diff --git a/common/lib/dependabot/git_commit_checker.rb b/common/lib/dependabot/git_commit_checker.rb index 3ccfbd21093..bc62cfb459a 100644 --- a/common/lib/dependabot/git_commit_checker.rb +++ b/common/lib/dependabot/git_commit_checker.rb @@ -49,8 +49,14 @@ def pinned? return true if branch return true if dependency.version&.start_with?(ref) - # Check the specified `ref` isn't actually a branch - !local_upload_pack.match?(%r{ refs/heads/#{ref}$}) + # If the specified `ref` is actually a tag, we're pinned + return true if local_upload_pack.match?(%r{ refs/tags/#{ref}$}) + + # If the specified `ref` is actually a branch, we're NOT pinned + return false if local_upload_pack.match?(%r{ refs/heads/#{ref}$}) + + # Otherwise, assume we're pinned + true end def pinned_ref_looks_like_version? diff --git a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb index b5bce5c61c8..34d4b1d8c3d 100644 --- a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb +++ b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb @@ -243,6 +243,12 @@ end end + context "and the latest version being also a branch" do + let(:upload_pack_fixture) { "msbuild" } + + it { is_expected.to eq(Dependabot::GithubActions::Version.new("1.1.3")) } + end + context "that is a major-only tag of the the latest version" do let(:reference) { "v1" } it { is_expected.to eq(Dependabot::GithubActions::Version.new("v1")) } diff --git a/github_actions/spec/fixtures/git/upload_packs/msbuild b/github_actions/spec/fixtures/git/upload_packs/msbuild new file mode 100644 index 00000000000..34d7efaf780 --- /dev/null +++ b/github_actions/spec/fixtures/git/upload_packs/msbuild @@ -0,0 +1,68 @@ +001e# service=git-upload-pack +000001560b44c6745b7e81956596964100aadb92d667c497 HEAD multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/master filter object-format=sha1 agent=git/github-gcaaf1c4b6630 +005b0fc2502ca49f277016260bdd89c70e0c16a7cf4e refs/heads/dependabot/npm_and_yarn/ajv-6.12.6 +006db7835cef05cc81bdb8c67ea14346cdcd7c89fd81 refs/heads/dependabot/npm_and_yarn/json-schema-and-jsprim-0.4.0 +005b1d97ad85a9755ff291da008c63fe2b08238535e5 refs/heads/dependabot/npm_and_yarn/tmpl-1.0.5 +003c6a8fedefe94395d1c2193b87c6d83224d6e87569 refs/heads/dev +003f0b44c6745b7e81956596964100aadb92d667c497 refs/heads/master +003ffc16ae6170877cd889e5d735ea9d41c2362078b2 refs/heads/v1.0.0 +003f8dc49dbd173d2e84b142c0b65eef06ad36ccc82c refs/heads/v1.0.1 +003fc26a08ba26249b81327e26f6ef381897b6a8754d refs/heads/v1.0.2 +003f9546707e6b8f513d3a2af998e51e3b995c9fbe81 refs/heads/v1.0.3 +003fab534842b4bdf384b8aaf93765dc6f721d9f5fab refs/heads/v1.1.0 +003fb381dbabab030b2d16c2c87be6e0fdfadb75628a refs/heads/v1.1.1 +003fd6496d378fd258c01b23231ffff1e73808f126e7 refs/heads/v1.1.2 +003f34cfbaee7f672c76950673338facd8a73f637506 refs/heads/v1.1.3 +003e2008f912f56e61277eefaac6d1888b750582aa16 refs/pull/1/head +003f93e160075a116879b0927816549540701146b3e5 refs/pull/11/head +003fc4f3bee2c44d35fbdd918d508c6bca44132fad82 refs/pull/12/head +003fc9ef9479351644e79a048f53964bbd9d357ead05 refs/pull/14/head +003f9c9a1a34a4c6a9f36400e23e479b9c33ec98a4bb refs/pull/15/head +003ff05df80b32f8b835cfbd3b002f3bb3f59f9a4d43 refs/pull/16/head +003f341cfb53e30b7748ba6bfdf007e641462556042a refs/pull/17/head +003f0d4f73260bc92ffdfd6052dd962cc5ccb954575b refs/pull/19/head +003f06c9a7f31c273c6a22e43aa4e92c2a185a4d9dee refs/pull/21/head +003fe82103acef14ac8c7dd76d6997a4ba7cfda1bcfc refs/pull/22/head +004028d2c305055d6141bd15ff04523719117a574a48 refs/pull/22/merge +003f0b5643901b0999aee1e981a4ae1c8bbf7e90484d refs/pull/23/head +003fa0858ffef3d2e5dd0a5d785f4875c4b6285add75 refs/pull/25/head +003fcbeaa72a9f112eb29acac0430556277b10e00a49 refs/pull/31/head +003f4813f144a2145028fee526004a6b6aac0c2d80a5 refs/pull/37/head +003f1c5a706e2695e453c6919dd43f598dbd445b73d6 refs/pull/39/head +003ff00648bcdcfd5713fb8347b4f927ad51fbafc8c7 refs/pull/40/head +003f7626c90a395f6403e9bf21ea09cd14ef7f000931 refs/pull/46/head +003fbabd7930ed54e6f5cb5f9ee592b6031216cb4255 refs/pull/51/head +003f9afe006fef5dd1c8b6ab1eae71caec99bb2f7e5c refs/pull/52/head +003f047d9a067883f2e2ea6cd9a08bbc2b2d6bbeddb5 refs/pull/53/head +003f455ec54ae7025c970e5fc4dc9a14283e7298883f refs/pull/56/head +003f412f2703681bd1e2107f511ab857c92252afb803 refs/pull/57/head +003e43cd4ebaecd8cd9bf7c95fc18edbdba1252d7482 refs/pull/6/head +003f9546707e6b8f513d3a2af998e51e3b995c9fbe81 refs/pull/60/head +003f2cbcfcb79598175f7aebe742012225f5a8657d31 refs/pull/61/head +003f1d97ad85a9755ff291da008c63fe2b08238535e5 refs/pull/62/head +00402667aad3e9773cef990d798a6286b44fd72b17f4 refs/pull/62/merge +003f84e0d709b2c782782b075c1f5a7173b76b6115b2 refs/pull/65/head +003f281b95dea87d381cd268f481dc51b7ef5da8fa04 refs/pull/66/head +0040cd91c225762ecb1e922c2b7474c80b35be65019c refs/pull/66/merge +003fce3de01b52669a228622f9e280b9f068c7cf4163 refs/pull/68/head +003f0fc2502ca49f277016260bdd89c70e0c16a7cf4e refs/pull/75/head +00402f7844feb6aa4bf20998c09b4b94ba3b261d970a refs/pull/75/merge +003f7a1ab92e6cf81d5a6b4797ad4c4dd0cfcb428e80 refs/pull/87/head +003f50f8578df565ecf193e9bbbf6acd76c66b34d92e refs/pull/89/head +003e70efaa8b2d06055da6239191f0ae35144119b4c5 refs/pull/9/head +003fd6496d378fd258c01b23231ffff1e73808f126e7 refs/pull/90/head +003fb7835cef05cc81bdb8c67ea14346cdcd7c89fd81 refs/pull/91/head +00408199e0cbd1e75594a89361cf458ee38b093fa95a refs/pull/91/merge +003f71b0754fb20d8beb7590e2cd1a91a12bbda4324f refs/pull/92/head +003f34cfbaee7f672c76950673338facd8a73f637506 refs/pull/94/head +003a127f7c3fc66419bb77fc6703c497db0e1e3e8c74 refs/tags/v1 +003d34cfbaee7f672c76950673338facd8a73f637506 refs/tags/v1^{} +003e8dc49dbd173d2e84b142c0b65eef06ad36ccc82c refs/tags/v1.0.1 +003ec26a08ba26249b81327e26f6ef381897b6a8754d refs/tags/v1.0.2 +003e9546707e6b8f513d3a2af998e51e3b995c9fbe81 refs/tags/v1.0.3 +003c4ec49e314e52344e4b6e3aba15a3c519f7129419 refs/tags/v1.1 +003f34cfbaee7f672c76950673338facd8a73f637506 refs/tags/v1.1^{} +003ed6496d378fd258c01b23231ffff1e73808f126e7 refs/tags/v1.1.2 +003e905a7b699b34b9b34158ec6b839167581ce1db62 refs/tags/v1.1.3 +004134cfbaee7f672c76950673338facd8a73f637506 refs/tags/v1.1.3^{} +0000