dependabot-terraform 0.145.3 → 0.147.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +7 -4
- data/lib/dependabot/terraform/file_fetcher.rb +5 -2
- data/lib/dependabot/terraform/file_parser.rb +53 -33
- data/lib/dependabot/terraform/file_selector.rb +17 -0
- data/lib/dependabot/terraform/file_updater.rb +5 -10
- data/lib/dependabot/terraform/requirements_updater.rb +43 -2
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1513bb43b2a242c080012555ab17869d6c062e941912c36dcc5ea76476be03b9
|
|
4
|
+
data.tar.gz: 731c9a7cd5658b622f7a24e87ea9a48909094af9cba08deb9850cb55a7f19bd9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3ea9a436607ccb4b54b21743d6952d41b4a86bd344724372facdb6368b1fd6b1d24b7327ae569738280b8bd4187ae78f9fad0b458ac8832665a0741ca380eb33
|
|
7
|
+
data.tar.gz: b438039b06970eaf03a187567432a785e4f7eb2e9f61b18dffbdec99aa39080e2c322467d40b830af9b83356355a1d4702f61bbe84c9bdac50187309e7709a4d
|
data/helpers/build
CHANGED
|
@@ -13,7 +13,10 @@ if [ ! -d "$install_dir/bin" ]; then
|
|
|
13
13
|
fi
|
|
14
14
|
|
|
15
15
|
os="$(uname -s | tr '[:upper:]' '[:lower:]')"
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
16
|
+
|
|
17
|
+
hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
|
|
18
|
+
hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
|
|
19
|
+
hcl2json_path="$install_dir/bin/hcl2json"
|
|
20
|
+
wget -O "$hcl2json_path" "$hcl2json_url"
|
|
21
|
+
echo "$hcl2json_checksum $hcl2json_path" | sha256sum -c
|
|
22
|
+
chmod +x "$install_dir/bin/hcl2json"
|
|
@@ -2,12 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
require "dependabot/file_fetchers"
|
|
4
4
|
require "dependabot/file_fetchers/base"
|
|
5
|
+
require "dependabot/terraform/file_selector"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module Terraform
|
|
8
9
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
10
|
+
include FileSelector
|
|
11
|
+
|
|
9
12
|
def self.required_files_in?(filenames)
|
|
10
|
-
filenames.any? { |f| f.end_with?(".tf", ".
|
|
13
|
+
filenames.any? { |f| f.end_with?(".tf", ".hcl") }
|
|
11
14
|
end
|
|
12
15
|
|
|
13
16
|
def self.required_files_message
|
|
@@ -39,7 +42,7 @@ module Dependabot
|
|
|
39
42
|
def terragrunt_files
|
|
40
43
|
@terragrunt_files ||=
|
|
41
44
|
repo_contents(raise_errors: false).
|
|
42
|
-
select { |f| f.type == "file" && f.name
|
|
45
|
+
select { |f| f.type == "file" && terragrunt_file?(f.name) }.
