RubyGems - dependabot-docker_compose - Versions diffs - 0.298.0 → 0.299.0 - Mend

dependabot-docker_compose 0.298.0 → 0.299.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/lib/dependabot/docker_compose/file_fetcher.rb +1 -1
data/lib/dependabot/docker_compose/file_parser.rb +44 -3
data/lib/dependabot/docker_compose/file_updater.rb +2 -44
data/lib/dependabot/docker_compose/package_manager.rb +0 -2
data/lib/dependabot/docker_compose.rb +8 -4
metadata +19 -15
data/lib/dependabot/docker_compose/metadata_finder.rb +0 -39
data/lib/dependabot/docker_compose/requirement.rb +0 -43
data/lib/dependabot/docker_compose/tag.rb +0 -144
data/lib/dependabot/docker_compose/update_checker.rb +0 -479
data/lib/dependabot/docker_compose/version.rb +0 -84
data/lib/dependabot/shared/shared_file_fetcher.rb +0 -99
data/lib/dependabot/shared/shared_file_parser.rb +0 -80
data/lib/dependabot/shared/shared_file_updater.rb +0 -261
data/lib/dependabot/shared/utils/credentials_finder.rb +0 -101
data/lib/dependabot/shared/utils/helpers.rb +0 -19

data/lib/dependabot/shared/shared_file_parser.rb DELETED Viewed

@@ -1,80 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "dependabot/dependency"
-require "dependabot/file_parsers"
-require "dependabot/file_parsers/base"
-require "sorbet-runtime"
-module Dependabot
-  module Shared
-    class SharedFileParser < Dependabot::FileParsers::Base
-      extend T::Sig
-      extend T::Helpers
-      abstract!
-      require "dependabot/file_parsers/base/dependency_set"
-      # Details of Docker regular expressions is at
-      # https://github.com/docker/distribution/blob/master/reference/regexp.go
-      DOMAIN_COMPONENT = /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/
-      DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/
-      REGISTRY = /(?<registry>#{DOMAIN}(?::\d+)?)/
-      NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/
-      IMAGE = %r{(?<image>#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}
-      TAG = /:(?<tag>[\w][\w.-]{0,127})/
-      DIGEST = /@(?<digest>[^\s]+)/
-      NAME = /\s+AS\s+(?<name>[\w-]+)/
-      protected
-      sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
-      def version_from(parsed_line)
-        parsed_line.fetch("tag") || parsed_line.fetch("digest")
-      end
-      sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T::Hash[String, T.nilable(String)]) }
-      def source_from(parsed_line)
-        source = {}
-        source[:registry] = parsed_line.fetch("registry") if parsed_line.fetch("registry")
-        source[:tag] = parsed_line.fetch("tag") if parsed_line.fetch("tag")
-        source[:digest] = parsed_line.fetch("digest") if parsed_line.fetch("digest")
-        source
-      end
-      sig do
-        params(file: Dependabot::DependencyFile, details: T::Hash[String, T.nilable(String)],
-               version: String).returns(Dependabot::Dependency)
-      end
-      def build_dependency(file, details, version)
-        Dependency.new(
-          name: T.must(details.fetch("image")),
-          version: version,
-          package_manager: package_manager,
-          requirements: [
-            requirement: nil,
-            groups: [],
-            file: file.name,
-            source: source_from(details)
-          ]
-        )
-      end
-      private
-      sig { override.void }
-      def check_required_files; end
-      sig { abstract.returns(String) }
-      def package_manager; end
-      sig { abstract.returns(String) }
-      def file_type; end
-    end
-  end
-end

data/lib/dependabot/shared/shared_file_updater.rb DELETED Viewed

@@ -1,261 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "dependabot/file_updaters"
-require "dependabot/file_updaters/base"
-require "dependabot/errors"
-require "sorbet-runtime"
-require "dependabot/shared/utils/helpers"
-module Dependabot
-  module Shared
-    class SharedFileUpdater < Dependabot::FileUpdaters::Base
-      extend T::Sig
-      extend T::Helpers
-      abstract!
-      FROM_REGEX = /FROM(\s+--platform\=\S+)?/i
-      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
-      def updated_dependency_files
-        updated_files = []
-        dependency_files.each do |file|
-          next unless requirement_changed?(file, T.must(dependency))
-          updated_files << if file.name.match?(T.must(yaml_file_pattern))
-                             updated_file(
-                               file: file,
-                               content: T.must(updated_yaml_content(file))
-                             )
-                           else
-                             updated_file(
-                               file: file,
-                               content: T.must(updated_dockerfile_content(file))
-                             )
-                           end
-        end
-        updated_files.reject! { |f| dependency_files.include?(f) }
-        raise "No files changed!" if updated_files.none?
-        updated_files
-      end
-      sig { abstract.returns(T.nilable(Regexp)) }
-      def yaml_file_pattern; end
-      sig { abstract.returns(T.nilable(Regexp)) }
-      def container_image_regex; end
-      private
-      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(String)) }
-      def updated_dockerfile_content(file)
-        old_sources = previous_sources(file)
-        new_sources = sources(file)
-        updated_content = T.let(file.content, T.untyped)
-        T.must(old_sources).zip(new_sources).each do |old_source, new_source|
-          updated_content = update_digest_and_tag(updated_content, old_source, T.must(new_source))
-        end
-        raise "Expected content to change!" if updated_content == file.content
-        updated_content
-      end
-      sig do
-        params(previous_content: String, old_source: T::Hash[Symbol, T.nilable(String)],
-               new_source: T::Hash[Symbol, T.nilable(String)]).returns(String)
-      end
-      def update_digest_and_tag(previous_content, old_source, new_source)
-        old_digest = old_source[:digest]
-        new_digest = new_source[:digest]
-        old_tag = old_source[:tag]
-        new_tag = new_source[:tag]
-        old_declaration =
-          if private_registry_url(old_source)
-            "#{private_registry_url(old_source)}/"
-          else
-            ""
-          end
-        old_declaration += T.must(dependency).name
-        old_declaration +=
-          if specified_with_tag?(old_source)
-            ":#{old_tag}"
-          else
-            ""
-          end
-        old_declaration +=
-          if specified_with_digest?(old_source)
-            "@sha256:#{old_digest}"
-          else
-            ""
-          end
-        escaped_declaration = Regexp.escape(old_declaration)
-        old_declaration_regex = build_old_declaration_regex(escaped_declaration)
-        previous_content.gsub(old_declaration_regex) do |old_dec|
-          old_dec
-            .gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
-            .gsub(":#{old_tag}", ":#{new_tag}")
-        end
-      end
-      sig { params(escaped_declaration: String).returns(Regexp) }
-      def build_old_declaration_regex(escaped_declaration)
-        %r{^#{FROM_REGEX}\s+(docker\.io/)?#{escaped_declaration}(?=\s|$)}
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(String)) }
-      def updated_yaml_content(file)
-        updated_content = file.content
-        updated_content = update_helm(file, updated_content) if Shared::Utils.likely_helm_chart?(file)
-        updated_content = update_image(file, updated_content)
-        raise "Expected content to change!" if updated_content == file.content
-        updated_content
-      end
-      sig { params(file: Dependabot::DependencyFile, content: T.nilable(String)).returns(T.nilable(String)) }
-      def update_helm(file, content)
-        old_tags = old_helm_tags(file)
-        return if old_tags.empty?
-        modified_content = content
-        old_tags.each do |old_tag|
-          old_tag_regex = /^\s*(?:-\s)?(?:tag|version):\s+["']?#{old_tag}["']?(?=\s|$)/
-          modified_content = modified_content&.gsub(old_tag_regex) do |old_img_tag|
-            old_img_tag.gsub(old_tag.to_s, new_helm_tag(file).to_s)
-          end
-        end
-        modified_content
-      end
-      sig { params(file: Dependabot::DependencyFile, content: T.nilable(String)).returns(T.nilable(String)) }
-      def update_image(file, content)
-        old_images = old_yaml_images(file)
-        return if old_images.empty?
-        modified_content = content
-        old_images.each do |old_image|
-          old_image_regex = /^\s*(?:-\s)?image:\s+#{old_image}(?=\s|$)/
-          modified_content = modified_content&.gsub(old_image_regex) do |old_img|
-            old_img.gsub(old_image.to_s, new_yaml_image(file).to_s)
-          end
-        end
-        modified_content
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(String) }
-      def new_yaml_image(file)
-        element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
-        prefix = element&.dig(:source, :registry) ? "#{element.fetch(:source)[:registry]}/" : ""
-        digest = element&.dig(:source, :digest) ? "@sha256:#{element.fetch(:source)[:digest]}" : ""
-        tag = element&.dig(:source, :tag) ? ":#{element.fetch(:source)[:tag]}" : ""
-        "#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T::Array[String]) }
-      def old_yaml_images(file)
-        T.must(previous_requirements(file)).map do |r|
-          prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
-          digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
-          tag = r.fetch(:source)[:tag] ? ":#{r.fetch(:source)[:tag]}" : ""
-          "#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
-        end
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T::Array[String]) }
-      def old_helm_tags(file)
-        T.must(previous_requirements(file)).map do |r|
-          tag = r.fetch(:source)[:tag] || ""
-          digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
-          "#{tag}#{digest}"
-        end
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(String) }
-      def new_helm_tag(file)
-        element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
-        tag = T.must(element).dig(:source, :tag) || ""
-        digest = T.must(element).dig(:source, :digest) ? "@sha256:#{T.must(element).dig(:source, :digest)}" : ""
-        "#{tag}#{digest}"
-      end
-      protected
-      sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
-      def requirement_changed?(file, dependency)
-        changed_requirements =
-          dependency.requirements - T.must(dependency.previous_requirements)
-        changed_requirements.any? { |f| f[:file] == file.name }
-      end
-      sig { params(source: T::Hash[Symbol, T.nilable(String)]).returns(T::Boolean) }
-      def specified_with_tag?(source)
-        !source[:tag].nil?
-      end
-      sig { params(source: T::Hash[Symbol, T.nilable(String)]).returns(T::Boolean) }
-      def specified_with_digest?(source)
-        !source[:digest].nil?
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
-      def requirements(file)
-        T.must(dependency).requirements
-         .select { |r| r[:file] == file.name }
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(T::Array[T::Hash[Symbol, T.untyped]])) }
-      def previous_requirements(file)
-        T.must(dependency).previous_requirements
-         &.select { |r| r[:file] == file.name }
-      end
-      sig { params(source: T::Hash[Symbol, T.nilable(String)]).returns(T.nilable(String)) }
-      def private_registry_url(source)
-        source[:registry]
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, T.nilable(String)]]) }
-      def sources(file)
-        requirements(file).map { |r| r.fetch(:source) }
-      end
-      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(T::Array[T::Hash[Symbol, T.nilable(String)]])) }
-      def previous_sources(file)
-        previous_requirements(file)&.map { |r| r.fetch(:source) }
-      end
-      sig { returns(T.nilable(Dependabot::Dependency)) }
-      def dependency
-        # Files will only ever be updating a single dependency
-        dependencies.first
-      end
-      sig { override.void }
-      def check_required_files
-        return if dependency_files.any?
-        raise "No #{file_type}!"
-      end
-      private
-      sig { abstract.returns(String) }
-      def file_type; end
-    end
-  end
-end

data/lib/dependabot/shared/utils/credentials_finder.rb DELETED Viewed

@@ -1,101 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "aws-sdk-ecr"
-require "base64"
-require "sorbet-runtime"
-require "dependabot/credential"
-require "dependabot/errors"
-module Dependabot
-  module Shared
-    module Utils
-      class CredentialsFinder
-        extend T::Sig
-        AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
-        DEFAULT_DOCKER_HUB_REGISTRY = "registry.hub.docker.com"
-        sig { params(credentials: T::Array[Dependabot::Credential]).void }
-        def initialize(credentials)
-          @credentials = credentials
-        end
-        sig { params(registry_hostname: T.nilable(String)).returns(T.nilable(Dependabot::Credential)) }
-        def credentials_for_registry(registry_hostname)
-          registry_details =
-            credentials
-            .select { |cred| cred["type"] == "docker_registry" }
-            .find { |cred| cred.fetch("registry") == registry_hostname }
-          return unless registry_details
-          return registry_details unless registry_hostname&.match?(AWS_ECR_URL)
-          build_aws_credentials(registry_details)
-        end
-        sig { returns(T.nilable(String)) }
-        def base_registry
-          @base_registry ||= T.let(
-            credentials.find do |cred|
-              cred["type"] == "docker_registry" && cred.replaces_base?
-            end,
-            T.nilable(Dependabot::Credential)
-          )
-          @base_registry ||= Dependabot::Credential.new({ "registry" => DEFAULT_DOCKER_HUB_REGISTRY,
-                                                          "credentials" => nil })
-          @base_registry["registry"]
-        end
-        sig { params(registry: String).returns(T::Boolean) }
-        def using_dockerhub?(registry)
-          registry == DEFAULT_DOCKER_HUB_REGISTRY
-        end
-        private
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-        sig { params(registry_details: Dependabot::Credential).returns(Dependabot::Credential) }
-        def build_aws_credentials(registry_details)
-          # If credentials have been generated from AWS we can just return them
-          return registry_details if registry_details["username"] == "AWS"
-          # Build a client either with explicit creds or default creds
-          registry_hostname = registry_details.fetch("registry")
-          region = registry_hostname.match(AWS_ECR_URL).named_captures.fetch("region")
-          aws_credentials = Aws::Credentials.new(
-            registry_details["username"],
-            registry_details["password"]
-          )
-          ecr_client =
-            if aws_credentials.set?
-              Aws::ECR::Client.new(region: region, credentials: aws_credentials)
-            else
-              # Let the client check default locations for credentials
-              Aws::ECR::Client.new(region: region)
-            end
-          # If the client still lacks credentials, we might be running within GitHub's
-          # Dependabot Service, in which case we might get them from the proxy
-          return registry_details if ecr_client.config.credentials.nil?
-          # Otherwise, we need to use the provided Access Key ID and secret to
-          # generate a temporary username and password
-          @authorization_tokens ||= T.let({}, T.nilable(T::Hash[String, String]))
-          @authorization_tokens[registry_hostname] ||=
-            ecr_client.get_authorization_token.authorization_data.first.authorization_token
-          username, password =
-            Base64.decode64(T.must(@authorization_tokens[registry_hostname])).split(":")
-          registry_details.merge(Dependabot::Credential.new({ "username" => username, "password" => password }))
-        rescue Aws::Errors::MissingCredentialsError,
-               Aws::ECR::Errors::UnrecognizedClientException,
-               Aws::ECR::Errors::InvalidSignatureException
-          raise PrivateSourceAuthenticationFailure, registry_hostname
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/shared/utils/helpers.rb DELETED Viewed

@@ -1,19 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "sorbet-runtime"
-module Dependabot
-  module Shared
-    module Utils
-      HELM_REGEXP = /values[\-a-zA-Z_0-9]*\.ya?ml$/i
-      extend T::Sig
-      sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
-      def self.likely_helm_chart?(file)
-        file.name.match?(HELM_REGEXP)
-      end
-    end
-  end
-end