dependabot-docker 0.242.1 → 0.244.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55e0e366e2041988964d81687f1c659e3b45ee59f8bf9c05c6d50ffbdb42b8e4
4
- data.tar.gz: '05380a2162f0da1cb71436ce2fc8e8feaefbfdafd6e3e9ecd128609dfa887072'
3
+ metadata.gz: c52ccd7109a9ba52a4721caab52dee265b8fbac58b014ef41f1764254d5b4ba6
4
+ data.tar.gz: a1c7eacd01a34f18f018dc6e2f35b3709986bf32d304c22bf0325a31dafd9791
5
5
  SHA512:
6
- metadata.gz: c18c3bbe12ba33cec530d94d9b0aac7d020cb4def819290a5dcd28b6c5670c74484f694f11eb288eb4cda06724ef015aceb7128e90f0067e40a830a2296d65a5
7
- data.tar.gz: 75b41e1eb6e0ab152feafedc61ea0a7f48d343f0c6271fbdf3ebc967f9e47da8c2d2d2d5589e14f71087461de2eea329db4f8002a032d20862a371e288232b6c
6
+ metadata.gz: 644b13f04cafb8cde3fafc549221b48acd25a536f9605a7762affa9ba6ce53c50f0151cc0aa1bb5293d4913ecc66dd074641179a4199bf60d45d45c605beeab8
7
+ data.tar.gz: '0085584c58c0162fa0532362f6bcf9d0d0e076a11e4fee1c8c28422a7bad80fa363b006d3498f7f83d226c75e7238530a6be3db2e0ca0eee48b8366def1750db'
@@ -13,6 +13,8 @@ module Dependabot
13
13
  class FileParser < Dependabot::FileParsers::Base
14
14
  require "dependabot/file_parsers/base/dependency_set"
15
15
 
16
+ YAML_REGEXP = /^[^\.].*\.ya?ml$/i
17
+
16
18
  # Details of Docker regular expressions is at
17
19
  # https://github.com/docker/distribution/blob/master/reference/regexp.go
18
20
  DOMAIN_COMPONENT = /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/
@@ -75,7 +77,7 @@ module Dependabot
75
77
 
76
78
  def dockerfiles
77
79
  # The Docker file fetcher fetches Dockerfiles and yaml files. Reject yaml files.
78
- dependency_files.reject { |f| f.type == "file" && f.name.match?(/^[^\.]+\.ya?ml/i) }
80
+ dependency_files.reject { |f| f.type == "file" && f.name.match?(YAML_REGEXP) }
79
81
  end
80
82
 
81
83
  def version_from(parsed_from_line)
@@ -167,7 +169,7 @@ module Dependabot
167
169
 
168
170
  def manifest_files
169
171
  # Dependencies include both Dockerfiles and yaml, select yaml.
170
- dependency_files.select { |f| f.type == "file" && f.name.match?(/^[^\.]+\.ya?ml/i) }
172
+ dependency_files.select { |f| f.type == "file" && f.name.match?(YAML_REGEXP) }
171
173
  end
172
174
 
173
175
  def parse_helm(img_hash)
@@ -11,10 +11,13 @@ module Dependabot
11
11
  class FileUpdater < Dependabot::FileUpdaters::Base
12
12
  FROM_REGEX = /FROM(\s+--platform\=\S+)?/i
13
13
 
14
+ YAML_REGEXP = /^[^\.].*\.ya?ml$/i
15
+ DOCKER_REGEXP = /dockerfile/i
16
+
14
17
  def self.updated_files_regex
15
18
  [
16
- /dockerfile/i,
17
- /^[^\.]+\.ya?ml/i
19
+ DOCKER_REGEXP,
20
+ YAML_REGEXP
18
21
  ]
19
22
  end
20
23
 
@@ -23,7 +26,7 @@ module Dependabot
23
26
  dependency_files.each do |file|
24
27
  next unless requirement_changed?(file, dependency)
25
28
 
26
- updated_files << if file.name.match?(/^[^\.]+\.ya?ml/i)
29
+ updated_files << if file.name.match?(YAML_REGEXP)
27
30
  updated_file(
28
31
  file: file,
29
32
  content: updated_yaml_content(file)
@@ -63,12 +66,7 @@ module Dependabot
63
66
  updated_content = file.content
64
67
 
