dependabot-terraform 0.260.0 → 0.261.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/terraform/file_updater.rb +25 -14
  3. data/lib/dependabot/terraform/metadata_finder.rb +8 -1
  4. data/lib/dependabot/terraform/requirement.rb +8 -5
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43fecafce99d6aeb9224e649b26718f7ced8d4947aa9fb9b6ca2645ad38abf52
4
- data.tar.gz: 776bc8eb679e454945242ae40fd57df3fb611d5da901c76086fc2b5bb312ce5a
3
+ metadata.gz: f43110753b0a724a429bc09a65a8a86f311147c5611dfd03fdc6a4c51f900a88
4
+ data.tar.gz: d1b548612657b50cefcdf4fefed24a1f1ede3cec7c1f98679d8879ee894d9953
5
5
  SHA512:
6
- metadata.gz: 1289bb397dd90e3ecb75da84617e96944ace792d6cc79fff16c488a2e1f2d7e7b90cc37a8b87ed7e6053857097a93d849645eddbd1d6848f1841d7f977bdad55
7
- data.tar.gz: ff031b7ab0bc2b590cdbaab97abeed9525a5a418a9ea36b021d4eb6b7e4825e19d65ebbb7e1a4a432053874af0fa721535af4f92d4a59ec2ed9af9f400f828b6
6
+ metadata.gz: 2e4958e34241b4bf263f090518cb3d510e7a9b4945842b9710e6d7b2bcab9947f9b475a017007c14b4d15b65f3d496086cd6f3e83b940cdc8735780963903b09
7
+ data.tar.gz: 0420b3d5b33b2ceec10a5c752a2b49c40660d409a6a1e20f019964f8155e7272eadbe431109b69bc1f3b8cd6b6e2ccddd11794a8f0cf1740dc9eed439e6638a8
data/lib/dependabot/terraform/file_updater.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/file_updaters"
5
7
  require "dependabot/file_updaters/base"
6
8
  require "dependabot/errors"
@@ -10,6 +12,8 @@ require "dependabot/shared_helpers"
10
12
  module Dependabot
11
13
  module Terraform
12
14
  class FileUpdater < Dependabot::FileUpdaters::Base
15
+ extend T::Sig
16
+
13
17
  include FileSelector
14
18
 
15
19
  PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
@@ -36,8 +40,8 @@ module Dependabot
36
40
  end
37
41
  updated_lockfile_content = update_lockfile_declaration(updated_files)
38
42
 
39
- if updated_lockfile_content && lockfile.content != updated_lockfile_content
40
- updated_files << updated_file(file: lockfile, content: updated_lockfile_content)
43
+ if updated_lockfile_content && T.must(lockfile).content != updated_lockfile_content
44
+ updated_files << updated_file(file: T.must(lockfile), content: updated_lockfile_content)
41
45
  end
42
46
 
43
47
  updated_files.compact!
@@ -137,12 +141,18 @@ module Dependabot
137
141
  .sub(hashes_object_regex, "")
138
142
  end
139
143
 
144
+ sig do
145
+ params(
146
+ new_req: T::Hash[Symbol, T.untyped]
147
+ )
148
+ .returns([String, String, Regexp])
149
+ end
140
150
  def lockfile_details(new_req)
141
- content = lockfile.content.dup
151
+ content = T.must(lockfile).content.dup
142
152
  provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
143
153
  declaration_regex = lockfile_declaration_regex(provider_source)
144
154
 
145
- [content, provider_source, declaration_regex]
155
+ [T.must(content), provider_source, declaration_regex]
146
156
  end
147
157
 
148
158
  def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
@@ -164,7 +174,7 @@ module Dependabot
164
174
  linux_arm64
165
175
  )
166
176
 
167
- base_dir = dependency_files.first.directory
177
+ base_dir = T.must(dependency_files.first).directory
168
178
  lockfile_hash_removed = remove_provider_h1_hashes(content, declaration_regex)
169
179
 
170
180
  # This runs in the same directory as the actual lockfile update so
@@ -198,7 +208,7 @@ module Dependabot
198
208
  end
199
209
  rescue SharedHelpers::HelperSubprocessFailed => e
200
210
  if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
201
- mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
211
+ mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
202
212
  raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
203
213
  end
204
214
  raise if @retrying_lock || !e.message.include?("terraform init")
@@ -226,7 +236,7 @@ module Dependabot
226
236
  content, provider_source, declaration_regex = lockfile_details(new_req)
227
237
  lockfile_dependency_removed = content.sub(declaration_regex, "")
228
238
 
229
- base_dir = dependency_files.first.directory
239
+ base_dir = T.must(dependency_files.first).directory
230
240
  SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
231
241
  # Determine the provider using the original manifest files
232
242
  platforms = architecture_type.map { |arch| "-platform=#{arch}" }.join(" ")
@@ -242,17 +252,17 @@ module Dependabot
242
252
  )
243
253
 
244
254
  updated_lockfile = File.read(".terraform.lock.hcl")
245
- updated_dependency = updated_lockfile.scan(declaration_regex).first
255
+ updated_dependency = T.cast(updated_lockfile.scan(declaration_regex).first, String)
246
256
 
