dependabot-docker 0.244.0 → 0.246.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c52ccd7109a9ba52a4721caab52dee265b8fbac58b014ef41f1764254d5b4ba6
4
- data.tar.gz: a1c7eacd01a34f18f018dc6e2f35b3709986bf32d304c22bf0325a31dafd9791
3
+ metadata.gz: 00e870369360f07efa9b9cc9c6d028b163d2c42892f39e4ab307a5b9671e0262
4
+ data.tar.gz: bc79c8c1a1f9faffd6a0b9d54e914572afd2162f510c03de76a3b73d1be54747
5
5
  SHA512:
6
- metadata.gz: 644b13f04cafb8cde3fafc549221b48acd25a536f9605a7762affa9ba6ce53c50f0151cc0aa1bb5293d4913ecc66dd074641179a4199bf60d45d45c605beeab8
7
- data.tar.gz: '0085584c58c0162fa0532362f6bcf9d0d0e076a11e4fee1c8c28422a7bad80fa363b006d3498f7f83d226c75e7238530a6be3db2e0ca0eee48b8366def1750db'
6
+ metadata.gz: b8d4531b231f7f005f2063e1787795bbb673ffca7da8b3352c3cdc927d30c77594e7b962893645c252cdddc20c55990b974611a12c8422953881af4acfe1a108
7
+ data.tar.gz: c1e0231044521335cde4f10fc06b5a0b15d99f6d4e74b3b96fbfdeacf2f25297ef4bc1f074cb3a4c7c44ee2cd7b8d82ca4378bef66661d9abbca4928c9b25165
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -33,8 +33,7 @@ module Dependabot
33
33
  return fetched_files if fetched_files.any?
34
34
 
35
35
  if incorrectly_encoded_dockerfiles.none? && incorrectly_encoded_yamlfiles.none?
36
- raise(
37
- Dependabot::DependencyFileNotFound,
36
+ raise Dependabot::DependencyFileNotFound.new(
38
37
  File.join(directory, "Dockerfile"),
39
38
  "No Dockerfiles nor Kubernetes YAML found in #{directory}"
40
39
  )
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "docker_registry2"
@@ -46,14 +46,14 @@ module Dependabot
46
46
  dockerfile.content.each_line do |line|
47
47
  next unless FROM_LINE.match?(line)
48
48
 
49
- parsed_from_line = FROM_LINE.match(line).named_captures
49
+ parsed_from_line = T.must(FROM_LINE.match(line)).named_captures
50
50
  parsed_from_line["registry"] = nil if parsed_from_line["registry"] == "docker.io"
51
51
 
52
52
  version = version_from(parsed_from_line)
53
53
  next unless version
54
54
 
55
55
  dependency_set << Dependency.new(
56
- name: parsed_from_line.fetch("image"),
56
+ name: T.must(parsed_from_line.fetch("image")),
57
57
  version: version,
58
58
  package_manager: "docker",
59
59
  requirements: [
@@ -274,7 +274,9 @@ module Dependabot
274
274
  end
275
275
 
276
276
  def registry_hostname
277
- return dependency.requirements.first[:source][:registry] if dependency.requirements.first[:source][:registry]
277
+ if dependency.requirements.first&.dig(:source, :registry)
278
+ return T.must(dependency.requirements.first).dig(:source, :registry)
279
+ end
278
280
 
279
281
  credentials_finder.base_registry
280
282
  end
@@ -4,12 +4,15 @@
4
4
  require "aws-sdk-ecr"
5
5
  require "base64"
6
6
 
7
+ require "dependabot/credential"
7
8
  require "dependabot/errors"
8
9
 
9
10
  module Dependabot
10
11
  module Docker
11
12
  module Utils
12
13
  class CredentialsFinder
14
+ extend T::Sig
15
+
13
16
  AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
14
17
  DEFAULT_DOCKER_HUB_REGISTRY = "registry.hub.docker.com"
15
18
 
@@ -17,6 +20,7 @@ module Dependabot
17
20
  @credentials = credentials
18
21
  end
19
22
 
23
+ sig { params(registry_hostname: String).returns(T.nilable(Dependabot::Credential)) }
20
24
  def credentials_for_registry(registry_hostname)
21
25
  registry_details =
22
26
  credentials
@@ -42,8 +46,10 @@ module Dependabot
42
46
 
43
47
  private
44
48
 
49
+ sig { returns(T::Array[Dependabot::Credential]) }
45
50
  attr_reader :credentials
46
51
 
52
+ sig { params(registry_details: Dependabot::Credential).returns(Dependabot::Credential) }
47
53
  def build_aws_credentials(registry_details)
48
54
  # If credentials have been generated from AWS we can just return them
49
55
  return registry_details if registry_details["username"] == "AWS"
@@ -75,7 +81,7 @@ module Dependabot
75
81
  ecr_client.get_authorization_token.authorization_data.first.authorization_token
76
82
  username, password =
77
83
  Base64.decode64(@authorization_tokens[registry_hostname]).split(":")
78
- registry_details.merge("username" => username, "password" => password)
84
+ registry_details.merge(Dependabot::Credential.new({ "username" => username, "password" => password }))
79
85
  rescue Aws::Errors::MissingCredentialsError,
80
86
  Aws::ECR::Errors::UnrecognizedClientException,
81
87
  Aws::ECR::Errors::InvalidSignatureException
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.244.0
4
+ version: 0.246.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-15 00:00:00.000000000 Z
11
+ date: 2024-03-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.244.0
19
+ version: 0.246.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.244.0
26
+ version: 0.246.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -244,7 +244,7 @@ licenses:
244
244
  - Nonstandard
245
245
  metadata:
246
246
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
247
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
247
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
248
248
  post_install_message:
249
249
  rdoc_options: []
250
250
  require_paths: