dependabot-terraform 0.154.4 → 0.156.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform.rb +3 -0
- data/lib/dependabot/terraform/file_updater.rb +28 -10
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f7b09b1f7e256b46726f3b97ff62cf24fda20edb289cede081329324af369ff3
|
4
|
+
data.tar.gz: 6f61d703546a1ec53cbf09d0af4c803a749152c54fa335bdf8eafe65c3c41702
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4cf7838fe33e476a71e463e45da2cdf54a0ce94cc58f1f2cbe35250e66dda59ac761aa0d2d5e8f02f7ef68a9e2d594d2f68493f890c2044aa31d7416994dfffb
|
7
|
+
data.tar.gz: 8ee3e8ac4ba04a7f3562fc47c66e1b9da083298378f2de24151404006073ae0eb91ca69ba7a30444d351092af82c2249c4bc339054003ba6cc6bc27f6ee8cb40
|
data/lib/dependabot/terraform.rb
CHANGED
@@ -11,6 +11,8 @@ module Dependabot
|
|
11
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
12
12
|
include FileSelector
|
13
13
|
|
14
|
+
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/.freeze
|
15
|
+
|
14
16
|
def self.updated_files_regex
|
15
17
|
[/\.tf$/, /\.hcl$/]
|
16
18
|
end
|
@@ -90,19 +92,20 @@ module Dependabot
|
|
90
92
|
end
|
91
93
|
end
|
92
94
|
|
93
|
-
def update_lockfile_declaration
|
95
|
+
def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
|
94
96
|
return if lock_file.nil?
|
95
97
|
|
96
98
|
new_req = dependency.requirements.first
|
97
|
-
|
99
|
+
# NOTE: Only providers are inlcuded in the lockfile, modules are not
|
100
|
+
return unless new_req[:source][:type] == "provider"
|
98
101
|
|
102
|
+
content = lock_file.content.dup
|
99
103
|
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
100
104
|
declaration_regex = lockfile_declaration_regex(provider_source)
|
101
105
|
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
102
106
|
|
103
|
-
|
104
|
-
|
105
|
-
|
107
|
+
base_dir = dependency_files.first.directory
|
108
|
+
SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
|
106
109
|
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
107
110
|
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
108
111
|
|
@@ -115,20 +118,35 @@ module Dependabot
|
|
115
118
|
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
116
119
|
content.sub!(declaration_regex, updated_dependency)
|
117
120
|
end
|
121
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
122
|
+
raise if @retrying_lock || !e.message.include?("terraform init")
|
123
|
+
|
124
|
+
# NOTE: Modules need to be installed before terraform can update the
|
125
|
+
# lockfile
|
126
|
+
@retrying_lock = true
|
127
|
+
run_terraform_init
|
128
|
+
retry
|
118
129
|
end
|
119
130
|
|
120
131
|
content
|
121
132
|
end
|
122
133
|
|
123
|
-
def
|
124
|
-
|
125
|
-
|
126
|
-
|
134
|
+
def run_terraform_init
|
135
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
136
|
+
SharedHelpers.run_shell_command("terraform init")
|
137
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
138
|
+
output = strip_terminal_colors(e.message)
|
127
139
|
|
128
|
-
|
140
|
+
if output.match?(PRIVATE_MODULE_ERROR)
|
141
|
+
raise PrivateSourceAuthenticationFailure, output.match(PRIVATE_MODULE_ERROR).named_captures.fetch("repo")
|
142
|
+
end
|
129
143
|
end
|
130
144
|
end
|
131
145
|
|
146
|
+
def strip_terminal_colors(output)
|
147
|
+
output.gsub(/\e\[(\d+)m/, "")
|
148
|
+
end
|
149
|
+
|
132
150
|
def dependency
|
133
151
|
# Terraform updates will only ever be updating a single dependency
|
134
152
|
dependencies.first
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-terraform
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.156.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.156.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.156.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.
|
103
|
+
version: 1.17.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.
|
110
|
+
version: 1.17.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: simplecov
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|