Merge pull request #12713 from dependabot/randhircs/helm-cooldown-feature-add2

randhircs · web-flow · commit 135f04914081 · 2025-07-25T17:17:33.000-04:00
Enabled check to add feature flag, added specific exception and remov…
diff --git a/helm/lib/dependabot/helm/package/package_details_fetcher.rb b/helm/lib/dependabot/helm/package/package_details_fetcher.rb
@@ -47,11 +47,11 @@ def fetch_tag_and_release_date_from_chart(repo_name)
             response = Excon.get(url, headers: { "Accept" => "application/vnd.github.v3+json" })
           rescue Excon::Error => e
             Dependabot.logger.error("Failed to fetch releases from #{url}: #{e.message} ")
-            []
+            return []
           end
 
-          Dependabot.logger.error("Failed call details: #{response&.body}") unless response&.status == 200
-          return [] if response.nil? || response.status != 200
+          Dependabot.logger.error("Failed call details: #{response.body}") unless response.status == 200
+          return [] if response.status != 200
 
           parse_github_response(response)
         end
@@ -66,7 +66,6 @@ def parse_github_response(response)
             )
           end
           result_lines.sort_by(&:tag).reverse
-          result_lines
           rescue JSON::ParserError => e
             Dependabot.logger.error("Failed to parse JSON response: #{e.message} response body #{response.body}")
             []
@@ -85,24 +84,24 @@ def fetch_tag_and_release_date_helm_chart_index(index_url, chart_name)
             )
           rescue Excon::Error => e
             Dependabot.logger.error("Error fetching Helm index from #{index_url}: #{e.message}")
-            result_lines
+            return result_lines
           end
-          Dependabot.logger.info("Received response from #{index_url} with status #{response&.status}")
+          Dependabot.logger.info("Received response from #{index_url} with status #{response.status}")
           begin
-            parsed_result = YAML.safe_load(response&.body)
-            return result_lines unless parsed_result && parsed_result["entries"] && parsed_result["entries"][chart_name]
-
-            parsed_result["entries"][chart_name].map do |release|
-              result_lines << GitTagWithDetail.new(
-                tag: release["version"], # Extract the version field
-                release_date: release["created"] # Extract the created field
-              )
-            end
-            result_lines
-          rescue StandardError => e
+            parsed_result = YAML.safe_load(response.body)
+          rescue Psych::SyntaxError => e
             Dependabot.logger.error("Error parsing Helm index: #{e.message}")
-            result_lines
+            return result_lines
           end
+          return result_lines unless parsed_result && parsed_result["entries"] && parsed_result["entries"][chart_name]
+
+          parsed_result["entries"][chart_name].map do |release|
+            result_lines << GitTagWithDetail.new(
+              tag: release["version"], # Extract the version field
+              release_date: release["created"] # Extract the created field
+            )
+          end
+          result_lines
         end
       end
     end
diff --git a/helm/lib/dependabot/helm/update_checker.rb b/helm/lib/dependabot/helm/update_checker.rb
@@ -69,7 +69,7 @@ def fetch_releases_with_helm_cli(chart_name, repo_name, repo_url)
         valid_releases = filter_valid_releases(releases)
         return nil if valid_releases.empty?
 
-        if should_skip_cooldown?
+        if cooldown_enabled?
           valid_releases =  latest_version_resolver
                             .fetch_tag_and_release_date_helm_chart(valid_releases, repo_name, chart_name)
         end
@@ -93,7 +93,7 @@ def fetch_releases_from_index(chart_name, repo_url)
         Dependabot.logger.info("Found #{all_versions.length} versions for #{chart_name} in index.yaml")
 
         valid_versions = filter_valid_versions(all_versions)
-        if should_skip_cooldown?
+        if cooldown_enabled?
           # Filter out versions that are in cooldown period
           valid_versions = latest_version_resolver.fetch_tag_and_release_date_helm_chart_index(
             index_url,
@@ -239,7 +239,7 @@ def fetch_latest_oci_tag(chart_name, repo_url)
         return nil unless tags && !tags.empty?
 
         valid_tags = filter_valid_versions(tags)
-        if should_skip_cooldown?
+        if cooldown_enabled?
           # Filter out versions that are in cooldown period
           repo_url = repo_url.gsub("oci://", "")
           repo_url = repo_url + "/" + chart_name
@@ -318,14 +318,26 @@ def fetch_latest_image_version
 
         Dependabot.logger.info("Delegating to Docker UpdateChecker for image: #{docker_dependency.name}")
 
-        docker_checker = Dependabot::UpdateCheckers.for_package_manager("docker").new(
-          dependency: docker_dependency,
-          dependency_files: dependency_files,
-          credentials: credentials,
-          ignored_versions: ignored_versions,
-          security_advisories: security_advisories,
-          raise_on_ignored: raise_on_ignored
-        )
+        docker_checker = if cooldown_enabled?
+                           Dependabot::UpdateCheckers.for_package_manager("docker").new(
+                             dependency: docker_dependency,
+                             dependency_files: dependency_files,
+                             credentials: credentials,
+                             ignored_versions: ignored_versions,
+                             security_advisories: security_advisories,
+                             raise_on_ignored: raise_on_ignored,
+                             update_cooldown: update_cooldown
+                           )
+                         else
+                           Dependabot::UpdateCheckers.for_package_manager("docker").new(
+                             dependency: docker_dependency,
+                             dependency_files: dependency_files,
+                             credentials: credentials,
+                             ignored_versions: ignored_versions,
+                             security_advisories: security_advisories,
+                             raise_on_ignored: raise_on_ignored
+                           )
+                         end
 
         latest_version = docker_checker.latest_version
 
@@ -349,15 +361,17 @@ def fetch_tags_with_release_date_using_oci(tags, repo_url)
 
           temp_tag = tag.tr("+", "_")
           response = Helpers.fetch_tags_with_release_date_using_oci(repo_url, temp_tag)
-          next if response.strip.empty?
 
-          parsed_response = JSON.parse(response)
+          begin
+            parsed_response = JSON.parse(response)
+          rescue JSON::ParserError => e
+            Dependabot.logger.error("Failed to parse JSON response for tag #{tag}: #{e.message}")
+            next
+          end
           git_tag_with_release_date << GitTagWithDetail.new(
             tag: tag,
             release_date: parsed_response.dig("annotations", "org.opencontainers.image.created")
           )
-        rescue JSON::ParserError => e
-          Dependabot.logger.error("Failed to parse JSON response for tag #{tag}: #{e.message}")
         rescue StandardError => e
           Dependabot.logger.error("Error in fetching details for tag #{tag}: #{e.message}")
         end
@@ -396,14 +410,9 @@ def build_docker_dependency
         )
       end
 
-      sig { returns(T::Boolean) }
-      def should_skip_cooldown?
-        @update_cooldown.nil? || !cooldown_enabled? || !@update_cooldown.included?(dependency.name)
-      end
-
       sig { returns(T::Boolean) }
       def cooldown_enabled?
-        true
+        Dependabot::Experiments.enabled?(:enable_cooldown_for_helm)
       end
 
       sig { returns(LatestVersionResolver) }
diff --git a/helm/lib/dependabot/helm/update_checker/latest_version_resolver.rb b/helm/lib/dependabot/helm/update_checker/latest_version_resolver.rb
@@ -135,14 +135,10 @@ def check_if_version_in_cooldown_period?(release_date)
 
         return false if cooldown.nil?
 
-        # Get maximum cooldown days based on semver parts
-        days = [cooldown.default_days, cooldown.semver_major_days].max
-        days = cooldown.semver_minor_days unless days > cooldown.semver_minor_days
-        days = cooldown.semver_patch_days unless days > cooldown.semver_patch_days
         # Calculate the number of seconds passed since the release
         passed_seconds = Time.now.to_i - release_date_to_seconds(release_date)
         # Check if the release is within the cooldown period
-        passed_seconds < days * DAY_IN_SECONDS
+        passed_seconds < cooldown.default_days * DAY_IN_SECONDS
       end
 
       sig { params(release_date: String).returns(Integer) }
diff --git a/helm/spec/dependabot/helm/update_checker/latest_version_resolver_spec.rb b/helm/spec/dependabot/helm/update_checker/latest_version_resolver_spec.rb
@@ -166,7 +166,7 @@
 
     it "returns tags within the cooldown period" do
       result = resolver.select_tags_which_in_cooldown_from_chart(repo_name)
-      expect(result).to eq(["v1.0.0", "v1.1.0"])
+      expect(result).to eq(["v1.0.0"])
     end
 
     it "logs an error if an exception occurs" do
