dependabot-terraform 0.150.0 → 0.153.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 531915418d5fff8122b96aadafec6597a2d2fad199e1b737fcf715da9ef1f9ca
|
4
|
+
data.tar.gz: def1f269928c0c5a46c374afa7fd2332921b3b2a2c2e0180c3646010cb7ae95d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 57475ffeae33eb2a7c62b602cc9523d3c5c15eb5089cb1d3d76ffe02a68f6038b981a7f427c26d6f9d7326774fca6becc4675b8ab2811915193ddd9b718592c6
|
7
|
+
data.tar.gz: de6b7eea5ccad1df31d0f588bdf9d31374292130f1d2f18494689234ba37a93c7b95154622a264b21745e7394cd91781647823afb35d439de694dbbc57b52c1f
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
23
23
|
fetched_files = []
|
24
24
|
fetched_files += terraform_files
|
25
25
|
fetched_files += terragrunt_files
|
26
|
+
fetched_files += [lock_file] if lock_file
|
26
27
|
|
27
28
|
return fetched_files if fetched_files.any?
|
28
29
|
|
@@ -45,6 +46,10 @@ module Dependabot
|
|
45
46
|
select { |f| f.type == "file" && terragrunt_file?(f.name) }.
|
46
47
|
map { |f| fetch_file_from_host(f.name) }
|
47
48
|
end
|
49
|
+
|
50
|
+
def lock_file
|
51
|
+
@lock_file ||= fetch_file_if_present(".terraform.lock.hcl")
|
52
|
+
end
|
48
53
|
end
|
49
54
|
end
|
50
55
|
end
|
@@ -87,6 +87,8 @@ module Dependabot
|
|
87
87
|
end
|
88
88
|
|
89
89
|
def build_provider_dependency(file, name, details = {})
|
90
|
+
deprecated_provider_error(file) if deprecated_provider?(details)
|
91
|
+
|
90
92
|
source_address = details.fetch("source", nil)
|
91
93
|
version_req = details["version"]&.strip
|
92
94
|
hostname, namespace, name = provider_source_from(source_address, name)
|
@@ -109,6 +111,21 @@ module Dependabot
|
|
109
111
|
)
|
110
112
|
end
|
111
113
|
|
114
|
+
def deprecated_provider_error(file)
|
115
|
+
raise Dependabot::DependencyFileNotParseable.new(
|
116
|
+
file.path,
|
117
|
+
"This terraform provider syntax is now deprecated.\n"\
|
118
|
+
"See https://www.terraform.io/docs/language/providers/requirements.html "\
|
119
|
+
"for the new Terraform v0.13+ provider syntax."
|
120
|
+
)
|
121
|
+
end
|
122
|
+
|
123
|
+
def deprecated_provider?(details)
|
124
|
+
# The old syntax for terraform providers v0.12- looked like
|
125
|
+
# "tls ~> 2.1" which gets parsed as a string instead of a hash
|
126
|
+
details.is_a?(String)
|
127
|
+
end
|
128
|
+
|
112
129
|
def build_terragrunt_dependency(file, details)
|
113
130
|
source = source_from(details)
|
114
131
|
dep_name =
|
@@ -12,6 +12,14 @@ module FileSelector
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def terragrunt_file?(file_name)
|
15
|
-
file_name
|
15
|
+
!lock_file?(file_name) && file_name.end_with?(".hcl")
|
16
|
+
end
|
17
|
+
|
18
|
+
def lock_file?(filename)
|
19
|
+
filename == ".terraform.lock.hcl"
|
20
|
+
end
|
21
|
+
|
22
|
+
def lock_file
|
23
|
+
dependency_files.find { |f| lock_file?(f.name) }
|
16
24
|
end
|
17
25
|
end
|
@@ -4,6 +4,7 @@ require "dependabot/file_updaters"
|
|
4
4
|
require "dependabot/file_updaters/base"
|
5
5
|
require "dependabot/errors"
|
6
6
|
require "dependabot/terraform/file_selector"
|
7
|
+
require "dependabot/shared_helpers"
|
7
8
|
|
8
9
|
module Dependabot
|
9
10
|
module Terraform
|
@@ -21,10 +22,18 @@ module Dependabot
|
|
21
22
|
next unless file_changed?(file)
|
22
23
|
|
23
24
|
updated_content = updated_terraform_file_content(file)
|
25
|
+
|
24
26
|
raise "Content didn't change!" if updated_content == file.content
|
25
27
|
|
26
28
|
updated_files << updated_file(file: file, content: updated_content)
|
27
29
|
end
|
30
|
+
updated_lockfile_content = update_lockfile_declaration
|
31
|
+
|
32
|
+
if updated_lockfile_content && lock_file.content != updated_lockfile_content
|
33
|
+
updated_files << updated_file(file: lock_file, content: updated_lockfile_content)
|
34
|
+
end
|
35
|
+
|
36
|
+
updated_files.compact!
|
28
37
|
|
29
38
|
raise "No files changed!" if updated_files.none?
|
30
39
|
|
@@ -39,7 +48,7 @@ module Dependabot
|
|
39
48
|
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
40
49
|
reject { |new_req, old_req| new_req == old_req }
|
41
50
|
|
42
|
-
# Loop through each changed requirement and update the files
|
51
|
+
# Loop through each changed requirement and update the files and lockfile
|
43
52
|
reqs.each do |new_req, old_req|
|
44
53
|
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
45
54
|
next unless new_req.fetch(:file) == file.name
|
@@ -81,6 +90,45 @@ module Dependabot
|
|
81
90
|
end
|
82
91
|
end
|
83
92
|
|
93
|
+
def update_lockfile_declaration
|
94
|
+
return if lock_file.nil?
|
95
|
+
|
96
|
+
new_req = dependency.requirements.first
|
97
|
+
content = lock_file.content.dup
|
98
|
+
|
99
|
+
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
100
|
+
declaration_regex = lockfile_declaration_regex(provider_source)
|
101
|
+
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
102
|
+
|
103
|
+
SharedHelpers.in_a_temporary_directory do
|
104
|
+
write_dependency_files
|
105
|
+
|
106
|
+
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
107
|
+
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
108
|
+
|
109
|
+
updated_lockfile = File.read(".terraform.lock.hcl")
|
110
|
+
updated_dependency = updated_lockfile.scan(declaration_regex).first
|
111
|
+
|
112
|
+
# Terraform will occasionally update h1 hashes without updating the version of the dependency
|
113
|
+
# Here we make sure the dependency's version actually changes in the lockfile
|
114
|
+
unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
|
115
|
+
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
116
|
+
content.sub!(declaration_regex, updated_dependency)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
content
|
121
|
+
end
|
122
|
+
|
123
|
+
def write_dependency_files
|
124
|
+
dependency_files.each do |file|
|
125
|
+
# Do not include the .terraform directory or .terraform.lock.hcl
|
126
|
+
next if file.name.include?(".terraform")
|
127
|
+
|
128
|
+
File.write(file.name, file.content)
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
84
132
|
def dependency
|
85
133
|
# Terraform updates will only ever be updating a single dependency
|
86
134
|
dependencies.first
|
@@ -131,6 +179,14 @@ module Dependabot
|
|
131
179
|
source = dependency.requirements.map { |r| r[:source] }.compact.first
|
132
180
|
source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
|
133
181
|
end
|
182
|
+
|
183
|
+
def lockfile_declaration_regex(provider_source)
|
184
|
+
/
|
185
|
+
(?:(?!^\}).)*
|
186
|
+
provider\s*["']#{Regexp.escape(provider_source)}["']\s*\{
|
187
|
+
(?:(?!^\}).)*}
|
188
|
+
/mx
|
189
|
+
end
|
134
190
|
end
|
135
191
|
end
|
136
192
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-terraform
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.153.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.153.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.153.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|