dependabot-terraform 0.279.0 → 0.281.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5aaff31ec9c254d6546d349bf160dd50f0dc038f00d3fb4deb1521d26b4c621b
4
- data.tar.gz: '08fb4b1a107d25ded631a2f6ac3f392f0b808930c7c3fc1b064191b6acb4999a'
3
+ metadata.gz: d37ae246539b7134c6d776e782b70ef1125acc9e230600f03836ab8d363de079
4
+ data.tar.gz: 1256f419f1e57ac20446b3cd5d677f481cc075b685bae54ee5def7bba5e6ec03
5
5
  SHA512:
6
- metadata.gz: b4e2435cd36a64fd1984fa489c9048d57f363585c8fb07eb210b8345d5956d44e952e05a759ce87d06bf2ba38f562825d8660e1fd39d78496382891b59f35840
7
- data.tar.gz: b1ef7bf7f8dc3c836aea734f48af7a446261320e9a249c47149a507cca99147844be0efccad2c678345d3df97e00e0bf83345aaf2a876037bfd3846b7bde4a97
6
+ metadata.gz: f26e6943c4c843fa2d37c14393ffaa6046a976a6b4929baa69936a8f2a4afb7bf8c6e9615a7b228aa4371c488c59a7c9d5fbb8fad88c88c233860d0e50a784c5
7
+ data.tar.gz: 5555620a9d25d7ee7383ba013e04b9b4a4ce7566378e9af17954afc0c7991d51d3854b60bde0ac51a518c295cf67859aaf471987e8e6c64ad68905b8b5b0dcad
@@ -269,7 +269,7 @@ module Dependabot
269
269
  if git_url.include?("git@")
270
270
  T.must(git_url.split("git@").last).sub(":", "/")
271
271
  else
272
- git_url.sub(%r{.*?://}, "")
272
+ git_url.sub(%r{(?:\w{3,5})?://}, "")
273
273
  end
274
274
 
275
275
  querystr = URI.parse("https://" + bare_uri).query
@@ -292,6 +292,7 @@ module Dependabot
292
292
  end
293
293
 
294
294
  # rubocop:disable Metrics/PerceivedComplexity
295
+ # rubocop:disable Metrics/CyclomaticComplexity
295
296
  sig { params(source_string: String).returns(Symbol) }
296
297
  def source_type(source_string)
297
298
  return :interpolation if source_string.include?("${")
@@ -308,11 +309,12 @@ module Dependabot
308
309
 
309
310
  path_uri = URI.parse(T.must(source_string.split(%r{(?<!:)//}).first))
310
311
  query_uri = URI.parse(source_string)
311
- return :http_archive if path_uri.path.end_with?(*RegistryClient::ARCHIVE_EXTENSIONS)
312
+ return :http_archive if RegistryClient::ARCHIVE_EXTENSIONS.any? { |ext| path_uri.path&.end_with?(ext) }
312
313
  return :http_archive if query_uri.query&.include?("archive=")
313
314
 
314
315
  raise "HTTP source, but not an archive!"
315
316
  end
317
+ # rubocop:enable Metrics/CyclomaticComplexity
316
318
  # rubocop:enable Metrics/PerceivedComplexity
317
319
 
318
320
  # == Returns:
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -20,10 +20,12 @@ module Dependabot
20
20
  MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
21
21
  GIT_HTTPS_PREFIX = %r{^git::https://}
22
22
 
23
+ sig { override.returns(T::Array[Regexp]) }
23
24
  def self.updated_files_regex
24
25
  [/\.tf$/, /\.hcl$/]
25
26
  end
26
27
 
28
+ sig { override.returns(T::Array[Dependabot::DependencyFile]) }
27
29
  def updated_dependency_files
28
30
  updated_files = []
29
31
 
@@ -69,23 +71,25 @@ module Dependabot
69
71
  # (requirements - previous_requirements) | (previous_requirements - requirements)
70
72
  # => [{requirement: "0.9.1"}]
71
73
  # we can detect that change.
74
+ sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
72
75
  def requirement_changed?(file, dependency)
73
76
  changed_requirements =
74
- (dependency.requirements - dependency.previous_requirements) |
75
- (dependency.previous_requirements - dependency.requirements)
77
+ (dependency.requirements - T.must(dependency.previous_requirements)) |
78
+ (T.must(dependency.previous_requirements) - dependency.requirements)
76
79
 
77
80
  changed_requirements.any? { |f| f[:file] == file.name }
78
81
  end
79
82
 
83
+ sig { params(file: Dependabot::DependencyFile).returns(String) }
80
84
  def updated_terraform_file_content(file)
81
- content = file.content.dup
85
+ content = T.must(file.content.dup)
82
86
 
83
- reqs = dependency.requirements.zip(dependency.previous_requirements)
87
+ reqs = dependency.requirements.zip(T.must(dependency.previous_requirements))
84
88
  .reject { |new_req, old_req| new_req == old_req }
85
89
 
