From 3e1db6b411edca1ee3315ff8b17315095c5a6375 Mon Sep 17 00:00:00 2001
From: Yoann Lecuyer <yoann.lecuyer@gmail.com>
Date: Tue, 5 Mar 2024 23:18:45 +0100
Subject: [PATCH 1/6] Better: Use random name for git config global to allow
 concurrency.

---
 common/lib/dependabot/shared_helpers.rb | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb
index f7d3bc0ec32..6fd6167f130 100644
--- a/common/lib/dependabot/shared_helpers.rb
+++ b/common/lib/dependabot/shared_helpers.rb
@@ -9,6 +9,7 @@
 require "open3"
 require "sorbet-runtime"
 require "tmpdir"
+require "securerandom"
 
 require "dependabot/credential"
 require "dependabot/simple_instrumentor"
@@ -22,7 +23,6 @@ module Dependabot
   module SharedHelpers # rubocop:disable Metrics/ModuleLength
     extend T::Sig
 
-    GIT_CONFIG_GLOBAL_PATH = T.let(File.expand_path(".gitconfig", Utils::BUMP_TMP_DIR_PATH), String)
     USER_AGENT = T.let(
       "dependabot-core/#{Dependabot::VERSION} " \
       "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
@@ -290,12 +290,13 @@ def self.with_git_configured(credentials:, &_block)
       FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
 
       previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
+      git_config_global_path = File.expand_path("#{SecureRandom.hex(16)}.gitconfig", Utils::BUMP_TMP_DIR_PATH)
       previous_terminal_prompt = ENV.fetch("GIT_TERMINAL_PROMPT", nil)
 
       begin
-        ENV["GIT_CONFIG_GLOBAL"] = GIT_CONFIG_GLOBAL_PATH
+        ENV["GIT_CONFIG_GLOBAL"] = git_config_global_path
         ENV["GIT_TERMINAL_PROMPT"] = "false"
-        configure_git_to_use_https_with_credentials(credentials, safe_directories)
+        configure_git_to_use_https_with_credentials(credentials, safe_directories, git_config_global_path)
         yield
       ensure
         ENV["GIT_CONFIG_GLOBAL"] = previous_config
@@ -304,7 +305,7 @@ def self.with_git_configured(credentials:, &_block)
     rescue Errno::ENOSPC => e
       raise Dependabot::OutOfDisk, e.message
     ensure
-      FileUtils.rm_f(GIT_CONFIG_GLOBAL_PATH)
+      FileUtils.rm_f(git_config_global_path)
     end
 
     # Handle SCP-style git URIs
@@ -321,9 +322,9 @@ def self.credential_helper_path
     end
 
     # rubocop:disable Metrics/PerceivedComplexity
-    sig { params(credentials: T::Array[Dependabot::Credential], safe_directories: T::Array[String]).void }
-    def self.configure_git_to_use_https_with_credentials(credentials, safe_directories)
-      File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
+    sig { params(credentials: T::Array[Dependabot::Credential], safe_directories: T::Array[String], git_config_global_path: String).void }
+    def self.configure_git_to_use_https_with_credentials(credentials, safe_directories, git_config_global_path)
+      File.open(git_config_global_path, "w") do |file|
         file << "# Generated by dependabot/dependabot-core"
       end
 

From cccc2ef2c8cb6fa2a9ab017c7a632ce46a3e8e39 Mon Sep 17 00:00:00 2001
From: Yoann Lecuyer <yoann.lecuyer@gmail.com>
Date: Tue, 5 Mar 2024 23:26:41 +0100
Subject: [PATCH 2/6] sorbet lint

---
 common/lib/dependabot/shared_helpers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb
index 6fd6167f130..54bfc5eeb97 100644
--- a/common/lib/dependabot/shared_helpers.rb
+++ b/common/lib/dependabot/shared_helpers.rb
@@ -305,7 +305,7 @@ def self.with_git_configured(credentials:, &_block)
     rescue Errno::ENOSPC => e
       raise Dependabot::OutOfDisk, e.message
     ensure
-      FileUtils.rm_f(git_config_global_path)
+      FileUtils.rm_f(T.must(git_config_global_path))
     end
 
     # Handle SCP-style git URIs

From 69afb71416855cccbd1bfbcdabaeb440d1c6e7ab Mon Sep 17 00:00:00 2001
From: Yoann Lecuyer <yoann.lecuyer@gmail.com>
Date: Tue, 5 Mar 2024 23:31:02 +0100
Subject: [PATCH 3/6] rubocop lint

---
 common/lib/dependabot/shared_helpers.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb
index 54bfc5eeb97..133dd52cdf1 100644
--- a/common/lib/dependabot/shared_helpers.rb
+++ b/common/lib/dependabot/shared_helpers.rb
@@ -322,7 +322,10 @@ def self.credential_helper_path
     end
 
     # rubocop:disable Metrics/PerceivedComplexity
-    sig { params(credentials: T::Array[Dependabot::Credential], safe_directories: T::Array[String], git_config_global_path: String).void }
+    sig do
+      params(credentials: T::Array[Dependabot::Credential], safe_directories: T::Array[String],
+             git_config_global_path: String).void
+    end
     def self.configure_git_to_use_https_with_credentials(credentials, safe_directories, git_config_global_path)
       File.open(git_config_global_path, "w") do |file|
         file << "# Generated by dependabot/dependabot-core"

From 74eac7199e48c82889c0a5c88cecc384b1f98de8 Mon Sep 17 00:00:00 2001
From: Yoann Lecuyer <yoann.lecuyer@gmail.com>
Date: Tue, 5 Mar 2024 23:39:05 +0100
Subject: [PATCH 4/6] fix specs

---
 common/spec/dependabot/shared_helpers_spec.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/common/spec/dependabot/shared_helpers_spec.rb b/common/spec/dependabot/shared_helpers_spec.rb
index 132b8db88db..fec6cf47a0a 100644
--- a/common/spec/dependabot/shared_helpers_spec.rb
+++ b/common/spec/dependabot/shared_helpers_spec.rb
@@ -607,6 +607,13 @@ def with_git_configured(&block)
       Dependabot::SharedHelpers.with_git_configured(credentials: credentials, &block)
     end
 
+    before do
+      allow(SecureRandom).to receive(:hex).and_return("XXXXXXXXXXXXXXXX")
+    end
+    let(:git_config_path) { File.expand_path("XXXXXXXXXXXXXXXX.gitconfig", tmp) }
+    let(:configured_git_config) { with_git_configured { `cat #{git_config_path}` } }
+    let(:configured_git_credentials) { with_git_configured { `cat #{Dir.pwd}/git.store` } }
+
     context "when the global .gitconfig has a safe directory" do
       before do
         Open3.capture2("git config --global --add safe.directory /home/dependabot/dependabot-core/repo")
@@ -749,10 +756,10 @@ def with_git_configured(&block)
     context "when the host has run out of disk space" do
       before do
         allow(File).to receive(:open)
-          .with(described_class::GIT_CONFIG_GLOBAL_PATH, anything)
+          .with(git_config_path, anything)
           .and_raise(Errno::ENOSPC)
         allow(FileUtils).to receive(:rm_f)
-          .with(described_class::GIT_CONFIG_GLOBAL_PATH)
+          .with(git_config_path)
       end
 
       specify { expect { configured_git_config }.to raise_error(Dependabot::OutOfDisk) }

From 71f9f021f8c09db18c1abc196834d142445eee6e Mon Sep 17 00:00:00 2001
From: Yoann Lecuyer <yoann.lecuyer@gmail.com>
Date: Thu, 21 Mar 2024 23:01:56 +0100
Subject: [PATCH 5/6] add comment

---
 common/lib/dependabot/shared_helpers.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb
index 133dd52cdf1..cabc07be5dd 100644
--- a/common/lib/dependabot/shared_helpers.rb
+++ b/common/lib/dependabot/shared_helpers.rb
@@ -290,6 +290,8 @@ def self.with_git_configured(credentials:, &_block)
       FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
 
       previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
+      # adding a random suffix to avoid conflicts when running in parallel
+      # some package managers like bundler will modify the global git config
       git_config_global_path = File.expand_path("#{SecureRandom.hex(16)}.gitconfig", Utils::BUMP_TMP_DIR_PATH)
       previous_terminal_prompt = ENV.fetch("GIT_TERMINAL_PROMPT", nil)
 

From dc28861a2ff4fb7f0571efd20db00856f2bd9a27 Mon Sep 17 00:00:00 2001
From: sachin-sandhu <sachin-sandhu@github.com>
Date: Wed, 5 Mar 2025 21:49:52 -0500
Subject: [PATCH 6/6] fixes lint issues

---
 common/spec/dependabot/shared_helpers_spec.rb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/common/spec/dependabot/shared_helpers_spec.rb b/common/spec/dependabot/shared_helpers_spec.rb
index fec6cf47a0a..c8ea8a49d4e 100644
--- a/common/spec/dependabot/shared_helpers_spec.rb
+++ b/common/spec/dependabot/shared_helpers_spec.rb
@@ -599,7 +599,7 @@ def alternatives(host)
     end
 
     let(:credentials) { [] }
-    let(:git_config_path) { File.expand_path(".gitconfig", tmp) }
+    let(:git_config_path) { File.expand_path("XXXXXXXXXXXXXXXX.gitconfig", tmp) }
     let(:configured_git_config) { with_git_configured { `cat #{git_config_path}` } }
     let(:configured_git_credentials) { with_git_configured { `cat #{Dir.pwd}/git.store` } }
 
@@ -610,9 +610,6 @@ def with_git_configured(&block)
     before do
       allow(SecureRandom).to receive(:hex).and_return("XXXXXXXXXXXXXXXX")
     end
-    let(:git_config_path) { File.expand_path("XXXXXXXXXXXXXXXX.gitconfig", tmp) }
-    let(:configured_git_config) { with_git_configured { `cat #{git_config_path}` } }
-    let(:configured_git_credentials) { with_git_configured { `cat #{Dir.pwd}/git.store` } }
 
     context "when the global .gitconfig has a safe directory" do
       before do