Custom dependabot script for locally hosted gitlab server

* Custom build of the dependabot core for dependabot/dependabot-core#1848
* Group packages by package name or all
* Custom message builder

Gemfile

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-source "https://rubygems.org"
+ruby "2.6.6"
+source "http://nuget.pus.local/rubygems/rubygems"
 
+gem "dependabot-omnibus", "~> 0.123.1.pharos.1"
 gem "irb"
-gem "dependabot-omnibus", "~> 0.118.8"

Gemfile.lock

@@ -1,99 +1,104 @@
 GEM
-  remote: https://rubygems.org/
+  remote: http://nuget.pus.local/rubygems/rubygems/
   specs:
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.1)
     aws-eventstream (1.1.0)
-    aws-partitions (1.349.0)
-    aws-sdk-codecommit (1.37.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+    aws-partitions (1.383.0)
+    aws-sdk-codecommit (1.40.0)
+      aws-sdk-core (~> 3, >= 3.109.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.104.3)
+    aws-sdk-core (3.109.1)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-ecr (1.35.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+    aws-sdk-ecr (1.39.0)
+      aws-sdk-core (~> 3, >= 3.109.0)
       aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.2.1)
+    aws-sigv4 (1.2.2)
       aws-eventstream (~> 1, >= 1.0.2)
     citrus (3.0.2)
     commonmarker (0.21.0)
       ruby-enum (~> 0.5)
-    concurrent-ruby (1.1.6)
-    dependabot-bundler (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-cargo (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-common (0.118.8)
+    concurrent-ruby (1.1.7)
+    dependabot-bundler (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-cake (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-cargo (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-common (0.123.1.pharos.1)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
       commonmarker (>= 0.20.1, < 0.22.0)
       docker_registry2 (~> 1.7, >= 1.7.1)
       excon (~> 0.75)
       gitlab (= 4.16.1)
+      inifile (~> 3.0)
       nokogiri (~> 1.8)
       octokit (~> 4.6)
       pandoc-ruby (~> 2.0)
       parseconfig (~> 1.0)
       parser (~> 2.5)
       toml-rb (>= 1.1.2, < 3.0)
-    dependabot-composer (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-dep (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-docker (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-elm (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-git_submodules (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-github_actions (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-go_modules (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-gradle (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-hex (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-maven (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-npm_and_yarn (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-nuget (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-omnibus (0.118.8)
-      dependabot-bundler (= 0.118.8)
-      dependabot-cargo (= 0.118.8)
-      dependabot-common (= 0.118.8)
-      dependabot-composer (= 0.118.8)
-      dependabot-dep (= 0.118.8)
-      dependabot-docker (= 0.118.8)
-      dependabot-elm (= 0.118.8)
-      dependabot-git_submodules (= 0.118.8)
-      dependabot-github_actions (= 0.118.8)
-      dependabot-go_modules (= 0.118.8)
-      dependabot-gradle (= 0.118.8)
-      dependabot-hex (= 0.118.8)
-      dependabot-maven (= 0.118.8)
-      dependabot-npm_and_yarn (= 0.118.8)
-      dependabot-nuget (= 0.118.8)
-      dependabot-python (= 0.118.8)
-      dependabot-terraform (= 0.118.8)
-    dependabot-python (0.118.8)
-      dependabot-common (= 0.118.8)
-    dependabot-terraform (0.118.8)
-      dependabot-common (= 0.118.8)
+    dependabot-composer (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-dep (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-docker (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-elm (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-git_submodules (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-github_actions (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-go_modules (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-gradle (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-hex (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-maven (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-npm_and_yarn (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-nuget (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-omnibus (0.123.1.pharos.1)
+      dependabot-bundler (= 0.123.1.pharos.1)
+      dependabot-cake (= 0.123.1.pharos.1)
+      dependabot-cargo (= 0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+      dependabot-composer (= 0.123.1.pharos.1)
+      dependabot-dep (= 0.123.1.pharos.1)
+      dependabot-docker (= 0.123.1.pharos.1)
+      dependabot-elm (= 0.123.1.pharos.1)
+      dependabot-git_submodules (= 0.123.1.pharos.1)
+      dependabot-github_actions (= 0.123.1.pharos.1)
+      dependabot-go_modules (= 0.123.1.pharos.1)
+      dependabot-gradle (= 0.123.1.pharos.1)
+      dependabot-hex (= 0.123.1.pharos.1)
+      dependabot-maven (= 0.123.1.pharos.1)
+      dependabot-npm_and_yarn (= 0.123.1.pharos.1)
+      dependabot-nuget (= 0.123.1.pharos.1)
+      dependabot-python (= 0.123.1.pharos.1)
+      dependabot-terraform (= 0.123.1.pharos.1)
+    dependabot-python (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
+    dependabot-terraform (0.123.1.pharos.1)
+      dependabot-common (= 0.123.1.pharos.1)
     docker_registry2 (1.9.0)
       rest-client (>= 1.8.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    excon (0.76.0)
-    faraday (1.0.1)
+    excon (0.78.0)
+    faraday (1.1.0)
       multipart-post (>= 1.2, < 3)
+      ruby2_keywords
     gitlab (4.16.1)
       httparty (~> 0.14, >= 0.14.0)
       terminal-table (~> 1.5, >= 1.5.1)
@@ -105,6 +110,7 @@ GEM
       multi_xml (>= 0.5.2)
     i18n (1.8.5)
       concurrent-ruby (~> 1.0)
+    inifile (3.0.0)
     irb (1.2.0)
       reline (>= 0.0.1)
     jmespath (1.4.0)
@@ -122,9 +128,9 @@ GEM
       sawyer (~> 0.8.0, >= 0.5.3)
     pandoc-ruby (2.1.4)
     parseconfig (1.0.8)
-    parser (2.7.1.4)
+    parser (2.7.2.0)
       ast (~> 2.4.1)
-    public_suffix (4.0.5)
+    public_suffix (4.0.6)
     reline (0.0.7)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
@@ -133,6 +139,7 @@ GEM
       netrc (~> 0.8)
     ruby-enum (0.8.0)
       i18n
+    ruby2_keywords (0.0.2)
     sawyer (0.8.2)
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
@@ -149,8 +156,11 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  dependabot-omnibus (~> 0.118.8)
+  dependabot-omnibus (~> 0.123.1.pharos.1)
   irb
 
+RUBY VERSION
+   ruby 2.6.6p146
+
 BUNDLED WITH
    1.17.3

dependabot-config.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+class DependabotConfig
+  def initialize(config)
+    @package_manager = config["package_manager"]
+    @directory = config["directory"]
+    @update_schedule = config["update_schedule"]
+    @target_branch = config["target_branch"]
+
+    @ignored_updates = []
+    unless config["ignored_updates"].nil?
+      @ignored_updates = config["ignored_updates"].map do |ignored_update|
+        IgnoredUpdate.new(ignored_update["match"])
+      end
+    end
+
+    @automerged_updates = []
+    unless config["automerged_updates"].nil?
+      @automerged_updates = config["automerged_updates"].map do |automerged_update|
+        AutomergedUpdate.new(automerged_update["match"])
+      end
+    end
+
+    @group_updates = [GroupUpdate.new({ "dependency_name" => "*" })]
+    unless config["group_updates"].nil?
+      @group_updates = config["group_updates"].map do |group_update|
+        GroupUpdate.new(group_update["match"])
+      end
+    end
+
+    @commit_message = {}
+    unless config["commit_message"].nil?
+      @commit_message = CommitMessage.new(config["commit_message"]).to_h
+    end
+  end
+
+  attr_reader :package_manager
+  attr_reader :directory
+  attr_reader :update_schedule
+  attr_reader :target_branch
+  attr_reader :ignored_updates
+  attr_reader :automerged_updates
+  attr_reader :group_updates
+  attr_reader :commit_message
+
+  class IgnoredUpdate
+    def initialize(config)
+      @dependency_name = config["dependency_name"]
+      @version_requirement = config["version_requirement"]
+    end
+
+    attr_reader :dependency_name
+    attr_reader :version_requirement
+  end
+
+  class AutomergedUpdate
+    def initialize(config)
+      @dependency_name = config["dependency_name"]
+      @dependency_type = config["dependency_type"]
+      @update_type = config["update_type"]
+    end
+
+    attr_reader :dependency_name
+    attr_reader :dependency_type
+    attr_reader :update_type
+  end
+
+  class GroupUpdate
+    def initialize(config)
+      @dependency_name = config["dependency_name"]
+    end
+
+    attr_reader :dependency_name
+  end
+
+  class CommitMessage
+    def initialize(config)
+      @prefix = config["prefix"]
+      @prefix_development = config["prefix_development"]
+      @include_scope = config["include_scope"]
+    end
+
+    attr_reader :prefix
+    attr_reader :prefix_development
+    attr_reader :include_scope
+
+    def to_h
+      {
+        prefix: @prefix,
+        prefix_development: @prefix_development,
+        include_scope: @include_scope
+      }
+    end
+  end
+end