dependabot-helm 0.305.0 → 0.306.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/helm/file_updater/image_updater.rb +25 -8
  3. data/lib/dependabot/helm/update_checker.rb +13 -4
  4. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 127736c40071c20edbe562e11bae75d091983ebb0da885de91887f82b43db984
4
- data.tar.gz: 4872484aa9c2a32b9b2d345314cad8459681e6aeb4a8877266b94ce5f0663ee1
3
+ metadata.gz: b17897702b31f74f2e0954212f3c769fef552a9f239feb707921ad3f442d4ca1
4
+ data.tar.gz: 5484142824705d124e6183178d7ddad3b28de2a931f10a661d16e9fd446dcfde
5
5
  SHA512:
6
- metadata.gz: e65e50fc0cc8ad8e535317838e0dec248649fe5a2c3dca6e56090922e36cfcea9b74f7b64875819b3bb7180d53716e4f6f6f7edb2cc114f1376b694d41e86cdd
7
- data.tar.gz: f812e2508962d829d26448ddb3efea0665844242e0b92416f883b4c64e56564bd494542e3c2dee77da1def0b102630f287a4a9d7bf0a22ded46591c18ae2a695
6
+ metadata.gz: b444719b58707f99bb0aae5a06d65366e11e07596145dac7ccd0b041dc5527ead4728bf2253f4c2f9a92a968f850e5162329598002271c7e94f966c093db859a
7
+ data.tar.gz: b4837b38e581ea418bff141ba33ee09d3f9a27d87adc82bf37403e0d4ee279de304e350f7ed929eaee489b34daf7454f30857e1521c7858bb3e95e5d81f53df5
data/lib/dependabot/helm/file_updater/image_updater.rb CHANGED
@@ -92,20 +92,37 @@ module Dependabot
92
92
  return content unless key == "image" && value_node.is_a?(Psych::Nodes::Mapping)
93
93
 
94
94
  dependency_name = dependency.name
95
+ has_dependency = contains_dependency?(value_node, dependency_name)
96
+ return content unless has_dependency
97
+
95
98
  dependency_version = T.must(dependency.version)
96
- dependency_requirements = dependency.requirements
99
+ update_version_tags(value_node, content, dependency_version)
100
+ end
97
101
 
98
- has_dependency = value_node.children.any? { |n| n.value == dependency_name }
99
- return content unless has_dependency
102
+ sig { params(node: Psych::Nodes::Node, dependency_name: String).returns(T::Boolean) }
103
+ def contains_dependency?(node, dependency_name)
104
+ node.children.any? do |child|
105
+ child.is_a?(Psych::Nodes::Scalar) && child.value == dependency_name
106
+ end
107
+ end
100
108
 
101
- dependency_requirements.each do |req|
109
+ sig do
110
+ params(value_node: Psych::Nodes::Mapping, content: T::Array[String],
111
+ dependency_version: String).returns(T::Array[String])
112
+ end
113
+ def update_version_tags(value_node, content, dependency_version)
114
+ dependency.requirements.each do |req|
102
115
  next unless req[:metadata][:type] == :docker_image
103
116
 
104
- version_scalar = value_node.children.find { |n| n.value == req[:source][:tag] }
105
- next unless version_scalar
117
+ tag_value = req[:source][:tag]
118
+ version_scalar = value_node.children.find do |node|
119
+ node.is_a?(Psych::Nodes::Scalar) && node.value == tag_value
120
+ end
106
121
 
107
- line = version_scalar.start_line
108
- content[line] = T.must(content[line]).gsub(req[:source][:tag], dependency_version)
122
+ if version_scalar
123
+ line = version_scalar.start_line
124
+ content[line] = T.must(content[line]).gsub(tag_value, dependency_version)
125
+ end
109
126
  end
110
127
 
111
128
  content
data/lib/dependabot/helm/update_checker.rb CHANGED
@@ -107,8 +107,10 @@ module Dependabot
107
107
 
108
108
  sig { params(repo_url: String).returns(String) }
109
109
  def build_index_url(repo_url)
110
- repo_url_trimmed = repo_url.to_s.strip.chomp("/")
111
- "#{repo_url_trimmed}/index.yaml"
110
+ repo_url_trimmed = repo_url.strip.chomp("/")
111
+ normalized_repo_url = repo_url_trimmed.gsub("oci://", "https://")
112
+
113
+ "#{normalized_repo_url}/index.yaml"
112
114
  end
113
115
 
114
116
  sig { override.returns(T::Boolean) }
@@ -180,7 +182,7 @@ module Dependabot
180
182
  def authenticate_registry_source(repo_url)
181
183
  return unless repo_url
182
184
 
183
- repo_creds = Shared::Utils::CredentialsFinder.new(@credentials, private_repository_type: "helm_repository")
185
+ repo_creds = Shared::Utils::CredentialsFinder.new(@credentials, private_repository_type: "helm_registry")
184
186
  .credentials_for_registry(repo_url)
185
187
  return unless repo_creds
186
188
 
@@ -225,8 +227,13 @@ module Dependabot
225
227
  )
226
228
 
227
229
  Dependabot.logger.info("Received response from #{index_url} with status #{response.status}")
230
+ parsed_result = YAML.safe_load(response.body)
231
+
232
+ unless parsed_result.is_a?(Hash)
233
+ raise Dependabot::DependencyFileNotParseable, "Expected YAML to parse into a Hash, got String instead"
234
+ end
228
235
 
229
- YAML.safe_load(response.body)
236
+ parsed_result
230
237
  rescue Excon::Error => e
231
238
  Dependabot.logger.error("Error fetching Helm index from #{index_url}: #{e.message}")
232
239
  nil
@@ -262,6 +269,8 @@ module Dependabot
262
269
 
263
270
  Dependabot.logger.info("Docker UpdateChecker found latest version: #{latest_version || 'none'}")
264
271
 
272
+ return unless docker_checker.can_update?(requirements_to_unlock: :none)
273
+
265
274
  version_class.new(latest_version)
266
275
  end
267
276
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-helm
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.305.0
4
+ version: 0.306.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-04-06 00:00:00.000000000 Z
11
+ date: 2025-04-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.305.0
19
+ version: 0.306.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.305.0
26
+ version: 0.306.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-docker
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.305.0
33
+ version: 0.306.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.305.0
40
+ version: 0.306.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -271,7 +271,7 @@ licenses:
271
271
  - MIT
272
272
  metadata:
273
273
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
274
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.305.0
274
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.306.0
275
275
  post_install_message:
276
276
  rdoc_options: []
277
277
  require_paths: