dependabot-terraform 0.180.5 → 0.182.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4989a37bcdf893186bfbdc4a5e64272b37b144674ed9497744cc333d763cd4f3
|
|
4
|
+
data.tar.gz: 9f12c1d8b5987a956100f158856d7c6de58ad3b27ab42c6d78a496fc9e26ae59
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 74acecc88f4997f9498ba6df54b8ad9d90b5d14ba583139f4d1a195953763a67a46483a0393db2bd994365e6a6e5dbbef5efce82a7dad12ca663d03765c937bb
|
|
7
|
+
data.tar.gz: e2fb99a17a9807830978d7b0cb570b556c00c815b8338c4b83675bcc3825235da870b946d84015e2bea6d335b903f5b7972dbd92cfb758ce0aeccce53fe0c072
|
|
@@ -94,25 +94,110 @@ module Dependabot
|
|
|
94
94
|
end
|
|
95
95
|
end
|
|
96
96
|
|
|
97
|
-
def
|
|
97
|
+
def extract_provider_h1_hashes(content, declaration_regex)
|
|
98
|
+
content.match(declaration_regex).to_s.
|
|
99
|
+
match(hashes_object_regex).to_s.
|
|
100
|
+
split("\n").map { |hash| hash.match(hashes_string_regex).to_s }.
|
|
101
|
+
select { |h| h&.match?(/^h1:/) }
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
def lockfile_details(new_req)
|
|
105
|
+
content = lock_file.content.dup
|
|
106
|
+
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
107
|
+
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
108
|
+
|
|
109
|
+
[content, provider_source, declaration_regex]
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
|
|
113
|
+
new_req = dependency.requirements.first
|
|
114
|
+
|
|
115
|
+
# NOTE: Only providers are inlcuded in the lockfile, modules are not
|
|
116
|
+
return unless new_req[:source][:type] == "provider"
|
|
117
|
+
|
|
118
|
+
architectures = []
|
|
119
|
+
content, provider_source, declaration_regex = lockfile_details(new_req)
|
|
120
|
+
hashes = extract_provider_h1_hashes(content, declaration_regex)
|
|
121
|
+
|
|
122
|
+
# These are ordered in assumed popularity
|
|
123
|
+
possible_architectures = %w(
|
|
124
|
+
linux_amd64
|
|
125
|
+
darwin_amd64
|
|
126
|
+
windows_amd64
|
|
127
|
+
darwin_arm64
|
|
128
|
+
linux_arm64
|
|
129
|
+
)
|
|
130
|
+
|
|
131
|
+
base_dir = dependency_files.first.directory
|
|
132
|
+
lockfile_hash_removed = content.sub(hashes_object_regex, "")
|
|
133
|
+
|
|
134
|
+
# This runs in the same directory as the actual lockfile update so
|
|
135
|
+
# the platform must be determined before the updated manifest files
|
|
136
|
+
# are written to disk
|
|
137
|
+
SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
|
|
138
|
+
possible_architectures.each do |arch|
|
|
139
|
+
# Exit early if we have detected all of the architectures present
|
|
140
|
+
break if architectures.count == hashes.count
|
|
141
|
+
|
|
142
|
+
# Terraform will update the lockfile in place so we use a fresh lockfile for each lookup
|
|
143
|
+
File.write(".terraform.lock.hcl", lockfile_hash_removed)
|
|
144
|
+
|
|
145
|
+
SharedHelpers.run_shell_command("terraform providers lock -platform=#{arch} #{provider_source} -no-color")
|
|
146
|
+
|
|
147
|
+
updated_lockfile = File.read(".terraform.lock.hcl")
|
|
148
|
+
updated_hashes = extract_provider_h1_hashes(updated_lockfile, declaration_regex)
|
|
149
|
+
next if updated_hashes.nil?
|
|
150
|
+
|
|
151
|
+
# Check if the architecture is present in the original lockfile
|
|
152
|
+
hashes.each do |hash|
|
|
153
|
+
updated_hashes.select { |h| h.match?(/^h1:/) }.each do |updated_hash|
|
|
154
|
+
architectures.append(arch.to_sym) if hash == updated_hash
|
|
155
|
+
end
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
File.delete(".terraform.lock.hcl")
|
|
159
|
+
end
|
|
160
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
161
|
+
if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
|
|
162
|
+
mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
|
|
163
|
+
raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
|
|
164
|
+
end
|
|
165
|
+
raise if @retrying_lock || !e.message.include?("terraform init")
|
|
166
|
+
|
|
167
|
+
# NOTE: Modules need to be installed before terraform can update the lockfile
|
|
168
|
+
@retrying_lock = true
|
|
169
|
+
run_terraform_init
|
|
170
|
+
retry
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
architectures.to_a
|
|
174
|
+
end
|
|
175
|
+
|
|
176
|
+
def architecture_type
|
|
177
|
+
@architecture_type ||= lookup_hash_architecture.empty? ? [:linux_amd64] : lookup_hash_architecture
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
|
|
98
181
|
return if lock_file.nil?
