dependabot-docker 0.298.0 → 0.299.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/docker/update_checker.rb +59 -1
  3. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ec6f718cb35e66a3d05aeb2b358f3119d6a7eb903caaab6fdab5c0986a0fe4ad
4
- data.tar.gz: bc36d5f6cd3b3fcd9ea121f85dfcd69728b3986f9ad31b48bb1a1c6b43b2f7ac
3
+ metadata.gz: 134d154ffea190ddc9e90de9dac7bf4cb3975be84b448ba2951160d72a00d139
4
+ data.tar.gz: 9e65973dfee557bc73f4a16d8d2dcb03bf289317943c565a05628e363f213a72
5
5
  SHA512:
6
- metadata.gz: b4eb32ebd6ab05aa29c5d6bd7d59508307557658e5d9c03051b8fc5894ee6032e697c7396df20344b09ee9332e34756348cf8101232062991c9477dc22136176
7
- data.tar.gz: 30df940974d700495f43649a8240dc4f3c608d2605104981d0bec0c14cdeb70c2e8d5bfb891eca26944bbbbfb516aedb68b9c8177e6c169c032b77e4d17f918d
6
+ metadata.gz: 22516919d1d98b39fc46a8d2d9a5496bfaae1cf6be3ce9b1a1ae1884494f080563c5d66a97f6a0dc323675d005cbf7e5f817c2ba4eff17eb00232c80d0838ee3
7
+ data.tar.gz: bb88b420c92839866f9f9fef08af6106ef4d2631a36b14e09a24192cfdd3982ea6bd8682592775cac9aef2d6e7e0bd251c7a7d359fa83fa39a4733bc105d256c
data/lib/dependabot/docker/update_checker.rb CHANGED
@@ -167,7 +167,65 @@ module Dependabot
167
167
 
168
168
  sig { params(original_tag: Dependabot::Docker::Tag).returns(T::Array[Dependabot::Docker::Tag]) }
169
169
  def comparable_tags_from_registry(original_tag)
170
+ unless Experiments.enabled?(:docker_tag_component_comparison)
171
+ return tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
172
+ end
173
+
174
+ common_components = identify_common_components(tags_from_registry)
175
+ original_components = extract_tag_components(original_tag.name, common_components)
176
+ Dependabot.logger.info("Original tag components: #{original_components.join(',')}")
177
+
170
178
  tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
179
+ tags_from_registry.select do |tag|
180
+ tag.comparable_to?(original_tag) &&
181
+ (original_components.empty? ||
182
+ compatible_components?(extract_tag_components(tag.name, common_components), original_components))
183
+ end
184
+ end
185
+
186
+ sig { params(tags: T::Array[Dependabot::Docker::Tag]).returns(T::Array[String]) }
187
+ def identify_common_components(tags)
188
+ tag_parts = tags.map do |tag|
189
+ # replace version parts with VERSION
190
+ processed_tag = tag.name.gsub(/\d+\.\d+\.\d+_\d+/, "VERSION")
191
+
192
+ parts = processed_tag.split(%r{[-\./]})
193
+ parts.reject(&:empty?)
194
+ end
195
+
196
+ part_counts = tag_parts.flatten.tally
197
+
198
+ part_counts.select do |part|
199
+ part.length > 1 &&
200
+ part != "VERSION" &&
201
+ !version_related_pattern?(part)
202
+ end.keys
203
+ end
204
+
205
+ sig { params(part: String).returns(T::Boolean) }
206
+ def version_related_pattern?(part)
207
+ patterns = {
208
+ number: /^\d+$/,
209
+ semver: /^\d+\.\d+$/,
210
+ v_prefix: /^v\d+/,
211
+ version_marker: /^(rc|jre)$/,
212
+ prerelease: /^(?=.*\d)(?=.*[a-z])[a-z\d]+$/i,
213
+ sha: /^g[0-9a-f]{5,}$/,
214
+ timestamp: /^\d{8,14}$/,
215
+ underscore_parts: /\d+_\d+/
216
+ }
217
+
218
+ patterns.values.any? { |pattern| part.match?(pattern) }
219
+ end
220
+
221
+ sig { params(tag_name: String, common_components: T::Array[String]).returns(T::Array[String]) }
222
+ def extract_tag_components(tag_name, common_components)
223
+ common_components.select { |component| tag_name.match?(/\b#{Regexp.escape(component)}\b/) }
224
+ end
225
+
226
+ sig { params(tag_components: T::Array[String], original_components: T::Array[String]).returns(T::Boolean) }
227
+ def compatible_components?(tag_components, original_components)
228
+ tag_components.sort == original_components.sort
171
229
  end
172
230
 
173
231
  sig do
@@ -379,7 +437,7 @@ module Dependabot
379
437
 
380
438
  # Defaults from https://github.com/deitch/docker_registry2/blob/bfde04144f0b7fd63c156a1aca83efe19ee78ffd/lib/registry/registry.rb#L26-L27
381
439
  DEFAULT_DOCKER_OPEN_TIMEOUT_IN_SECONDS = 2
382
- DEFAULT_DOCKER_READ_TIMEOUT_IN_SECONDS = 5
440
+ DEFAULT_DOCKER_READ_TIMEOUT_IN_SECONDS = 60
383
441
 
384
442
  sig { returns(DockerRegistry2::Registry) }
385
443
  def docker_registry_client
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.298.0
4
+ version: 0.299.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-02-20 00:00:00.000000000 Z
11
+ date: 2025-02-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.298.0
19
+ version: 0.299.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.298.0
26
+ version: 0.299.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -262,7 +262,7 @@ licenses:
262
262
  - MIT
263
263
  metadata:
264
264
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
265
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.298.0
265
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.0
266
266
  post_install_message:
267
267
  rdoc_options: []
268
268
  require_paths: