Add pre-commit additional dependencies support for Dart (#14274)

* add additional dependencies support for Dart

* fix failing specs

Author: AbhishekBhaskar

pre_commit/Dockerfile

@@ -4,12 +4,15 @@
 # These images contain all the native helpers and tools already built
 FROM ghcr.io/dependabot/dependabot-updater-gomod:latest AS go_modules
 FROM ghcr.io/dependabot/dependabot-updater-bundler:latest AS bundler
+FROM ghcr.io/dependabot/dependabot-updater-pub:latest AS pub
 
 # Create an intermediate stage that combines both ecosystems into a single layer
 FROM scratch AS combined-helpers
 COPY --from=go_modules /opt/go /opt/go
 COPY --from=go_modules /opt/go_modules /opt/go_modules
 COPY --from=bundler /opt/bundler /opt/bundler
+COPY --from=pub /opt/dart /opt/dart
+COPY --from=pub /opt/pub /opt/pub
 
 # Final stage - copy all helpers in a single layer from the combined stage
 FROM ghcr.io/dependabot/dependabot-updater-core
@@ -18,11 +21,15 @@ USER root
 
 # Copy all helpers from the combined intermediate stage (single layer)
 COPY --from=combined-helpers --chown=dependabot:dependabot /opt /opt
-ENV PATH=/opt/go/bin:$PATH
+ENV PATH=/opt/go/bin:/opt/dart/dart-sdk/bin:$PATH
 
 ENV DEPENDABOT_NATIVE_HELPERS_PATH="/opt"
 
+# Set up Dart/pub environment
+ENV PUB_CACHE=/opt/dart/pub-cache \
+  PUB_ENVIRONMENT="dependabot"
+
 USER dependabot
 
-COPY --chown=dependabot:dependabot --parents go_modules cargo npm_and_yarn python pre_commit common bundler $DEPENDABOT_HOME/
+COPY --chown=dependabot:dependabot --parents go_modules cargo npm_and_yarn python pre_commit common bundler pub $DEPENDABOT_HOME/
 COPY --chown=dependabot:dependabot updater $DEPENDABOT_HOME/dependabot-updater

pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/dart.rb

@@ -0,0 +1,175 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/dependency"
+require "dependabot/update_checkers"
+require "dependabot/pub/version"
+require "dependabot/pre_commit/additional_dependency_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers/base"
+
+module Dependabot
+  module PreCommit
+    module AdditionalDependencyCheckers
+      class Dart < Base
+        extend T::Sig
+
+        sig { override.returns(T.nilable(String)) }
+        def latest_version
+          return nil unless package_name
+
+          @latest_version ||= T.let(
+            fetch_latest_version_via_pub_checker,
+            T.nilable(String)
+          )
+        end
+
+        sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+        def updated_requirements(latest_version)
+          requirements.map do |original_req|
+            original_source = original_req[:source]
+            next original_req unless original_source.is_a?(Hash)
+            next original_req unless original_source[:type] == "additional_dependency"
+
+            original_requirement = original_req[:requirement]
+            new_requirement = build_updated_requirement(original_requirement, latest_version)
+
+            new_original_string = build_original_string(
+              package_name: original_source[:original_name] || original_source[:package_name],
+              requirement: new_requirement
+            )
+
+            new_source = original_source.merge(original_string: new_original_string)
+
+            original_req.merge(
+              requirement: new_requirement,
+              source: new_source
+            )
+          end
+        end
+
+        private
+
+        sig { returns(T.nilable(String)) }
+        def fetch_latest_version_via_pub_checker
+          pub_checker = pub_update_checker
+          return nil unless pub_checker
+
+          latest = pub_checker.latest_version
+          Dependabot.logger.info("Pub UpdateChecker found latest version: #{latest || 'none'}")
+
+          latest&.to_s
+        rescue Dependabot::DependabotError, Excon::Error => e
+          Dependabot.logger.debug("Error checking Dart package #{package_name}: #{e.message}")
+          nil
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def pub_update_checker
+          @pub_update_checker ||= T.let(
+            build_pub_update_checker,
+            T.nilable(Dependabot::UpdateCheckers::Base)
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def build_pub_update_checker
+          pub_dependency = build_pub_dependency
+          return nil unless pub_dependency
+
+          Dependabot.logger.info("Delegating to pub UpdateChecker for package: #{pub_dependency.name}")
+
+          Dependabot::UpdateCheckers.for_package_manager("pub").new(
+            dependency: pub_dependency,
+            dependency_files: build_pub_dependency_files,
+            credentials: credentials,
+            ignored_versions: [],
+            security_advisories: [],
+            raise_on_ignored: false
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::Dependency)) }
+        def build_pub_dependency
+          return nil unless package_name
+
+          version = current_version || extract_version_from_requirement
+
+          Dependabot::Dependency.new(
+            name: T.must(package_name),
+            version: version,
+            requirements: [{
+              requirement: version ? "^#{version}" : nil,
+              groups: ["dependencies"],
+              file: "pubspec.yaml",
+              source: nil
+            }],
+            package_manager: "pub"
+          )
+        end
+
+        sig { returns(T.nilable(String)) }
+        def extract_version_from_requirement
+          req_string = requirements.first&.dig(:requirement)
+          return nil unless req_string
+
+          version_part = req_string.to_s.sub(/\A(?:[~^]|[><=]+)\s*/, "")
+          return version_part if Dependabot::Pub::Version.correct?(version_part)
+
+          nil
+        end
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        def build_pub_dependency_files
+          version = current_version || extract_version_from_requirement
+          requirement = version ? "^#{version}" : "any"
+
+          pubspec_content = <<~YAML
+            name: dependabot_pre_commit_check
+            version: 0.0.1
+            environment:
+              sdk: ">=3.0.0 <4.0.0"
+            dependencies:
+              #{T.must(package_name)}: #{requirement}
+          YAML
+
+          [
+            Dependabot::DependencyFile.new(
+              name: "pubspec.yaml",
+              content: pubspec_content
+            )
+          ]
+        end
+
+        sig do
+          params(
+            package_name: T.nilable(String),
+            requirement: T.nilable(String)
+          ).returns(String)
+        end
+        def build_original_string(package_name:, requirement:)
+          base = package_name.to_s
+          base = "#{base}:#{requirement}" if requirement
+          base
+        end
+
+        sig { params(original_requirement: T.nilable(String), new_version: String).returns(String) }
+        def build_updated_requirement(original_requirement, new_version)
+          return new_version unless original_requirement
+
+          operator_match = original_requirement.match(/\A(?<op>[~^]|[><=]+)\s*/)
+          if operator_match
+            "#{operator_match[:op]}#{new_version}"
+          else
+            new_version
+          end
+        end
+      end
+    end
+  end
+end
+
+Dependabot::PreCommit::AdditionalDependencyCheckers.register(
+  "dart",
+  Dependabot::PreCommit::AdditionalDependencyCheckers::Dart
+)

pre_commit/lib/dependabot/pre_commit/file_parser.rb

@@ -12,6 +12,7 @@
 require "dependabot/pre_commit/requirement"
 require "dependabot/cargo/requirement"
 require "dependabot/npm_and_yarn/requirement"
+require "dependabot/pub/requirement"
 require "dependabot/python/requirement_parser"
 require "dependabot/bundler/requirement"
 require "dependabot/go_modules/requirement_parser"
@@ -32,7 +33,8 @@ class FileParser < Dependabot::FileParsers::Base
           "node" => ->(dep_string) { Dependabot::NpmAndYarn::Requirement.parse_dep_string(dep_string) },
           "rust" => ->(dep_string) { Dependabot::Cargo::Requirement.parse_dep_string(dep_string) },
           "golang" => ->(dep_string) { Dependabot::GoModules::RequirementParser.parse(dep_string) },
-          "ruby" => ->(dep_string) { Dependabot::Bundler::Requirement.parse_dep_string(dep_string) }
+          "ruby" => ->(dep_string) { Dependabot::Bundler::Requirement.parse_dep_string(dep_string) },
+          "dart" => ->(dep_string) { Dependabot::Pub::Requirement.parse_dep_string(dep_string) }
         }.freeze,
         T::Hash[String, T.proc.params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.untyped]))]
       )

pre_commit/lib/dependabot/pre_commit/update_checker.rb

@@ -8,6 +8,7 @@
 require "dependabot/pre_commit/requirement"
 require "dependabot/pre_commit/version"
 require "dependabot/pre_commit/additional_dependency_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers/dart"
 require "dependabot/pre_commit/additional_dependency_checkers/node"
 require "dependabot/pre_commit/additional_dependency_checkers/python"
 require "dependabot/pre_commit/additional_dependency_checkers/ruby"