86
90
  # Loop through each changed requirement and update the files and lockfile
87
91
  reqs.each do |new_req, old_req|
88
- raise "Bad req match" unless new_req[:file] == old_req[:file]
92
+ raise "Bad req match" unless new_req[:file] == old_req&.fetch(:file)
89
93
  next unless new_req.fetch(:file) == file.name
90
94
 
91
95
  case new_req[:source][:type]
@@ -102,20 +106,37 @@ module Dependabot
102
106
  content
103
107
  end
104
108
 
109
+ sig do
110
+ params(
111
+ new_req: T::Hash[Symbol, T.untyped],
112
+ old_req: T.nilable(T::Hash[Symbol, T.untyped]),
113
+ updated_content: String,
114
+ filename: String
115
+ )
116
+ .void
117
+ end
105
118
  def update_git_declaration(new_req, old_req, updated_content, filename)
106
- url = old_req.fetch(:source)[:url].gsub(%r{^https://}, "")
107
- tag = old_req.fetch(:source)[:ref]
119
+ url = old_req&.dig(:source, :url)&.gsub(%r{^https://}, "")
120
+ tag = old_req&.dig(:source, :ref)
108
121
  url_regex = /#{Regexp.quote(url)}.*ref=#{Regexp.quote(tag)}/
109
122
 
110
123
  declaration_regex = git_declaration_regex(filename)
111
124
 
112
125
  updated_content.sub!(declaration_regex) do |regex_match|
113
126
  regex_match.sub(url_regex) do |url_match|
114
- url_match.sub(old_req[:source][:ref], new_req[:source][:ref])
127
+ url_match.sub(old_req&.dig(:source, :ref), new_req[:source][:ref])
115
128
  end
116
129
  end
117
130
  end
118
131
 
132
+ sig do
133
+ params(
134
+ new_req: T::Hash[Symbol, T.untyped],
135
+ old_req: T.nilable(T::Hash[Symbol, T.untyped]),
136
+ updated_content: String
137
+ )
138
+ .void
139
+ end
119
140
  def update_registry_declaration(new_req, old_req, updated_content)
120
141
  regex = if new_req[:source][:type] == "provider"
121
142
  provider_declaration_regex(updated_content)
@@ -124,18 +145,20 @@ module Dependabot
124
145
  end
125
146
  updated_content.gsub!(regex) do |regex_match|
126
147
  regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
127
- req_line_match.sub(old_req[:requirement], new_req[:requirement])
148
+ req_line_match.sub(old_req&.fetch(:requirement), new_req[:requirement])
128
149
  end
129
150
  end
130
151
  end
131
152
 
153
+ sig { params(content: String, declaration_regex: Regexp).returns(T::Array[String]) }
132
154
  def extract_provider_h1_hashes(content, declaration_regex)
133
155
  content.match(declaration_regex).to_s
134
156
  .match(hashes_object_regex).to_s
135
157
  .split("\n").map { |hash| hash.match(hashes_string_regex).to_s }
136
- .select { |h| h&.match?(/^h1:/) }
158
+ .select { |h| h.match?(/^h1:/) }
137
159
  end
138
160
 
161
+ sig { params(content: String, declaration_regex: Regexp).returns(String) }
139
162
  def remove_provider_h1_hashes(content, declaration_regex)
140
163
  content.match(declaration_regex).to_s
141
164
  .sub(hashes_object_regex, "")
@@ -155,8 +178,9 @@ module Dependabot
155
178
  [T.must(content), provider_source, declaration_regex]
156
179
  end
157
180
 
181
+ sig { returns(T.nilable(T::Array[Symbol])) }
158
182
  def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
159
- new_req = dependency.requirements.first
183
+ new_req = T.must(dependency.requirements.first)
160
184
 
161
185
  # NOTE: Only providers are included in the lockfile, modules are not
162
186
  return unless new_req[:source][:type] == "provider"
@@ -222,14 +246,23 @@ module Dependabot
222
246
  architectures.to_a
223
247
  end
224
248
 
249
+ sig { returns(T::Array[Symbol]) }
225
250
  def architecture_type
226
- @architecture_type ||= lookup_hash_architecture.empty? ? [:linux_amd64] : lookup_hash_architecture
251
+ @architecture_type ||= T.let(
252
+ if lookup_hash_architecture.nil? || lookup_hash_architecture&.empty?
253
+ [:linux_amd64]
254
+ else
255
+ T.must(lookup_hash_architecture)
256
+ end,
257
+ T.nilable(T::Array[Symbol])
258
+ )
227
259
  end
228
260
 
261
+ sig { params(updated_manifest_files: T::Array[Dependabot::DependencyFile]).returns(T.nilable(String)) }
229
262
  def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
230
263
  return if lockfile.nil?
231
264
 
232
- new_req = dependency.requirements.first
265
+ new_req = T.must(dependency.requirements.first)
233
266
  # NOTE: Only providers are included in the lockfile, modules are not
234
267
  return unless new_req[:source][:type] == "provider"
235
268
 
@@ -268,7 +301,7 @@ module Dependabot
268
301
  raise if @retrying_lock || !e.message.include?("terraform init")
269
302
 
