dependabot-terraform 0.290.0 → 0.292.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5e0f4662f3b380550700c34ce1d5ebfd4331c9699fc41a229347a7de60d9d8a3
4
- data.tar.gz: 7362762bc283251c531f4177cca60d87505c119543fc8547734e79e2058a1f2f
3
+ metadata.gz: ea8dd2b8dfd9dd4c5ca512460b767a13581c284a9bbaa00d2de61fad786d38f6
4
+ data.tar.gz: d5f71eed2c306f2e6e260703bde77e71f8974bff141cdffa72d1d0df19a03a7d
5
5
  SHA512:
6
- metadata.gz: 2a94c3c69ef265f951b9dc6d560908d26fda210804775ce424231cbaeecd02d44f8e32589a2be29f5a9413df67e2349f93fd126cd75c3a1f2fa839f6a8bb1ad6
7
- data.tar.gz: 4e457715a0a53a014abce4dfa589718a22809aa49cf7f2934fe3dd63def947786fcbb577e4f86bd897e948561d0aec66b2c086f522904e6c23c2d2e25eda024b
6
+ metadata.gz: 216e1e748db7d1b8ff96d9eef941b17603f8d1c99e46e2405deeaa4beb49a3159f3867a5693be1fdbfca1e496b12cc8a8cd1f8e2026bd8c1667cb2c1e1ad28a2
7
+ data.tar.gz: 7b8ef4ec193376ef6cf5a6f38221fa964c2d42ae2aa3f562948406ed0a2988da730b7ba48939e0bac42bebd3d3ebad330ca29b1048e044c7583cf4ab74166708
@@ -58,6 +58,14 @@ module Dependabot
58
58
  def parse_terraform_files(dependency_set)
59
59
  terraform_files.each do |file|
60
60
  modules = parsed_file(file).fetch("module", {})
61
+ # If override.tf files are present, we need to merge the modules
62
+ if override_terraform_files.any?
63
+ override_terraform_files.each do |override_file|
64
+ override_modules = parsed_file(override_file).fetch("module", {})
65
+ modules = merge_modules(override_modules, modules)
66
+ end
67
+ end
68
+
61
69
  modules.each do |name, details|
62
70
  details = details.first
63
71
 
@@ -11,6 +11,9 @@ module Dependabot
11
11
  extend T::Sig
12
12
  extend T::Helpers
13
13
 
14
+ TF_EXTENSION = ".tf"
15
+ OVERRIDE_TF_EXTENSION = "override.tf"
16
+
14
17
  abstract!
15
18
 
16
19
  sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
@@ -22,7 +25,12 @@ module Dependabot
22
25
 
23
26
  sig { returns(T::Array[Dependabot::DependencyFile]) }
24
27
  def terraform_files
25
- dependency_files.select { |f| f.name.end_with?(".tf") }
28
+ dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) }
29
+ end
30
+
31
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
32
+ def override_terraform_files
33
+ dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) }
26
34
  end
27
35
 
28
36
  sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -34,6 +42,32 @@ module Dependabot
34
42
  def lockfile
35
43
  dependency_files.find { |f| lockfile?(f.name) }
36
44
  end
45
+
46
+ sig do
47
+ params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]],
48
+ base_modules: T::Hash[String,
49
+ T::Array[T::Hash[String,
50
+ T.untyped]]])
51
+ .returns(T::Hash[String,
52
+ T::Array[T::Hash[String,
53
+ T.untyped]]])
54
+ end
55
+ def merge_modules(modules, base_modules)
56
+ merged_modules = base_modules.dup
57
+
58
+ modules.each do |key, value|
59
+ merged_modules[key] =
60
+ if merged_modules.key?(key)
61
+ T.must(merged_modules[key]).map do |base_value|
62
+ base_value.merge(T.must(value.first))
63
+ end
64
+ else
65
+ value
66
+ end
67
+ end
68
+
69
+ merged_modules
70
+ end
37
71
  end
38
72
  end
39
73
  end
@@ -20,10 +20,10 @@ module Dependabot
20
20
  sig { params(raw_version: String).void }
21
21
  def initialize(raw_version)
22
22
  super(
23
- PACKAGE_MANAGER,
24
- Version.new(raw_version),
25
- DEPRECATED_TERRAFORM_VERSIONS,
26
- SUPPORTED_TERRAFORM_VERSIONS
23
+ name: PACKAGE_MANAGER,
24
+ version: Version.new(raw_version),
25
+ deprecated_versions: DEPRECATED_TERRAFORM_VERSIONS,
26
+ supported_versions: SUPPORTED_TERRAFORM_VERSIONS
27
27
  )
28
28
  end
29
29
 
@@ -190,17 +190,20 @@ module Dependabot
190
190
  op, version = requirement.requirements.first
191
191
  version = version.release if version.prerelease?
192
192
 
193
- index_to_update =
194
- version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
195
-
196
- new_segments = version.segments.map.with_index do |_, index|
197
- if index < index_to_update
193
+ # When 'less than'/'<',
194
+ # increment the last available segment only so that the new version is within the constraint
195
+ if op == "<"
196
+ new_segments = version.segments.map.with_index do |_, index|
198
197
  version_to_be_permitted.segments[index]
199
- elsif index == index_to_update
200
- version_to_be_permitted.segments[index].to_i + 1
201
- else
202
- 0
203
198
  end
199
+ new_segments[-1] += 1
200
+ # When 'less-than/equal'/'<=', use the new version as-is even when previously set as a non-semver version
201
+ # Terraform treats shortened versions the same as a version with any remaining segments as 0
202
+ # Example: '0.2' is treated as '0.2.0' | '1' is treated as '1.0.0'
203
+ elsif op == "<="
204
+ new_segments = version_to_be_permitted.segments
205
+ else
206
+ raise "Unexpected operation: #{op}"
204
207
  end
205
208
 
206
209
  requirement_class.new("#{op} #{new_segments.join('.')}")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.290.0
4
+ version: 0.292.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-12-12 00:00:00.000000000 Z
11
+ date: 2025-01-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.290.0
19
+ version: 0.292.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.290.0
26
+ version: 0.292.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -261,7 +261,7 @@ licenses:
261
261
  - MIT
262
262
  metadata:
263
263
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
264
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
264
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
265
265
  post_install_message:
266
266
  rdoc_options: []
267
267
  require_paths:
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
277
277
  - !ruby/object:Gem::Version
278
278
  version: 3.1.0
279
279
  requirements: []
280
- rubygems_version: 3.5.9
280
+ rubygems_version: 3.5.22
281
281
  signing_key:
282
282
  specification_version: 4
283
283
  summary: Provides Dependabot support for Terraform