dependabot-terraform 0.260.0 → 0.261.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43fecafce99d6aeb9224e649b26718f7ced8d4947aa9fb9b6ca2645ad38abf52
4
- data.tar.gz: 776bc8eb679e454945242ae40fd57df3fb611d5da901c76086fc2b5bb312ce5a
3
+ metadata.gz: b5bf4ee2034d691008382f6d6ce217a3d0b010ae6359310aaab7cd8b348dd3b1
4
+ data.tar.gz: 0f930b2c435202ab7d301b28fa7e0f0f17ea07b3348e1937aacf820ee88fe6d6
5
5
  SHA512:
6
- metadata.gz: 1289bb397dd90e3ecb75da84617e96944ace792d6cc79fff16c488a2e1f2d7e7b90cc37a8b87ed7e6053857097a93d849645eddbd1d6848f1841d7f977bdad55
7
- data.tar.gz: ff031b7ab0bc2b590cdbaab97abeed9525a5a418a9ea36b021d4eb6b7e4825e19d65ebbb7e1a4a432053874af0fa721535af4f92d4a59ec2ed9af9f400f828b6
6
+ metadata.gz: 948fd636cdbf07154bf5692e99aaa67865f88a9707aacd727fa1593cc5f37c1f05bffab1f161a62d5ee3ed11122333dd7a839785de4dac93921aecb4c0342cd6
7
+ data.tar.gz: 68a81f0c15a466e3ba2357daab254ebc2f6be558c0571c6db4a2037b17b4b7d5f8d5c58879635b9cc2949404db12a0e230a7eac6f62dc072d61b7ff1895e899b
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/file_updaters"
5
7
  require "dependabot/file_updaters/base"
6
8
  require "dependabot/errors"
@@ -10,6 +12,8 @@ require "dependabot/shared_helpers"
10
12
  module Dependabot
11
13
  module Terraform
12
14
  class FileUpdater < Dependabot::FileUpdaters::Base
15
+ extend T::Sig
16
+
13
17
  include FileSelector
14
18
 
15
19
  PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
@@ -36,8 +40,8 @@ module Dependabot
36
40
  end
37
41
  updated_lockfile_content = update_lockfile_declaration(updated_files)
38
42
 
39
- if updated_lockfile_content && lockfile.content != updated_lockfile_content
40
- updated_files << updated_file(file: lockfile, content: updated_lockfile_content)
43
+ if updated_lockfile_content && T.must(lockfile).content != updated_lockfile_content
44
+ updated_files << updated_file(file: T.must(lockfile), content: updated_lockfile_content)
41
45
  end
42
46
 
43
47
  updated_files.compact!
@@ -137,12 +141,18 @@ module Dependabot
137
141
  .sub(hashes_object_regex, "")
138
142
  end
139
143
 
144
+ sig do
145
+ params(
146
+ new_req: T::Hash[Symbol, T.untyped]
147
+ )
148
+ .returns([String, String, Regexp])
149
+ end
140
150
  def lockfile_details(new_req)
141
- content = lockfile.content.dup
151
+ content = T.must(lockfile).content.dup
142
152
  provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
143
153
  declaration_regex = lockfile_declaration_regex(provider_source)
144
154
 
145
- [content, provider_source, declaration_regex]
155
+ [T.must(content), provider_source, declaration_regex]
146
156
  end
147
157
 
148
158
  def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
@@ -164,7 +174,7 @@ module Dependabot
164
174
  linux_arm64
165
175
  )
166
176
 
167
- base_dir = dependency_files.first.directory
177
+ base_dir = T.must(dependency_files.first).directory
168
178
  lockfile_hash_removed = remove_provider_h1_hashes(content, declaration_regex)
169
179
 
170
180
  # This runs in the same directory as the actual lockfile update so
@@ -198,7 +208,7 @@ module Dependabot
198
208
  end
199
209
  rescue SharedHelpers::HelperSubprocessFailed => e
200
210
  if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
201
- mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
211
+ mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
202
212
  raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
203
213
  end
204
214
  raise if @retrying_lock || !e.message.include?("terraform init")
@@ -226,7 +236,7 @@ module Dependabot
226
236
  content, provider_source, declaration_regex = lockfile_details(new_req)
227
237
  lockfile_dependency_removed = content.sub(declaration_regex, "")
228
238
 
229
- base_dir = dependency_files.first.directory
239
+ base_dir = T.must(dependency_files.first).directory
230
240
  SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
231
241
  # Determine the provider using the original manifest files
232
242
  platforms = architecture_type.map { |arch| "-platform=#{arch}" }.join(" ")
@@ -242,17 +252,17 @@ module Dependabot
242
252
  )
243
253
 
244
254
  updated_lockfile = File.read(".terraform.lock.hcl")
245
- updated_dependency = updated_lockfile.scan(declaration_regex).first
255
+ updated_dependency = T.cast(updated_lockfile.scan(declaration_regex).first, String)
246
256
 
247
257
  # Terraform will occasionally update h1 hashes without updating the version of the dependency
248
258
  # Here we make sure the dependency's version actually changes in the lockfile
249
- unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
250
- content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
259
+ unless T.cast(updated_dependency.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/) ==
260
+ T.cast(content.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/)
251
261
  content.sub!(declaration_regex, updated_dependency)
252
262
  end
253
263
  rescue SharedHelpers::HelperSubprocessFailed => e
254
264
  if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
255
- mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
265
+ mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
256
266
  raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
257
267
  end
258
268
  raise if @retrying_lock || !e.message.include?("terraform init")
@@ -276,8 +286,8 @@ module Dependabot
276
286
  output = e.message
277
287
 
278
288
  if output.match?(PRIVATE_MODULE_ERROR)
279
- repo = output.match(PRIVATE_MODULE_ERROR).named_captures.fetch("repo")
280
- if repo.match?(GIT_HTTPS_PREFIX)
289
+ repo = T.must(output.match(PRIVATE_MODULE_ERROR)).named_captures.fetch("repo")
290
+ if repo&.match?(GIT_HTTPS_PREFIX)
281
291
  repo = repo.sub(GIT_HTTPS_PREFIX, "")
282
292
  repo = repo.sub(/\.git$/, "")
283
293
  end
@@ -363,6 +373,7 @@ module Dependabot
363
373
  source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
364
374
  end
365
375
 
376
+ sig { params(provider_source: String).returns(Regexp) }
366
377
  def lockfile_declaration_regex(provider_source)
367
378
  /
368
379
  (?:(?!^\}).)*
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -7,12 +7,16 @@ require "dependabot/metadata_finders"
7
7
  require "dependabot/metadata_finders/base"
8
8
  require "dependabot/terraform/registry_client"
9
9
  require "dependabot/shared_helpers"
10
+ require "sorbet-runtime"
10
11
 
11
12
  module Dependabot
12
13
  module Terraform
13
14
  class MetadataFinder < Dependabot::MetadataFinders::Base
15
+ extend T::Sig
16
+
14
17
  private
15
18
 
19
+ sig { override.returns(T.nilable(Dependabot::Source)) }
16
20
  def look_up_source
17
21
  case new_source_type
18
22
  when "git" then find_source_from_git_url
@@ -21,10 +25,12 @@ module Dependabot
21
25
  end
22
26
  end
23
27
 
28
+ sig { returns(T.nilable(String)) }
24
29
  def new_source_type
25
30
  dependency.source_type
26
31
  end
27
32
 
33
+ sig { returns(T.nilable(Dependabot::Source)) }
28
34
  def find_source_from_git_url
29
35
  info = dependency.requirements.filter_map { |r| r[:source] }.first
30
36
 
@@ -32,6 +38,7 @@ module Dependabot
32
38
  Source.from_url(url)
33
39
  end
34
40
 
41
+ sig { returns(T.nilable(Dependabot::Source)) }
35
42
  def find_source_from_registry_details
36
43
  info = dependency.requirements.filter_map { |r| r[:source] }.first
37
44
  hostname = info[:registry_hostname] || info["registry_hostname"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -260,7 +260,7 @@ licenses:
260
260
  - MIT
261
261
  metadata:
262
262
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
263
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
264
264
  post_install_message:
265
265
  rdoc_options: []
266
266
  require_paths: