    # - `rubygems::/rails_app/`
     #
     sig do
       returns(String)
     end
     def scanned_manifest_path
-      "#{GithubApi::EcosystemMapper.ecosystem_for(package_manager)}::#{File.dirname(manifest_file.path)}"
+      "#{GithubApi::EcosystemMapper.ecosystem_for(package_manager)}::#{manifest_file.directory}"
     end
   end
 end
diff --git a/updater/spec/dependabot/update_graph_processor_spec.rb b/updater/spec/dependabot/update_graph_processor_spec.rb
@@ -419,7 +419,7 @@
           # We should have metadata indicating a successful snapshot
           expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::SUCCESS.serialize)
           expect(payload[:metadata][:reason]).to be_nil
-          expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/subproject")
+          expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/subproject/")
         end
       end
     end
@@ -566,6 +566,32 @@
     end
   end
 
+  context "with non-existent dependency files in a subpath" do
+    let(:directories) { [directory] }
+    let(:directory) { "/subproject/" }
+    let(:repo_contents_path) { build_tmp_repo("bundler/original", path: "") }
+
+    let(:dependency_files) do
+      []
+    end
+
+    it "generates an empty snapshot with metadata" do
+      expect(service).to receive(:create_dependency_submission) do |args|
+        payload = args[:dependency_submission].payload
+
+        expect(payload[:job][:correlator]).to eq("dependabot-bundler-subproject")
+        expect(payload[:manifests]).to be_empty
+
+        # It should contain the expected metadata
+        expect(payload[:metadata][:status]).to eq(GithubApi::DependencySubmission::SnapshotStatus::SKIPPED.serialize)
+        expect(payload[:metadata][:reason]).to eq(GithubApi::DependencySubmission::EMPTY_REASON_NO_MANIFESTS)
+        expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/subproject/")
+      end
+
+      update_graph_processor.run
+    end
+  end
+
   describe "job validation" do
     let(:dependency_files) do
       [
