dependabot-terraform 0.154.2 → 0.155.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 51d974767fa123e36602001d5e912b941f320337c393102382b79bcfcd0a87ab
|
|
4
|
+
data.tar.gz: 7b856f87b9d0ee6066c2341fdb4b03774e555bcb6084d50f850fb25e42de604b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a90b8caecc2bdbf7df6b38747ae6cf798e047341243849f6a120d5dbe5d1e6f3c56250feb40c9dc1cae4093f3e634a1250ec9e37054faaf2773dbd75a2cd06d0
|
|
7
|
+
data.tar.gz: 3ccc5a928652f5f22deec3412683bbdf83642e3b04606ae97049f353a0da2509c98ad33d9a234449e5754a313c827d0b6533f233a8d8479c76e2cf1f6a944196
|
data/helpers/build
CHANGED
|
@@ -17,6 +17,6 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')"
|
|
|
17
17
|
hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
|
|
18
18
|
hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
|
|
19
19
|
hcl2json_path="$install_dir/bin/hcl2json"
|
|
20
|
-
|
|
20
|
+
curl -sSLfo "$hcl2json_path" "$hcl2json_url"
|
|
21
21
|
echo "$hcl2json_checksum $hcl2json_path" | sha256sum -c
|
|
22
22
|
chmod +x "$install_dir/bin/hcl2json"
|
|
@@ -170,13 +170,11 @@ module Dependabot
|
|
|
170
170
|
end
|
|
171
171
|
|
|
172
172
|
def provider_source_from(source_address, name)
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
matches = source_address.match(PROVIDER_SOURCE_ADDRESS)
|
|
173
|
+
matches = source_address&.match(PROVIDER_SOURCE_ADDRESS)
|
|
176
174
|
[
|
|
177
|
-
matches[:hostname
|
|
178
|
-
matches[:namespace
|
|
179
|
-
matches[:name
|
|
175
|
+
matches.try(:[], :hostname) || DEFAULT_REGISTRY,
|
|
176
|
+
matches.try(:[], :namespace) || DEFAULT_NAMESPACE,
|
|
177
|
+
matches.try(:[], :name) || name
|
|
180
178
|
]
|
|
181
179
|
end
|
|
182
180
|
|
|
@@ -233,20 +231,22 @@ module Dependabot
|
|
|
233
231
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
234
232
|
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
235
233
|
# details of how Terraform handle HTTP(S) sources for modules
|
|
236
|
-
def get_proxied_source(raw_source)
|
|
234
|
+
def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
|
|
237
235
|
return raw_source unless raw_source.start_with?("http")
|
|
238
236
|
|
|
239
237
|
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
240
238
|
return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
241
|
-
return raw_source if URI.parse(raw_source).query
|
|
239
|
+
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
242
240
|
|
|
243
241
|
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
242
|
+
host = URI.parse(raw_source).host
|
|
244
243
|
|
|
245
244
|
response = Excon.get(
|
|
246
245
|
url,
|
|
247
246
|
idempotent: true,
|
|
248
247
|
**SharedHelpers.excon_defaults
|
|
249
248
|
)
|
|
249
|
+
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
250
250
|
|
|
251
251
|
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
252
252
|
|
|
@@ -254,6 +254,10 @@ module Dependabot
|
|
|
254
254
|
doc.css("meta").find do |tag|
|
|
255
255
|
tag.attributes&.fetch("name", nil)&.value == "terraform-get"
|
|
256
256
|
end&.attributes&.fetch("content", nil)&.value
|
|
257
|
+
rescue Excon::Error::Socket, Excon::Error::Timeout => e
|
|
258
|
+
raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
|
|
259
|
+
|
|
260
|
+
raw_source
|
|
257
261
|
end
|
|
258
262
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
259
263
|
|
|
@@ -273,7 +277,7 @@ module Dependabot
|
|
|
273
277
|
path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
|
|
274
278
|
query_uri = URI.parse(source_string)
|
|
275
279
|
return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
276
|
-
return :http_archive if query_uri.query
|
|
280
|
+
return :http_archive if query_uri.query&.include?("archive=")
|
|
277
281
|
|
|
278
282
|
raise "HTTP source, but not an archive!"
|
|
279
283
|
end
|
|
@@ -90,12 +90,14 @@ module Dependabot
|
|
|
90
90
|
end
|
|
91
91
|
end
|
|
92
92
|
|
|
93
|
-
def update_lockfile_declaration
|
|
93
|
+
def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
|
|
94
94
|
return if lock_file.nil?
|
|
95
95
|
|
|
96
96
|
new_req = dependency.requirements.first
|
|
97
|
-
|
|
97
|
+
# NOTE: Only providers are inlcuded in the lockfile, modules are not
|
|
98
|
+
return unless new_req[:source][:type] == "provider"
|
|
98
99
|
|
|
100
|
+
content = lock_file.content.dup
|
|
99
101
|
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
100
102
|
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
101
103
|
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
|
@@ -115,6 +117,14 @@ module Dependabot
|
|
|
115
117
|
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
|
116
118
|
content.sub!(declaration_regex, updated_dependency)
|
|
117
119
|
end
|
|
120
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
121
|
+
raise if @retrying_lock || !e.message.include?("terraform init")
|
|
122
|
+
|
|
123
|
+
# NOTE: Modules need to be installed before terraform can update the
|
|
124
|
+
# lockfile
|
|
125
|
+
@retrying_lock = true
|
|
126
|
+
SharedHelpers.run_shell_command("terraform init")
|
|
127
|
+
retry
|
|
118
128
|
end
|
|
119
129
|
|
|
120
130
|
content
|
|
@@ -157,7 +167,11 @@ module Dependabot
|
|
|
157
167
|
%r{
|
|
158
168
|
(?<=\{)
|
|
159
169
|
(?:(?!^\}).)*
|
|
160
|
-
source\s*=\s*["']
|
|
170
|
+
source\s*=\s*["']
|
|
171
|
+
(#{Regexp.escape(registry_host_for(dependency))}/)?
|
|
172
|
+
#{Regexp.escape(dependency.name)}
|
|
173
|
+
(//modules/\S+)?
|
|
174
|
+
["']
|
|
161
175
|
(?:(?!^\}).)*
|
|
162
176
|
}mx
|
|
163
177
|
end
|
|
@@ -58,15 +58,17 @@ module Dependabot
|
|
|
58
58
|
#
|
|
59
59
|
# @param dependency [Dependabot::Dependency] the dependency who's source
|
|
60
60
|
# we're attempting to find
|
|
61
|
-
# @return Dependabot::Source
|
|
62
|
-
# @raise [Dependabot::DependabotError] when the source cannot be retrieved
|
|
61
|
+
# @return [nil, Dependabot::Source]
|
|
63
62
|
def source(dependency:)
|
|
64
63
|
type = dependency.requirements.first[:source][:type]
|
|
65
64
|
base_url = service_url_for(service_key_for(type))
|
|
66
|
-
response = http_get
|
|
65
|
+
response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
|
|
66
|
+
return nil unless response.status == 200
|
|
67
67
|
|
|
68
68
|
source_url = JSON.parse(response.body).fetch("source")
|
|
69
69
|
Source.from_url(source_url) if source_url
|
|
70
|
+
rescue JSON::ParserError, Excon::Error::Timeout
|
|
71
|
+
nil
|
|
70
72
|
end
|
|
71
73
|
|
|
72
74
|
# Perform service discovery and return the absolute URL for
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.155.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.155.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.155.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|