diff --git a/updater/lib/github_api/dependency_submission.rb b/updater/lib/github_api/dependency_submission.rb index 0be58c43e25..d1ec9b72d8b 100644 --- a/updater/lib/github_api/dependency_submission.rb +++ b/updater/lib/github_api/dependency_submission.rb @@ -108,9 +108,17 @@ def payload url: SNAPSHOT_DETECTOR_URL }, manifests: manifests, + # TODO: Move use of metadata to a Dependabot-specific object + # + # We are using the existing job metadata as a bag-of-values for error handling + # and job tracking that is specific to Dependabot-created submissions. + # + # In future, we should extend the public API schema with a validated object to + # harden this contract. metadata: { status: status.serialize, - reason: reason + reason: reason, + scanned_manifest_path: scanned_manifest_path }.compact } end @@ -179,5 +187,16 @@ def manifests } } end + + # Returns a synopsis of the scan performed in the format `ecosystem::manifest_path`, e.g. + # - `golang::/` + # - `rubygems::rails_app/` + # + sig do + returns(String) + end + def scanned_manifest_path + "#{GithubApi::EcosystemMapper.ecosystem_for(package_manager)}::#{File.dirname(manifest_file.path)}" + end end end diff --git a/updater/spec/dependabot/update_graph_processor_spec.rb b/updater/spec/dependabot/update_graph_processor_spec.rb index fac84de23c4..f1c64469399 100644 --- a/updater/spec/dependabot/update_graph_processor_spec.rb +++ b/updater/spec/dependabot/update_graph_processor_spec.rb @@ -388,6 +388,7 @@ # It should contain the expected metadata expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::FAILED.serialize) expect(payload[:metadata][:reason]).to eql("dependency_file_not_evaluatable") + expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/") end it "correctly snapshots the second directory" do @@ -418,6 +419,7 @@ # We should have metadata indicating a successful snapshot expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::SUCCESS.serialize) expect(payload[:metadata][:reason]).to be_nil + expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/subproject") end end end @@ -557,6 +559,7 @@ # It should contain the expected metadata expect(payload[:metadata][:status]).to eq(GithubApi::DependencySubmission::SnapshotStatus::SKIPPED.serialize) expect(payload[:metadata][:reason]).to eq(GithubApi::DependencySubmission::EMPTY_REASON_NO_MANIFESTS) + expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/") end update_graph_processor.run @@ -665,6 +668,7 @@ def fetch_subdependencies(_dependency) # We should have metadata indicating a successful snapshot expect(payload[:metadata][:status]).to eql(GithubApi::DependencySubmission::SnapshotStatus::DEGRADED.serialize) expect(payload[:metadata][:reason]).to eql(GithubApi::DependencySubmission::DEGRADED_REASON_SUBDEPENDENCY_ERR) + expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/") end expect(service).to receive(:record_update_job_warning) do |args| diff --git a/updater/spec/github_api/dependency_submission_spec.rb b/updater/spec/github_api/dependency_submission_spec.rb index 44ce98772b8..999691af656 100644 --- a/updater/spec/github_api/dependency_submission_spec.rb +++ b/updater/spec/github_api/dependency_submission_spec.rb @@ -111,6 +111,11 @@ expect(payload[:detector][:version]).to eq(Dependabot::VERSION) expect(payload[:job][:correlator]).to eq("dependabot-bundler") expect(payload[:job][:id]).to eq("9999") + + # Check dependabot-specific metadata keys + expect(payload[:metadata][:status]).to eql("ok") + expect(payload[:metadata][:reason]).to be_nil + expect(payload[:metadata][:scanned_manifest_path]).to eql("rubygems::/") end it "affixes to use the updater sha if available" do