dependabot-terraform 0.169.0 → 0.169.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef6d8146b2ec0f603a752f7d4ea60db1a95a13614359f112ac561f1f22f7fd95
-  data.tar.gz: 3bae86fc79c2335702662c7bc3e1fef9ecce2bbf30699d0900e97c24f7e2f069
+  metadata.gz: 47eced386a99b0230813e6c4417311d540ccb7e758eeff31a73c9716ac11b464
+  data.tar.gz: 60b40ae0b8fa70c86bbce95ffa6ba3d9eba433b1865e7e788f902179ca96eeb4
 SHA512:
-  metadata.gz: 4aed50547112c9d8ecaabb402eb4ae50c36ca45a3da45502f7c262eb97baffedc26e3d1073526cce252ed41cc36d46657a980941d36fe08d6a45fd1fb979f293
-  data.tar.gz: fc96257ded2f4739951138c51ba13eaab0a54f3ec23cb571f98c91806398faa6cb43048659ba096709ad8c470be9ad2cf790733727c73051c873f2e2e4c43ccd
+  metadata.gz: 920dc0b2f3e954fd2bb96f5451e706fdf90675b355d941613c403eb0f2601eb31875ec44492b8b8634bce4c0acbd8fb06210bed50d9902f2199ba9b3d888212b
+  data.tar.gz: 61879a3fdc8c61d06f19ac0d511ae1155ac552da009d897d6e2a399682227175fc0967bbb2f19b5e3d80d7cc58cfb17882652328b76b522da1f815dfb13fcb3d

data/lib/dependabot/terraform/file_parser.rb

@@ -28,10 +28,26 @@ module Dependabot
       def parse
         dependency_set = DependencySet.new
 
+        parse_terraform_files(dependency_set)
+
+        parse_terragrunt_files(dependency_set)
+
+        dependency_set.dependencies.sort_by(&:name)
+      end
+
+      private
+
+      def parse_terraform_files(dependency_set)
         terraform_files.each do |file|
           modules = parsed_file(file).fetch("module", {})
           modules.each do |name, details|
-            dependency_set << build_terraform_dependency(file, name, details)
+            details = details.first
+
+            source = source_from(details)
+            # Cannot update local path modules, skip
+            next if source[:type] == "path"
+
+            dependency_set << build_terraform_dependency(file, name, source, details)
           end
 
           parsed_file(file).fetch("terraform", []).each do |terraform|
@@ -43,7 +59,9 @@ module Dependabot
             end
           end
         end
+      end
 
+      def parse_terragrunt_files(dependency_set)
         terragrunt_files.each do |file|
           modules = parsed_file(file).fetch("terraform", [])
           modules.each do |details|
@@ -52,19 +70,15 @@ module Dependabot
             dependency_set << build_terragrunt_dependency(file, details)
           end
         end
-
-        dependency_set.dependencies.sort_by(&:name)
       end
 
-      private
-
-      def build_terraform_dependency(file, name, details)
-        details = details.first
-
-        source = source_from(details)
+      def build_terraform_dependency(file, name, source, details)
+        # dep_name should be unique for a source, using the info derived from
+        # the source or the source name provides this uniqueness
         dep_name = case source[:type]
                    when "registry" then source[:module_identifier]
                    when "provider" then details["source"]
+                   when "git" then git_dependency_name(name, source)
                    else name
                    end
         version_req = details["version"]&.strip
@@ -199,6 +213,15 @@ module Dependabot
         end
       end
 
+      def git_dependency_name(name, source)
+        git_source = Source.from_url(source[:url])
+        if source[:ref]
+          name + "::" + git_source.provider + "::" + git_source.repo + "::" + source[:ref]
+        else
+          name + "::" + git_source.provider + "::" + git_source.repo
+        end
+      end
+
       def git_source_details_from(source_string)
         git_url = source_string.strip.gsub(/^git::/, "")
         git_url = "https://" + git_url unless git_url.start_with?("git@") || git_url.include?("://")

data/lib/dependabot/terraform/file_updater.rb

@@ -199,10 +199,11 @@ module Dependabot
         return /terraform\s*\{(?:(?!^\}).)*/m if terragrunt_file?(filename)
 
         # For modules we can do better - filter for module blocks that use the
-        # name of the dependency
+        # name of the module
+        module_name = dependency.name.split("::").first
         /
-          module\s+["']#{Regexp.escape(dependency.name)}["']\s*\{
-          (?:(?!^\}).)*
+         module\s+["']#{Regexp.escape(module_name)}["']\s*\{
+         (?:(?!^\}).)*
         /mx
       end
 

data/lib/dependabot/terraform.rb

@@ -20,3 +20,14 @@ Dependabot::Dependency.
 
 require "dependabot/utils"
 Dependabot::Utils.register_always_clone("terraform")
+
+Dependabot::Dependency.
+  register_display_name_builder(
+    "terraform",
+    lambda { |name|
+      # Only modify the name if it a git source dependency
+      next unless name.include? "::"
+
+      name.split("::").first + "::" + name.split("::")[2].split("/").last
+    }
+  )

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.169.0
+  version: 0.169.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-23 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.0
+        version: 0.169.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.0
+        version: 0.169.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -216,7 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.2.32
 signing_key: 
 specification_version: 4
 summary: Terraform support for dependabot