dependabot-terraform 0.290.0 → 0.291.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e0f4662f3b380550700c34ce1d5ebfd4331c9699fc41a229347a7de60d9d8a3
-  data.tar.gz: 7362762bc283251c531f4177cca60d87505c119543fc8547734e79e2058a1f2f
+  metadata.gz: 845cc0889f2292cb4c4c1b83736b700c969630973aa12f7b5358222ee52ab509
+  data.tar.gz: 66792964906d8187dabeecabceab937b4b3caf478c8200bef2aec8c51f4e6157
 SHA512:
-  metadata.gz: 2a94c3c69ef265f951b9dc6d560908d26fda210804775ce424231cbaeecd02d44f8e32589a2be29f5a9413df67e2349f93fd126cd75c3a1f2fa839f6a8bb1ad6
-  data.tar.gz: 4e457715a0a53a014abce4dfa589718a22809aa49cf7f2934fe3dd63def947786fcbb577e4f86bd897e948561d0aec66b2c086f522904e6c23c2d2e25eda024b
+  metadata.gz: d97473c3b0133b6e03ebd7b5c0afa22a123768c21575756e074549948f7ac7f725cc83b61d4085bd9734a1d05ef7cad7736adb10fc15aaac3726f9d3e2e00b1c
+  data.tar.gz: 85a7e71469e14afffb5eec88cb3b6d8bf18da1d9f9c5da6e890b762e40505994b0bfb42e4be7b8a02491e67e5b874353da15c969fa6aad25a23ad6e170be83f6

data/lib/dependabot/terraform/file_parser.rb

@@ -58,6 +58,14 @@ module Dependabot
       def parse_terraform_files(dependency_set)
         terraform_files.each do |file|
           modules = parsed_file(file).fetch("module", {})
+          # If override.tf files are present, we need to merge the modules
+          if override_terraform_files.any?
+            override_terraform_files.each do |override_file|
+              override_modules = parsed_file(override_file).fetch("module", {})
+              modules = merge_modules(override_modules, modules)
+            end
+          end
+
           modules.each do |name, details|
             details = details.first
 

data/lib/dependabot/terraform/file_selector.rb

@@ -11,6 +11,9 @@ module Dependabot
       extend T::Sig
       extend T::Helpers
 
+      TF_EXTENSION = ".tf"
+      OVERRIDE_TF_EXTENSION = "override.tf"
+
       abstract!
 
       sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
@@ -22,7 +25,12 @@ module Dependabot
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def terraform_files
-        dependency_files.select { |f| f.name.end_with?(".tf") }
+        dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) }
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def override_terraform_files
+        dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) }
       end
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -34,6 +42,32 @@ module Dependabot
       def lockfile
         dependency_files.find { |f| lockfile?(f.name) }
       end
+
+      sig do
+        params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]],
+               base_modules: T::Hash[String,
+                                     T::Array[T::Hash[String,
+                                                      T.untyped]]])
+          .returns(T::Hash[String,
+                           T::Array[T::Hash[String,
+                                            T.untyped]]])
+      end
+      def merge_modules(modules, base_modules)
+        merged_modules = base_modules.dup
+
+        modules.each do |key, value|
+          merged_modules[key] =
+            if merged_modules.key?(key)
+              T.must(merged_modules[key]).map do |base_value|
+                base_value.merge(T.must(value.first))
+              end
+            else
+              value
+            end
+        end
+
+        merged_modules
+      end
     end
   end
 end

data/lib/dependabot/terraform/requirements_updater.rb

@@ -190,17 +190,20 @@ module Dependabot
         op, version = requirement.requirements.first
         version = version.release if version.prerelease?
 
-        index_to_update =
-          version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
-
-        new_segments = version.segments.map.with_index do |_, index|
-          if index < index_to_update
+        # When 'less than'/'<',
+        # increment the last available segment only so that the new version is within the constraint
+        if op == "<"
+          new_segments = version.segments.map.with_index do |_, index|
             version_to_be_permitted.segments[index]
-          elsif index == index_to_update
-            version_to_be_permitted.segments[index].to_i + 1
-          else
-            0
           end
+          new_segments[-1] += 1
+        # When 'less-than/equal'/'<=', use the new version as-is even when previously set as a non-semver version
+        # Terraform treats shortened versions the same as a version with any remaining segments as 0
+        # Example: '0.2' is treated as '0.2.0' | '1' is treated as '1.0.0'
+        elsif op == "<="
+          new_segments = version_to_be_permitted.segments
+        else
+          raise "Unexpected operation: #{op}"
         end
 
         requirement_class.new("#{op} #{new_segments.join('.')}")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.290.0
+  version: 0.291.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-12 00:00:00.000000000 Z
+date: 2024-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.290.0
+        version: 0.291.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.290.0
+        version: 0.291.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -261,7 +261,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
 post_install_message:
 rdoc_options: []
 require_paths: