Conversation
brrygrdn
force-pushed
the
brrygrdn/extract-refresh-security-update-operation
branch
from
8736ceb to
7fc19f2
Compare
brrygrdn
changed the title
brrygrdn
force-pushed
the
brrygrdn/extract-refresh-security-update-operation
branch
from
7fc19f2 to
d5fe1ee
Compare
jakecoffman
reviewed
Apr 21, 2023
updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb
Outdated
Show resolved
Hide resolved
brrygrdn
force-pushed
the
brrygrdn/extract-refresh-security-update-operation
branch
from
d5fe1ee to
cd69bf4
Compare
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follows on from #6866, #6884, #6939, #6961
This branch is the last of four class extractions to peel out the distinct scenarios the Updater actually handles today in clear terms.
Changes
This branch peels out the Updater code required to accept a job which is refreshing a Dependabot PR for a security update using the typical approach of:
The one deviation is that in the initial commit, I've extracted all Security-related helpers into a mixin to encapsulate and avoid duplicating them since they are identical between the "Create" and "Refresh" scenarios. This also affords removing them from the legacy codeline and adding the mixin instead.
For reference, this class is basically a remix of those introduced in #6939 and #6939
What's next
With this PR, every job we run should now be going through one of the four updater classes instead of the
Updater#legacy_runmethod.I intend to create a PR that branches from this to delete that code and mop up any test cases that are falling into implicit cases we don't actually run in the real world, but I plan to ship this to verify that no production jobs are leaking into the legacy code first as that could change the remaining scope as it might mean our analysis has some gaps.