dependabot-docker 0.351.0 → 0.353.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/update_checker.rb +53 -4
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02bcc5572fdaea1462c34ec6a42fb30a8dbe30beac223c618a048335fd17913f
|
|
4
|
+
data.tar.gz: afb4967b24253d6b0b6446fe787b096dc59f60ae58d6a60c0b58f793b2108c48
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 403f045eaaba1d2afcb87f864a10f8ac2eeaae1ebf25dfdd9fb301bbc02266ad572a5bcff32e86af539cb25ce79f0bf298e38ca02532693a9cf01673a0f3bd1c
|
|
7
|
+
data.tar.gz: c26697bf391a67b3d6633634a4da9bfb9771a3d78ede365054d7c7fa77ec3906a864c1a3b0ada6c773b0594dd1868333a433adc461593c6076173e1045b303c8
|
|
@@ -101,12 +101,33 @@ module Dependabot
|
|
|
101
101
|
comparable_version_from(latest_tag) <= comparable_version_from(version_tag)
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
+
# Digest requirements come in two forms:
|
|
105
|
+
#
|
|
106
|
+
# - Tag + digest (e.g. `image:debug@sha256:<digest>`):
|
|
107
|
+
# the tag is the source of truth, so the expected digest is the digest of the tag.
|
|
108
|
+
#
|
|
109
|
+
# - Digest-only (e.g. `image@sha256:<digest>`):
|
|
110
|
+
# there is no tag to resolve, so the expected digest is `updated_digest`.
|
|
111
|
+
#
|
|
112
|
+
# A dependency may have multiple digest requirements (across multiple files), so
|
|
113
|
+
# we compute the expected digest per requirement rather than using a single
|
|
114
|
+
# global value.
|
|
104
115
|
sig { returns(T::Boolean) }
|
|
105
116
|
def digest_up_to_date?
|
|
106
|
-
|
|
107
|
-
next true unless updated_digest
|
|
117
|
+
return true unless updated_digest
|
|
108
118
|
|
|
109
|
-
|
|
119
|
+
digest_requirements.all? do |req|
|
|
120
|
+
source = req.fetch(:source)
|
|
121
|
+
source_digest = source.fetch(:digest)
|
|
122
|
+
source_tag = source[:tag]
|
|
123
|
+
|
|
124
|
+
expected_digest =
|
|
125
|
+
if source_tag
|
|
126
|
+
digest_of(source_tag)
|
|
127
|
+
else
|
|
128
|
+
updated_digest
|
|
129
|
+
end
|
|
130
|
+
source_digest == expected_digest
|
|
110
131
|
end
|
|
111
132
|
end
|
|
112
133
|
|
|
@@ -219,7 +240,7 @@ module Dependabot
|
|
|
219
240
|
client.digest(docker_repo_name, tag.name)
|
|
220
241
|
end
|
|
221
242
|
|
|
222
|
-
first_digest = digest_info
|
|
243
|
+
first_digest = extract_digest_from_response(digest_info, tag)
|
|
223
244
|
return nil unless first_digest
|
|
224
245
|
|
|
225
246
|
blob_info = with_retries(max_attempts: 3, errors: transient_docker_errors) do
|
|
@@ -240,6 +261,34 @@ module Dependabot
|
|
|
240
261
|
)
|
|
241
262
|
end
|
|
242
263
|
|
|
264
|
+
sig do
|
|
265
|
+
params(
|
|
266
|
+
digest_info: T.untyped,
|
|
267
|
+
tag: Dependabot::Docker::Tag
|
|
268
|
+
).returns(T.nilable(String))
|
|
269
|
+
end
|
|
270
|
+
def extract_digest_from_response(digest_info, tag)
|
|
271
|
+
# digest_info can be either a String or an Array depending on the registry response
|
|
272
|
+
case digest_info
|
|
273
|
+
when Array
|
|
274
|
+
if digest_info.empty?
|
|
275
|
+
Dependabot.logger.warn(
|
|
276
|
+
"Empty digest_info array for #{docker_repo_name}:#{tag.name}"
|
|
277
|
+
)
|
|
278
|
+
return nil
|
|
279
|
+
end
|
|
280
|
+
digest_info.first&.fetch("digest")
|
|
281
|
+
when String
|
|
282
|
+
digest_info
|
|
283
|
+
else
|
|
284
|
+
Dependabot.logger.warn(
|
|
285
|
+
"Unexpected digest_info type for #{docker_repo_name}:#{tag.name}: " \
|
|
286
|
+
"#{digest_info.class} (expected String or Array)"
|
|
287
|
+
)
|
|
288
|
+
nil
|
|
289
|
+
end
|
|
290
|
+
end
|
|
291
|
+
|
|
243
292
|
sig do
|
|
244
293
|
params(
|
|
245
294
|
max_attempts: Integer,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.353.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.353.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.353.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- MIT
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.353.0
|
|
265
265
|
rdoc_options: []
|
|
266
266
|
require_paths:
|
|
267
267
|
- lib
|