lib/bundler/source_list.rb
# frozen_string_literal: true module Bundler class SourceList attr_reader :path_sources, :git_sources, :plugin_sources, :global_rubygems_source, :metadata_source def initialize @path_sources = [] @git_sources = [] @plugin_sources = [] @global_rubygems_source = nil @rubygems_aggregate = rubygems_aggregate_class.new @rubygems_sources = [] @metadata_source = Source::Metadata.new end def add_path_source(options = {}) if options["gemspec"] add_source_to_list Source::Gemspec.new(options), path_sources else add_source_to_list Source::Path.new(options), path_sources end end def add_git_source(options = {}) add_source_to_list(Source::Git.new(options), git_sources).tap do |source| warn_on_git_protocol(source) end end def add_rubygems_source(options = {}) add_source_to_list Source::Rubygems.new(options), @rubygems_sources end def add_plugin_source(source, options = {}) add_source_to_list Plugin.source(source).new(options), @plugin_sources end def global_rubygems_source=(uri) if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri) end add_rubygems_remote(uri) end def add_rubygems_remote(uri) if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? return if Bundler.feature_flag.disable_multisource? raise InvalidOption, "`lockfile_uses_separate_rubygems_sources` cannot be set without `disable_multisource` being set" end @rubygems_aggregate.add_remote(uri) @rubygems_aggregate end def default_source global_rubygems_source || @rubygems_aggregate end def rubygems_sources @rubygems_sources + [default_source] end def rubygems_remotes rubygems_sources.map(&:remotes).flatten.uniq end def all_sources path_sources + git_sources + plugin_sources + rubygems_sources + [metadata_source] end def get(source) source_list_for(source).find {|s| equal_source?(source, s) || equivalent_source?(source, s) } end def lock_sources if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? [[default_source], @rubygems_sources, git_sources, path_sources, plugin_sources].map do |sources| sources.sort_by(&:to_s) end.flatten(1) else lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s) lock_sources << combine_rubygems_sources end end # Returns true if there are changes def replace_sources!(replacement_sources) return true if replacement_sources.empty? [path_sources, git_sources, plugin_sources].each do |source_list| source_list.map! do |source| replacement_sources.find {|s| s == source } || source end end replacement_rubygems = !Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? && replacement_sources.detect {|s| s.is_a?(Source::Rubygems) } @rubygems_aggregate = replacement_rubygems if replacement_rubygems return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources) return true if replacement_rubygems && rubygems_remotes.to_set != replacement_rubygems.remotes.to_set false end def cached! all_sources.each(&:cached!) end def remote! all_sources.each(&:remote!) end def rubygems_primary_remotes @rubygems_aggregate.remotes end private def rubygems_aggregate_class Source::Rubygems end def add_source_to_list(source, list) list.unshift(source).uniq! source end def source_list_for(source) case source when Source::Git then git_sources when Source::Path then path_sources when Source::Rubygems then rubygems_sources when Plugin::API::Source then plugin_sources else raise ArgumentError, "Invalid source: #{source.inspect}" end end def combine_rubygems_sources Source::Rubygems.new("remotes" => rubygems_remotes) end def warn_on_git_protocol(source) return if Bundler.settings["git.allow_insecure"] if source.uri =~ /^git\:/ Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \ "which transmits data without encryption. Disable this warning with " \ "`bundle config git.allow_insecure true`, or switch to the `https` " \ "protocol to keep your data secure." end end def equal_sources?(lock_sources, replacement_sources) lock_sources.to_set == replacement_sources.to_set end def equal_source?(source, other_source) source == other_source end def equivalent_source?(source, other_source) return false unless Bundler.settings[:allow_deployment_source_credential_changes] && source.is_a?(Source::Rubygems) equivalent_rubygems_sources?([source], [other_source]) end def equivalent_sources?(lock_sources, replacement_sources) return false unless Bundler.settings[:allow_deployment_source_credential_changes] lock_rubygems_sources, lock_other_sources = lock_sources.partition {|s| s.is_a?(Source::Rubygems) } replacement_rubygems_sources, replacement_other_sources = replacement_sources.partition {|s| s.is_a?(Source::Rubygems) } equivalent_rubygems_sources?(lock_rubygems_sources, replacement_rubygems_sources) && equal_sources?(lock_other_sources, replacement_other_sources) end def equivalent_rubygems_sources?(lock_sources, replacement_sources) actual_remotes = replacement_sources.map(&:remotes).flatten.uniq lock_sources.all? {|s| s.equivalent_remotes?(actual_remotes) } end end end