dependabot-terraform 0.279.0 → 0.281.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d37ae246539b7134c6d776e782b70ef1125acc9e230600f03836ab8d363de079
|
|
4
|
+
data.tar.gz: 1256f419f1e57ac20446b3cd5d677f481cc075b685bae54ee5def7bba5e6ec03
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f26e6943c4c843fa2d37c14393ffaa6046a976a6b4929baa69936a8f2a4afb7bf8c6e9615a7b228aa4371c488c59a7c9d5fbb8fad88c88c233860d0e50a784c5
|
|
7
|
+
data.tar.gz: 5555620a9d25d7ee7383ba013e04b9b4a4ce7566378e9af17954afc0c7991d51d3854b60bde0ac51a518c295cf67859aaf471987e8e6c64ad68905b8b5b0dcad
|
|
@@ -269,7 +269,7 @@ module Dependabot
|
|
|
269
269
|
if git_url.include?("git@")
|
|
270
270
|
T.must(git_url.split("git@").last).sub(":", "/")
|
|
271
271
|
else
|
|
272
|
-
git_url.sub(%r{
|
|
272
|
+
git_url.sub(%r{(?:\w{3,5})?://}, "")
|
|
273
273
|
end
|
|
274
274
|
|
|
275
275
|
querystr = URI.parse("https://" + bare_uri).query
|
|
@@ -292,6 +292,7 @@ module Dependabot
|
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
295
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
295
296
|
sig { params(source_string: String).returns(Symbol) }
|
|
296
297
|
def source_type(source_string)
|
|
297
298
|
return :interpolation if source_string.include?("${")
|
|
@@ -308,11 +309,12 @@ module Dependabot
|
|
|
308
309
|
|
|
309
310
|
path_uri = URI.parse(T.must(source_string.split(%r{(?<!:)//}).first))
|
|
310
311
|
query_uri = URI.parse(source_string)
|
|
311
|
-
return :http_archive if path_uri.path
|
|
312
|
+
return :http_archive if RegistryClient::ARCHIVE_EXTENSIONS.any? { |ext| path_uri.path&.end_with?(ext) }
|
|
312
313
|
return :http_archive if query_uri.query&.include?("archive=")
|
|
313
314
|
|
|
314
315
|
raise "HTTP source, but not an archive!"
|
|
315
316
|
end
|
|
317
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
316
318
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
317
319
|
|
|
318
320
|
# == Returns:
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -20,10 +20,12 @@ module Dependabot
|
|
|
20
20
|
MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
|
|
21
21
|
GIT_HTTPS_PREFIX = %r{^git::https://}
|
|
22
22
|
|
|
23
|
+
sig { override.returns(T::Array[Regexp]) }
|
|
23
24
|
def self.updated_files_regex
|
|
24
25
|
[/\.tf$/, /\.hcl$/]
|
|
25
26
|
end
|
|
26
27
|
|
|
28
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
27
29
|
def updated_dependency_files
|
|
28
30
|
updated_files = []
