Detect templates

meziantou · Sep 24, 2024 · bf98ad9 · bf98ad9
1 parent 89675af
commit bf98ad9
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 8 deletions.
diff --git a/src/Meziantou.Framework.DependencyScanning/DependencyType.cs b/src/Meziantou.Framework.DependencyScanning/DependencyType.cs
@@ -14,4 +14,5 @@ public enum DependencyType
     GitHubActions,
     AzureDevOpsVMPool,
     AzureDevOpsTask,
+    AzureDevOpsTemplate,
 }
diff --git a/src/Meziantou.Framework.DependencyScanning/Meziantou.Framework.DependencyScanning.csproj b/src/Meziantou.Framework.DependencyScanning/Meziantou.Framework.DependencyScanning.csproj
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFrameworks>$(LatestTargetFrameworks)</TargetFrameworks>
     <IsTrimmable>false</IsTrimmable>
-    <Version>1.0.5</Version>
+    <Version>1.0.6</Version>
     <Description>Find dependencies in source files. Support multiple package managers such as NuGet, npm, Docker, PyPi, and so on</Description>
   </PropertyGroup>
 

diff --git a/src/Meziantou.Framework.DependencyScanning/Scanners/AzureDevOpsScanner.cs b/src/Meziantou.Framework.DependencyScanning/Scanners/AzureDevOpsScanner.cs
@@ -88,6 +88,9 @@ private static void ScanStep(ScanFileContext context, YamlNode node)
     {
         var taskNode = GetProperty(node, "task", StringComparison.Ordinal);
         ReportDependency(context, taskNode, DependencyType.AzureDevOpsTask, '@');
+
+        var templateNode = GetProperty(node, "template", StringComparison.Ordinal);
+        ReportDependency(context, templateNode, DependencyType.AzureDevOpsTemplate, '@');
     }
 
     // https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema/stages?view=azure-pipelines&WT.mc_id=DT-MVP-5003978

diff --git a/tests/Meziantou.Framework.DependencyScanning.Tests/ScannerTests.cs b/tests/Meziantou.Framework.DependencyScanning.Tests/ScannerTests.cs
@@ -573,6 +573,7 @@ public async Task GitHubActions()
             - uses: actions/setup-node@v1
             - uses: docker://test/setup:v3
             - uses: "docker://image/without/version"
+            - uses: "sample-org/project/.github/workflows/test@main"
             - run: npm install -g bats
             - run: bats -v
         container:
@@ -596,17 +597,18 @@ public async Task GitHubActions()
             - uses: dummy2@v3.0.0
             - uses: docker://dummy3:v3.0.0
             - uses: "docker://dummy4"
+            - uses: "dummy5@v3.0.0"
             - run: npm install -g bats
             - run: bats -v
         container:
-            image: dummy5:v3.0.0
+            image: dummy6:v3.0.0
         services:
             nginx:
-                image: dummy6:v3.0.0
-            redis:
                 image: dummy7:v3.0.0
+            redis:
+                image: dummy8:v3.0.0
             service3:
-                image: dummy8
+                image: dummy9
 """;
 
         AddFile(Path, Original);
@@ -616,9 +618,10 @@ public async Task GitHubActions()
             (DependencyType.GitHubActions, "actions/setup-node", "v1", 8, 40),
             (DependencyType.DockerImage, "test/setup", "v3", 9, 41),
             (DependencyType.DockerImage, "image/without/version", null, 0, 0),
-            (DependencyType.DockerImage, "node", "10.16-jessie", 14, 25),
-            (DependencyType.DockerImage, "nginx", "latest", 17, 30),
-            (DependencyType.DockerImage, "redis", "1.0", 19, 30),
+            (DependencyType.GitHubActions, "sample-org/project/.github/workflows/test", "main", 11, 64),
+            (DependencyType.DockerImage, "node", "10.16-jessie", 15, 25),
+            (DependencyType.DockerImage, "nginx", "latest", 18, 30),
+            (DependencyType.DockerImage, "redis", "1.0", 20, 30),
             (DependencyType.DockerImage, "alpine", null, 0, 0));
 
         await UpdateDependencies(result, "dummy", "v3.0.0");
@@ -1001,6 +1004,25 @@ public async Task AzureDevOpsResourcesStagesJobsStepsTask()
                 - task: dummy1@2
             """, ignoreNewLines: true);
     }
+
+    [Fact]
+    public async Task AzureDevOpsTemplateInSteps()
+    {
+        AddFile("sample.yml", """
+            pool:
+                vmImage: 'ubuntu-18.04'
+            steps:
+              - template: file.yml@templates
+            """);
+        var result = await GetDependencies<AzureDevOpsScanner>();
+        await UpdateDependencies(result, "dummy", "2.0.0");
+        AssertFileContentEqual("sample.yml", """
+            pool:
+                vmImage: '2.0.0'
+            steps:
+              - template: dummy1@2.0.0
+            """, ignoreNewLines: true);
+    }
 
     private async Task<Dependency[]> GetDependencies<T>(DependencyScanner[]? scanners = null) where T : DependencyScanner
     {