diff --git a/python/lib/dependabot/python/file_updater/pipfile_preparer.rb b/python/lib/dependabot/python/file_updater/pipfile_preparer.rb index 2b68333f7b0a..c8f793b4b0db 100644 --- a/python/lib/dependabot/python/file_updater/pipfile_preparer.rb +++ b/python/lib/dependabot/python/file_updater/pipfile_preparer.rb @@ -132,9 +132,17 @@ def sub_auth_url(source, credentials) def config_variable_sources(credentials) @config_variable_sources ||= - credentials. - select { |cred| cred["type"] == "python_index" }. - map { |c| { "url" => AuthedUrlBuilder.authed_url(credential: c) } } + credentials.select { |cred| cred["type"] == "python_index" }. + map do |c| + { + "url" => AuthedUrlBuilder.authed_url(credential: c), + # TODO: There may be multiple sources, so they have to be unique. + # However, this will also show up in the Pipfile.lock, so if that gets included in the PR + # then it'll need to be deterministic to prevent changing on every PR. + # Regardless, need to update `pipfile_preparer_spec` tests to ensure this "name" key is present + "name" => "dependabot-inserted-index-#{SecureRandom.alphanumeric(5)}" + } + end end end end diff --git a/python/spec/dependabot/python/file_updater/pipfile_preparer_spec.rb b/python/spec/dependabot/python/file_updater/pipfile_preparer_spec.rb index b8cd68fff964..c6b93b8b79ed 100644 --- a/python/spec/dependabot/python/file_updater/pipfile_preparer_spec.rb +++ b/python/spec/dependabot/python/file_updater/pipfile_preparer_spec.rb @@ -178,7 +178,7 @@ it "keeps source config" do expect(updated_content).to include( "[[source]]\n" \ - "name = \"pypi\"\n" \ + "name = \"internal-pypi\"\n" \ "url = \"https://username:password@pypi.posrip.com/pypi/\"\n" \ "verify_ssl = true\n" ) diff --git a/python/spec/fixtures/pipfile_files/arbitrary_equality b/python/spec/fixtures/pipfile_files/arbitrary_equality index 76f9360fcc31..684fe70d565c 100644 --- a/python/spec/fixtures/pipfile_files/arbitrary_equality +++ b/python/spec/fixtures/pipfile_files/arbitrary_equality @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/conflict_at_current b/python/spec/fixtures/pipfile_files/conflict_at_current index e97cb128a096..8a19ad691695 100644 --- a/python/spec/fixtures/pipfile_files/conflict_at_current +++ b/python/spec/fixtures/pipfile_files/conflict_at_current @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/conflict_at_latest b/python/spec/fixtures/pipfile_files/conflict_at_latest index 7cced80f3684..be6abd85be33 100644 --- a/python/spec/fixtures/pipfile_files/conflict_at_latest +++ b/python/spec/fixtures/pipfile_files/conflict_at_latest @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/environment_variable_source b/python/spec/fixtures/pipfile_files/environment_variable_source index 71101787074f..44b76979eab3 100644 --- a/python/spec/fixtures/pipfile_files/environment_variable_source +++ b/python/spec/fixtures/pipfile_files/environment_variable_source @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/${ENV_VAR}" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/exact_version b/python/spec/fixtures/pipfile_files/exact_version index 6bef68998e70..aaa0096585fc 100644 --- a/python/spec/fixtures/pipfile_files/exact_version +++ b/python/spec/fixtures/pipfile_files/exact_version @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/extra_subdependency b/python/spec/fixtures/pipfile_files/extra_subdependency index d3b28dead398..58ee60c26828 100644 --- a/python/spec/fixtures/pipfile_files/extra_subdependency +++ b/python/spec/fixtures/pipfile_files/extra_subdependency @@ -1,7 +1,7 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true -name = "pypi" [packages] flask = "==1.0.