|
|
29
31
|
|
|
@@ -69,23 +71,25 @@ module Dependabot
|
|
|
69
71
|
# (requirements - previous_requirements) | (previous_requirements - requirements)
|
|
70
72
|
# => [{requirement: "0.9.1"}]
|
|
71
73
|
# we can detect that change.
|
|
74
|
+
sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
72
75
|
def requirement_changed?(file, dependency)
|
|
73
76
|
changed_requirements =
|
|
74
|
-
(dependency.requirements - dependency.previous_requirements) |
|
|
75
|
-
(dependency.previous_requirements - dependency.requirements)
|
|
77
|
+
(dependency.requirements - T.must(dependency.previous_requirements)) |
|
|
78
|
+
(T.must(dependency.previous_requirements) - dependency.requirements)
|
|
76
79
|
|
|
77
80
|
changed_requirements.any? { |f| f[:file] == file.name }
|
|
78
81
|
end
|
|
79
82
|
|
|
83
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
80
84
|
def updated_terraform_file_content(file)
|
|
81
|
-
content = file.content.dup
|
|
85
|
+
content = T.must(file.content.dup)
|
|
82
86
|
|
|
83
|
-
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
|
87
|
+
reqs = dependency.requirements.zip(T.must(dependency.previous_requirements))
|
|
84
88
|
.reject { |new_req, old_req| new_req == old_req }
|
|
85
89
|
|
|
86
90
|
# Loop through each changed requirement and update the files and lockfile
|
|
87
91
|
reqs.each do |new_req, old_req|
|
|
88
|
-
raise "Bad req match" unless new_req[:file] == old_req
|
|
92
|
+
raise "Bad req match" unless new_req[:file] == old_req&.fetch(:file)
|
|
89
93
|
next unless new_req.fetch(:file) == file.name
|
|
90
94
|
|
|
91
95
|
case new_req[:source][:type]
|
|
@@ -102,20 +106,37 @@ module Dependabot
|
|
|
102
106
|
content
|
|
103
107
|
end
|
|
104
108
|
|
|
109
|
+
sig do
|
|
110
|
+
params(
|
|
111
|
+
new_req: T::Hash[Symbol, T.untyped],
|
|
112
|
+
old_req: T.nilable(T::Hash[Symbol, T.untyped]),
|
|
113
|
+
updated_content: String,
|
|
114
|
+
filename: String
|
|
115
|
+
)
|
|
116
|
+
.void
|
|
117
|
+
end
|
|
105
118
|
def update_git_declaration(new_req, old_req, updated_content, filename)
|
|
106
|
-
url = old_req
|
|
107
|
-
tag = old_req
|
|
119
|
+
url = old_req&.dig(:source, :url)&.gsub(%r{^https://}, "")
|
|
120
|
+
tag = old_req&.dig(:source, :ref)
|
|
108
121
|
url_regex = /#{Regexp.quote(url)}.*ref=#{Regexp.quote(tag)}/
|
|
109
122
|
|
|
110
123
|
declaration_regex = git_declaration_regex(filename)
|
|
111
124
|
|
|
112
125
|
updated_content.sub!(declaration_regex) do |regex_match|
|
|
113
126
|
regex_match.sub(url_regex) do |url_match|
|
|
114
|
-
url_match.sub(old_req
|
|
127
|
+
url_match.sub(old_req&.dig(:source, :ref), new_req[:source][:ref])
|
|
115
128
|
end
|
|
116
129
|
end
|
|
117
130
|
end
|
|
118
131
|
|
|
132
|
+
sig do
|
|
133
|
+
params(
|
|
134
|
+
new_req: T::Hash[Symbol, T.untyped],
|
|
135
|
+
old_req: T.nilable(T::Hash[Symbol, T.untyped]),
|
|
136
|
+
updated_content: String
|
|
137
|
+
)
|
|
138
|
+
.void
|
|
139
|
+
end
|
|
119
140
|
def update_registry_declaration(new_req, old_req, updated_content)
|
|
120
141
|
regex = if new_req[:source][:type] == "provider"
|
|
121
142
|
provider_declaration_regex(updated_content)
|
|
@@ -124,18 +145,20 @@ module Dependabot
|
|
|
124
145
|
end
|
|
125
146
|
updated_content.gsub!(regex) do |regex_match|
|
|
126
147
|
regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
|
|
127
|
-
req_line_match.sub(old_req
|
|
148
|
+
req_line_match.sub(old_req&.fetch(:requirement), new_req[:requirement])
|
|
128
149
|
end
|
|
129
150
|
end
|
|
130
151
|
end
|
|
131
152
|
|
|
153
|
+
sig { params(content: String, declaration_regex: Regexp).returns(T::Array[String]) }
|
|
132
154
|
def extract_provider_h1_hashes(content, declaration_regex)
|
|
133
155
|
content.match(declaration_regex).to_s
|
|
134
156
|
.match(hashes_object_regex).to_s
|
|
135
157
|
.split("\n").map { |hash| hash.match(hashes_string_regex).to_s }
|
|
136
|
-
.select { |h| h
|
|
158
|
+
.select { |h| h.match?(/^h1:/) }
|
|
137
159
|
end
|
|
138
160
|
|
|
161
|
+
sig { params(content: String, declaration_regex: Regexp).returns(String) }
|
|
139
162
|
def remove_provider_h1_hashes(content, declaration_regex)
|
|
140
163
|
content.match(declaration_regex).to_s
|
|
141
164
|
.sub(hashes_object_regex, "")
|
|
@@ -155,8 +178,9 @@ module Dependabot
|
|
|
155
178
|
[T.must(content), provider_source, declaration_regex]
|
|
156
179
|
end
|
|
157
180
|
|
|
181
|
+
sig { returns(T.nilable(T::Array[Symbol])) }
|
|
158
182
|
def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
|
|
159
|
-
new_req = dependency.requirements.first
|
|
183
|
+
new_req = T.must(dependency.requirements.first)
|
|
160
184
|
|
|
161
185
|
# NOTE: Only providers are included in the lockfile, modules are not
|
|
162
186
|
return unless new_req[:source][:type] == "provider"
|
|
@@ -222,14 +246,23 @@ module Dependabot
|
|
|
222
246
|
architectures.to_a
|
|
223
247
|
end
|
|
224
248
|
|
|
249
|
+
sig { returns(T::Array[Symbol]) }
|
|
225
250
|
def architecture_type
|
|
226
|
-
@architecture_type ||=
|
|
251
|
+
@architecture_type ||= T.let(
|
|
252
|
+
if lookup_hash_architecture.nil? || lookup_hash_architecture&.empty?
|
|
253
|
+
[:linux_amd64]
|
|
254
|
+
else
|
|
255
|
+
T.must(lookup_hash_architecture)
|
|
256
|
+
end,
|
|
257
|
+
T.nilable(T::Array[Symbol])
|
|
258
|
+
)
|
|
227
259
|
end
|
|
228
260
|
|
|
261
|
+
sig { params(updated_manifest_files: T::Array[Dependabot::DependencyFile]).returns(T.nilable(String)) }
|
|
229
262
|
def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
|
|
230
263
|
return if lockfile.nil?
|
|
231
264
|
|
|
232
|
-
new_req = dependency.requirements.first
|
|
265
|
+
new_req = T.must(dependency.requirements.first)
|
|
233
266
|
# NOTE: Only providers are included in the lockfile, modules are not
|
|
234
267
|
return unless new_req[:source][:type] == "provider"
|
|
235
268
|
|
|
@@ -268,7 +301,7 @@ module Dependabot
|
|
|
268
301
|
raise if @retrying_lock || !e.message.include?("terraform init")
|
|
269
302
|
|
|
270
303
|
# NOTE: Modules need to be installed before terraform can update the lockfile
|
|
271
|
-
@retrying_lock = true
|
|
304
|
+
@retrying_lock = T.let(true, T.nilable(T::Boolean))
|
|
272
305
|
run_terraform_init
|
|
273
306
|
retry
|
|
274
307
|
end
|
|
@@ -276,6 +309,7 @@ module Dependabot
|
|
|
276
309
|
content
|
|
277
310
|
end
|
|
278
311
|
|
|
312
|
+
sig { void }
|
|
279
313
|
def run_terraform_init
|
|
280
314
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
281
315
|
# -backend=false option used to ignore any backend configuration, as these won't be accessible
|
|
@@ -298,30 +332,36 @@ module Dependabot
|
|
|
298
332
|
end
|
|
299
333
|
end
|
|
300
334
|
|
|
335
|
+
sig { returns(Dependabot::Dependency) }
|
|
301
336
|
def dependency
|
|
302
337
|
# Terraform updates will only ever be updating a single dependency
|
|
303
|
-
dependencies.first
|
|
338
|
+
T.must(dependencies.first)
|
|
304
339
|
end
|
|
305
340
|
|
|
341
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
306
342
|
def files_with_requirement
|
|
307
343
|
filenames = dependency.requirements.map { |r| r[:file] }
|
|
308
344
|
dependency_files.select { |file| filenames.include?(file.name) }
|
|
309
345
|
end
|
|
310
346
|
|
|
347
|
+
sig { override.void }
|
|
311
348
|
def check_required_files
|
|
312
349
|
return if [*terraform_files, *terragrunt_files].any?
|
|
313
350
|
|
|
314
351
|
raise "No Terraform configuration file!"