270
303
  # NOTE: Modules need to be installed before terraform can update the lockfile
271
- @retrying_lock = true
304
+ @retrying_lock = T.let(true, T.nilable(T::Boolean))
272
305
  run_terraform_init
273
306
  retry
274
307
  end
@@ -276,6 +309,7 @@ module Dependabot
276
309
  content
277
310
  end
278
311
 
312
+ sig { void }
279
313
  def run_terraform_init
280
314
  SharedHelpers.with_git_configured(credentials: credentials) do
281
315
  # -backend=false option used to ignore any backend configuration, as these won't be accessible
@@ -298,30 +332,36 @@ module Dependabot
298
332
  end
299
333
  end
300
334
 
335
+ sig { returns(Dependabot::Dependency) }
301
336
  def dependency
302
337
  # Terraform updates will only ever be updating a single dependency
303
- dependencies.first
338
+ T.must(dependencies.first)
304
339
  end
305
340
 
341
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
306
342
  def files_with_requirement
307
343
  filenames = dependency.requirements.map { |r| r[:file] }
308
344
  dependency_files.select { |file| filenames.include?(file.name) }
309
345
  end
310
346
 
347
+ sig { override.void }
311
348
  def check_required_files
312
349
  return if [*terraform_files, *terragrunt_files].any?
313
350
 
314
351
  raise "No Terraform configuration file!"
315
352
  end
316
353
 
354
+ sig { returns(Regexp) }
317
355
  def hashes_object_regex
318
356
  /hashes\s*=\s*[^\]]*\]/m
319
357
  end
320
358
 
359
+ sig { returns(Regexp) }
321
360
  def hashes_string_regex
322
361
  /(?<=\").*(?=\")/
323
362
  end
324
363
 
364
+ sig { params(updated_content: String).returns(Regexp) }
325
365
  def provider_declaration_regex(updated_content)
326
366
  name = Regexp.escape(dependency.name)
327
367
  registry_host = Regexp.escape(registry_host_for(dependency))
@@ -341,6 +381,7 @@ module Dependabot
341
381
  end
342
382
  end
343
383
 
384
+ sig { returns(Regexp) }
344
385
  def registry_declaration_regex
345
386
  %r{
346
387
  (?<=\{)
@@ -354,6 +395,7 @@ module Dependabot
354
395
  }mx
355
396
  end
356
397
 
398
+ sig { params(filename: String).returns(Regexp) }
357
399
  def git_declaration_regex(filename)
358
400
  # For terragrunt dependencies there's not a lot we can base the
359
401
  # regex on. Just look for declarations within a `terraform` block
@@ -361,13 +403,14 @@ module Dependabot
361
403
 
362
404
  # For modules we can do better - filter for module blocks that use the
363
405
  # name of the module
364
- module_name = dependency.name.split("::").first
406
+ module_name = T.must(dependency.name.split("::").first)
365
407
  /
366
408
  module\s+["']#{Regexp.escape(module_name)}["']\s*\{
367
409
  (?:(?!^\}).)*
368
410
  /mx
369
411
  end
370
412
 
413
+ sig { params(dependency: Dependabot::Dependency).returns(String) }
371
414
  def registry_host_for(dependency)
372
415
  source = dependency.requirements.filter_map { |r| r[:source] }.first
373
416
  source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
@@ -25,11 +25,13 @@ module Dependabot
25
25
  # rubocop:disable Metrics/PerceivedComplexity
26
26
  # See https://www.terraform.io/docs/modules/sources.html#http-urls for
27
27
  # details of how Terraform handle HTTP(S) sources for modules
28
- def self.get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
28
+ # rubocop:disable Metrics/AbcSize
29
+ # rubocop:disable Metrics/CyclomaticComplexity
30
+ def self.get_proxied_source(raw_source)
29
31
  return raw_source unless raw_source.start_with?("http")
30
32
 
31
33
  uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
32
- return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
34
+ return raw_source if ARCHIVE_EXTENSIONS.any? { |ext| uri.path&.end_with?(ext) }
33
35
  return raw_source if URI.parse(raw_source).query&.include?("archive=")
34
36
 
35
37
  url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
@@ -49,6 +51,8 @@ module Dependabot
49
51
 
50
52
  raw_source
51
53
  end
54
+ # rubocop:enable Metrics/CyclomaticComplexity
55
+ # rubocop:enable Metrics/AbcSize
52
56
  # rubocop:enable Metrics/PerceivedComplexity
53
57
 
54
58
  # Fetch all the versions of a provider, and return a Version
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.279.0
4
+ version: 0.281.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-03 00:00:00.000000000 Z
11
+ date: 2024-10-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.279.0
19
+ version: 0.281.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.279.0
26
+ version: 0.281.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -156,14 +156,14 @@ dependencies:
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.8.1
159
+ version: 0.8.5
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 0.8.1
166
+ version: 0.8.5
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: simplecov
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -260,7 +260,7 @@ licenses:
260
260
  - MIT
261
261
  metadata:
262
262
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.279.0
263
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.281.0
264
264
  post_install_message:
265
265
  rdoc_options: []
266
266
  require_paths: