dependabot-helm 0.301.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 42ef13aa5b9541bdbae91b1d0b0905d6cdc2e22860cc20a8111aeb47aeba30a6
+  data.tar.gz: f95cabf75877547cd975a23db8e2513d8b09ddaa5d605e0b0518c30c6d3865e4
+SHA512:
+  metadata.gz: b5ab882f6c82986780fba044851d7973c63e46e6101574adf3c6b03fb8bd9f4bb05e31294e2f908b18f88ef2ab4773094ff7fe70d31f1c2dffddd26f7501b7ce
+  data.tar.gz: b33df6337ad299e35b342c19559e43e601b4a07ae5901e024c9b3f0cd67e642aa9e7f44a4de68a7f1e90e9ebab7b9fef043a2b6dba564b059e2fa984876e7456

data/lib/dependabot/helm/file_fetcher.rb

@@ -0,0 +1,67 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/shared/shared_file_fetcher"
+
+module Dependabot
+  module Helm
+    class FileFetcher < Dependabot::Shared::SharedFileFetcher
+      FILENAME_REGEX = /.*\.ya?ml$/i
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        fetched_files = []
+        fetched_files += correctly_encoded_helm_files if allow_beta_ecosystems?
+
+        return fetched_files if fetched_files.any?
+
+        raise_appropriate_error
+      end
+
+      sig { override.returns(Regexp) }
+      def self.filename_regex
+        FILENAME_REGEX
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def helm_files
+        @helm_files ||=
+          T.let(repo_contents(raise_errors: false)
+          .select { |f| f.type == "file" && f.name.match?(FILENAME_REGEX) }
+          .map { |f| fetch_file_from_host(f.name) }, T.nilable(T::Array[DependencyFile]))
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def correctly_encoded_helm_files
+        helm_files.select { |f| T.must(f.content).valid_encoding? }
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def incorrectly_encoded_helm_files_files
+        helm_files.reject { |f| T.must(f.content).valid_encoding? }
+      end
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a Helm charts file."
+      end
+
+      private
+
+      sig { override.returns(String) }
+      def default_file_name
+        "Chart.yaml"
+      end
+
+      sig { override.returns(String) }
+      def file_type
+        "Helm Chart"
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register(
+  "helm",
+  Dependabot::Helm::FileFetcher
+)

data/lib/dependabot/helm/file_parser.rb

@@ -0,0 +1,192 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "yaml"
+require "dependabot/shared/shared_file_parser"
+require "dependabot/helm/package_manager"
+
+module Dependabot
+  module Helm
+    class FileParser < Dependabot::Shared::SharedFileParser
+      extend T::Sig
+
+      CHART_YAML = /.*chart\.ya?ml$/i
+      VALUES_YAML = /.*values\.ya?ml$/i
+
+      sig { returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: HelmPackageManager.new
+          ),
+          T.nilable(Ecosystem)
+        )
+      end
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        dependency_set = DependencySet.new
+        parse_chart_yaml_files(dependency_set)
+        parse_values_yaml_files(dependency_set)
+
+        dependency_set.dependencies
+      end
+
+      private
+
+      sig do
+        params(yaml: T::Hash[T.untyped, T.untyped], chart_file: Dependabot::DependencyFile,
+               dependency_set: DependencySet).void
+      end
+      def parse_dependencies(yaml, chart_file, dependency_set)
+        yaml["dependencies"].each do |dep|
+          next unless dep.is_a?(Hash) && dep["name"] && dep["version"] && dep["repository"]
+
+          parsed_line = {
+            "image" => dep["name"],
+            "tag" => dep["version"],
+            "registry" => dep["repository"],
+            "digest" => nil
+          }
+
+          dependency = build_dependency(chart_file, parsed_line, dep["version"])
+          dependency.requirements.map! do |req|
+            req[:metadata] = {} unless req[:metadata]
+            req[:metadata][:type] = :helm_chart
+            req
+          end
+
+          dependency_set << dependency
+        end
+      end
+
+      sig { params(dependency_set: DependencySet).void }
+      def parse_chart_yaml_files(dependency_set)
+        helm_chart_files.each do |chart_file|
+          yaml = YAML.safe_load(T.must(chart_file.content), aliases: true)
+          next unless yaml.is_a?(Hash)
+
+          parse_dependencies(yaml, chart_file, dependency_set) if yaml["dependencies"].is_a?(Array)
+        end
+      end
+
+      sig { params(dependency_set: DependencySet).void }
+      def parse_values_yaml_files(dependency_set)
+        helm_values_files.each do |values_file|
+          yaml = YAML.safe_load(T.must(values_file.content), aliases: true)
+          next unless yaml.is_a?(Hash)
+
+          find_images_in_hash(yaml).each do |image_details|
+            parsed_line = extract_image_details(image_details[:image])
+            next unless parsed_line
+
+            version = version_from(parsed_line)
+            next unless version
+
+            dependency = build_dependency(values_file, parsed_line, version)
+            T.must(dependency.requirements.first)[:source] =
+              T.must(dependency.requirements.first)[:source].merge(path: image_details[:path])
+
+            dependency_set << dependency
+          end
+        end
+      end
+
+      sig { params(image_string: String).returns(T.nilable(T::Hash[String, T.nilable(String)])) }
+      def extract_image_details(image_string)
+        return nil if image_string.match?(/\${[^}]+}/)
+
+        registry_match = image_string.match(%r{^(#{REGISTRY}/)?}o)
+        image_match = image_string.match(/#{IMAGE}/o)
+        tag_match = image_string.match(/#{TAG}/o)
+        digest_match = image_string.match(/#{DIGEST}/o)
+
+        return nil unless image_match
+
+        {
+          "registry" => registry_match && registry_match[:registry],
+          "image" => image_match[:image],
+          "tag" => tag_match && tag_match[:tag],
+          "digest" => digest_match && digest_match[:digest]
+        }
+      end
+
+      sig do
+        params(key: String, value: String, hash: T::Hash[T.untyped, T.untyped],
+               current_path: T::Array[String]).returns(T::Array[T::Hash[Symbol, String]])
+      end
+      def handle_string_value(key, value, hash, current_path)
+        images = []
+        if key == "repository" && hash["tag"].is_a?(String)
+          images << { path: current_path.join("."), image: "#{value}:#{hash['tag']}" }
+        elsif key == "image" && value.include?(":")
+          images << { path: current_path.join("."), image: value }
+        end
+        images
+      end
+
+      sig do
+        params(value: T::Array[T.untyped], current_path: T::Array[String]).returns(T::Array[T::Hash[Symbol, String]])
+      end
+      def handle_array_value(value, current_path)
+        images = []
+        value.each_with_index do |item, index|
+          images.concat(find_images_in_hash(item, current_path + [index.to_s])) if item.is_a?(Hash)
+        end
+        images
+      end
+
+      sig { params(hash: T.untyped, path: T.untyped).returns(T::Array[T.untyped]) }
+      def find_images_in_hash(hash, path = [])
+        images = []
+
+        hash.each do |key, value|
+          current_path = path + [key.to_s]
+
+          if value.is_a?(String) && (key.to_s == "image" || key.to_s == "repository")
+            images.concat(handle_string_value(key.to_s, value, hash, current_path))
+          elsif value.is_a?(Hash)
+            images.concat(find_images_in_hash(value, current_path))
+          elsif value.is_a?(Array)
+            images.concat(find_images_in_hash(value, current_path))
+          end
+        end
+
+        images
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def helm_chart_files
+        dependency_files.select { |file| file.name.match(CHART_YAML) }
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def helm_values_files
+        dependency_files.select { |file| file.name.match(VALUES_YAML) }
+      end
+
+      sig { override.returns(String) }
+      def package_manager
+        "helm"
+      end
+
+      sig { override.returns(String) }
+      def file_type
+        "helm chart"
+      end
+
+      sig { override.void }
+      def check_required_files
+        return if dependency_files.any?
+
+        raise "No #{file_type} files!"
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register(
+  "helm",
+  Dependabot::Helm::FileParser
+)

data/lib/dependabot/helm/file_updater.rb

@@ -0,0 +1,210 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/shared/shared_file_updater"
+require "yaml"
+
+module Dependabot
+  module Helm
+    class FileUpdater < Dependabot::Shared::SharedFileUpdater
+      extend T::Sig
+      extend T::Helpers
+
+      CHART_YAML_REGEXP = /Chart\.ya?ml/i
+      VALUES_YAML_REGEXP = /values(?>\.[\w-]+)?\.ya?ml/i
+      YAML_REGEXP = /(Chart|values(?>\.[\w-]+)?)\.ya?ml/i
+      IMAGE_REGEX = /(?:image:|repository:\s*)/i
+
+      sig { override.returns(T::Array[Regexp]) }
+      def self.updated_files_regex
+        [CHART_YAML_REGEXP, VALUES_YAML_REGEXP]
+      end
+
+      sig { override.returns(String) }
+      def file_type
+        "Helm chart"
+      end
+
+      sig { override.returns(Regexp) }
+      def yaml_file_pattern
+        YAML_REGEXP
+      end
+
+      sig { override.returns(Regexp) }
+      def container_image_regex
+        IMAGE_REGEX
+      end
+
+      sig { override.params(escaped_declaration: String).returns(Regexp) }
+      def build_old_declaration_regex(escaped_declaration)
+        %r{#{IMAGE_REGEX}\s+["']?(docker\.io/)?#{escaped_declaration}["']?(?=\s|$)}
+      end
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        updated_files = []
+        dependency_files.each do |file|
+          next unless requirement_changed?(file, T.must(dependency))
+
+          if file.name.match?(CHART_YAML_REGEXP)
+            updated_files << updated_file(
+              file: file,
+              content: T.must(updated_chart_yaml_content(file))
+            )
+          elsif file.name.match?(VALUES_YAML_REGEXP)
+            updated_files << updated_file(
+              file: file,
+              content: T.must(updated_values_yaml_content(file))
+            )
+          end
+        end
+
+        updated_files.reject! { |f| dependency_files.include?(f) }
+        raise "No files changed!" if updated_files.none?
+
+        updated_files
+      end
+
+      private
+
+      sig do
+        params(content: String, yaml_obj: T::Hash[T.untyped, T.untyped],
+               file: Dependabot::DependencyFile).returns(String)
+      end
+      def update_chart_dependencies(content, yaml_obj, file)
+        if update_chart_dependency?(file)
+          yaml_obj["dependencies"].each do |dep|
+            next unless dep["name"] == T.must(dependency).name
+
+            old_version = dep["version"].to_s
+            new_version = T.must(dependency).version
+
+            pattern = /
+              (\s+-\sname:\s#{Regexp.escape(T.must(dependency).name)}.*?\n\s+version:\s)
+              ["']?#{Regexp.escape(old_version)}["']?
+            /mx
+            content = content.gsub(pattern) do |match|
+              match.gsub(/version: ["']?#{Regexp.escape(old_version)}["']?/, "version: #{new_version}")
+            end
+          end
+        end
+        content
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(String)) }
+      def updated_chart_yaml_content(file)
+        content = file.content
+        yaml_obj = YAML.safe_load(T.must(content))
+
+        content = update_chart_dependencies(T.must(content), yaml_obj, file)
+
+        raise "Expected content to change!" if content == file.content
+
+        content
+      end
+
+      sig { params(content: String, path: String, old_tag: String, new_tag: String).returns(String) }
+      def update_tag(content, path, old_tag, new_tag)
+        indent_pattern = get_indent_pattern(content, path)
+        tag_pattern = /#{indent_pattern}tag:\s+["']?#{Regexp.escape(old_tag)}["']?/
+        content.gsub(tag_pattern, "#{indent_pattern}tag: #{new_tag}")
+      end
+
+      sig { params(content: String, path: String, old_image: String, new_image: String).returns(String) }
+      def update_image(content, path, old_image, new_image)
+        indent_pattern = get_indent_pattern(content, path)
+        image_pattern = /#{indent_pattern}image:\s+["']?#{Regexp.escape(old_image)}["']?/
+        content.gsub(image_pattern, "#{indent_pattern}image: #{new_image}")
+      end
+
+      sig { params(content: String, path_parts: T::Array[String]).returns(String) }
+      def update_tag_in_content(content, path_parts)
+        parent_path = T.must(path_parts[0...-1]).join(".")
+        old_tag = T.must(dependency).previous_version
+        new_tag = T.must(dependency).version
+        update_tag(content, parent_path, T.must(old_tag), T.must(new_tag))
+      end
+
+      sig { params(content: String, path: String, req: T::Hash[Symbol, T.untyped]).returns(String) }
+      def update_image_in_content(content, path, req)
+        old_image = build_old_image_string(req)
+        new_image = build_new_image_string(req)
+        update_image(content, path, old_image, new_image)
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(String)) }
+      def updated_values_yaml_content(file)
+        content = file.content
+        req = T.must(dependency).requirements.find { |r| r[:file] == file.name }
+
+        if update_container_image?(file) && req&.dig(:source, :path)
+          path = req.dig(:source, :path).to_s
+          path_parts = path.split(".")
+
+          content = if path_parts.last == "tag"
+                      update_tag_in_content(T.must(content), path_parts)
+                    elsif path_parts.last == "image"
+                      update_image_in_content(T.must(content), path, req)
+                    else
+                      content
+                    end
+        end
+
+        raise "Expected content to change!" if content == file.content
+
+        content
+      end
+
+      sig { params(content: String, path: String).returns(String) }
+      def get_indent_pattern(content, path)
+        path_parts = path.split(".")
+        indent = T.let("", T.untyped)
+
+        path_parts.each do |part|
+          pattern = /^(#{indent}\s*)#{part}:/
+          if content.match(pattern)
+            indent = T.must(T.must(content.match(pattern))[1]) + "  " # Add 2 spaces for next level
+          end
+        end
+
+        indent
+      end
+
+      sig { params(requirement: T::Hash[Symbol, T.untyped]).returns(String) }
+      def build_old_image_string(requirement)
+        old_source = requirement.fetch(:source)
+        prefix = old_source[:registry] ? "#{old_source[:registry]}/" : ""
+        name = T.must(dependency).name
+        tag = T.must(dependency).previous_version
+        digest = old_source[:digest] ? "@sha256:#{old_source[:digest]}" : ""
+
+        "#{prefix}#{name}:#{tag}#{digest}"
+      end
+
+      sig { params(requirement: T::Hash[Symbol, T.untyped]).returns(String) }
+      def build_new_image_string(requirement)
+        new_source = requirement.fetch(:source)
+        prefix = new_source[:registry] ? "#{new_source[:registry]}/" : ""
+        name = T.must(dependency).name
+        tag = T.must(dependency).version
+        digest = new_source[:digest] ? "@sha256:#{new_source[:digest]}" : ""
+
+        "#{prefix}#{name}:#{tag}#{digest}"
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
+      def update_chart_dependency?(file)
+        reqs = T.must(dependency).requirements.select { |r| r[:file] == file.name }
+        reqs.any? { |r| r[:metadata]&.dig(:type) == :helm_chart }
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
+      def update_container_image?(file)
+        reqs = T.must(dependency).requirements.select { |r| r[:file] == file.name }
+        reqs.any? { |r| r[:groups]&.include?("image") }
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("helm", Dependabot::Helm::FileUpdater)

data/lib/dependabot/helm/package_manager.rb

@@ -0,0 +1,52 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/ecosystem"
+require "dependabot/docker/version"
+
+module Dependabot
+  module Helm
+    ECOSYSTEM = "helm"
+
+    SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+    DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+    class HelmPackageManager < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      NAME = "helm"
+
+      # As helm updater is an in house custom utility, We use a placeholder
+      # version number for helm updater
+      VERSION = "1.0.0"
+
+      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+      sig do
+        void
+      end
+      def initialize
+        super(
+          name: NAME,
+          version: Version.new(VERSION),
+          deprecated_versions: DEPRECATED_VERSIONS,
+          supported_versions: SUPPORTED_VERSIONS
+       )
+      end
+
+      sig { override.returns(T::Boolean) }
+      def deprecated?
+        false
+      end
+
+      sig { override.returns(T::Boolean) }
+      def unsupported?
+        false
+      end
+    end
+  end
+end

data/lib/dependabot/helm/update_checker.rb

@@ -0,0 +1,199 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/errors"
+require "dependabot/docker/version"
+require "dependabot/docker/requirement"
+require "dependabot/shared/utils/credentials_finder"
+require "excon"
+require "yaml"
+
+module Dependabot
+  module Helm
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_version
+        @latest_version ||= T.let(fetch_latest_version, T.nilable(T.any(String, Gem::Version)))
+      end
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_resolvable_version
+        latest_version
+      end
+
+      sig { override.returns(T.nilable(String)) }
+      def latest_resolvable_version_with_no_unlock
+        dependency.version
+      end
+
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        return dependency.requirements unless latest_version
+
+        dependency.requirements.map do |req|
+          updated_metadata = req.fetch(:metadata).dup
+          updated_req = req.dup
+          if updated_metadata.key?(:type) && updated_metadata[:type] == :helm_chart
+            updated_req[:requirement] = latest_version.to_s
+            updated_req[:source][:tag] = latest_version.to_s
+          end
+
+          updated_req
+        end
+      end
+
+      private
+
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock?
+        false
+      end
+
+      sig { params(requirements_to_unlock: T.nilable(Symbol)).returns(T::Boolean) }
+      def version_can_update?(requirements_to_unlock:) # rubocop:disable Lint/UnusedMethodArgument
+        return false unless latest_version
+
+        version_class.new(latest_version.to_s) > version_class.new(dependency.version)
+      end
+
+      sig { returns(T.nilable(T.any(String, Gem::Version))) }
+      def fetch_latest_version
+        case dependency_type
+        when :chart_dependency
+          fetch_latest_chart_version
+        when :image_reference
+          fetch_latest_image_version
+        else
+          Gem::Version.new(dependency.version)
+        end
+      end
+
+      sig { returns(Symbol) }
+      def dependency_type
+        req = dependency.requirements.first
+
+        return :image_reference if T.must(req)[:groups]&.include?("image")
+        return :chart_dependency if T.must(req).dig(:metadata, :type) == :helm_chart
+
+        :unknown
+      end
+
+      sig { params(index_url: String).returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+      def fetch_helm_chart_index(index_url)
+        Dependabot.logger.info("Fetching Helm chart index from #{index_url}")
+
+        response = Excon.get(
+          index_url,
+          idempotent: true,
+          middlewares: Excon.defaults[:middlewares] + [Excon::Middleware::RedirectFollower]
+        )
+
+        Dependabot.logger.info("Received response from #{index_url} with status #{response.status}")
+
+        YAML.safe_load(response.body)
+      rescue Excon::Error => e
+        Dependabot.logger.error("Error fetching Helm index from #{index_url}: #{e.message}")
+        nil
+      rescue StandardError => e
+        Dependabot.logger.error("Error parsing Helm index: #{e.message}")
+        nil
+      end
+
+      sig { params(all_versions: T::Array[String]).returns(T::Array[String]) }
+      def filter_valid_versions(all_versions)
+        all_versions.reject do |version|
+          version_class.new(version) <= version_class.new(dependency.version) ||
+            ignore_requirements.any? { |r| r.satisfied_by?(version_class.new(version)) }
+        end
+      end
+
+      sig { returns(T.nilable(Gem::Version)) }
+      def fetch_latest_chart_version
+        source_url = dependency.requirements.first&.dig(:source, :registry)
+        return nil unless source_url
+
+        repo_url = source_url.to_s.strip.chomp("/")
+        chart_name = dependency.name
+        index_url = "#{repo_url}/index.yaml"
+
+        index = fetch_helm_chart_index(index_url)
+        return nil unless index && index["entries"] && index["entries"][chart_name]
+
+        all_versions = index["entries"][chart_name].map { |entry| entry["version"] }
+        Dependabot.logger.info("Found #{all_versions.length} versions for #{chart_name}")
+
+        valid_versions = filter_valid_versions(all_versions)
+        Dependabot.logger.info("After filtering, found #{valid_versions.length} valid versions for #{chart_name}")
+
+        return nil if valid_versions.empty?
+
+        highest_version = valid_versions.map { |v| version_class.new(v) }.max
+        Dependabot.logger.info("Highest valid version for #{chart_name} is #{highest_version}")
+
+        highest_version
+      end
+
+      sig { returns(T.nilable(String)) }
+      def fetch_latest_image_version
+        docker_dependency = build_docker_dependency
+
+        Dependabot.logger.info("Delegating to Docker UpdateChecker for image: #{docker_dependency.name}")
+
+        docker_checker = Dependabot::UpdateCheckers.for_package_manager("docker").new(
+          dependency: docker_dependency,
+          dependency_files: dependency_files,
+          credentials: credentials,
+          ignored_versions: ignored_versions,
+          security_advisories: security_advisories,
+          raise_on_ignored: raise_on_ignored
+        )
+
+        latest = docker_checker.latest_version
+        latest_version_str = latest&.to_s
+
+        Dependabot.logger.info("Docker UpdateChecker found latest version: #{latest_version_str || 'none'}")
+
+        latest_version_str
+      end
+
+      sig { returns(Dependabot::Dependency) }
+      def build_docker_dependency
+        source = T.must(dependency.requirements.first)[:source]
+        name = dependency.name
+        version = dependency.version
+
+        if source[:path]
+          parts = source[:path].split(".")
+          if parts.length > 1 && (parts.last == "tag" || parts.last == "image")
+            # The actual image name might be in image.repository
+            name = parts[0...-1].join(".")
+          end
+        end
+
+        registry = source[:registry] || "docker.io"
+
+        Dependency.new(
+          name: name,
+          version: version,
+          requirements: [{
+            requirement: nil,
+            groups: [],
+            file: T.must(dependency.requirements.first)[:file],
+            source: {
+              registry: registry,
+              tag: version
+            }
+          }],
+          package_manager: "helm"
+        )
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("helm", Dependabot::Helm::UpdateChecker)

data/lib/dependabot/helm.rb

@@ -0,0 +1,23 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+
+require "dependabot/docker"
+
+require "dependabot/helm/file_fetcher"
+require "dependabot/helm/file_parser"
+require "dependabot/helm/file_updater"
+require "dependabot/helm/update_checker"
+
+Dependabot::Utils.register_version_class("helm", Dependabot::Docker::Version)
+Dependabot::Utils.register_requirement_class("helm", Dependabot::Docker::Requirement)
+Dependabot::MetadataFinders.register("helm", Dependabot::Docker::MetadataFinder)
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("helm", name: "helm", colour: "E5F2FC")
+
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check("helm", ->(_) { true })

metadata

@@ -0,0 +1,290 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-helm
+version: !ruby/object:Gem::Version
+  version: 0.301.1
+platform: ruby
+authors:
+- Dependabot
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-03-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.301.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.301.1
+- !ruby/object:Gem::Dependency
+  name: dependabot-docker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.301.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.301.1
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.67.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.67.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.22.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.22.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.29.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.29.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.5
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: Dependabot-Helm provides support for bumping Helm image tags via Dependabot.
+  If you want support for multiple package managers, you probably want the meta-gem
+  dependabot-omnibus.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/helm.rb
+- lib/dependabot/helm/file_fetcher.rb
+- lib/dependabot/helm/file_parser.rb
+- lib/dependabot/helm/file_updater.rb
+- lib/dependabot/helm/package_manager.rb
+- lib/dependabot/helm/update_checker.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.301.1
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: Provides Dependabot support for Helm
+test_files: []