dependabot-terraform 0.260.0 → 0.261.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/file_updater.rb +25 -14
- data/lib/dependabot/terraform/metadata_finder.rb +8 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5bf4ee2034d691008382f6d6ce217a3d0b010ae6359310aaab7cd8b348dd3b1
|
4
|
+
data.tar.gz: 0f930b2c435202ab7d301b28fa7e0f0f17ea07b3348e1937aacf820ee88fe6d6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 948fd636cdbf07154bf5692e99aaa67865f88a9707aacd727fa1593cc5f37c1f05bffab1f161a62d5ee3ed11122333dd7a839785de4dac93921aecb4c0342cd6
|
7
|
+
data.tar.gz: 68a81f0c15a466e3ba2357daab254ebc2f6be558c0571c6db4a2037b17b4b7d5f8d5c58879635b9cc2949404db12a0e230a7eac6f62dc072d61b7ff1895e899b
|
@@ -1,6 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/file_updaters"
|
5
7
|
require "dependabot/file_updaters/base"
|
6
8
|
require "dependabot/errors"
|
@@ -10,6 +12,8 @@ require "dependabot/shared_helpers"
|
|
10
12
|
module Dependabot
|
11
13
|
module Terraform
|
12
14
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
15
|
+
extend T::Sig
|
16
|
+
|
13
17
|
include FileSelector
|
14
18
|
|
15
19
|
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
|
@@ -36,8 +40,8 @@ module Dependabot
|
|
36
40
|
end
|
37
41
|
updated_lockfile_content = update_lockfile_declaration(updated_files)
|
38
42
|
|
39
|
-
if updated_lockfile_content && lockfile.content != updated_lockfile_content
|
40
|
-
updated_files << updated_file(file: lockfile, content: updated_lockfile_content)
|
43
|
+
if updated_lockfile_content && T.must(lockfile).content != updated_lockfile_content
|
44
|
+
updated_files << updated_file(file: T.must(lockfile), content: updated_lockfile_content)
|
41
45
|
end
|
42
46
|
|
43
47
|
updated_files.compact!
|
@@ -137,12 +141,18 @@ module Dependabot
|
|
137
141
|
.sub(hashes_object_regex, "")
|
138
142
|
end
|
139
143
|
|
144
|
+
sig do
|
145
|
+
params(
|
146
|
+
new_req: T::Hash[Symbol, T.untyped]
|
147
|
+
)
|
148
|
+
.returns([String, String, Regexp])
|
149
|
+
end
|
140
150
|
def lockfile_details(new_req)
|
141
|
-
content = lockfile.content.dup
|
151
|
+
content = T.must(lockfile).content.dup
|
142
152
|
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
143
153
|
declaration_regex = lockfile_declaration_regex(provider_source)
|
144
154
|
|
145
|
-
[content, provider_source, declaration_regex]
|
155
|
+
[T.must(content), provider_source, declaration_regex]
|
146
156
|
end
|
147
157
|
|
148
158
|
def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
|
@@ -164,7 +174,7 @@ module Dependabot
|
|
164
174
|
linux_arm64
|
165
175
|
)
|
166
176
|
|
167
|
-
base_dir = dependency_files.first.directory
|
177
|
+
base_dir = T.must(dependency_files.first).directory
|
168
178
|
lockfile_hash_removed = remove_provider_h1_hashes(content, declaration_regex)
|
169
179
|
|
170
180
|
# This runs in the same directory as the actual lockfile update so
|
@@ -198,7 +208,7 @@ module Dependabot
|
|
198
208
|
end
|
199
209
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
200
210
|
if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
|
201
|
-
mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
|
211
|
+
mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
|
202
212
|
raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
|
203
213
|
end
|
204
214
|
raise if @retrying_lock || !e.message.include?("terraform init")
|
@@ -226,7 +236,7 @@ module Dependabot
|
|
226
236
|
content, provider_source, declaration_regex = lockfile_details(new_req)
|
227
237
|
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
228
238
|
|
229
|
-
base_dir = dependency_files.first.directory
|
239
|
+
base_dir = T.must(dependency_files.first).directory
|
230
240
|
SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
|
231
241
|
# Determine the provider using the original manifest files
|
232
242
|
platforms = architecture_type.map { |arch| "-platform=#{arch}" }.join(" ")
|
@@ -242,17 +252,17 @@ module Dependabot
|
|
242
252
|
)
|
243
253
|
|
244
254
|
