dependabot-docker 0.372.0 → 0.374.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker_compose/file_fetcher.rb +70 -0
- data/lib/dependabot/docker_compose/file_parser.rb +128 -0
- data/lib/dependabot/docker_compose/file_updater.rb +59 -0
- data/lib/dependabot/docker_compose/package_manager.rb +51 -0
- data/lib/dependabot/docker_compose.rb +23 -0
- metadata +9 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3bd168a6d9097e9df12180a3f7155c84f6e952c07bd871f1fb63272f677d5591
|
|
4
|
+
data.tar.gz: '092e3dc1b669bd7a17eb6573392c85fb185a39d3ba72dbfd5cfe2a46e8e6bcb9'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c44b1e6853746b5cd70af03865ffe93aaa123f9856e116b8ad26a32c44f0e19fc3dbf47c9e3a66e01c1ad6db1f8902394c9d6cee17ed95b7f3f15392e8679170
|
|
7
|
+
data.tar.gz: c869c073d99e811cf82d55f30d51d194928c76071ae3b39b9a00079ea7e87e560fa135da10c3ead2618d722afc01b796c3dcab683705f14445d378a9276ee88b
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "dependabot/shared/shared_file_fetcher"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module DockerCompose
|
|
8
|
+
class FileFetcher < Dependabot::Shared::SharedFileFetcher
|
|
9
|
+
FILENAME_REGEX = /(docker-)?compose(-[\w]+)?(?>\.[\w-]+)?\.ya?ml/i
|
|
10
|
+
|
|
11
|
+
sig { override.returns(T::Array[DependencyFile]) }
|
|
12
|
+
def fetch_files
|
|
13
|
+
fetched_files = []
|
|
14
|
+
fetched_files += correctly_encoded_docker_compose_files
|
|
15
|
+
|
|
16
|
+
return fetched_files if fetched_files.any?
|
|
17
|
+
|
|
18
|
+
raise_appropriate_error
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
sig { override.returns(Regexp) }
|
|
22
|
+
def self.filename_regex
|
|
23
|
+
FILENAME_REGEX
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
27
|
+
def docker_compose_files
|
|
28
|
+
@docker_compose_files ||=
|
|
29
|
+
T.let(
|
|
30
|
+
repo_contents(raise_errors: false)
|
|
31
|
+
.select { |f| f.type == "file" && f.name.match?(FILENAME_REGEX) }
|
|
32
|
+
.map { |f| fetch_file_from_host(f.name) },
|
|
33
|
+
T.nilable(T::Array[DependencyFile])
|
|
34
|
+
)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
38
|
+
def correctly_encoded_docker_compose_files
|
|
39
|
+
docker_compose_files.select { |f| T.must(f.content).valid_encoding? }
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
43
|
+
def incorrectly_encoded_docker_compose_files
|
|
44
|
+
docker_compose_files.reject { |f| T.must(f.content).valid_encoding? }
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
sig { override.returns(String) }
|
|
48
|
+
def self.required_files_message
|
|
49
|
+
"Repo must contain a docker-compose.yaml file."
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
private
|
|
53
|
+
|
|
54
|
+
sig { override.returns(String) }
|
|
55
|
+
def default_file_name
|
|
56
|
+
"docker-compose.yml"
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
sig { override.returns(String) }
|
|
60
|
+
def file_type
|
|
61
|
+
"Docker Compose"
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
Dependabot::FileFetchers.register(
|
|
68
|
+
"docker_compose",
|
|
69
|
+
Dependabot::DockerCompose::FileFetcher
|
|
70
|
+
)
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "yaml"
|
|
5
|
+
require "dependabot/shared/shared_file_parser"
|
|
6
|
+
require "dependabot/docker_compose/package_manager"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module DockerCompose
|
|
10
|
+
class FileParser < Dependabot::Shared::SharedFileParser
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
ENV_VAR = /\${(?<variable_name>[^}:]+)(?:\:-(?<default_value>[^}]+))?}/
|
|
14
|
+
DIGEST = /(?<digest>[0-9a-f]{64})/
|
|
15
|
+
IMAGE_REGEX = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
|
|
16
|
+
|
|
17
|
+
FROM = /FROM/i
|
|
18
|
+
PLATFORM = /--platform\=(?<platform>\S+)/
|
|
19
|
+
|
|
20
|
+
FROM_LINE =
|
|
21
|
+
%r{^#{FROM}\s+(#{PLATFORM}\s+)?(#{REGISTRY}/)?
|
|
22
|
+
#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
|
|
23
|
+
|
|
24
|
+
sig { returns(Ecosystem) }
|
|
25
|
+
def ecosystem
|
|
26
|
+
@ecosystem ||= T.let(
|
|
27
|
+
Ecosystem.new(
|
|
28
|
+
name: ECOSYSTEM,
|
|
29
|
+
package_manager: DockerPackageManager.new
|
|
30
|
+
),
|
|
31
|
+
T.nilable(Ecosystem)
|
|
32
|
+
)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
36
|
+
def parse
|
|
37
|
+
dependency_set = DependencySet.new
|
|
38
|
+
|
|
39
|
+
composefiles.each do |composefile|
|
|
40
|
+
yaml = YAML.safe_load(T.must(composefile.content), aliases: true)
|
|
41
|
+
next unless yaml["services"].is_a?(Hash)
|
|
42
|
+
|
|
43
|
+
yaml["services"].each do |_, service|
|
|
44
|
+
next unless service.is_a?(Hash)
|
|
45
|
+
|
|
46
|
+
parsed_from_image = parse_image_spec(service)
|
|
47
|
+
next unless parsed_from_image
|
|
48
|
+
|
|
49
|
+
parsed_from_image["registry"] = nil if parsed_from_image["registry"] == "docker.io"
|
|
50
|
+
|
|
51
|
+
version = version_from(parsed_from_image)
|
|
52
|
+
next unless version
|
|
53
|
+
|
|
54
|
+
dependency_set << build_dependency(composefile, parsed_from_image, version)
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
dependency_set.dependencies
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
private
|
|
62
|
+
|
|
63
|
+
sig { params(service: T.untyped).returns(T.nilable(T::Hash[String, T.nilable(String)])) }
|
|
64
|
+
def parse_image_spec(service)
|
|
65
|
+
return nil unless service
|
|
66
|
+
|
|
67
|
+
if service["image"]
|
|
68
|
+
return service_image(service["image"])
|
|
69
|
+
elsif service["build"].is_a?(Hash) && service["build"]["dockerfile_inline"]
|
|
70
|
+
return nil if service["build"]["dockerfile_inline"].match?(/^FROM\s+\${[^}]+}$/)
|
|
71
|
+
|
|
72
|
+
match = FROM_LINE.match(service["build"]["dockerfile_inline"])
|
|
73
|
+
return match&.named_captures
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
nil
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
sig { params(image: String).returns(T.nilable(T::Hash[String, T.nilable(String)])) }
|
|
80
|
+
def service_image(image)
|
|
81
|
+
docker_image = image
|
|
82
|
+
|
|
83
|
+
if image.match?(/^#{ENV_VAR}/o)
|
|
84
|
+
default_value = ENV_VAR.match(image)&.named_captures&.fetch("default_value")
|
|
85
|
+
return unless default_value
|
|
86
|
+
|
|
87
|
+
docker_image = default_value
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
IMAGE_REGEX.match(docker_image)&.named_captures
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
sig { params(parsed_image: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
|
|
94
|
+
def version_from(parsed_image)
|
|
95
|
+
return nil if parsed_image["tag"]&.match?(ENV_VAR)
|
|
96
|
+
|
|
97
|
+
super
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
sig { override.returns(String) }
|
|
101
|
+
def package_manager
|
|
102
|
+
"docker_compose"
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
sig { override.returns(String) }
|
|
106
|
+
def file_type
|
|
107
|
+
"docker-compose.yml"
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
111
|
+
def composefiles
|
|
112
|
+
dependency_files
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
sig { override.void }
|
|
116
|
+
def check_required_files
|
|
117
|
+
return if dependency_files.any?
|
|
118
|
+
|
|
119
|
+
raise "No #{file_type}!"
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
Dependabot::FileParsers.register(
|
|
126
|
+
"docker_compose",
|
|
127
|
+
Dependabot::DockerCompose::FileParser
|
|
128
|
+
)
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "dependabot/shared/shared_file_updater"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module DockerCompose
|
|
8
|
+
class FileUpdater < Dependabot::Shared::SharedFileUpdater
|
|
9
|
+
extend T::Sig
|
|
10
|
+
extend T::Helpers
|
|
11
|
+
|
|
12
|
+
YAML_REGEXP = /(docker-)?compose(?>\.[\w-]+)?\.ya?ml/i
|
|
13
|
+
IMAGE_REGEX = /(?:from|image:\s*)/i
|
|
14
|
+
|
|
15
|
+
sig { override.returns(String) }
|
|
16
|
+
def file_type
|
|
17
|
+
"Docker compose"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
sig { override.returns(Regexp) }
|
|
21
|
+
def yaml_file_pattern
|
|
22
|
+
YAML_REGEXP
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
sig { override.returns(Regexp) }
|
|
26
|
+
def container_image_regex
|
|
27
|
+
IMAGE_REGEX
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
sig { override.params(escaped_declaration: String).returns(Regexp) }
|
|
31
|
+
def build_old_declaration_regex(escaped_declaration)
|
|
32
|
+
%r{#{IMAGE_REGEX}\s+["']?(?:\$\{[^\}:]+:-)?(docker\.io/)?#{escaped_declaration}(?:\})?["']?(?=\s|$)}
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
36
|
+
def updated_dependency_files
|
|
37
|
+
updated_files = []
|
|
38
|
+
dependency_files.each do |file|
|
|
39
|
+
next unless requirement_changed?(file, T.must(dependency))
|
|
40
|
+
|
|
41
|
+
updated_files << updated_file(
|
|
42
|
+
file: file,
|
|
43
|
+
content: T.must(updated_dockerfile_content(file))
|
|
44
|
+
)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
updated_files.reject! { |f| dependency_files.include?(f) }
|
|
48
|
+
raise "No files changed!" if updated_files.none?
|
|
49
|
+
|
|
50
|
+
updated_files
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
Dependabot::FileUpdaters.register(
|
|
57
|
+
"docker_compose",
|
|
58
|
+
Dependabot::DockerCompose::FileUpdater
|
|
59
|
+
)
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/ecosystem"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
module DockerCompose
|
|
9
|
+
ECOSYSTEM = "docker_compose"
|
|
10
|
+
|
|
11
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
12
|
+
|
|
13
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
14
|
+
|
|
15
|
+
class DockerPackageManager < Dependabot::Ecosystem::VersionManager
|
|
16
|
+
extend T::Sig
|
|
17
|
+
|
|
18
|
+
NAME = "docker_compose"
|
|
19
|
+
|
|
20
|
+
# As docker_compose updater is an in house custom utility, We use a placeholder
|
|
21
|
+
# version number for docker_compose updater
|
|
22
|
+
VERSION = "1.0.0"
|
|
23
|
+
|
|
24
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
25
|
+
|
|
26
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
27
|
+
|
|
28
|
+
sig do
|
|
29
|
+
void
|
|
30
|
+
end
|
|
31
|
+
def initialize
|
|
32
|
+
super(
|
|
33
|
+
name: NAME,
|
|
34
|
+
version: Version.new(VERSION),
|
|
35
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
36
|
+
supported_versions: SUPPORTED_VERSIONS
|
|
37
|
+
)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
sig { override.returns(T::Boolean) }
|
|
41
|
+
def deprecated?
|
|
42
|
+
false
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
sig { override.returns(T::Boolean) }
|
|
46
|
+
def unsupported?
|
|
47
|
+
false
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
# These all need to be required so the various classes can be registered in a
|
|
5
|
+
# lookup table of package manager names to concrete classes.
|
|
6
|
+
|
|
7
|
+
require "dependabot/docker"
|
|
8
|
+
|
|
9
|
+
require "dependabot/docker_compose/file_fetcher"
|
|
10
|
+
require "dependabot/docker_compose/file_parser"
|
|
11
|
+
require "dependabot/docker_compose/file_updater"
|
|
12
|
+
|
|
13
|
+
Dependabot::Utils.register_version_class("docker_compose", Dependabot::Docker::Version)
|
|
14
|
+
Dependabot::UpdateCheckers.register("docker_compose", Dependabot::Docker::UpdateChecker)
|
|
15
|
+
Dependabot::Utils.register_requirement_class("docker_compose", Dependabot::Docker::Requirement)
|
|
16
|
+
Dependabot::MetadataFinders.register("docker_compose", Dependabot::Docker::MetadataFinder)
|
|
17
|
+
|
|
18
|
+
require "dependabot/pull_request_creator/labeler"
|
|
19
|
+
Dependabot::PullRequestCreator::Labeler
|
|
20
|
+
.register_label_details("docker_compose", name: "docker_compose", colour: "E5F2FC")
|
|
21
|
+
|
|
22
|
+
require "dependabot/dependency"
|
|
23
|
+
Dependabot::Dependency.register_production_check("docker_compose", ->(_) { true })
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.374.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.374.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.374.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -251,6 +251,11 @@ files:
|
|
|
251
251
|
- lib/dependabot/docker/tag.rb
|
|
252
252
|
- lib/dependabot/docker/update_checker.rb
|
|
253
253
|
- lib/dependabot/docker/version.rb
|
|
254
|
+
- lib/dependabot/docker_compose.rb
|
|
255
|
+
- lib/dependabot/docker_compose/file_fetcher.rb
|
|
256
|
+
- lib/dependabot/docker_compose/file_parser.rb
|
|
257
|
+
- lib/dependabot/docker_compose/file_updater.rb
|
|
258
|
+
- lib/dependabot/docker_compose/package_manager.rb
|
|
254
259
|
- lib/dependabot/shared/shared_file_fetcher.rb
|
|
255
260
|
- lib/dependabot/shared/shared_file_parser.rb
|
|
256
261
|
- lib/dependabot/shared/shared_file_updater.rb
|
|
@@ -261,7 +266,7 @@ licenses:
|
|
|
261
266
|
- MIT
|
|
262
267
|
metadata:
|
|
263
268
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
269
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.374.0
|
|
265
270
|
rdoc_options: []
|
|
266
271
|
require_paths:
|
|
267
272
|
- lib
|