|
|
43
46
|
map { |f| fetch_file_from_host(f.name) }
|
|
44
47
|
end
|
|
45
48
|
end
|
|
@@ -10,27 +10,29 @@ require "dependabot/file_parsers/base"
|
|
|
10
10
|
require "dependabot/git_commit_checker"
|
|
11
11
|
require "dependabot/shared_helpers"
|
|
12
12
|
require "dependabot/errors"
|
|
13
|
+
require "dependabot/terraform/file_selector"
|
|
13
14
|
|
|
14
15
|
module Dependabot
|
|
15
16
|
module Terraform
|
|
16
17
|
class FileParser < Dependabot::FileParsers::Base
|
|
17
18
|
require "dependabot/file_parsers/base/dependency_set"
|
|
18
19
|
|
|
20
|
+
include FileSelector
|
|
21
|
+
|
|
19
22
|
ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
|
|
20
23
|
|
|
21
24
|
def parse
|
|
22
25
|
dependency_set = DependencySet.new
|
|
23
26
|
|
|
24
27
|
terraform_files.each do |file|
|
|
25
|
-
modules = parsed_file(file).fetch("module",
|
|
28
|
+
modules = parsed_file(file).fetch("module", {})
|
|
26
29
|
modules.each do |name, details|
|
|
27
30
|
dependency_set << build_terraform_dependency(file, name, details)
|
|
28
31
|
end
|
|
29
32
|
end
|
|
30
33
|
|
|
31
34
|
terragrunt_files.each do |file|
|
|
32
|
-
modules = parsed_file(file).fetch("
|
|
33
|
-
modules = modules.fetch("terraform", [])
|
|
35
|
+
modules = parsed_file(file).fetch("terraform", [])
|
|
34
36
|
modules.each do |details|
|
|
35
37
|
next unless details["source"]
|
|
36
38
|
|
|
@@ -38,7 +40,7 @@ module Dependabot
|
|
|
38
40
|
end
|
|
39
41
|
end
|
|
40
42
|
|
|
41
|
-
dependency_set.dependencies
|
|
43
|
+
dependency_set.dependencies.sort_by(&:name)
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
private
|
|
@@ -210,30 +212,51 @@ module Dependabot
|
|
|
210
212
|
end
|
|
211
213
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
212
214
|
|
|
215
|
+
# == Returns:
|
|
216
|
+
# A Hash representing each module found in the specified file
|
|
217
|
+
#
|
|
218
|
+
# E.g.
|
|
219
|
+
# {
|
|
220
|
+
# "module" => {
|
|
221
|
+
# {
|
|
222
|
+
# "consul" => [
|
|
223
|
+
# {
|
|
224
|
+
# "source"=>"consul/aws",
|
|
225
|
+
# "version"=>"0.1.0"
|
|
226
|
+
# }
|
|
227
|
+
# ]
|
|
228
|
+
# }
|
|
229
|
+
# },
|
|
230
|
+
# "terragrunt"=>[
|
|
231
|
+
# {
|
|
232
|
+
# "include"=>[{ "path"=>"${find_in_parent_folders()}" }],
|
|
233
|
+
# "terraform"=>[{ "source" => "git::git@github.com:gruntwork-io/modules-example.git//consul?ref=v0.0.2" }]
|
|
234
|
+
# }
|
|
235
|
+
# ],
|
|
236
|
+
# }
|
|
213
237
|
def parsed_file(file)
|
|
214
238
|
@parsed_buildfile ||= {}
|
|
215
|
-
@parsed_buildfile[file.name] ||=
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
)
|
|
233
|
-
end
|
|
234
|
-
|
|
235
|
-
JSON.parse(stdout)
|
|
239
|
+
@parsed_buildfile[file.name] ||= SharedHelpers.in_a_temporary_directory do
|
|
240
|
+
File.write("tmp.tf", file.content)
|
|
241
|
+
|
|
242
|
+
command = "#{terraform_hcl2_parser_path} < tmp.tf"
|
|
243
|
+
start = Time.now
|
|
244
|
+
stdout, stderr, process = Open3.capture3(command)
|
|
245
|
+
time_taken = Time.now - start
|
|
246
|
+
|
|
247
|
+
unless process.success?
|
|
248
|
+
raise SharedHelpers::HelperSubprocessFailed.new(
|
|
249
|
+
message: stderr,
|
|
250
|
+
error_context: {
|
|
251
|
+
command: command,
|
|
252
|
+
time_taken: time_taken,
|
|
253
|
+
process_exit_value: process.to_s
|
|
254
|
+
}
|
|
255
|
+
)
|
|
236
256
|
end
|
|
257
|
+
|
|
258
|
+
JSON.parse(stdout)
|
|
259
|
+
end
|
|
237
260
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
238
261
|
msg = e.message.strip
|
|
239
262
|
raise Dependabot::DependencyFileNotParseable.new(file.path, msg)
|
|
@@ -244,19 +267,16 @@ module Dependabot
|
|
|
244
267
|
Pathname.new(File.join(helper_bin_dir, "json2hcl")).cleanpath.to_path
|
|
245
268
|
end
|
|
246
269
|
|
|
270
|
+
def terraform_hcl2_parser_path
|
|
271
|
+
helper_bin_dir = File.join(native_helpers_root, "terraform/bin")
|
|
272
|
+
Pathname.new(File.join(helper_bin_dir, "hcl2json")).cleanpath.to_path
|
|
273
|
+
end
|
|
274
|
+
|
|
247
275
|
def native_helpers_root
|
|
248
276
|
default_path = File.join(__dir__, "../../../helpers/install-dir")
|
|
249
277
|
ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
|
|
250
278
|
end
|
|
251
279
|
|
|
252
|
-
def terraform_files
|
|
253
|
-
dependency_files.select { |f| f.name.end_with?(".tf") }
|
|
254
|
-
end
|
|
255
|
-
|
|
256
|
-
def terragrunt_files
|
|
257
|
-
dependency_files.select { |f| f.name.end_with?(".tfvars") }
|
|
258
|
-
end
|
|
259
|
-
|
|
260
280
|
def check_required_files
|
|
261
281
|
return if [*terraform_files, *terragrunt_files].any?
|
|
262
282
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module FileSelector
|
|
4
|
+
private
|
|
5
|
+
|
|
6
|
+
def terraform_files
|
|
7
|
+
dependency_files.select { |f| f.name.end_with?(".tf") }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def terragrunt_files
|
|
11
|
+
dependency_files.select { |f| terragrunt_file?(f.name) }
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def terragrunt_file?(file_name)
|
|
15
|
+
file_name != ".terraform.lock.hcl" && file_name.end_with?(".hcl")
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -3,12 +3,15 @@
|
|
|
3
3
|
require "dependabot/file_updaters"
|
|
4
4
|
require "dependabot/file_updaters/base"
|
|
5
5
|
require "dependabot/errors"
|
|
6
|
+
require "dependabot/terraform/file_selector"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module Terraform
|
|
9
10
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
11
|
+
include FileSelector
|
|
12
|
+
|
|
10
13
|
def self.updated_files_regex
|
|
11
|
-
[/\.tf$/, /\.
|
|
14
|
+
[/\.tf$/, /\.hcl$/]
|
|
12
15
|
end
|
|
13
16
|
|
|
14
17
|
def updated_dependency_files
|
|
@@ -87,14 +90,6 @@ module Dependabot
|
|
|
87
90
|
dependency_files.select { |file| filenames.include?(file.name) }
|
|
88
91
|
end
|
|
89
92
|
|
|
90
|
-
def terraform_files
|
|
91
|
-
dependency_files.select { |f| f.name.end_with?(".tf") }
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
def terragrunt_files
|
|
95
|
-
dependency_files.select { |f| f.name.end_with?(".tfvars") }
|
|
96
|
-
end
|
|
97
|
-
|
|
98
93
|
def check_required_files
|
|
99
94
|
return if [*terraform_files, *terragrunt_files].any?
|
|
100
95
|
|
|
@@ -113,7 +108,7 @@ module Dependabot
|
|
|
113
108
|
def git_declaration_regex(filename)
|
|
114
109
|
# For terragrunt dependencies there's not a lot we can base the
|
|
115
110
|
# regex on. Just look for declarations within a `terraform` block
|
|
116
|
-
return /terraform\s*\{(?:(?!^\}).)*/m if
|
|
111
|
+
return /terraform\s*\{(?:(?!^\}).)*/m if terragrunt_file?(filename)
|
|
117
112
|
|
|
118
113
|
# For modules we can do better - filter for module blocks that use the
|
|
119
114
|
# name of the dependency
|
|
@@ -10,9 +10,45 @@ require "dependabot/terraform/requirement"
|
|
|
10
10
|
|
|
11
11
|
module Dependabot
|
|
12
12
|
module Terraform
|
|
13
|
+
# Takes an array of `requirements` hashes for a dependency at the old
|
|
14
|
+
# version and a new version, and generates a set of new `requirements`
|
|
15
|
+
# hashes at the new version.
|
|
16
|
+
#
|
|
17
|
+
# A requirements hash is a basic description of a dependency at a certain
|
|
18
|
+
# version constraint, and it includes the data that is needed to update the
|
|
19
|
+
# manifest (i.e. the `.tf` file) with the new version.
|
|
20
|
+
#
|
|
21
|
+
# A requirements hash looks like this for a registry hosted requirement:
|
|
22
|
+
# ```ruby
|
|
23
|
+
# {
|
|
24
|
+
# requirement: "~> 0.2.1",
|
|
25
|
+
# groups: [],
|
|
26
|
+
# file: "main.tf",
|
|
27
|
+
# source: {
|
|
28
|
+
# type: "registry",
|
|
29
|
+
# registry_hostname: "registry.terraform.io",
|
|
30
|
+
# module_identifier: "hashicorp/consul/aws"
|
|
31
|
+
# }
|
|
32
|
+
# }
|
|
33
|
+
#
|
|
34
|
+
# And like this for a git requirement:
|
|
35
|
+
# ```ruby
|
|
36
|
+
# {
|
|
37
|
+
# requirement: nil,
|
|
38
|
+
# groups: [],
|
|
39
|
+
# file: "main.tf",
|
|
40
|
+
# source: {
|
|
41
|
+
# type: "git",
|
|
42
|
+
# url: "https://github.com/cloudposse/terraform-null-label.git",
|
|
43
|
+
# branch: nil,
|
|
44
|
+
# ref: nil
|
|
45
|
+
# }
|
|
46
|
+
# }
|
|
13
47
|
class RequirementsUpdater
|
|
14
|
-
|
|
15
|
-
|
|
48
|
+
# @param requirements [Hash{Symbol => String, Array, Hash}]
|
|
49
|
+
# @param latest_version [Dependabot::Terraform::Version]
|
|
50
|
+
# @param tag_for_latest_version [String, NilClass]
|
|
51
|
+
def initialize(requirements:, latest_version:, tag_for_latest_version:)
|
|
16
52
|
@requirements = requirements
|
|
17
53
|
@tag_for_latest_version = tag_for_latest_version
|
|
18
54
|
|
|
@@ -22,6 +58,11 @@ module Dependabot
|
|
|
22
58
|
@latest_version = version_class.new(latest_version)
|
|
23
59
|
end
|
|
24
60
|
|
|
61
|
+
# @return requirements [Hash{Symbol => String, Array, Hash}]
|
|
62
|
+
# * requirement [String, NilClass] the updated version constraint
|
|
63
|
+
# * groups [Array] no-op for terraform
|
|
64
|
+
# * file [String] the file that specified this dependency
|
|
65
|
+
# * source [Hash{Symbol => String}] The updated git or registry source details
|
|
25
66
|
def updated_requirements
|
|
26
67
|
return requirements unless latest_version
|
|
27
68
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.147.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.147.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.147.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.15.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.15.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -189,6 +189,7 @@ files:
|
|
|
189
189
|
- lib/dependabot/terraform.rb
|
|
190
190
|
- lib/dependabot/terraform/file_fetcher.rb
|
|
191
191
|
- lib/dependabot/terraform/file_parser.rb
|
|
192
|
+
- lib/dependabot/terraform/file_selector.rb
|
|
192
193
|
- lib/dependabot/terraform/file_updater.rb
|
|
193
194
|
- lib/dependabot/terraform/metadata_finder.rb
|
|
194
195
|
- lib/dependabot/terraform/requirement.rb
|