support URL in dependabot update repo argument (#490)

jakecoffman · web-flow · commit 503d98b259c7 · 2025-08-06T17:01:12.000Z
diff --git a/cmd/dependabot/internal/cmd/update.go b/cmd/dependabot/internal/cmd/update.go
@@ -6,18 +6,19 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"log"
-	"net"
-	"net/url"
-	"os"
-
 	"github.com/MakeNowJust/heredoc"
 	"github.com/dependabot/cli/internal/infra"
 	"github.com/dependabot/cli/internal/model"
 	"github.com/dependabot/cli/internal/server"
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v3"
+	"io"
+	"log"
+	"net"
+	"net/url"
+	"os"
+	"regexp"
+	"strings"
 )
 
 var updateCmd = NewUpdateCommand()
@@ -55,6 +56,8 @@ func NewUpdateCommand() *cobra.Command {
 		Short: "Perform an update job",
 		Example: heredoc.Doc(`
 		    $ dependabot update go_modules dependabot/cli
+		    $ dependabot update go_modules git@github.com:dependabot/cli.git
+		    $ dependabot update go_modules https://github.com/dependabot/cli.git
 		    $ dependabot update -f input.yml
 	    `),
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -208,6 +211,34 @@ func readArguments(cmd *cobra.Command, flags *UpdateFlags) (*model.Input, error)
 		return nil, errors.New("requires a repo argument")
 	}
 
+	var hostname, apiEndpoint string
+	// if the repo is a git URL, extract the hostname
+	// accepts org/repo, git@host:org/repo.git, and https://host/org/repo.git
+	if u, err := url.Parse(repo); err == nil {
+		hostname = u.Hostname()
+		apiEndpoint = fmt.Sprintf("%s://%s/api/v3", u.Scheme, hostname)
+		repo = u.Path
+	} else {
+		// at this point, it may be org/repo or username@host:org/repo.git
+		re := regexp.MustCompile(`^(?:(?:[a-zA-Z0-9._%+-]+@|https?://)?([^:/]+):)?([^/]+)/([^/]+)(?:\.git)?$`)
+		matches := re.FindStringSubmatch(repo)
+		if len(matches) < 4 {
+			return nil, fmt.Errorf("invalid repo format: %s", repo)
+		}
+		if matches[1] != "" {
+			hostname = matches[1]
+			apiEndpoint = fmt.Sprintf("https://%s/api/v3", hostname)
+		}
+		repo = fmt.Sprintf("%s/%s", matches[2], matches[3])
+	}
+	repo = strings.TrimPrefix(strings.TrimSuffix(repo, ".git"), "/")
+	if hostname == "" {
+		hostname = "github.com"
+		apiEndpoint = "https://api.github.com"
+	}
+
+	log.Println("Using hostname:", hostname, "api endpoint:", apiEndpoint)
+
 	allowed := []model.Allowed{{UpdateType: "all"}}
 	if len(flags.dependencies) > 0 {
 		allowed = allowed[:0]
@@ -238,8 +269,8 @@ func readArguments(cmd *cobra.Command, flags *UpdateFlags) (*model.Input, error)
 				Directory:   flags.directory,
 				Commit:      flags.commit,
 				Branch:      flags.branch,
-				Hostname:    nil,
-				APIEndpoint: nil,
+				Hostname:    &hostname,
+				APIEndpoint: &apiEndpoint,
 			},
 			UpdateSubdependencies: false,
 			UpdatingAPullRequest:  false,
@@ -315,17 +346,21 @@ func processInput(input *model.Input, flags *UpdateFlags) {
 
 	if hasLocalToken && !isGitSourceInCreds {
 		log.Println("Inserting $LOCAL_GITHUB_ACCESS_TOKEN into credentials")
+		host := "github.com"
+		if input.Job.Source.Hostname != nil && *input.Job.Source.Hostname != "" {
+			host = *input.Job.Source.Hostname
+		}
 		input.Credentials = append(input.Credentials, model.Credential{
 			"type":     "git_source",
-			"host":     "github.com",
+			"host":     host,
 			"username": "x-access-token",
 			"password": "$LOCAL_GITHUB_ACCESS_TOKEN",
 		})
 		if len(input.Job.CredentialsMetadata) > 0 {
 			// Add the metadata since the next section will be skipped.
 			input.Job.CredentialsMetadata = append(input.Job.CredentialsMetadata, map[string]any{
 				"type": "git_source",
-				"host": "github.com",
+				"host": host,
 			})
 		}
 	}
diff --git a/cmd/dependabot/internal/cmd/update_test.go b/cmd/dependabot/internal/cmd/update_test.go
@@ -63,6 +63,33 @@ func Test_processInput(t *testing.T) {
 		}
 	})
 
+	t.Run("adds git_source to credentials with specific hostname when local token is present", func(t *testing.T) {
+		var input model.Input
+		os.Setenv("LOCAL_GITHUB_ACCESS_TOKEN", "token")
+		host := "github.example.com"
+		input.Job.Source.Hostname = &host
+
+		processInput(&input, nil)
+
+		if len(input.Credentials) != 1 {
+			t.Fatal("expected credentials to be added")
+		}
+		if !reflect.DeepEqual(input.Credentials[0], model.Credential{
+			"type":     "git_source",
+			"host":     host,
+			"username": "x-access-token",
+			"password": "$LOCAL_GITHUB_ACCESS_TOKEN",
+		}) {
+			t.Error("expected credentials to be added")
+		}
+		if !reflect.DeepEqual(input.Job.CredentialsMetadata[0], model.Credential{
+			"type": "git_source",
+			"host": host,
+		}) {
+			t.Error("expected credentials metadata to be added")
+		}
+	})
+
 	t.Run("adds metadata when credentials are provided", func(t *testing.T) {
 		var input model.Input
 		input.Credentials = []model.Credential{
@@ -200,6 +227,53 @@ func Test_extractInput(t *testing.T) {
 		if input.Job.PackageManager != "go_modules" {
 			t.Errorf("expected package manager to be go_modules, got %s", input.Job.PackageManager)
 		}
+		if input.Job.Source.Repo != "dependabot/cli" {
+			t.Errorf("expected repo to be dependabot/cli, got %s", input.Job.Source.Repo)
+		}
+	})
+	t.Run("test arguments with https URL", func(t *testing.T) {
+		cmd := NewUpdateCommand()
+		if err := cmd.ParseFlags([]string{"go_modules", "https://example.com/org/repo.git"}); err != nil {
+			t.Fatal(err)
+		}
+		input, err := extractInput(cmd, &UpdateFlags{})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if input.Job.PackageManager != "go_modules" {
+			t.Errorf("expected package manager to be go_modules, got %s", input.Job.PackageManager)
+		}
+		if input.Job.Source.Repo != "org/repo" {
+			t.Errorf("expected repo to be dependabot/cli, got %s", input.Job.Source.Repo)
+		}
+		if *input.Job.Source.Hostname != "example.com" {
+			t.Errorf("expected hostname to be example.com, got %s", *input.Job.Source.Hostname)
+		}
+		if *input.Job.Source.APIEndpoint != "https://example.com/api/v3" {
+			t.Errorf("unexpected API Endpoint %s", *input.Job.Source.APIEndpoint)
+		}
+	})
+	t.Run("test arguments with git ssh", func(t *testing.T) {
+		cmd := NewUpdateCommand()
+		if err := cmd.ParseFlags([]string{"go_modules", "user@example.com:org/repo.git"}); err != nil {
+			t.Fatal(err)
+		}
+		input, err := extractInput(cmd, &UpdateFlags{})
+		if err != nil {
+			t.Fatal(err)
+		}
+		if input.Job.PackageManager != "go_modules" {
+			t.Errorf("expected package manager to be go_modules, got %s", input.Job.PackageManager)
+		}
+		if input.Job.Source.Repo != "org/repo" {
+			t.Errorf("expected repo to be dependabot/cli, got %s", input.Job.Source.Repo)
+		}
+		if *input.Job.Source.Hostname != "example.com" {
+			t.Errorf("expected hostname to be example.com, got %s", *input.Job.Source.Hostname)
+		}
+		if *input.Job.Source.APIEndpoint != "https://example.com/api/v3" {
+			t.Errorf("unexpected API Endpoint %s", *input.Job.Source.APIEndpoint)
+		}
 	})
 	t.Run("test file", func(t *testing.T) {
 		cmd := NewUpdateCommand()
