dependabot-terraform 0.154.1 → 0.155.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 918d77ffd4e3ac0a5e2257c2e46790900ea7c9a0dd7f163b355c045ae1a3dd66
|
4
|
+
data.tar.gz: 92ded6313a7295d5d72be98d544c2871f897c164030fdd26580d4a8fbfbf2a4c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 13aa45d3900b954c67c6937e883b8e05d830fe59323807b92156f4c4be67450939a9637b01f5acccc0e357e67ee1a6246deba8657c28695ffc60d9a842edb757
|
7
|
+
data.tar.gz: 673a1a49af009d4920eea42624c0612748abd7e24a274fa1fc80e9b33e0358235d803d0da7cbd1070dbdfaa13b7c0e01d1965c1b4f83d597031b32f8618d41d7
|
data/helpers/build
CHANGED
@@ -17,6 +17,6 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')"
|
|
17
17
|
hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
|
18
18
|
hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
|
19
19
|
hcl2json_path="$install_dir/bin/hcl2json"
|
20
|
-
|
20
|
+
curl -sSLfo "$hcl2json_path" "$hcl2json_url"
|
21
21
|
echo "$hcl2json_checksum $hcl2json_path" | sha256sum -c
|
22
22
|
chmod +x "$install_dir/bin/hcl2json"
|
@@ -170,13 +170,11 @@ module Dependabot
|
|
170
170
|
end
|
171
171
|
|
172
172
|
def provider_source_from(source_address, name)
|
173
|
-
|
174
|
-
|
175
|
-
matches = source_address.match(PROVIDER_SOURCE_ADDRESS)
|
173
|
+
matches = source_address&.match(PROVIDER_SOURCE_ADDRESS)
|
176
174
|
[
|
177
|
-
matches[:hostname
|
178
|
-
matches[:namespace
|
179
|
-
matches[:name
|
175
|
+
matches.try(:[], :hostname) || DEFAULT_REGISTRY,
|
176
|
+
matches.try(:[], :namespace) || DEFAULT_NAMESPACE,
|
177
|
+
matches.try(:[], :name) || name
|
180
178
|
]
|
181
179
|
end
|
182
180
|
|
@@ -233,20 +231,22 @@ module Dependabot
|
|
233
231
|
# rubocop:disable Metrics/PerceivedComplexity
|
234
232
|
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
235
233
|
# details of how Terraform handle HTTP(S) sources for modules
|
236
|
-
def get_proxied_source(raw_source)
|
234
|
+
def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
|
237
235
|
return raw_source unless raw_source.start_with?("http")
|
238
236
|
|
239
237
|
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
240
238
|
return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
241
|
-
return raw_source if URI.parse(raw_source).query
|
239
|
+
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
242
240
|
|
243
241
|
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
242
|
+
host = URI.parse(raw_source).host
|
244
243
|
|
245
244
|
response = Excon.get(
|
246
245
|
url,
|
247
246
|
idempotent: true,
|
248
247
|
**SharedHelpers.excon_defaults
|
249
248
|
)
|
249
|
+
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
250
250
|
|
251
251
|
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
252
252
|
|
@@ -254,6 +254,10 @@ module Dependabot
|
|
254
254
|
doc.css("meta").find do |tag|
|
255
255
|
tag.attributes&.fetch("name", nil)&.value == "terraform-get"
|
256
256
|
end&.attributes&.fetch("content", nil)&.value
|
257
|
+
rescue Excon::Error::Socket, Excon::Error::Timeout => e
|
258
|
+
raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
|
259
|
+
|
260
|
+
raw_source
|
257
261
|
end
|
258
262
|
# rubocop:enable Metrics/PerceivedComplexity
|
259
263
|
|
@@ -273,7 +277,7 @@ module Dependabot
|
|
273
277
|
path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
|
274
278
|
query_uri = URI.parse(source_string)
|
275
279
|
return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
276
|
-
return :http_archive if query_uri.query
|
280
|
+
return :http_archive if query_uri.query&.include?("archive=")
|
277
281
|
|
278
282
|
raise "HTTP source, but not an archive!"
|
279
283
|
end
|
@@ -90,7 +90,7 @@ module Dependabot
|
|
90
90
|
end
|
91
91
|
end
|
92
92
|
|
93
|
-
def update_lockfile_declaration
|
93
|
+
def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
|
94
94
|
return if lock_file.nil?
|
95
95
|
|
96
96
|
new_req = dependency.requirements.first
|
@@ -115,6 +115,14 @@ module Dependabot
|
|
115
115
|
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
116
116
|
content.sub!(declaration_regex, updated_dependency)
|
117
117
|
end
|
118
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
119
|
+
raise if @retrying_lock || !e.message.include?("terraform init")
|
120
|
+
|
121
|
+
# NOTE: Modules need to be installed before terraform can update the
|
122
|
+
# lockfile
|
123
|
+
@retrying_lock = true
|
124
|
+
SharedHelpers.run_shell_command("terraform init")
|
125
|
+
retry
|
118
126
|
end
|
119
127
|
|
120
128
|
content
|
@@ -157,7 +165,11 @@ module Dependabot
|
|
157
165
|
%r{
|
158
166
|
(?<=\{)
|
159
167
|
(?:(?!^\}).)*
|
160
|
-
source\s*=\s*["']
|
168
|
+
source\s*=\s*["']
|
169
|
+
(#{Regexp.escape(registry_host_for(dependency))}/)?
|
170
|
+
#{Regexp.escape(dependency.name)}
|
171
|
+
(//modules/\S+)?
|
172
|
+
["']
|
161
173
|
(?:(?!^\}).)*
|
162
174
|
}mx
|
163
175
|
end
|
@@ -58,15 +58,17 @@ module Dependabot
|
|
58
58
|
#
|
59
59
|
# @param dependency [Dependabot::Dependency] the dependency who's source
|
60
60
|
# we're attempting to find
|
61
|
-
# @return Dependabot::Source
|
62
|
-
# @raise [Dependabot::DependabotError] when the source cannot be retrieved
|
61
|
+
# @return [nil, Dependabot::Source]
|
63
62
|
def source(dependency:)
|
64
63
|
type = dependency.requirements.first[:source][:type]
|
65
64
|
base_url = service_url_for(service_key_for(type))
|
66
|
-
response = http_get
|
65
|
+
response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
|
66
|
+
return nil unless response.status == 200
|
67
67
|
|
68
68
|
source_url = JSON.parse(response.body).fetch("source")
|
69
69
|
Source.from_url(source_url) if source_url
|
70
|
+
rescue JSON::ParserError, Excon::Error::Timeout
|
71
|
+
nil
|
70
72
|
end
|
71
73
|
|
72
74
|
# Perform service discovery and return the absolute URL for
|
@@ -121,6 +123,7 @@ module Dependabot
|
|
121
123
|
def http_get!(url)
|
122
124
|
response = http_get(url)
|
123
125
|
|
126
|
+
raise Dependabot::PrivateSourceAuthenticationFailure, hostname if response.status == 401
|
124
127
|
raise error("Response from registry was #{response.status}") unless response.status == 200
|
125
128
|
|
126
129
|
response
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-terraform
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.155.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.155.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.155.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|