dependabot-terraform 0.289.0 → 0.291.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef67b7a849480c1999047f2c364ca50cd2e3e105184a4bec3260ebe122620d1f
-  data.tar.gz: 27ba056f8bf0cc4769ffc7e535f4b6f712a20228b845049b923451185864714f
+  metadata.gz: 845cc0889f2292cb4c4c1b83736b700c969630973aa12f7b5358222ee52ab509
+  data.tar.gz: 66792964906d8187dabeecabceab937b4b3caf478c8200bef2aec8c51f4e6157
 SHA512:
-  metadata.gz: 8edf5db39add15821a2de09b7b1154b6efba8f23440ceb89b48896386ed37d7b296c4db4b1a8ebb7126d8ae97b2d7c696c6afd577dd00b63b3c145905bfab104
-  data.tar.gz: 4b3d5e185215dc6f01ad26bdb98515c53d37c2249279ac6891a0e87b10f38905de256ab159743e4b1144171f380bc10ba51cbb80b1bee84b767768b93d82c91f
+  metadata.gz: d97473c3b0133b6e03ebd7b5c0afa22a123768c21575756e074549948f7ac7f725cc83b61d4085bd9734a1d05ef7cad7736adb10fc15aaac3726f9d3e2e00b1c
+  data.tar.gz: 85a7e71469e14afffb5eec88cb3b6d8bf18da1d9f9c5da6e890b762e40505994b0bfb42e4be7b8a02491e67e5b874353da15c969fa6aad25a23ad6e170be83f6

data/lib/dependabot/terraform/file_parser.rb

@@ -15,6 +15,7 @@ require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/terraform/file_selector"
 require "dependabot/terraform/registry_client"
+require "dependabot/terraform/package_manager"
 
 module Dependabot
   module Terraform
@@ -41,12 +42,30 @@ module Dependabot
         dependency_set.dependencies.sort_by(&:name)
       end
 
+      sig { returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(begin
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: package_manager
+          )
+        end, T.nilable(Dependabot::Ecosystem))
+      end
+
       private
 
       sig { params(dependency_set: Dependabot::FileParsers::Base::DependencySet).void }
       def parse_terraform_files(dependency_set)
         terraform_files.each do |file|
           modules = parsed_file(file).fetch("module", {})
+          # If override.tf files are present, we need to merge the modules
+          if override_terraform_files.any?
+            override_terraform_files.each do |override_file|
+              override_modules = parsed_file(override_file).fetch("module", {})
+              modules = merge_modules(override_modules, modules)
+            end
+          end
+
           modules.each do |name, details|
             details = details.first
 
@@ -421,6 +440,25 @@ module Dependabot
           T.nilable(T::Hash[String, T.untyped])
         )
       end
+
+      sig { returns(Ecosystem::VersionManager) }
+      def package_manager
+        @package_manager ||= T.let(
+          PackageManager.new(T.must(terraform_version)),
+          T.nilable(Dependabot::Terraform::PackageManager)
+        )
+      end
+
+      sig { returns(T.nilable(String)) }
+      def terraform_version
+        @terraform_version ||= T.let(
+          begin
+            version = SharedHelpers.run_shell_command("terraform --version")
+            version.match(Dependabot::Ecosystem::VersionManager::DEFAULT_VERSION_PATTERN)&.captures&.first
+          end,
+          T.nilable(String)
+        )
+      end
     end
   end
 end

data/lib/dependabot/terraform/file_selector.rb

@@ -11,6 +11,9 @@ module Dependabot
       extend T::Sig
       extend T::Helpers
 
+      TF_EXTENSION = ".tf"
+      OVERRIDE_TF_EXTENSION = "override.tf"
+
       abstract!
 
       sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
@@ -22,7 +25,12 @@ module Dependabot
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def terraform_files
-        dependency_files.select { |f| f.name.end_with?(".tf") }
+        dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) }
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def override_terraform_files
+        dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) }
       end
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -34,6 +42,32 @@ module Dependabot
       def lockfile
         dependency_files.find { |f| lockfile?(f.name) }
       end
+
+      sig do
+        params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]],
+               base_modules: T::Hash[String,
+                                     T::Array[T::Hash[String,
+                                                      T.untyped]]])
+          .returns(T::Hash[String,
+                           T::Array[T::Hash[String,
+                                            T.untyped]]])
+      end
+      def merge_modules(modules, base_modules)
+        merged_modules = base_modules.dup
+
+        modules.each do |key, value|
+          merged_modules[key] =
+            if merged_modules.key?(key)
+              T.must(merged_modules[key]).map do |base_value|
+                base_value.merge(T.must(value.first))
+              end
+            else
+              value
+            end
+        end
+
+        merged_modules
+      end
     end
   end
 end

data/lib/dependabot/terraform/package_manager.rb

@@ -0,0 +1,41 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/ecosystem"
+require "dependabot/terraform/version"
+
+module Dependabot
+  module Terraform
+    ECOSYSTEM = "terraform"
+    PACKAGE_MANAGER = "terraform"
+    SUPPORTED_TERRAFORM_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+    # When a version is going to be unsupported, it will be added here
+    DEPRECATED_TERRAFORM_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+    class PackageManager < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      sig { params(raw_version: String).void }
+      def initialize(raw_version)
+        super(
+          PACKAGE_MANAGER,
+          Version.new(raw_version),
+          DEPRECATED_TERRAFORM_VERSIONS,
+          SUPPORTED_TERRAFORM_VERSIONS
+        )
+      end
+
+      sig { returns(T::Boolean) }
+      def deprecated?
+        false
+      end
+
+      sig { returns(T::Boolean) }
+      def unsupported?
+        false
+      end
+    end
+  end
+end

data/lib/dependabot/terraform/requirements_updater.rb

@@ -190,17 +190,20 @@ module Dependabot
         op, version = requirement.requirements.first
         version = version.release if version.prerelease?
 
-        index_to_update =
-          version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
-
-        new_segments = version.segments.map.with_index do |_, index|
-          if index < index_to_update
+        # When 'less than'/'<',
+        # increment the last available segment only so that the new version is within the constraint
+        if op == "<"
+          new_segments = version.segments.map.with_index do |_, index|
             version_to_be_permitted.segments[index]
-          elsif index == index_to_update
-            version_to_be_permitted.segments[index].to_i + 1
-          else
-            0
           end
+          new_segments[-1] += 1
+        # When 'less-than/equal'/'<=', use the new version as-is even when previously set as a non-semver version
+        # Terraform treats shortened versions the same as a version with any remaining segments as 0
+        # Example: '0.2' is treated as '0.2.0' | '1' is treated as '1.0.0'
+        elsif op == "<="
+          new_segments = version_to_be_permitted.segments
+        else
+          raise "Unexpected operation: #{op}"
         end
 
         requirement_class.new("#{op} #{new_segments.join('.')}")

data/lib/dependabot/terraform/version.rb

@@ -3,6 +3,7 @@
 
 require "sorbet-runtime"
 
+require "dependabot/utils"
 require "dependabot/version"
 
 # Terraform pre-release versions use 1.0.1-rc1 syntax, which Gem::Version

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.289.0
+  version: 0.291.0
 platform: ruby
 authors:
 - Dependabot
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-05 00:00:00.000000000 Z
+date: 2024-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.289.0
+        version: 0.291.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.289.0
+        version: 0.291.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -250,6 +250,7 @@ files:
 - lib/dependabot/terraform/file_selector.rb
 - lib/dependabot/terraform/file_updater.rb
 - lib/dependabot/terraform/metadata_finder.rb
+- lib/dependabot/terraform/package_manager.rb
 - lib/dependabot/terraform/registry_client.rb
 - lib/dependabot/terraform/requirement.rb
 - lib/dependabot/terraform/requirements_updater.rb
@@ -260,8 +261,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.289.0
-post_install_message: 
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -277,7 +278,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 requirements: []
 rubygems_version: 3.5.9
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Provides Dependabot support for Terraform
 test_files: []