247
257
  # Terraform will occasionally update h1 hashes without updating the version of the dependency
248
258
  # Here we make sure the dependency's version actually changes in the lockfile
249
- unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
250
- content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
259
+ unless T.cast(updated_dependency.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/) ==
260
+ T.cast(content.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/)
251
261
  content.sub!(declaration_regex, updated_dependency)
252
262
  end
253
263
  rescue SharedHelpers::HelperSubprocessFailed => e
254
264
  if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
255
- mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
265
+ mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
256
266
  raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
257
267
  end
258
268
  raise if @retrying_lock || !e.message.include?("terraform init")
@@ -276,8 +286,8 @@ module Dependabot
276
286
  output = e.message
277
287
 
278
288
  if output.match?(PRIVATE_MODULE_ERROR)
279
- repo = output.match(PRIVATE_MODULE_ERROR).named_captures.fetch("repo")
280
- if repo.match?(GIT_HTTPS_PREFIX)
289
+ repo = T.must(output.match(PRIVATE_MODULE_ERROR)).named_captures.fetch("repo")
290
+ if repo&.match?(GIT_HTTPS_PREFIX)
281
291
  repo = repo.sub(GIT_HTTPS_PREFIX, "")
282
292
  repo = repo.sub(/\.git$/, "")
283
293
  end
@@ -363,6 +373,7 @@ module Dependabot
363
373
  source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
364
374
  end
365
375
 
376
+ sig { params(provider_source: String).returns(Regexp) }
366
377
  def lockfile_declaration_regex(provider_source)
367
378
  /
368
379
  (?:(?!^\}).)*
data/lib/dependabot/terraform/metadata_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -7,12 +7,16 @@ require "dependabot/metadata_finders"
7
7
  require "dependabot/metadata_finders/base"
8
8
  require "dependabot/terraform/registry_client"
9
9
  require "dependabot/shared_helpers"
10
+ require "sorbet-runtime"
10
11
 
11
12
  module Dependabot
12
13
  module Terraform
13
14
  class MetadataFinder < Dependabot::MetadataFinders::Base
15
+ extend T::Sig
16
+
14
17
  private
15
18
 
19
+ sig { override.returns(T.nilable(Dependabot::Source)) }
16
20
  def look_up_source
17
21
  case new_source_type
18
22
  when "git" then find_source_from_git_url
@@ -21,10 +25,12 @@ module Dependabot
21
25
  end
22
26
  end
23
27
 
28
+ sig { returns(T.nilable(String)) }
24
29
  def new_source_type
25
30
  dependency.source_type
26
31
  end
27
32
 
33
+ sig { returns(T.nilable(Dependabot::Source)) }
28
34
  def find_source_from_git_url
29
35
  info = dependency.requirements.filter_map { |r| r[:source] }.first
30
36
 
@@ -32,6 +38,7 @@ module Dependabot
32
38
  Source.from_url(url)
33
39
  end
34
40
 
41
+ sig { returns(T.nilable(Dependabot::Source)) }
35
42
  def find_source_from_registry_details
36
43
  info = dependency.requirements.filter_map { |r| r[:source] }.first
37
44
  hostname = info[:registry_hostname] || info["registry_hostname"]
data/lib/dependabot/terraform/requirement.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -11,13 +11,15 @@ require "dependabot/terraform/version"
11
11
  module Dependabot
12
12
  module Terraform
13
13
  class Requirement < Dependabot::Requirement
14
+ extend T::Sig
14
15
  # Override regex PATTERN from Gem::Requirement to add support for the
15
16
  # optional 'v' prefix to release tag names, which Terraform supports.
16
17
  # https://www.terraform.io/docs/registry/modules/publish.html#requirements
17
- OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
18
- PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*".freeze
18
+ OPERATORS = T.let(OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze, String)
19
+ PATTERN_RAW = T.let("\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*".freeze, String)
19
20
  PATTERN = /\A#{PATTERN_RAW}\z/
20
21
 
22
+ sig { params(obj: T.any(String, Gem::Version)).returns(T::Array[T.any(String, Version)]) }
21
23
  def self.parse(obj)
22
24
  return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
23
25
 
@@ -28,7 +30,7 @@ module Dependabot
28
30
 
29
31
  return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
30
32
 
31
- [matches[1] || "=", Terraform::Version.new(T.must(matches[2]))]
33
+ [matches[1] || "=", Terraform::Version.new(matches[2])]
32
34
  end
33
35
 
34
36
  # For consistency with other languages, we define a requirements array.
@@ -36,11 +38,12 @@ module Dependabot
36
38
  # always contains a single element.
37
39
  sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
38
40
  def self.requirements_array(requirement_string)
39
- [new(requirement_string)]
41
+ [new(requirement_string.to_s)]
40
42
  end
41
43
 
42
44
  # Patches Gem::Requirement to make it accept requirement strings like
43
45
  # "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
46
+ sig { params(requirements: T.any(String, T::Array[String])).void }
44
47
  def initialize(*requirements)
45
48
  requirements = requirements.flatten.flat_map do |req_string|
46
49
  req_string.split(",").map(&:strip)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -260,7 +260,7 @@ licenses:
260
260
  - MIT
261
261
  metadata:
262
262
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
263
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.1
264
264
  post_install_message:
265
265
  rdoc_options: []
266
266
  require_paths: