Merge pull request #13447 from dependabot/brrygrdn/dg-8274-prefer-sha-if-known

[Graphs] Prefer to use a DEPENDABOT_UPDATER_SHA as the detector version, if set

Author: brrygrdn

updater/lib/dependabot/environment.rb

@@ -54,6 +54,11 @@ def self.github_actions?
       @github_actions ||= T.let(b, T.nilable(T::Boolean))
     end
 
+    sig { returns(T.nilable(String)) }
+    def self.updater_sha
+      @updater_sha ||= T.let(environment_variable("DEPENDABOT_UPDATER_SHA", nil), T.nilable(String))
+    end
+
     sig { returns(T::Boolean) }
     def self.deterministic_updates?
       b = T.cast(environment_variable("UPDATER_DETERMINISTIC", false), T::Boolean)

updater/lib/github_api/dependency_submission.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "dependabot/dependency_graphers"
+require "dependabot/environment"
 
 # This class provides a data object that can be submitted to a repository's dependency submission
 # REST API.
@@ -69,7 +70,7 @@ def payload
         },
         detector: {
           name: SNAPSHOT_DETECTOR_NAME,
-          version: Dependabot::VERSION,
+          version: detector_version,
           url: SNAPSHOT_DETECTOR_URL
         },
         manifests: manifests
@@ -99,6 +100,14 @@ def job_correlator
       sanitized_path.empty? ? base : "#{base}-#{sanitized_path}"
     end
 
+    sig { returns(String) }
+    def detector_version
+      [
+        Dependabot::VERSION,
+        Dependabot::Environment.updater_sha
+      ].compact.join("-")
+    end
+
     sig { returns(String) }
     def symbolic_ref
       return branch.gsub(%r{^/}, "") if branch.start_with?(%r{/?ref})

updater/spec/github_api/dependency_submission_spec.rb

@@ -112,6 +112,14 @@
       expect(payload[:job][:id]).to eq("9999")
     end
 
+    it "affixes to use the updater sha if available" do
+      allow(Dependabot::Environment).to receive(:updater_sha).and_return("totally-legit-sha")
+
+      payload = dependency_submission.payload
+
+      expect(payload[:detector][:version]).to eq("#{Dependabot::VERSION}-totally-legit-sha")
+    end
+
     it "generates git attributes correctly" do
       payload = dependency_submission.payload