bundler/lib/bundler/source/git/git_proxy.rb
# frozen_string_literal: true
module Bundler
class Source
class Git
class GitNotInstalledError < GitError
def initialize
msg = String.new
msg << "You need to install git to be able to use gems from git repositories. "
msg << "For help installing git, please refer to GitHub's tutorial at https://help.github.com/articles/set-up-git"
super msg
end
end
class GitNotAllowedError < GitError
def initialize(command)
msg = String.new
msg << "Bundler is trying to run `#{command}` at runtime. You probably need to run `bundle install`. However, "
msg << "this error message could probably be more useful. Please submit a ticket at https://github.com/rubygems/rubygems/issues/new?labels=Bundler&template=bundler-related-issue.md "
msg << "with steps to reproduce as well as the following\n\nCALLER: #{caller.join("\n")}"
super msg
end
end
class GitCommandError < GitError
attr_reader :command
def initialize(command, path, extra_info = nil)
@command = command
msg = String.new("Git error: command `#{command}`")
msg << " in directory #{path}" if path
msg << " has failed."
msg << "\n#{extra_info}" if extra_info
super msg
end
end
class MissingGitRevisionError < GitCommandError
def initialize(command, destination_path, ref, repo)
msg = "Revision #{ref} does not exist in the repository #{repo}. Maybe you misspelled it?"
super command, destination_path, msg
end
end
class AmbiguousGitReference < GitError
def initialize(options)
msg = "Specification of branch or ref with tag is ambiguous. You specified #{options.inspect}"
super msg
end
end
# The GitProxy is responsible to interact with git repositories.
# All actions required by the Git source is encapsulated in this
# object.
class GitProxy
attr_accessor :path, :uri, :branch, :tag, :ref, :explicit_ref
attr_writer :revision
def initialize(path, uri, options = {}, revision = nil, git = nil)
@path = path
@uri = uri
@tag = options["tag"]
@branch = options["branch"]
@ref = options["ref"]
if @tag
raise AmbiguousGitReference.new(options) if @branch || @ref
@explicit_ref = @tag
else
@explicit_ref = @ref || @branch
end
@revision = revision
@git = git
@commit_ref = nil
end
def revision
@revision ||= allowed_with_path { find_local_revision }
end
def current_branch
@current_branch ||= with_path do
git_local("rev-parse", "--abbrev-ref", "HEAD", dir: path).strip
end
end
def contains?(commit)
allowed_with_path do
result, status = git_null("branch", "--contains", commit, dir: path)
status.success? && result.match?(/^\* (.*)$/)
end
end
def version
@version ||= full_version.match(/((\.?\d+)+).*/)[1]
end
def full_version
@full_version ||= git_local("--version").sub(/git version\s*/, "").strip
end
def checkout
return if has_revision_cached?
Bundler.ui.info "Fetching #{credential_filtered_uri}"
extra_fetch_needed = clone_needs_extra_fetch?
unshallow_needed = clone_needs_unshallow?
return unless extra_fetch_needed || unshallow_needed
git_remote_fetch(unshallow_needed ? ["--unshallow"] : depth_args)
end
def copy_to(destination, submodules = false)
unless File.exist?(destination.join(".git"))
begin
SharedHelpers.filesystem_access(destination.dirname) do |p|
FileUtils.mkdir_p(p)
end
SharedHelpers.filesystem_access(destination) do |p|
FileUtils.rm_rf(p)
end
git "clone", "--no-checkout", "--quiet", path.to_s, destination.to_s
File.chmod(((File.stat(destination).mode | 0o777) & ~File.umask), destination)
rescue Errno::EEXIST => e
file_path = e.message[%r{.*?((?:[a-zA-Z]:)?/.*)}, 1]
raise GitError, "Bundler could not install a gem because it needs to " \
"create a directory, but a file exists - #{file_path}. Please delete " \
"this file and try again."
end
end
ref = @commit_ref || (locked_to_full_sha? && @revision)
if ref
git "config", "uploadpack.allowAnySHA1InWant", "true", dir: path.to_s if @commit_ref.nil? && needs_allow_any_sha1_in_want?
git "fetch", "--force", "--quiet", *extra_fetch_args(ref), dir: destination
end
git "reset", "--hard", @revision, dir: destination
if submodules
git_retry "submodule", "update", "--init", "--recursive", dir: destination
elsif Gem::Version.create(version) >= Gem::Version.create("2.9.0")
inner_command = "git -C $toplevel submodule deinit --force $sm_path"
git_retry "submodule", "foreach", "--quiet", inner_command, dir: destination
end
end
private
def git_remote_fetch(args)
command = ["fetch", "--force", "--quiet", "--no-tags", *args, "--", configured_uri, refspec].compact
command_with_no_credentials = check_allowed(command)
Bundler::Retry.new("`#{command_with_no_credentials}` at #{path}", [MissingGitRevisionError]).attempts do
out, err, status = capture(command, path)
return out if status.success?
if err.include?("couldn't find remote ref") || err.include?("not our ref")
raise MissingGitRevisionError.new(command_with_no_credentials, path, commit || explicit_ref, credential_filtered_uri)
else
raise GitCommandError.new(command_with_no_credentials, path, err)
end
end
end
def clone_needs_extra_fetch?
return true if path.exist?
SharedHelpers.filesystem_access(path.dirname) do |p|
FileUtils.mkdir_p(p)
end
command = ["clone", "--bare", "--no-hardlinks", "--quiet", *extra_clone_args, "--", configured_uri, path.to_s]
command_with_no_credentials = check_allowed(command)
Bundler::Retry.new("`#{command_with_no_credentials}`", [MissingGitRevisionError]).attempts do
_, err, status = capture(command, nil)
return extra_ref if status.success?
if err.include?("Could not find remote branch")
raise MissingGitRevisionError.new(command_with_no_credentials, nil, explicit_ref, credential_filtered_uri)
else
raise GitCommandError.new(command_with_no_credentials, path, err)
end
end
end
def clone_needs_unshallow?
return false unless path.join("shallow").exist?
return true if full_clone?
@revision && @revision != head_revision
end
def extra_ref
return false if not_pinned?
return true unless full_clone?
ref.start_with?("refs/")
end
def depth
return @depth if defined?(@depth)
@depth = if !supports_fetching_unreachable_refs?
nil
elsif not_pinned? || pinned_to_full_sha?
1
elsif ref.include?("~")
parsed_depth = ref.split("~").last
parsed_depth.to_i + 1
end
end
def refspec
if commit
@commit_ref = "refs/#{commit}-sha"
return "#{commit}:#{@commit_ref}"
end
reference = fully_qualified_ref
reference ||= if ref.include?("~")
ref.split("~").first
elsif ref.start_with?("refs/")
ref
else
"refs/*"
end
"#{reference}:#{reference}"
end
def commit
@commit ||= pinned_to_full_sha? ? ref : @revision
end
def fully_qualified_ref
if branch
"refs/heads/#{branch}"
elsif tag
"refs/tags/#{tag}"
elsif ref.nil?
"refs/heads/#{current_branch}"
end
end
def not_pinned?
branch || tag || ref.nil?
end
def pinned_to_full_sha?
full_sha_revision?(ref)
end
def locked_to_full_sha?
full_sha_revision?(@revision)
end
def full_sha_revision?(ref)
ref&.match?(/\A\h{40}\z/)
end
def git_null(*command, dir: nil)
check_allowed(command)
capture(command, dir, ignore_err: true)
end
def git_retry(*command, dir: nil)
command_with_no_credentials = check_allowed(command)
Bundler::Retry.new("`#{command_with_no_credentials}` at #{dir || SharedHelpers.pwd}").attempts do
git(*command, dir: dir)
end
end
def git(*command, dir: nil)
run_command(*command, dir: dir) do |unredacted_command|
check_allowed(unredacted_command)
end
end
def git_local(*command, dir: nil)
run_command(*command, dir: dir) do |unredacted_command|
redact_and_check_presence(unredacted_command)
end
end
def has_revision_cached?
return unless @revision && path.exist?
git("cat-file", "-e", @revision, dir: path)
true
rescue GitError
false
end
def find_local_revision
return head_revision if explicit_ref.nil?
find_revision_for(explicit_ref)
end
def head_revision
verify("HEAD")
end
def find_revision_for(reference)
verify(reference)
rescue GitCommandError => e
raise MissingGitRevisionError.new(e.command, path, reference, credential_filtered_uri)
end
def verify(reference)
git("rev-parse", "--verify", reference, dir: path).strip
end
# Adds credentials to the URI
def configured_uri
if /https?:/.match?(uri)
remote = Gem::URI(uri)
config_auth = Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
remote.userinfo ||= config_auth
remote.to_s
elsif File.exist?(uri)
"file://#{uri}"
else
uri.to_s
end
end
# Removes credentials from the URI
def credential_filtered_uri
URICredentialsFilter.credential_filtered_uri(uri)
end
def allow?
allowed = @git ? @git.allow_git_ops? : true
raise GitNotInstalledError.new if allowed && !Bundler.git_present?
allowed
end
def with_path(&blk)
checkout unless path.exist?
blk.call
end
def allowed_with_path
return with_path { yield } if allow?
raise GitError, "The git source #{uri} is not yet checked out. Please run `bundle install` before trying to start your application"
end
def check_allowed(command)
command_with_no_credentials = redact_and_check_presence(command)
raise GitNotAllowedError.new(command_with_no_credentials) unless allow?
command_with_no_credentials
end
def redact_and_check_presence(command)
raise GitNotInstalledError.new unless Bundler.git_present?
require "shellwords"
URICredentialsFilter.credential_filtered_string("git #{command.shelljoin}", uri)
end
def run_command(*command, dir: nil)
command_with_no_credentials = yield(command)
out, err, status = capture(command, dir)
raise GitCommandError.new(command_with_no_credentials, dir || SharedHelpers.pwd, err) unless status.success?
Bundler.ui.warn err unless err.empty?
out
end
def capture(cmd, dir, ignore_err: false)
SharedHelpers.with_clean_git_env do
require "open3"
out, err, status = Open3.capture3(*capture3_args_for(cmd, dir))
filtered_out = URICredentialsFilter.credential_filtered_string(out, uri)
return [filtered_out, status] if ignore_err
filtered_err = URICredentialsFilter.credential_filtered_string(err, uri)
[filtered_out, filtered_err, status]
end
end
def capture3_args_for(cmd, dir)
return ["git", *cmd] unless dir
if Bundler.feature_flag.bundler_3_mode? || supports_minus_c?
["git", "-C", dir.to_s, *cmd]
else
["git", *cmd, { chdir: dir.to_s }]
end
end
def extra_clone_args
args = depth_args
return [] if args.empty?
args += ["--single-branch"]
args.unshift("--no-tags") if supports_cloning_with_no_tags?
# If there's a locked revision, no need to clone any specific branch
# or tag, since we will end up checking out that locked revision
# anyways.
return args if @revision
args += ["--branch", branch || tag] if branch || tag
args
end
def depth_args
return [] if full_clone?
["--depth", depth.to_s]
end
def extra_fetch_args(ref)
extra_args = [path.to_s, *depth_args]
extra_args.push(ref)
extra_args
end
def full_clone?
depth.nil?
end
def supports_minus_c?
@supports_minus_c ||= Gem::Version.new(version) >= Gem::Version.new("1.8.5")
end
def needs_allow_any_sha1_in_want?
@needs_allow_any_sha1_in_want ||= Gem::Version.new(version) <= Gem::Version.new("2.13.7")
end
def supports_fetching_unreachable_refs?
@supports_fetching_unreachable_refs ||= Gem::Version.new(version) >= Gem::Version.new("2.5.0")
end
def supports_cloning_with_no_tags?
@supports_cloning_with_no_tags ||= Gem::Version.new(version) >= Gem::Version.new("2.14.0-rc0")
end
end
end
end
end