dependabot-docker 0.377.0 → 0.378.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/update_checker.rb +21 -5
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 17718cb0ff191b125f27342d3f6ac8ecc789aa7fbd1756b07f4169f72e7cdb1b
|
|
4
|
+
data.tar.gz: fe95510540508bb9aaab679699bed285909e3ca5252be80f6fe7d21bc77221d8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 72ec96db68fa95f61911fcaddb98601eb79f124357d17a4c0748c223bf1be60e4aa09089bcf4a5e0206201ec5fd1df2e7bcb2657fd3d362d9fd5001249402801
|
|
7
|
+
data.tar.gz: a04bc6ba3d922b2d5a28d62fbd06282d087db8b5c0e7dfe2acee5c057034a0c887ada15f5e04c7d64c34c49426b35b481b0fda843aefac7c5b96379ac3f8456f
|
|
@@ -374,7 +374,9 @@ module Dependabot
|
|
|
374
374
|
candidate_tags.reverse_each do |tag|
|
|
375
375
|
details = publication_detail(tag)
|
|
376
376
|
|
|
377
|
-
|
|
377
|
+
# If we can't determine publication details, skip cooldown for this tag and use it
|
|
378
|
+
# rather than blocking the update when the registry doesn't support the required API calls
|
|
379
|
+
return [tag] if !details || !details.released_at
|
|
378
380
|
|
|
379
381
|
return [tag] unless cooldown_period?(T.must(details.released_at), tag)
|
|
380
382
|
|
|
@@ -389,7 +391,7 @@ module Dependabot
|
|
|
389
391
|
return publication_details[candidate_tag.name] if publication_details.key?(candidate_tag.name)
|
|
390
392
|
|
|
391
393
|
details = get_tag_publication_details(candidate_tag)
|
|
392
|
-
publication_details[candidate_tag.name] =
|
|
394
|
+
publication_details[candidate_tag.name] = details
|
|
393
395
|
|
|
394
396
|
details
|
|
395
397
|
end
|
|
@@ -404,12 +406,17 @@ module Dependabot
|
|
|
404
406
|
first_digest = extract_digest_from_response(digest_info, tag)
|
|
405
407
|
return nil unless first_digest
|
|
406
408
|
|
|
407
|
-
|
|
409
|
+
# When digest_info is an Array the registry returned a manifest list
|
|
410
|
+
# (OCI image index) and the extracted digest points at a platform-
|
|
411
|
+
# specific *manifest*, not a blob. Use the correct endpoint so the
|
|
412
|
+
# HEAD request succeeds on registries like ghcr.io.
|
|
413
|
+
endpoint = digest_info.is_a?(Array) ? "manifests" : "blobs"
|
|
414
|
+
head_response = with_retries(max_attempts: 3, errors: transient_docker_errors) do
|
|
408
415
|
client = docker_registry_client
|
|
409
|
-
client.dohead "v2/#{docker_repo_name}
|
|
416
|
+
client.dohead "v2/#{docker_repo_name}/#{endpoint}/#{first_digest}"
|
|
410
417
|
end
|
|
411
418
|
|
|
412
|
-
last_modified =
|
|
419
|
+
last_modified = head_response.headers[:last_modified]
|
|
413
420
|
published_date = last_modified ? Time.parse(last_modified) : nil
|
|
414
421
|
|
|
415
422
|
Dependabot::Package::PackageRelease.new(
|
|
@@ -420,6 +427,15 @@ module Dependabot
|
|
|
420
427
|
url: nil,
|
|
421
428
|
package_type: "docker"
|
|
422
429
|
)
|
|
430
|
+
rescue *transient_docker_errors,
|
|
431
|
+
DockerRegistry2::RegistryAuthenticationException,
|
|
432
|
+
RestClient::Forbidden,
|
|
433
|
+
RestClient::TooManyRequests => e
|
|
434
|
+
Dependabot.logger.warn(
|
|
435
|
+
"Failed to fetch publication details for #{docker_repo_name}:#{tag.name}, " \
|
|
436
|
+
"skipping cooldown: #{e.class} - #{e.message}"
|
|
437
|
+
)
|
|
438
|
+
nil
|
|
423
439
|
end
|
|
424
440
|
|
|
425
441
|
sig do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.378.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.378.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.378.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,7 +266,7 @@ licenses:
|
|
|
266
266
|
- MIT
|
|
267
267
|
metadata:
|
|
268
268
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
269
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
269
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.378.0
|
|
270
270
|
rdoc_options: []
|
|
271
271
|
require_paths:
|
|
272
272
|
- lib
|