65
68
  old_sources.zip(new_sources).each do |old_source, new_source|
66
- updated_content =
67
- if specified_with_digest?(old_source)
68
- update_digest_and_tag(updated_content, old_source, new_source)
69
- else
70
- update_tag(updated_content, old_source, new_source)
71
- end
69
+ updated_content = update_digest_and_tag(updated_content, old_source, new_source)
72
70
  end
73
71
 
74
72
  raise "Expected content to change!" if updated_content == file.content
@@ -83,35 +81,38 @@ module Dependabot
83
81
  old_tag = old_source[:tag]
84
82
  new_tag = new_source[:tag]
85
83
 
86
- old_declaration_regex = /^#{FROM_REGEX}\s+.*@sha256:#{old_digest}/
87
-
88
- previous_content.gsub(old_declaration_regex) do |old_dec|
89
- old_dec
90
- .gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
91
- .gsub(":#{old_tag}", ":#{new_tag}")
92
- end
93
- end
94
-
95
- def update_tag(previous_content, old_source, new_source)
96
- old_tag = old_source[:tag]
97
- new_tag = new_source[:tag]
98
-
99
84
  old_declaration =
100
85
  if private_registry_url(old_source) then "#{private_registry_url(old_source)}/"
101
86
  else
102
87
  ""
103
88
  end
104
- old_declaration += "#{dependency.name}:#{old_tag}"
89
+ old_declaration += dependency.name
90
+ old_declaration +=
91
+ if specified_with_tag?(old_source) then ":#{old_tag}"
92
+ else
93
+ ""
94
+ end
95
+ old_declaration +=
96
+ if specified_with_digest?(old_source) then "@sha256:#{old_digest}"
97
+ else
98
+ ""
99
+ end
105
100
  escaped_declaration = Regexp.escape(old_declaration)
106
101
 
107
102
  old_declaration_regex =
108
103
  %r{^#{FROM_REGEX}\s+(docker\.io/)?#{escaped_declaration}(?=\s|$)}
109
104
 
110
105
  previous_content.gsub(old_declaration_regex) do |old_dec|
111
- old_dec.gsub(":#{old_tag}", ":#{new_tag}")
106
+ old_dec
107
+ .gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
108
+ .gsub(":#{old_tag}", ":#{new_tag}")
112
109
  end
113
110
  end
114
111
 
112
+ def specified_with_tag?(source)
113
+ source[:tag]
114
+ end
115
+
115
116
  def specified_with_digest?(source)
116
117
  source[:digest]
117
118
  end
@@ -108,7 +108,7 @@ module Dependabot
108
108
  # NOTE: It's important that this *always* returns a tag (even if
109
109
  # it's the existing one) as it is what we later check the digest of.
110
110
  def fetch_latest_tag(version_tag)
111
- return Tag.new(latest_digest) if version_tag.digest?
111
+ return Tag.new(latest_digest) if version_tag.digest? && latest_digest
112
112
  return version_tag unless version_tag.comparable?
113
113
 
114
114
  # Prune out any downgrade tags before checking for pre-releases
@@ -30,7 +30,7 @@ module Dependabot
30
30
 
31
31
  def base_registry
32
32
  @base_registry ||= credentials.find do |cred|
33
- cred["type"] == "docker_registry" && cred["replaces-base"] == true
33
+ cred["type"] == "docker_registry" && cred.replaces_base?
34
34
  end
35
35
  @base_registry ||= { "registry" => DEFAULT_DOCKER_HUB_REGISTRY, "credentials" => nil }
36
36
  @base_registry["registry"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.242.1
4
+ version: 0.244.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-23 00:00:00.000000000 Z
11
+ date: 2024-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.242.1
19
+ version: 0.244.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.242.1
26
+ version: 0.244.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -244,7 +244,7 @@ licenses:
244
244
  - Nonstandard
245
245
  metadata:
246
246
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
247
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.242.1
247
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
248
248
  post_install_message:
249
249
  rdoc_options: []
250
250
  require_paths: