dependabot-terraform 0.155.0 → 0.156.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform.rb +3 -0
- data/lib/dependabot/terraform/file_updater.rb +19 -10
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f4d635c824c7f4d6fc43608e8a9665829970f2c9631aec29dede5d509b4770c4
|
|
4
|
+
data.tar.gz: c68f30921a2ca0426e2db228dbca3eb3d9d973382ddbd559c15565285f27707c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 80c99cfab338b75154e20687dc10d85708af62fb8dfe072b6086ec8572e88e36fc63be57142def8da4fcee298dcc2934f0eb953b2687f08ad786583ca1676e97
|
|
7
|
+
data.tar.gz: f4637da786eff256718e4275c1ed19ceb0ff92d86521eeb8e652023598dba3b632c0cd337189f4668ae8f5e5d48787977947cde3a297538c56b644cf279e68f1
|
data/lib/dependabot/terraform.rb
CHANGED
|
@@ -11,6 +11,8 @@ module Dependabot
|
|
|
11
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
12
12
|
include FileSelector
|
|
13
13
|
|
|
14
|
+
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/.freeze
|
|
15
|
+
|
|
14
16
|
def self.updated_files_regex
|
|
15
17
|
[/\.tf$/, /\.hcl$/]
|
|
16
18
|
end
|
|
@@ -94,15 +96,16 @@ module Dependabot
|
|
|
94
96
|
return if lock_file.nil?
|
|
95
97
|
|
|
96
98
|
new_req = dependency.requirements.first
|
|
97
|
-
|
|
99
|
+
# NOTE: Only providers are inlcuded in the lockfile, modules are not
|
|
100
|
+
return unless new_req[:source][:type] == "provider"
|
|
98
101
|
|
|
102
|
+
content = lock_file.content.dup
|
|
99
103
|
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
100
104
|
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
101
105
|
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
|
102
106
|
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
107
|
+
base_dir = dependency_files.first.directory
|
|
108
|
+
SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
|
|
106
109
|
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
|
107
110
|
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
|
108
111
|
|
|
@@ -121,19 +124,25 @@ module Dependabot
|
|
|
121
124
|
# NOTE: Modules need to be installed before terraform can update the
|
|
122
125
|
# lockfile
|
|
123
126
|
@retrying_lock = true
|
|
124
|
-
|
|
127
|
+
run_terraform_init
|
|
125
128
|
retry
|
|
126
129
|
end
|
|
127
130
|
|
|
128
131
|
content
|
|
129
132
|
end
|
|
130
133
|
|
|
131
|
-
def
|
|
132
|
-
|
|
133
|
-
#
|
|
134
|
-
|
|
134
|
+
def run_terraform_init
|
|
135
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
136
|
+
# -backend=false option used to ignore any backend configuration, as these won't be accessible
|
|
137
|
+
# -input=false option used to immediately fail if it needs user input
|
|
138
|
+
# -no-color option used to prevent any color characters being printed in the output
|
|
139
|
+
SharedHelpers.run_shell_command("terraform init -backend=false -input=false -no-color")
|
|
140
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
141
|
+
output = e.message
|
|
135
142
|
|
|
136
|
-
|
|
143
|
+
if output.match?(PRIVATE_MODULE_ERROR)
|
|
144
|
+
raise PrivateSourceAuthenticationFailure, output.match(PRIVATE_MODULE_ERROR).named_captures.fetch("repo")
|
|
145
|
+
end
|
|
137
146
|
end
|
|
138
147
|
end
|
|
139
148
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.156.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.156.3
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.156.3
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.17.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.17.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|