updated_lockfile = File.read(".terraform.lock.hcl")
|
245
|
-
updated_dependency = updated_lockfile.scan(declaration_regex).first
|
255
|
+
updated_dependency = T.cast(updated_lockfile.scan(declaration_regex).first, String)
|
246
256
|
|
247
257
|
# Terraform will occasionally update h1 hashes without updating the version of the dependency
|
248
258
|
# Here we make sure the dependency's version actually changes in the lockfile
|
249
|
-
unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
|
250
|
-
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
259
|
+
unless T.cast(updated_dependency.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/) ==
|
260
|
+
T.cast(content.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/)
|
251
261
|
content.sub!(declaration_regex, updated_dependency)
|
252
262
|
end
|
253
263
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
254
264
|
if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
|
255
|
-
mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
|
265
|
+
mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
|
256
266
|
raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
|
257
267
|
end
|
258
268
|
raise if @retrying_lock || !e.message.include?("terraform init")
|
@@ -276,8 +286,8 @@ module Dependabot
|
|
276
286
|
output = e.message
|
277
287
|
|
278
288
|
if output.match?(PRIVATE_MODULE_ERROR)
|
279
|
-
repo = output.match(PRIVATE_MODULE_ERROR).named_captures.fetch("repo")
|
280
|
-
if repo
|
289
|
+
repo = T.must(output.match(PRIVATE_MODULE_ERROR)).named_captures.fetch("repo")
|
290
|
+
if repo&.match?(GIT_HTTPS_PREFIX)
|
281
291
|
repo = repo.sub(GIT_HTTPS_PREFIX, "")
|
282
292
|
repo = repo.sub(/\.git$/, "")
|
283
293
|
end
|
@@ -363,6 +373,7 @@ module Dependabot
|
|
363
373
|
source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
|
364
374
|
end
|
365
375
|
|
376
|
+
sig { params(provider_source: String).returns(Regexp) }
|
366
377
|
def lockfile_declaration_regex(provider_source)
|
367
378
|
/
|
368
379
|
(?:(?!^\}).)*
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "excon"
|
@@ -7,12 +7,16 @@ require "dependabot/metadata_finders"
|
|
7
7
|
require "dependabot/metadata_finders/base"
|
8
8
|
require "dependabot/terraform/registry_client"
|
9
9
|
require "dependabot/shared_helpers"
|
10
|
+
require "sorbet-runtime"
|
10
11
|
|
11
12
|
module Dependabot
|
12
13
|
module Terraform
|
13
14
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
15
|
+
extend T::Sig
|
16
|
+
|
14
17
|
private
|
15
18
|
|
19
|
+
sig { override.returns(T.nilable(Dependabot::Source)) }
|
16
20
|
def look_up_source
|
17
21
|
case new_source_type
|
18
22
|
when "git" then find_source_from_git_url
|
@@ -21,10 +25,12 @@ module Dependabot
|
|
21
25
|
end
|
22
26
|
end
|
23
27
|
|
28
|
+
sig { returns(T.nilable(String)) }
|
24
29
|
def new_source_type
|
25
30
|
dependency.source_type
|
26
31
|
end
|
27
32
|
|
33
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
28
34
|
def find_source_from_git_url
|
29
35
|
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
30
36
|
|
@@ -32,6 +38,7 @@ module Dependabot
|
|
32
38
|
Source.from_url(url)
|
33
39
|
end
|
34
40
|
|
41
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
35
42
|
def find_source_from_registry_details
|
36
43
|
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
37
44
|
hostname = info[:registry_hostname] || info["registry_hostname"]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-terraform
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.261.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-06-
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.261.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.261.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -260,7 +260,7 @@ licenses:
|
|
260
260
|
- MIT
|
261
261
|
metadata:
|
262
262
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
263
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
|
264
264
|
post_install_message:
|
265
265
|
rdoc_options: []
|
266
266
|
require_paths:
|