Fixed issue related to calculate cooldown period by providing semver major version as highest priority. (#12869)

randhircs · web-flow · commit 7da4bdd9dad1 · 2025-08-20T11:28:50.000-04:00
* Fixed issue related to calculate cooldown max date v/s calculate cooldown days by giving priority to major_days if there then minor days if there then patch if any.

* Added feature to not to execute cooldown associated code if user has not added it in D.yml
* Modified specs since method signature changed and added check for cooldown enabled flag with new logic.
diff --git a/swift/lib/dependabot/swift/update_checker/latest_version_resolver.rb b/swift/lib/dependabot/swift/update_checker/latest_version_resolver.rb
@@ -37,36 +37,44 @@ def initialize(dependency:, credentials:, cooldown_options:, git_commit_checker:
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
 
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+
+        sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
+        attr_reader :cooldown_options
+
+        sig { returns(Dependabot::GitCommitChecker) }
+        attr_reader :git_commit_checker
+
         # Return latest version tag for the dependency, it removes tags that are in cooldown period
-        # and returns the latest version tag that is not in cooldown period. If eexception occurs
-        # it will return the latest version tag from the git_commit_checker. as it was before
+        # and returns the latest version tag that is not in cooldown period. If an exception occurs
+        # and returns the latest version tag that is not in cooldown period. If an exception occurs,
+        # it will return the latest version tag from the git_commit_checker, as before.
         sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         def latest_version_tag
           # step one fetch allowed version tags and
+          return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
+
           allowed_version_tags = git_commit_checker.allowed_version_tags
-          begin
-            # sort the allowed version tags by name in descending order
-            select_version_tags_in_cooldown_period&.each do |tag_name|
-              # filter out if name is not in cooldown period
-              allowed_version_tags.reject! do |gitref_filtered|
-                true if gitref_filtered.name == tag_name
-              end
+          select_version_tags_in_cooldown_period&.each do |tag_name|
+            # filter out if name is in cooldown period
+            allowed_version_tags.reject! do |gitref_filtered|
+              gitref_filtered.name == tag_name
             end
-            Dependabot.logger.info("Allowed version tags after filtering versions in cooldown:
-              #{allowed_version_tags.map(&:name).join(', ')}")
-            git_commit_checker.max_local_tag(allowed_version_tags)
-          rescue StandardError => e
-            Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
-            git_commit_checker.local_tag_for_latest_version
           end
+
+          git_commit_checker.max_local_tag(allowed_version_tags)
+        rescue StandardError => e
+          Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
+          git_commit_checker.local_tag_for_latest_version
         end
 
         sig { returns(T.nilable(T::Array[String])) }
         def select_version_tags_in_cooldown_period
           version_tags_in_cooldown_period = T.let([], T::Array[String])
 
           package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
-            if check_if_version_in_cooldown_period?(T.must(git_tag_with_detail.release_date))
+            if check_if_version_in_cooldown_period?(git_tag_with_detail)
               version_tags_in_cooldown_period << git_tag_with_detail.tag
             end
           end
@@ -76,27 +84,59 @@ def select_version_tags_in_cooldown_period
           version_tags_in_cooldown_period
         end
 
-        sig { params(release_date: String).returns(T::Boolean) }
-        def check_if_version_in_cooldown_period?(release_date)
-          return false unless release_date.length.positive?
+        sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
+        def check_if_version_in_cooldown_period?(tag_with_detail)
+          return false unless tag_with_detail.release_date
 
-          cooldown = @cooldown_options
-          return false unless cooldown
+          current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
+          days = cooldown_days_for(current_version, version_class.new(tag_with_detail.tag.delete("v")))
 
-          return false if cooldown.nil?
-
-          # Get maximum cooldown days based on semver parts
-          days = [cooldown.default_days, cooldown.semver_major_days].max
-          days = cooldown.semver_minor_days unless days > cooldown.semver_minor_days
-          days = cooldown.semver_patch_days unless days > cooldown.semver_patch_days
           # Calculate the number of seconds passed since the release
-          passed_seconds = Time.now.to_i - release_date_to_seconds(release_date)
+          passed_seconds = Time.now.to_i - release_date_to_seconds(tag_with_detail.release_date)
           # Check if the release is within the cooldown period
           passed_seconds < days * DAY_IN_SECONDS
         end
 
-        sig { params(release_date: String).returns(Integer) }
+        sig do
+          params(
+            current_version: T.nilable(Dependabot::Version),
+            new_version: Dependabot::Version
+          ).returns(Integer)
+        end
+        def cooldown_days_for(current_version, new_version)
+          return 0 unless cooldown_enabled?
+
+          cooldown = T.must(cooldown_options)
+          return 0 unless cooldown.included?(dependency.name)
+          return cooldown.default_days if current_version.nil?
+
+          current_version_semver = current_version.semver_parts
+          new_version_semver = new_version.semver_parts
+
+          # If semver_parts is nil for either, return default cooldown
+          return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
+
+          # Ensure values are always integers
+          current_major, current_minor, current_patch = current_version_semver
+          new_major, new_minor, new_patch = new_version_semver
+
+          # Determine cooldown based on version difference
+          return cooldown.semver_major_days if new_major > current_major
+          return cooldown.semver_minor_days if new_minor > current_minor
+          return cooldown.semver_patch_days if new_patch > current_patch
+
+          cooldown.default_days
+        end
+
+        sig { returns(T.class_of(Dependabot::Version)) }
+        def version_class
+          dependency.version_class
+        end
+
+        sig { params(release_date: T.nilable(String)).returns(Integer) }
         def release_date_to_seconds(release_date)
+          return 0 unless release_date
+
           Time.parse(release_date).to_i
         rescue ArgumentError => e
           Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
@@ -114,17 +154,16 @@ def package_details_fetcher
           )
         end
 
-        # Since base class is returning false, we need to override it.
         sig { returns(T::Boolean) }
         def cooldown_enabled?
-          true
-        end
-
-        sig { returns(Dependabot::GitCommitChecker) }
-        attr_reader :git_commit_checker
+          return false if cooldown_options.nil?
 
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
+          cooldown = T.must(cooldown_options)
+          cooldown.default_days.to_i.positive? ||
+            cooldown.semver_major_days.to_i.positive? ||
+            cooldown.semver_minor_days.to_i.positive? ||
+            cooldown.semver_patch_days.to_i.positive?
+        end
       end
     end
   end
diff --git a/swift/spec/dependabot/swift/update_checker/latest_version_resolver_spec.rb b/swift/spec/dependabot/swift/update_checker/latest_version_resolver_spec.rb
@@ -101,21 +101,80 @@
   end
 
   describe "#check_if_version_in_cooldown_period?" do
-    it "returns true if the release date is within the cooldown period" do
-      release_date = (Time.now - (10 * 24 * 60 * 60)).iso8601 # 10 days ago
-      expect(resolver.check_if_version_in_cooldown_period?(release_date)).to be true
+    before do
+      allow(Time).to receive(:now).and_return(Time.parse("2025-08-08T17:30:00.000Z"))
+    end
+
+    let(:tag_with_detail) do
+      Dependabot::GitTagWithDetail.new(
+        tag: "1.2.0",
+        release_date: release_date
+      )
     end
 
-    it "returns false if the release date is outside the cooldown period" do
-      release_date = (Time.now - (100 * 24 * 60 * 60)).iso8601 # 100 days ago
-      expect(resolver.check_if_version_in_cooldown_period?(release_date)).to be false
+    context "when tag has no release date" do
+      let(:release_date) { nil }
+
+      it "returns false" do
+        expect(resolver.check_if_version_in_cooldown_period?(tag_with_detail)).to be false
+      end
+    end
+
+    context "when tag has a release date" do
+      let(:release_date) { (Time.now - (10 * 24 * 60 * 60)).iso8601 } # 10 days ago
+
+      before do
+        allow(resolver).to receive(:cooldown_days_for).and_return(30)
+      end
+
+      it "returns false if the release date is outside the cooldown period" do
+        allow(resolver).to receive(:cooldown_days_for).and_return(5)
+        expect(resolver.check_if_version_in_cooldown_period?(tag_with_detail)).to be false
+      end
     end
   end
 
-  describe "#release_date_to_seconds" do
-    it "converts a valid release date string to seconds" do
-      release_date = "2025-05-27T12:34:56Z"
-      expect(resolver.release_date_to_seconds(release_date)).to eq(Time.parse(release_date).to_i)
+  describe "#cooldown_enabled?" do
+    context "when cooldown_options is nil" do
+      let(:cooldown_options) { nil }
+
+      it "returns false" do
+        expect(resolver.cooldown_enabled?).to be false
+      end
+    end
+
+    context "when cooldown_options has positive days" do
+      it "returns true when default_days is positive" do
+        allow(cooldown_options).to receive_messages(
+          default_days: 1,
+          semver_major_days: 0,
+          semver_minor_days: 0,
+          semver_patch_days: 0
+        )
+        expect(resolver.cooldown_enabled?).to be true
+      end
+
+      it "returns true when semver_major_days is positive" do
+        allow(cooldown_options).to receive_messages(
+          default_days: 0,
+          semver_major_days: 1,
+          semver_minor_days: 0,
+          semver_patch_days: 0
+        )
+        expect(resolver.cooldown_enabled?).to be true
+      end
+    end
+
+    context "when all cooldown days are zero" do
+      it "returns false" do
+        allow(cooldown_options).to receive_messages(
+          default_days: 0,
+          semver_major_days: 0,
+          semver_minor_days: 0,
+          semver_patch_days: 0
+        )
+        expect(resolver.cooldown_enabled?).to be false
+      end
     end
   end
 end
