dependabot-docker 0.211.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c194c165762186cd5b9ca1048491778c1a49b1ea11d19a23c44e7eb501e6231
4
- data.tar.gz: '09532e3bed9e17abe29e4c1667d1918025f081973af0eef0178477f3cd7a6919'
3
+ metadata.gz: ebc54cfc835861f5ff7c37dabe72928e92786cda8925b7744029121b17fdc097
4
+ data.tar.gz: 4e99d4753649e65f7d34295f596c9de8e1060487e066c8c3cc6a2054e9e6c30a
5
5
  SHA512:
6
- metadata.gz: e7108f82ff87b6962c1f1ec837da3078cac2c0ee1d3dddcaf0956256c5ceaf26846be9e0e7674346cdcaf19f681fa0bfd04f15d26a803b2a58c54a826f4694f0
7
- data.tar.gz: 639d3a059228017338711f8292a7d2a8154b9cf9b857d2177a12ceaf0fd00f57045d3a870652b8e638fbd8e73dd2436cb6c6e5cb77a0ecdbda99c761707785a7
6
+ metadata.gz: 2312611afec9a4b58b82b0327a95f9257ae1cfacabc7f294c9eba48e52cf5d268dcf9004260a8fcb5aa9b6d9f647c2df5199b8bc9ad6e4131a4ad7ec85fa693e
7
+ data.tar.gz: 74760bd8b337feb6a2b7ca3a083079c2f6c187bdd2495c9467bc7a5b5f96bb825ac8cfda8defce871295d6e10ec4e8dbed01a6776816f83cc87eabc75517537d
@@ -1,13 +1,15 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/experiments"
3
4
  require "dependabot/file_fetchers"
4
5
  require "dependabot/file_fetchers/base"
5
6
 
6
7
  module Dependabot
7
8
  module Docker
8
9
  class FileFetcher < Dependabot::FileFetchers::Base
9
- YAML_REGEXP = /^[^\.]+\.ya?ml$/i.freeze
10
- DOCKER_REGEXP = /dockerfile/i.freeze
10
+ YAML_REGEXP = /^[^\.]+\.ya?ml$/i
11
+ DOCKER_REGEXP = /dockerfile/i
12
+ HELM_REGEXP = /values[\-a-zA-Z_0-9]*\.yaml/i
11
13
 
12
14
  def self.required_files_in?(filenames)
13
15
  filenames.any? { |f| f.match?(DOCKER_REGEXP) } or
@@ -21,7 +23,7 @@ module Dependabot
21
23
  private
22
24
 
23
25
  def kubernetes_enabled?
24
- options.key?(:kubernetes_updates) && options[:kubernetes_updates]
26
+ Experiments.enabled?(:kubernetes_updates)
25
27
  end
26
28
 
27
29
  def fetch_files
@@ -84,10 +86,14 @@ module Dependabot
84
86
  def correctly_encoded_yamlfiles
85
87
  candidate_files = yamlfiles.select { |f| f.content.valid_encoding? }
86
88
  candidate_files.select do |f|
87
- # This doesn't handle multi-resource files, but it shouldn't matter, since the first resource
88
- # in a multi-resource file had better be a valid k8s resource
89
- content = ::YAML.safe_load(f.content, aliases: true)
90
- likely_kubernetes_resource?(content)
89
+ if f.type == "file" && f.name.match?(HELM_REGEXP)
90
+ true
91
+ else
92
+ # This doesn't handle multi-resource files, but it shouldn't matter, since the first resource
93
+ # in a multi-resource file had better be a valid k8s resource
94
+ content = ::YAML.safe_load(f.content, aliases: true)
95
+ likely_kubernetes_resource?(content)
96
+ end
91
97
  rescue ::Psych::Exception
92
98
  false
93
99
  end
@@ -15,27 +15,25 @@ module Dependabot
15
15
 
