diff --git a/Dockerfile b/Dockerfile index 2910a59109..74d6d84614 100644 --- a/Dockerfile +++ b/Dockerfile @@ -138,8 +138,8 @@ RUN add-apt-repository ppa:ondrej/php \ ### GO # Install Go and dep -ARG GOLANG_VERSION=1.15.7 -ARG GOLANG_CHECKSUM=0d142143794721bb63ce6c8a6180c4062bcf8ef4715e7d6d6609f3a8282629b3 +ARG GOLANG_VERSION=1.16.2 +ARG GOLANG_CHECKSUM=542e936b19542e62679766194364f45141fde55169db2d8d01046555ca9eb4b8 RUN curl --http1.1 -o go.tar.gz https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz \ && echo "$GOLANG_CHECKSUM go.tar.gz" | sha256sum -c - \ && tar -xzf go.tar.gz -C /opt \ diff --git a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb index eba3fca01e..02d09b4818 100644 --- a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb +++ b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb @@ -15,16 +15,17 @@ def self.handle(message, credentials:) SharedHelpers.with_git_configured(credentials: credentials) do File.write("go.mod", "module dummy\n") - env = { "GOPRIVATE" => "*" } - _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{mod_path}")) - raise Dependabot::DependencyFileNotResolvable, message if status.success? - mod_split = mod_path.split("/") repo_path = if mod_split.size > 3 mod_split[0..2].join("/") else mod_path end + + env = { "GOPRIVATE" => "*" } + _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go list -m -versions #{repo_path}")) + raise Dependabot::DependencyFileNotResolvable, message if status.success? + raise Dependabot::GitDependenciesNotReachable, [repo_path] end end diff --git a/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb b/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb index 9ff087bad7..f0d1889bdf 100644 --- a/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb +++ b/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb @@ -103,6 +103,13 @@ it { is_expected.to include("go 1.13") } end + context "when a retract directive is present" do + let(:project_name) { "go_retracted" } + + it { is_expected.to include("// reason for retraction") } + it { is_expected.to include("retract v1.0.5") } + end + describe "a dependency who's module path has changed (inc version)" do let(:project_name) { "module_path_and_version_changed" } @@ -229,16 +236,12 @@ # OpenAPIV2 has been renamed to openapiv2 in this version let(:dependency_version) { "v0.5.1" } - # NOTE: We explitly don't want to raise a resolvability error from go mod tidy - it "does not raises a DependencyFileNotResolvable error" do + it "raises a DependencyFileNotResolvable error" do + error_class = Dependabot::DependencyFileNotResolvable expect { updater.updated_go_sum_content }. - to_not raise_error - end - - it "updates the go.mod" do - expect(updater.updated_go_mod_content).to include( - %(github.com/googleapis/gnostic v0.5.1 // indirect\n) - ) + to raise_error(error_class) do |error| + expect(error.message).to include("googleapis/gnostic/OpenAPIv2") + end end end end diff --git a/go_modules/spec/fixtures/projects/go_retracted/go.mod b/go_modules/spec/fixtures/projects/go_retracted/go.mod new file mode 100644 index 0000000000..a7ba418121 --- /dev/null +++ b/go_modules/spec/fixtures/projects/go_retracted/go.mod @@ -0,0 +1,10 @@ +module github.com/dependabot/vgotest + +go 1.16 + +require ( + rsc.io/quote v1.4.0 +) + +// reason for retraction +retract v1.0.5 diff --git a/go_modules/spec/fixtures/projects/go_retracted/main.go b/go_modules/spec/fixtures/projects/go_retracted/main.go new file mode 100644 index 0000000000..1e0952d8ef --- /dev/null +++ b/go_modules/spec/fixtures/projects/go_retracted/main.go @@ -0,0 +1,8 @@ +package main + +import ( + _ "rsc.io/quote" +) + +func main() { +}