dependabot-docker 0.143.3 → 0.145.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/file_parser.rb +30 -13
- data/lib/dependabot/docker/update_checker.rb +3 -4
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f6b7a48ac114347d82205cca6ea2341e372b6c7b15439da10ee6af9d09446ded
|
|
4
|
+
data.tar.gz: 174a489e1af90eac015c0efe24ccd62c7c5b65fdbc49b57dd76f39c7f16c19cb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a78b56114978d7601e38c2f057ba547355a6eb5c78ef4e62ecaed69b17da4e9e8e3d97c011aa79c35631e1b3b8ed9c930690bbe04ba448ca82f42625ba3725cf
|
|
7
|
+
data.tar.gz: 31e23a52f5ac3afa3c97aaab4b3dc2bd91703cd6047da6814d25f5b7798a982fdf7c11d2fa28ff7261252564666576ba09eb7098c73bcbd7ac668281bcbad15c
|
|
@@ -7,6 +7,7 @@ require "dependabot/file_parsers"
|
|
|
7
7
|
require "dependabot/file_parsers/base"
|
|
8
8
|
require "dependabot/errors"
|
|
9
9
|
require "dependabot/docker/utils/credentials_finder"
|
|
10
|
+
require "dependabot/docker/update_checker"
|
|
10
11
|
|
|
11
12
|
module Dependabot
|
|
12
13
|
module Docker
|
|
@@ -35,7 +36,7 @@ module Dependabot
|
|
|
35
36
|
AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+).amazonaws\.com/.freeze
|
|
36
37
|
|
|
37
38
|
def parse
|
|
38
|
-
|
|
39
|
+
dependencies = {}
|
|
39
40
|
|
|
40
41
|
dockerfiles.each do |dockerfile|
|
|
41
42
|
dockerfile.content.each_line do |line|
|
|
@@ -47,21 +48,29 @@ module Dependabot
|
|
|
47
48
|
version = version_from(parsed_from_line)
|
|
48
49
|
next unless version
|
|
49
50
|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
51
|
+
name = parsed_from_line.fetch("image")
|
|
52
|
+
dep_uniq_key = dep_key(name, version)
|
|
53
|
+
|
|
54
|
+
requirement = {
|
|
55
|
+
requirement: nil,
|
|
56
|
+
groups: [],
|
|
57
|
+
file: dockerfile.name,
|
|
58
|
+
source: source_from(parsed_from_line)
|
|
59
|
+
}
|
|
60
|
+
if (existing = dependencies[dep_uniq_key])
|
|
61
|
+
existing.requirements.push(requirement) unless existing.requirements.any? { |r| r == requirement }
|
|
62
|
+
else
|
|
63
|
+
dependencies[dep_uniq_key] = Dependency.new(
|
|
64
|
+
name: name,
|
|
65
|
+
version: version,
|
|
66
|
+
package_manager: "docker",
|
|
67
|
+
requirements: [requirement]
|
|
68
|
+
)
|
|
69
|
+
end
|
|
61
70
|
end
|
|
62
71
|
end
|
|
63
72
|
|
|
64
|
-
|
|
73
|
+
dependencies.values
|
|
65
74
|
end
|
|
66
75
|
|
|
67
76
|
private
|
|
@@ -154,6 +163,14 @@ module Dependabot
|
|
|
154
163
|
|
|
155
164
|
raise "No Dockerfile!"
|
|
156
165
|
end
|
|
166
|
+
|
|
167
|
+
def dep_key(name, version)
|
|
168
|
+
m = version.match(Dependabot::Docker::UpdateChecker::NAME_WITH_VERSION)
|
|
169
|
+
return name unless m
|
|
170
|
+
|
|
171
|
+
captures = m.named_captures
|
|
172
|
+
[name, captures.fetch("prefix"), captures.fetch("suffix")].compact.join(":")
|
|
173
|
+
end
|
|
157
174
|
end
|
|
158
175
|
end
|
|
159
176
|
end
|
|
@@ -173,9 +173,8 @@ module Dependabot
|
|
|
173
173
|
tags_from_registry.
|
|
174
174
|
select { |tag| tag.match?(NAME_WITH_VERSION) }.
|
|
175
175
|
select { |tag| prefix_of(tag) == original_prefix }.
|
|
176
|
-
select { |tag| suffix_of(tag) == original_suffix }.
|
|
177
|
-
select { |tag| format_of(tag) == original_format }
|
|
178
|
-
reject { |tag| commit_sha_suffix?(tag) }
|
|
176
|
+
select { |tag| suffix_of(tag) == original_suffix || commit_sha_suffix?(tag) }.
|
|
177
|
+
select { |tag| format_of(tag) == original_format }
|
|
179
178
|
end
|
|
180
179
|
|
|
181
180
|
def remove_version_downgrades(candidate_tags, version)
|
|
@@ -190,7 +189,7 @@ module Dependabot
|
|
|
190
189
|
# can't order on those but will try to, so instead we should exclude
|
|
191
190
|
# them (unless there's a `latest` version pushed to the registry, in
|
|
192
191
|
# which case we'll use that to find the latest version)
|
|
193
|
-
return false unless tag.match?(/(^|\-)[0-9a-f]{7,}$/)
|
|
192
|
+
return false unless tag.match?(/(^|\-g?)[0-9a-f]{7,}$/)
|
|
194
193
|
|
|
195
194
|
!tag.match?(/(^|\-)\d+$/)
|
|
196
195
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.145.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-05-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.145.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.145.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|