16
16
  # Details of Docker regular expressions is at
17
17
  # https://github.com/docker/distribution/blob/master/reference/regexp.go
18
- DOMAIN_COMPONENT =
19
- /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/.freeze
20
- DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/.freeze
21
- REGISTRY = /(?<registry>#{DOMAIN}(?::\d+)?)/.freeze
22
-
23
- NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/.freeze
24
- IMAGE = %r{(?<image>#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}.freeze
25
-
26
- FROM = /FROM/i.freeze
27
- PLATFORM = /--platform\=(?<platform>\S+)/.freeze
28
- TAG = /:(?<tag>[\w][\w.-]{0,127})/.freeze
29
- DIGEST = /@(?<digest>[^\s]+)/.freeze
30
- NAME = /\s+AS\s+(?<name>[\w-]+)/.freeze
18
+ DOMAIN_COMPONENT = /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/
19
+ DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/
20
+ REGISTRY = /(?<registry>#{DOMAIN}(?::\d+)?)/
21
+
22
+ NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/
23
+ IMAGE = %r{(?<image>#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}
24
+
25
+ FROM = /FROM/i
26
+ PLATFORM = /--platform\=(?<platform>\S+)/
27
+ TAG = /:(?<tag>[\w][\w.-]{0,127})/
28
+ DIGEST = /@(?<digest>[^\s]+)/
29
+ NAME = /\s+AS\s+(?<name>[\w-]+)/
31
30
  FROM_LINE =
32
31
  %r{^#{FROM}\s+(#{PLATFORM}\s+)?(#{REGISTRY}/)?
33
- #{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x.freeze
32
+ #{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x
34
33
 
35
- AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/.freeze
34
+ AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
36
35
 
37
- IMAGE_SPEC =
38
- %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x.freeze
36
+ IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x
39
37
 
40
38
  def parse
41
39
  dependency_set = DependencySet.new
@@ -214,6 +212,8 @@ module Dependabot
214
212
  images =
215
213
  if !img.nil? && img.is_a?(String) && !img.empty?
216
214
  [img]
215
+ elsif !img.nil? && img.is_a?(Hash) && !img.empty?
216
+ parse_helm(img)
217
217
  else
218
218
  []
219
219
  end
@@ -225,6 +225,22 @@ module Dependabot
225
225
  # Dependencies include both Dockerfiles and yaml, select yaml.
226
226
  dependency_files.select { |f| f.type == "file" && f.name.match?(/^[^\.]+\.ya?ml/i) }
227
227
  end
228
+
229
+ def parse_helm(img_hash)
230
+ repo = img_hash.fetch("repository", nil)
231
+ tag = img_hash.key?("tag") ? img_hash.fetch("tag", nil) : img_hash.fetch("version", nil)
232
+ registry = img_hash.fetch("registry", nil)
233
+
234
+ if !repo.nil? && !registry.nil? && !tag.nil?
235
+ ["#{registry}/#{repo}:#{tag}"]
236
+ elsif !repo.nil? && !tag.nil?
237
+ ["#{repo}:#{tag}"]
238
+ elsif !repo.nil?
239
+ [repo]
240
+ else
241
+ []
242
+ end
243
+ end
228
244
  end
229
245
  end
230
246
  end
@@ -7,7 +7,7 @@ require "dependabot/errors"
7
7
  module Dependabot
8
8
  module Docker
9
9
  class FileUpdater < Dependabot::FileUpdaters::Base
10
- FROM_REGEX = /FROM(\s+--platform\=\S+)?/i.freeze
10
+ FROM_REGEX = /FROM(\s+--platform\=\S+)?/i
11
11
 
12
12
  def self.updated_files_regex
13
13
  [
@@ -18,7 +18,6 @@ module Dependabot
18
18
 
19
19
  def updated_dependency_files
20
20
  updated_files = []
21
-
22
21
  dependency_files.each do |file|
23
22
  next unless requirement_changed?(file, dependency)
24
23
 
@@ -153,13 +152,29 @@ module Dependabot
153
152
  end
154
153
 
155
154
  def updated_yaml_content(file)
156
- updated_content = update_image(file)
155
+ updated_content = file.name == "values.yaml" ? update_helm(file) : update_image(file)
157
156
 
158
157
  raise "Expected content to change!" if updated_content == file.content
159
158
 
160
159
  updated_content
161
160
  end
162
161
 
162
+ def update_helm(file)
163
+ # TODO: this won't work if two images have the same tag version
164
+ old_tags = old_helm_tags(file)
165
+ return if old_tags.empty?
166
+
167
+ modified_content = file.content
168
+
169
+ old_tags.each do |old_tag|
170
+ old_tag_regex = /^\s+(?:-\s)?(?:tag|version):\s+#{old_tag}(?=\s|$)/
171
+ modified_content = modified_content.gsub(old_tag_regex) do |old_img_tag|
172
+ old_img_tag.gsub(old_tag.to_s, new_yaml_tag(file).to_s)
173
+ end
174
+ end
175
+ modified_content
176
+ end
177
+
163
178
  def update_image(file)
164
179
  old_images = old_yaml_images(file)
165
180
  return if old_images.empty?
@@ -176,13 +191,18 @@ module Dependabot
176
191
  end
177
192
 
178
193
  def new_yaml_image(file)
179
- elt = dependency.requirements.find { |r| r[:file] == file.name }
180
- prefix = elt.fetch(:source)[:registry] ? "#{elt.fetch(:source)[:registry]}/" : ""
181
- digest = elt.fetch(:source)[:digest] ? "@#{elt.fetch(:source)[:digest]}" : ""
182
- tag = elt.fetch(:source)[:tag] ? ":#{elt.fetch(:source)[:tag]}" : ""
194
+ element = dependency.requirements.find { |r| r[:file] == file.name }
195
+ prefix = element.fetch(:source)[:registry] ? "#{element.fetch(:source)[:registry]}/" : ""
196
+ digest = element.fetch(:source)[:digest] ? "@#{element.fetch(:source)[:digest]}" : ""
197
+ tag = element.fetch(:source)[:tag] ? ":#{element.fetch(:source)[:tag]}" : ""
183
198
  "#{prefix}#{dependency.name}#{tag}#{digest}"
184
199
  end
185
200
 
201
+ def new_yaml_tag(file)
202
+ element = dependency.requirements.find { |r| r[:file] == file.name }
203
+ element.fetch(:source)[:tag] || ""
204
+ end
205
+
186
206
  def old_yaml_images(file)
187
207
  dependency.
188
208
  previous_requirements.
@@ -193,6 +213,14 @@ module Dependabot
193
213
  "#{prefix}#{dependency.name}#{tag}#{digest}"
194
214
  end
195
215
  end
216
+
217
+ def old_helm_tags(file)
218
+ dependency.
219
+ previous_requirements.
220
+ select { |r| r[:file] == file.name }.map do |r|
221
+ r.fetch(:source)[:tag] || ""
222
+ end
223
+ end
196
224
  end
197
225
  end
198
226
  end
@@ -6,13 +6,17 @@ module Dependabot
6
6
  module Docker
7
7
  # Lifted from the bundler package manager
8
8
  class Requirement < Gem::Requirement
9
- # For consistency with other langauges, we define a requirements array.
9
+ # For consistency with other languages, we define a requirements array.
10
10
  # Ruby doesn't have an `OR` separator for requirements, so it always
11
11
  # contains a single element.
12
12
  def self.requirements_array(requirement_string)
13
13
  [new(requirement_string)]
14
14
  end
15
15
 