|
|
99
182
|
|
|
100
183
|
new_req = dependency.requirements.first
|
|
101
184
|
# NOTE: Only providers are inlcuded in the lockfile, modules are not
|
|
102
185
|
return unless new_req[:source][:type] == "provider"
|
|
103
186
|
|
|
104
|
-
content =
|
|
105
|
-
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
106
|
-
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
187
|
+
content, provider_source, declaration_regex = lockfile_details(new_req)
|
|
107
188
|
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
|
108
189
|
|
|
109
190
|
base_dir = dependency_files.first.directory
|
|
110
191
|
SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
|
|
192
|
+
# Determine the provider using the original manifest files
|
|
193
|
+
platforms = architecture_type.map { |arch| "-platform=#{arch}" }.join(" ")
|
|
194
|
+
|
|
111
195
|
# Update the provider requirements in case the previous requirement doesn't allow the new version
|
|
112
196
|
updated_manifest_files.each { |f| File.write(f.name, f.content) }
|
|
113
197
|
|
|
114
198
|
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
|
115
|
-
|
|
199
|
+
|
|
200
|
+
SharedHelpers.run_shell_command("terraform providers lock #{platforms} #{provider_source}")
|
|
116
201
|
|
|
117
202
|
updated_lockfile = File.read(".terraform.lock.hcl")
|
|
118
203
|
updated_dependency = updated_lockfile.scan(declaration_regex).first
|
|
@@ -130,8 +215,7 @@ module Dependabot
|
|
|
130
215
|
end
|
|
131
216
|
raise if @retrying_lock || !e.message.include?("terraform init")
|
|
132
217
|
|
|
133
|
-
# NOTE: Modules need to be installed before terraform can update the
|
|
134
|
-
# lockfile
|
|
218
|
+
# NOTE: Modules need to be installed before terraform can update the lockfile
|
|
135
219
|
@retrying_lock = true
|
|
136
220
|
run_terraform_init
|
|
137
221
|
retry
|
|
@@ -178,6 +262,14 @@ module Dependabot
|
|
|
178
262
|
raise "No Terraform configuration file!"
|
|
179
263
|
end
|
|
180
264
|
|
|
265
|
+
def hashes_object_regex
|
|
266
|
+
/hashes\s*=\s*.*\]/m
|
|
267
|
+
end
|
|
268
|
+
|
|
269
|
+
def hashes_string_regex
|
|
270
|
+
/(?<=\").*(?=\")/
|
|
271
|
+
end
|
|
272
|
+
|
|
181
273
|
def provider_declaration_regex
|
|
182
274
|
name = Regexp.escape(dependency.name)
|
|
183
275
|
%r{
|
|
@@ -117,10 +117,11 @@ module Dependabot
|
|
|
117
117
|
|
|
118
118
|
def update_range(req_string)
|
|
119
119
|
requirement_class.new(req_string).requirements.flat_map do |r|
|
|
120
|
-
|
|
120
|
+
ruby_req = requirement_class.new(r.join(" "))
|
|
121
|
+
next ruby_req if ruby_req.satisfied_by?(latest_version)
|
|
121
122
|
|
|
122
|
-
case op =
|
|
123
|
-
when "<", "<=" then [update_greatest_version(
|
|
123
|
+
case op = ruby_req.requirements.first.first
|
|
124
|
+
when "<", "<=" then [update_greatest_version(ruby_req, latest_version)]
|
|
124
125
|
when "!=" then []
|
|
125
126
|
else raise "Unexpected operation for unsatisfied req: #{op}"
|
|
126
127
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.182.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-04-
|
|
11
|
+
date: 2022-04-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.182.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.182.1
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: debase
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 0.2.4.1
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 0.2.4.1
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: debug
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +114,28 @@ dependencies:
|
|
|
100
114
|
requirements:
|
|
101
115
|
- - "~>"
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
117
|
+
version: 1.27.0
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: 1.27.0
|
|
125
|
+
- !ruby/object:Gem::Dependency
|
|
126
|
+
name: ruby-debug-ide
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
129
|
+
- - "~>"
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
131
|
+
version: 0.7.3
|
|
104
132
|
type: :development
|
|
105
133
|
prerelease: false
|
|
106
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
135
|
requirements:
|
|
108
136
|
- - "~>"
|
|
109
137
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
138
|
+
version: 0.7.3
|
|
111
139
|
- !ruby/object:Gem::Dependency
|
|
112
140
|
name: simplecov
|
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|