|
|
315
352
|
end
|
|
316
353
|
|
|
354
|
+
sig { returns(Regexp) }
|
|
317
355
|
def hashes_object_regex
|
|
318
356
|
/hashes\s*=\s*[^\]]*\]/m
|
|
319
357
|
end
|
|
320
358
|
|
|
359
|
+
sig { returns(Regexp) }
|
|
321
360
|
def hashes_string_regex
|
|
322
361
|
/(?<=\").*(?=\")/
|
|
323
362
|
end
|
|
324
363
|
|
|
364
|
+
sig { params(updated_content: String).returns(Regexp) }
|
|
325
365
|
def provider_declaration_regex(updated_content)
|
|
326
366
|
name = Regexp.escape(dependency.name)
|
|
327
367
|
registry_host = Regexp.escape(registry_host_for(dependency))
|
|
@@ -341,6 +381,7 @@ module Dependabot
|
|
|
341
381
|
end
|
|
342
382
|
end
|
|
343
383
|
|
|
384
|
+
sig { returns(Regexp) }
|
|
344
385
|
def registry_declaration_regex
|
|
345
386
|
%r{
|
|
346
387
|
(?<=\{)
|
|
@@ -354,6 +395,7 @@ module Dependabot
|
|
|
354
395
|
}mx
|
|
355
396
|
end
|
|
356
397
|
|
|
398
|
+
sig { params(filename: String).returns(Regexp) }
|
|
357
399
|
def git_declaration_regex(filename)
|
|
358
400
|
# For terragrunt dependencies there's not a lot we can base the
|
|
359
401
|
# regex on. Just look for declarations within a `terraform` block
|
|
@@ -361,13 +403,14 @@ module Dependabot
|
|
|
361
403
|
|
|
362
404
|
# For modules we can do better - filter for module blocks that use the
|
|
363
405
|
# name of the module
|
|
364
|
-
module_name = dependency.name.split("::").first
|
|
406
|
+
module_name = T.must(dependency.name.split("::").first)
|
|
365
407
|
/
|
|
366
408
|
module\s+["']#{Regexp.escape(module_name)}["']\s*\{
|
|
367
409
|
(?:(?!^\}).)*
|
|
368
410
|
/mx
|
|
369
411
|
end
|
|
370
412
|
|
|
413
|
+
sig { params(dependency: Dependabot::Dependency).returns(String) }
|
|
371
414
|
def registry_host_for(dependency)
|
|
372
415
|
source = dependency.requirements.filter_map { |r| r[:source] }.first
|
|
373
416
|
source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
|
|
@@ -25,11 +25,13 @@ module Dependabot
|
|
|
25
25
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
26
26
|
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
27
27
|
# details of how Terraform handle HTTP(S) sources for modules
|
|
28
|
-
|
|
28
|
+
# rubocop:disable Metrics/AbcSize
|
|
29
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
30
|
+
def self.get_proxied_source(raw_source)
|
|
29
31
|
return raw_source unless raw_source.start_with?("http")
|
|
30
32
|
|
|
31
33
|
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
32
|
-
return raw_source if uri.path
|
|
34
|
+
return raw_source if ARCHIVE_EXTENSIONS.any? { |ext| uri.path&.end_with?(ext) }
|
|
33
35
|
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
34
36
|
|
|
35
37
|
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
@@ -49,6 +51,8 @@ module Dependabot
|
|
|
49
51
|
|
|
50
52
|
raw_source
|
|
51
53
|
end
|
|
54
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
55
|
+
# rubocop:enable Metrics/AbcSize
|
|
52
56
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
53
57
|
|
|
54
58
|
# Fetch all the versions of a provider, and return a Version
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.281.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.281.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.281.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -156,14 +156,14 @@ dependencies:
|
|
|
156
156
|
requirements:
|
|
157
157
|
- - "~>"
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 0.8.
|
|
159
|
+
version: 0.8.5
|
|
160
160
|
type: :development
|
|
161
161
|
prerelease: false
|
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
163
|
requirements:
|
|
164
164
|
- - "~>"
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: 0.8.
|
|
166
|
+
version: 0.8.5
|
|
167
167
|
- !ruby/object:Gem::Dependency
|
|
168
168
|
name: simplecov
|
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -260,7 +260,7 @@ licenses:
|
|
|
260
260
|
- MIT
|
|
261
261
|
metadata:
|
|
262
262
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
263
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.281.0
|
|
264
264
|
post_install_message:
|
|
265
265
|
rdoc_options: []
|
|
266
266
|
require_paths:
|