16
+ def satisfied_by?(version)
17
+ super(version.release_part)
18
+ end
19
+
16
20
  # Patches Gem::Requirement to make it accept requirement strings like
17
21
  # "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
18
22
  def initialize(*requirements)
@@ -43,18 +43,16 @@ module Dependabot
43
43
  module Docker
44
44
  class UpdateChecker < Dependabot::UpdateCheckers::Base
45
45
  VERSION_REGEX =
46
- /v?(?<version>[0-9]+(?:(?:\.[a-z0-9]+)|(?:-(?:kb)?[0-9]+))*)/i.freeze
47
- VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z0-9.\-]+)?$/i.freeze
48
- VERSION_WITH_PFX = /^(?<prefix>[a-z0-9.\-]+-)?#{VERSION_REGEX}$/i.freeze
49
- VERSION_WITH_PFX_AND_SFX =
50
- /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i.
51
- freeze
46
+ /v?(?<version>[0-9]+(?:(?:\.[_a-z0-9]+)|(?:-(?:kb)?[0-9]+))*)/i
47
+ VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z0-9.\-]+)?$/i
48
+ VERSION_WITH_PFX = /^(?<prefix>[a-z0-9.\-]+-)?#{VERSION_REGEX}$/i
49
+ VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
52
50
  NAME_WITH_VERSION =
53
51
  /
54
52
  #{VERSION_WITH_PFX}|
55
53
  #{VERSION_WITH_SFX}|
56
54
  #{VERSION_WITH_PFX_AND_SFX}
57
- /x.freeze
55
+ /x
58
56
 
59
57
  def latest_version
60
58
  fetch_latest_version(dependency.version)
@@ -347,7 +345,8 @@ module Dependabot
347
345
  DockerRegistry2::Registry.new(
348
346
  "https://#{registry_hostname}",
349
347
  user: registry_credentials&.fetch("username", nil),
350
- password: registry_credentials&.fetch("password", nil)
348
+ password: registry_credentials&.fetch("password", nil),
349
+ read_timeout: 10
351
350
  )
352
351
  end
353
352
 
@@ -9,7 +9,7 @@ module Dependabot
9
9
  module Docker
10
10
  module Utils
11
11
  class CredentialsFinder
12
- AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/.freeze
12
+ AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
13
13
 
14
14
  def initialize(credentials)
15
15
  @credentials = credentials
@@ -4,7 +4,29 @@ require "dependabot/utils"
4
4
 
5
5
  module Dependabot
6
6
  module Docker
7
+ # In the special case of Java, the version string may also contain
8
+ # optional "update number" and "identifier" components.
9
+ # See https://www.oracle.com/java/technologies/javase/versioning-naming.html
10
+ # for a description of Java versions.
11
+ #
7
12
  class Version < Gem::Version
13
+ def initialize(version)
14
+ release_part, update_part = version.split("_", 2)
15
+
16
+ @release_part = Gem::Version.new(release_part)
17
+
18
+ @update_part = Gem::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0)
19
+ end
20
+
21
+ attr_reader :release_part
22
+
23
+ def <=>(other)
24
+ sort_criteria <=> other.sort_criteria
25
+ end
26
+
27
+ def sort_criteria
28
+ [@release_part, @update_part]
29
+ end
8
30
  end
9
31
  end
10
32
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.11.1
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.11.1
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.35.1
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.35.1
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
- name: ruby-debug-ide
126
+ name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 0.7.3
131
+ version: 1.15.0
160
132
  type: :development
161
133
  prerelease: false
162
134
  version_requirements: !ruby/object:Gem::Requirement
163
135
  requirements:
164
136
  - - "~>"
165
137
  - !ruby/object:Gem::Version
166
- version: 0.7.3
138
+ version: 1.15.0
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: simplecov
169
141
  requirement: !ruby/object:Gem::Requirement
@@ -262,14 +234,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
262
234
  requirements:
263
235
  - - ">="
264
236
  - !ruby/object:Gem::Version
265
- version: 2.7.0
237
+ version: 3.1.0
266
238
  required_rubygems_version: !ruby/object:Gem::Requirement
267
239
  requirements:
268
240
  - - ">="
269
241
  - !ruby/object:Gem::Version
270
- version: 2.7.0
242
+ version: 3.1.0
271
243
  requirements: []
272
- rubygems_version: 3.1.6
244
+ rubygems_version: 3.3.7
273
245
  signing_key:
274
246
  specification_version: 4
275
247
  summary: Docker support for dependabot-common