Use the local build sources directory (when available) to avoid depen…

…dabot cloning the repo multiple times (#1382) * Add more dependabot-cli options * Use cached local repository if available; prevents Dependabot process needing to clone source code if we already have it * Tidy up
tinglesoftware · Oct 14, 2024 · 446cfde · 446cfde
1 parent 9c91ef0
commit 446cfde
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/extension/tasks/dependabotV2/index.ts b/extension/tasks/dependabotV2/index.ts
@@ -62,11 +62,15 @@ async function run() {
     );
 
     const dependabotUpdaterOptions = {
+      sourceProvider: 'azure',
+      sourceLocalPath: taskInputs.repositorySourcePath,
       azureDevOpsAccessToken: taskInputs.systemAccessToken,
       gitHubAccessToken: taskInputs.githubAccessToken,
       collectorImage: undefined, // TODO: Add config for this?
+      collectorConfigPath: undefined, // TODO: Add config for this?
       proxyImage: undefined, // TODO: Add config for this?
       updaterImage: undefined, // TODO: Add config for this?
+      timeoutDuration: undefined, // TODO: Add config for this?
       flamegraph: taskInputs.debug,
     };
 

diff --git a/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotCli.ts b/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotCli.ts
@@ -39,11 +39,15 @@ export class DependabotCli {
   public async update(
     operation: IDependabotUpdateOperation,
     options?: {
+      sourceProvider?: string;
+      sourceLocalPath?: string;
       azureDevOpsAccessToken?: string;
       gitHubAccessToken?: string;
       collectorImage?: string;
+      collectorConfigPath?: string;
       proxyImage?: string;
       updaterImage?: string;
+      timeoutDurationMinutes?: number;
       flamegraph?: boolean;
     },
   ): Promise<IDependabotUpdateOperationResult[] | undefined> {
@@ -64,15 +68,27 @@ export class DependabotCli {
     // See: https://github.com/dependabot/cli/blob/main/cmd/dependabot/internal/cmd/root.go
     //      https://github.com/dependabot/cli/blob/main/cmd/dependabot/internal/cmd/update.go
     let dependabotArguments = ['update', '--file', jobInputPath, '--output', jobOutputPath];
+    if (options?.sourceProvider) {
+      dependabotArguments.push('--provider', options.sourceProvider);
+    }
+    if (options?.sourceLocalPath && fs.existsSync(options.sourceLocalPath)) {
+      dependabotArguments.push('--local', options.sourceLocalPath);
+    }
     if (options?.collectorImage) {
       dependabotArguments.push('--collector-image', options.collectorImage);
     }
+    if (options?.collectorConfigPath && fs.existsSync(options.collectorConfigPath)) {
+      dependabotArguments.push('--collector-config', options.collectorConfigPath);
+    }
     if (options?.proxyImage) {
       dependabotArguments.push('--proxy-image', options.proxyImage);
     }
     if (options?.updaterImage) {
       dependabotArguments.push('--updater-image', options.updaterImage);
     }
+    if (options?.timeoutDurationMinutes) {
+      dependabotArguments.push('--timeout', `${options.timeoutDurationMinutes}m`);
+    }
     if (options?.flamegraph) {
       dependabotArguments.push('--flamegraph');
     }

diff --git a/extension/tasks/dependabotV2/utils/getSharedVariables.ts b/extension/tasks/dependabotV2/utils/getSharedVariables.ts
@@ -27,6 +27,8 @@ export interface ISharedVariables {
   repository: string;
   /** Whether the repository was overridden via input */
   repositoryOverridden: boolean;
+  /** Path to the local repository source. When specified, Dependabot will use this local repo rather than cloning it from the remote repo again */
+  repositorySourcePath?: string;
 
   /** Organisation API endpoint URL */
   apiEndpointUrl: string;
@@ -98,6 +100,10 @@ export default function getSharedVariables(): ISharedVariables {
   }
   repository = encodeURI(repository); // encode special characters like spaces
 
+  // If the repository name is NOT overridden, then use the already cloned repository source directory
+  // for the dependabot update operation. This will save time and bandwidth as we don't have to clone the repository again.
+  let repositorySourcePath = repositoryOverridden ? undefined : tl.getVariable('Build.SourcesDirectory');
+
   const virtualDirectorySuffix = virtualDirectory?.length > 0 ? `${virtualDirectory}/` : '';
   let apiEndpointUrl = `${protocol}://${hostname}:${port}/${virtualDirectorySuffix}`;
 
@@ -155,6 +161,7 @@ export default function getSharedVariables(): ISharedVariables {
     project,
     repository,
     repositoryOverridden,
+    repositorySourcePath,
 
     apiEndpointUrl,