*" diff --git a/python/spec/fixtures/pipfile_files/git_source b/python/spec/fixtures/pipfile_files/git_source index a2edea4a305f..827aaedbbcb3 100644 --- a/python/spec/fixtures/pipfile_files/git_source +++ b/python/spec/fixtures/pipfile_files/git_source @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/git_source_bad_ref b/python/spec/fixtures/pipfile_files/git_source_bad_ref index 8310b7aee0bd..b3ca7d300235 100644 --- a/python/spec/fixtures/pipfile_files/git_source_bad_ref +++ b/python/spec/fixtures/pipfile_files/git_source_bad_ref @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/git_source_no_ref b/python/spec/fixtures/pipfile_files/git_source_no_ref index d3abd5a12036..24966cbc35d0 100644 --- a/python/spec/fixtures/pipfile_files/git_source_no_ref +++ b/python/spec/fixtures/pipfile_files/git_source_no_ref @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/git_source_unreachable b/python/spec/fixtures/pipfile_files/git_source_unreachable index 20b0c74db8fc..4df40330391a 100644 --- a/python/spec/fixtures/pipfile_files/git_source_unreachable +++ b/python/spec/fixtures/pipfile_files/git_source_unreachable @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/hard_names b/python/spec/fixtures/pipfile_files/hard_names index 936a548a32b0..840fb65bd6a3 100644 --- a/python/spec/fixtures/pipfile_files/hard_names +++ b/python/spec/fixtures/pipfile_files/hard_names @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/not_in_lockfile b/python/spec/fixtures/pipfile_files/not_in_lockfile index ed900ef1a2a0..b67e707ff83a 100644 --- a/python/spec/fixtures/pipfile_files/not_in_lockfile +++ b/python/spec/fixtures/pipfile_files/not_in_lockfile @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/only_dev b/python/spec/fixtures/pipfile_files/only_dev index 3637b1a9c37c..651b5b24d970 100644 --- a/python/spec/fixtures/pipfile_files/only_dev +++ b/python/spec/fixtures/pipfile_files/only_dev @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/path_dependency b/python/spec/fixtures/pipfile_files/path_dependency index 4f654b7ffd49..7ffa1519c752 100644 --- a/python/spec/fixtures/pipfile_files/path_dependency +++ b/python/spec/fixtures/pipfile_files/path_dependency @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/path_dependency_not_self b/python/spec/fixtures/pipfile_files/path_dependency_not_self index 35d5aeb6c0f5..93840f836bc2 100644 --- a/python/spec/fixtures/pipfile_files/path_dependency_not_self +++ b/python/spec/fixtures/pipfile_files/path_dependency_not_self @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/private_source b/python/spec/fixtures/pipfile_files/private_source index 36ab600974d9..bd95a2d8ff39 100644 --- a/python/spec/fixtures/pipfile_files/private_source +++ b/python/spec/fixtures/pipfile_files/private_source @@ -1,4 +1,5 @@ [[source]] +name = "internal-pypi" url = "https://some.internal.registry.com/pypi/" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/private_source_auth b/python/spec/fixtures/pipfile_files/private_source_auth index 07c396383431..ae36a45e3013 100644 --- a/python/spec/fixtures/pipfile_files/private_source_auth +++ b/python/spec/fixtures/pipfile_files/private_source_auth @@ -1,7 +1,7 @@ [[source]] +name = "internal-pypi" url = "https://${ENV_USER}:${ENV_PASSWORD}@pypi.posrip.com/pypi/" verify_ssl = true -name = "pypi" [dev-packages] pytest = "==3.4.0" diff --git a/python/spec/fixtures/pipfile_files/prod_and_dev b/python/spec/fixtures/pipfile_files/prod_and_dev index 83c1f46916dd..651703d5086b 100644 --- a/python/spec/fixtures/pipfile_files/prod_and_dev +++ b/python/spec/fixtures/pipfile_files/prod_and_dev @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/prod_and_dev_different b/python/spec/fixtures/pipfile_files/prod_and_dev_different index 34eb4afc28de..893ef34fa65b 100644 --- a/python/spec/fixtures/pipfile_files/prod_and_dev_different +++ b/python/spec/fixtures/pipfile_files/prod_and_dev_different @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/required_python b/python/spec/fixtures/pipfile_files/required_python index 10c96ff92634..80fdf3f1ebe8 100644 --- a/python/spec/fixtures/pipfile_files/required_python +++ b/python/spec/fixtures/pipfile_files/required_python @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/required_python_implicit b/python/spec/fixtures/pipfile_files/required_python_implicit index 3626f5d6cce7..e02788e7517c 100644 --- a/python/spec/fixtures/pipfile_files/required_python_implicit +++ b/python/spec/fixtures/pipfile_files/required_python_implicit @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/required_python_invalid b/python/spec/fixtures/pipfile_files/required_python_invalid index 6158e841667a..44c43aba04f3 100644 --- a/python/spec/fixtures/pipfile_files/required_python_invalid +++ b/python/spec/fixtures/pipfile_files/required_python_invalid @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/required_python_unsupported b/python/spec/fixtures/pipfile_files/required_python_unsupported index 481f7a99f15d..f957d73a4482 100644 --- a/python/spec/fixtures/pipfile_files/required_python_unsupported +++ b/python/spec/fixtures/pipfile_files/required_python_unsupported @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/unparseable b/python/spec/fixtures/pipfile_files/unparseable index 67ba5f6e7b4e..cd5b790b1ad9 100644 --- a/python/spec/fixtures/pipfile_files/unparseable +++ b/python/spec/fixtures/pipfile_files/unparseable @@ -1,8 +1,7 @@ [[source]] - +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true -name = "pypi" [dev-packages] diff --git a/python/spec/fixtures/pipfile_files/unsupported_dep b/python/spec/fixtures/pipfile_files/unsupported_dep index d28e51afc381..d09870896b02 100644 --- a/python/spec/fixtures/pipfile_files/unsupported_dep +++ b/python/spec/fixtures/pipfile_files/unsupported_dep @@ -1,7 +1,7 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true -name = "pypi" [packages] requests = "==2.18.0" diff --git a/python/spec/fixtures/pipfile_files/version_hash b/python/spec/fixtures/pipfile_files/version_hash index 3dfd68752f73..6514e4a2e9f7 100644 --- a/python/spec/fixtures/pipfile_files/version_hash +++ b/python/spec/fixtures/pipfile_files/version_hash @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/version_not_specified b/python/spec/fixtures/pipfile_files/version_not_specified index 4488c4244258..6cb20258d45c 100644 --- a/python/spec/fixtures/pipfile_files/version_not_specified +++ b/python/spec/fixtures/pipfile_files/version_not_specified @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/version_not_specified.lock b/python/spec/fixtures/pipfile_files/version_not_specified.lock index b82814317e2f..f1ce3bc07b60 100644 --- a/python/spec/fixtures/pipfile_files/version_not_specified.lock +++ b/python/spec/fixtures/pipfile_files/version_not_specified.lock @@ -1,12 +1,13 @@ { "_meta": { "hash": { - "sha256": "c402ea48092e9d467af51a483bb8dd8ad0620e11c94f009dcd433f97a99d45db" + "sha256": "e76ae491d793d659f05c7f7eab261fd6167dc062efcba08f17be68e73eb87665" }, "pipfile-spec": 6, "requires": {}, "sources": [ { + "name": "this-key-probably-will-show-up-if-regenerating-lockfiles", "url": "https://pypi.org/simple", "verify_ssl": true } diff --git a/python/spec/fixtures/pipfile_files/version_table b/python/spec/fixtures/pipfile_files/version_table index ea9df9dd61c3..f72cea8958cf 100644 --- a/python/spec/fixtures/pipfile_files/version_table +++ b/python/spec/fixtures/pipfile_files/version_table @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/wildcard b/python/spec/fixtures/pipfile_files/wildcard index 6dd6d650864e..2cde9a7cdfe7 100644 --- a/python/spec/fixtures/pipfile_files/wildcard +++ b/python/spec/fixtures/pipfile_files/wildcard @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/with_quotes b/python/spec/fixtures/pipfile_files/with_quotes index ffce80a7e84e..89ea1a022404 100644 --- a/python/spec/fixtures/pipfile_files/with_quotes +++ b/python/spec/fixtures/pipfile_files/with_quotes @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true diff --git a/python/spec/fixtures/pipfile_files/yanked b/python/spec/fixtures/pipfile_files/yanked index c8c41005edff..fcd8009680ad 100644 --- a/python/spec/fixtures/pipfile_files/yanked +++ b/python/spec/fixtures/pipfile_files/yanked @@ -1,4 +1,5 @@ [[source]] +name = "pypi" url = "https://pypi.org/simple" verify_ssl = true