dependabot-terraform 0.149.4 → 0.152.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dfefb1320f00b268bba02b10255217750cb091d1cd275183a436d6bddcb799f3
|
4
|
+
data.tar.gz: 751a7d3e23094385b25cb7dd7d228dc92d6ca4a3ed4da5c61edd7e9b662a6348
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 02cc22ac7e9c4a6eb94d3d87fb2924aa04a8e671e477e35495960d067366f63832f11413b4cbbb9490c1ff732830676be5eabfe4eb6d08e83e7562ff5223f190
|
7
|
+
data.tar.gz: 48ffc333db0dbe7ca16e9caad59d5aeb36c49cd235145763be36d405503e16c6915f3f567f7303e726dd5024dce7904681505dc99bbf66db7d74f4f38218861d
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
23
23
|
fetched_files = []
|
24
24
|
fetched_files += terraform_files
|
25
25
|
fetched_files += terragrunt_files
|
26
|
+
fetched_files += [lock_file] if lock_file
|
26
27
|
|
27
28
|
return fetched_files if fetched_files.any?
|
28
29
|
|
@@ -45,6 +46,10 @@ module Dependabot
|
|
45
46
|
select { |f| f.type == "file" && terragrunt_file?(f.name) }.
|
46
47
|
map { |f| fetch_file_from_host(f.name) }
|
47
48
|
end
|
49
|
+
|
50
|
+
def lock_file
|
51
|
+
@lock_file ||= fetch_file_if_present(".terraform.lock.hcl")
|
52
|
+
end
|
48
53
|
end
|
49
54
|
end
|
50
55
|
end
|
@@ -12,6 +12,14 @@ module FileSelector
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def terragrunt_file?(file_name)
|
15
|
-
file_name
|
15
|
+
!lock_file?(file_name) && file_name.end_with?(".hcl")
|
16
|
+
end
|
17
|
+
|
18
|
+
def lock_file?(filename)
|
19
|
+
filename == ".terraform.lock.hcl"
|
20
|
+
end
|
21
|
+
|
22
|
+
def lock_file
|
23
|
+
dependency_files.find { |f| lock_file?(f.name) }
|
16
24
|
end
|
17
25
|
end
|
@@ -4,6 +4,7 @@ require "dependabot/file_updaters"
|
|
4
4
|
require "dependabot/file_updaters/base"
|
5
5
|
require "dependabot/errors"
|
6
6
|
require "dependabot/terraform/file_selector"
|
7
|
+
require "dependabot/shared_helpers"
|
7
8
|
|
8
9
|
module Dependabot
|
9
10
|
module Terraform
|
@@ -21,10 +22,18 @@ module Dependabot
|
|
21
22
|
next unless file_changed?(file)
|
22
23
|
|
23
24
|
updated_content = updated_terraform_file_content(file)
|
25
|
+
|
24
26
|
raise "Content didn't change!" if updated_content == file.content
|
25
27
|
|
26
28
|
updated_files << updated_file(file: file, content: updated_content)
|
27
29
|
end
|
30
|
+
updated_lockfile_content = update_lockfile_declaration
|
31
|
+
|
32
|
+
if updated_lockfile_content && lock_file.content != updated_lockfile_content
|
33
|
+
updated_files << updated_file(file: lock_file, content: updated_lockfile_content)
|
34
|
+
end
|
35
|
+
|
36
|
+
updated_files.compact!
|
28
37
|
|
29
38
|
raise "No files changed!" if updated_files.none?
|
30
39
|
|
@@ -39,7 +48,7 @@ module Dependabot
|
|
39
48
|
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
40
49
|
reject { |new_req, old_req| new_req == old_req }
|
41
50
|
|
42
|
-
# Loop through each changed requirement and update the files
|
51
|
+
# Loop through each changed requirement and update the files and lockfile
|
43
52
|
reqs.each do |new_req, old_req|
|
44
53
|
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
45
54
|
next unless new_req.fetch(:file) == file.name
|
@@ -81,6 +90,45 @@ module Dependabot
|
|
81
90
|
end
|
82
91
|
end
|
83
92
|
|
93
|
+
def update_lockfile_declaration
|
94
|
+
return if lock_file.nil?
|
95
|
+
|
96
|
+
new_req = dependency.requirements.first
|
97
|
+
content = lock_file.content.dup
|
98
|
+
|
99
|
+
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
100
|
+
declaration_regex = lockfile_declaration_regex(provider_source)
|
101
|
+
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
102
|
+
|
103
|
+
SharedHelpers.in_a_temporary_directory do
|
104
|
+
write_dependency_files
|
105
|
+
|
106
|
+
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
107
|
+
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
108
|
+
|
109
|
+
updated_lockfile = File.read(".terraform.lock.hcl")
|
110
|
+
updated_dependency = updated_lockfile.scan(declaration_regex).first
|
111
|
+
|
112
|
+
# Terraform will occasionally update h1 hashes without updating the version of the dependency
|
113
|
+
# Here we make sure the dependency's version actually changes in the lockfile
|
114
|
+
unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
|
115
|
+
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
116
|
+
content.sub!(declaration_regex, updated_dependency)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
content
|
121
|
+
end
|
122
|
+
|
123
|
+
def write_dependency_files
|
124
|
+
dependency_files.each do |file|
|
125
|
+
# Do not include the .terraform directory or .terraform.lock.hcl
|
126
|
+
next if file.name.include?(".terraform")
|
127
|
+
|
128
|
+
File.write(file.name, file.content)
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
84
132
|
def dependency
|
85
133
|
# Terraform updates will only ever be updating a single dependency
|
86
134
|
dependencies.first
|
@@ -131,6 +179,14 @@ module Dependabot
|
|
131
179
|
source = dependency.requirements.map { |r| r[:source] }.compact.first
|
132
180
|
source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
|
133
181
|
end
|
182
|
+
|
183
|
+
def lockfile_declaration_regex(provider_source)
|
184
|
+
/
|
185
|
+
(?:(?!^\}).)*
|
186
|
+
provider\s*["']#{Regexp.escape(provider_source)}["']\s*\{
|
187
|
+
(?:(?!^\}).)*}
|
188
|
+
/mx
|
189
|
+
end
|
134
190
|
end
|
135
191
|
end
|
136
192
|
end
|
@@ -75,11 +75,11 @@ module Dependabot
|
|
75
75
|
#
|
76
76
|
# @param service_key [String] the service type described in https://www.terraform.io/docs/internals/remote-service-discovery.html#supported-services
|
77
77
|
# @param return String
|
78
|
-
# @raise [Dependabot::
|
78
|
+
# @raise [Dependabot::PrivateSourceAuthenticationFailure] when the service is not available
|
79
79
|
def service_url_for(service_key)
|
80
80
|
url_for(services.fetch(service_key))
|
81
81
|
rescue KeyError
|
82
|
-
raise
|
82
|
+
raise Dependabot::PrivateSourceAuthenticationFailure, "Host does not support required Terraform-native service"
|
83
83
|
end
|
84
84
|
|
85
85
|
private
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-terraform
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.152.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.152.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.152.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.
|
103
|
+
version: 1.16.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.
|
110
|
+
version: 1.16.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: simplecov
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|