From 90cd182b5a23693094e4e1c36c312d142d796be1 Mon Sep 17 00:00:00 2001 From: Ben Selwyn-Smith Date: Thu, 19 Dec 2024 11:57:31 +1000 Subject: [PATCH] fix: update already present repositories Signed-off-by: Ben Selwyn-Smith --- src/macaron/slsa_analyzer/git_url.py | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/macaron/slsa_analyzer/git_url.py b/src/macaron/slsa_analyzer/git_url.py index a516186ac..122638cb1 100644 --- a/src/macaron/slsa_analyzer/git_url.py +++ b/src/macaron/slsa_analyzer/git_url.py @@ -337,11 +337,27 @@ def clone_remote_repo(clone_dir: str, url: str) -> Repo | None: os.rmdir(clone_dir) logger.debug("The clone dir %s is empty. It has been deleted for cloning the repo.", clone_dir) except OSError: - logger.debug( - "The clone dir %s is not empty. Cloning will not be proceeded.", - clone_dir, - ) - return None + # If the repository has already been cloned, we attempt to update using `git pull`. + try: + git_env_patch = { + # Setting the GIT_TERMINAL_PROMPT environment variable to ``0`` stops + # ``git clone`` from prompting for login credentials. + "GIT_TERMINAL_PROMPT": "0", + } + subprocess.run( # nosec B603 + args=["git", "pull"], + capture_output=True, + cwd=clone_dir, + # If `check=True` and return status code is not zero, subprocess.CalledProcessError is + # raised, which we don't want. We want to check the return status code of the subprocess + # later on. + check=False, + env=get_patched_env(git_env_patch), + ) + return Repo(path=clone_dir) + except (subprocess.CalledProcessError, OSError): + logger.debug("The clone dir %s is not empty. An attempt to update it failed.") + return None # Ensure that the parent directory where the repo is cloned into exists. parent_dir = Path(clone_dir).parent