dependabot-terraform 0.325.1 → 0.326.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/terraform/update_checker/latest_version_resolver.rb +23 -14
  3. data/lib/dependabot/terraform/update_checker.rb +17 -2
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ce70a4a47945271d246ce2c739a598882715c6dc3cbd9c6fdea729fb5d00d5d
4
- data.tar.gz: ccc7b7a45bca539f2128a8d399cb9716194fec8eb3a38ed884a9a66a3f74554d
3
+ metadata.gz: 07e7c6efc73e0df79d7c47ec72b1bda4e977f3cc46d4158cc2633cd1bf0dd746
4
+ data.tar.gz: 37eb78b5a8daa171d6752716b6c7f28a6793b30d29b105859780e4589c594cd4
5
5
  SHA512:
6
- metadata.gz: 5cff40c63710389ec81c5f8c9c24a6f5231bee3768bcae51d2d164baa9dde3fcd335a7e8ad4ae0fec7b6bf2f59735e8639f220c6f143755da03be530514ebdc9
7
- data.tar.gz: b9b8a79a3e79175309826575bc92abe65419d1525b26533378d7586f5c284f8c09c5ef41397675aea0b79e7aabbf7c07cbb184b737be27b04524bd0b5454ca90
6
+ metadata.gz: 1d222b89b3c8be3be5668fa51e7644944ae7291772bb44edfd626ee61e7ac0a03e1445ebb0e2aa5b651f9c4ed906efd5b1e76f439f21920a2bb3168541cd1390
7
+ data.tar.gz: 96bb9f9ae88e6804ab796d5eb549d980b96bcf8f4ec34459556dd03466f53c35622324c43c8fd696bbec3e57729be3828c0dec233799e991131d1fea9b59aa62
data/lib/dependabot/terraform/update_checker/latest_version_resolver.rb CHANGED
@@ -43,11 +43,13 @@ module Dependabot
43
43
  # step one fetch allowed version tags and
44
44
  allowed_version_tags = git_commit_checker.allowed_version_tags
45
45
  begin
46
- # sort the allowed version tags by name in descending order
47
- select_version_tags_in_cooldown_period&.each do |tag_name|
48
- # filter out if name is not in cooldown period
49
- allowed_version_tags.reject! do |gitref_filtered|
50
- true if gitref_filtered.name == tag_name
46
+ if cooldown_enabled?
47
+ # sort the allowed version tags by name in descending order
48
+ select_version_tags_in_cooldown_period&.each do |tag_name|
49
+ # filter out if name is not in cooldown period
50
+ allowed_version_tags.reject! do |gitref_filtered|
51
+ true if gitref_filtered.name == tag_name
52
+ end
51
53
  end
52
54
  end
53
55
  Dependabot.logger.info("Allowed version tags after filtering versions in cooldown:
@@ -60,7 +62,10 @@ module Dependabot
60
62
  end
61
63
 
62
64
  # To filter versions in cooldown period based on version tags from registry call
63
- sig { params(versions: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
65
+ sig do
66
+ params(versions: T::Array[Dependabot::Terraform::Version])
67
+ .returns(T::Array[Dependabot::Terraform::Version])
68
+ end
64
69
  def filter_versions_in_cooldown_period_from_provider(versions)
65
70
  # to make call for registry to get the versions
66
71
  # step one fetch allowed version tags and
@@ -81,7 +86,10 @@ module Dependabot
81
86
  end
82
87
 
83
88
  # To filter versions in cooldown period based on version tags from registry call
84
- sig { params(versions: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
89
+ sig do
90
+ params(versions: T::Array[Dependabot::Terraform::Version])
91
+ .returns(T::Array[Dependabot::Terraform::Version])
92
+ end
85
93
  def filter_versions_in_cooldown_period_from_module(versions)
86
94
  # to make call for registry to get the versions
87
95
  # step one fetch allowed version tags and
@@ -125,14 +133,10 @@ module Dependabot
125
133
 
126
134
  return false if cooldown.nil?
127
135
 
128
- # Get maximum cooldown days based on semver parts
129
- days = [cooldown.default_days, cooldown.semver_major_days].max
130
- days = cooldown.semver_minor_days unless days > cooldown.semver_minor_days
131
- days = cooldown.semver_patch_days unless days > cooldown.semver_patch_days
132
136
  # Calculate the number of seconds passed since the release
133
137
  passed_seconds = Time.now.to_i - release_date_to_seconds(release_date)
134
138
  # Check if the release is within the cooldown period
135
- passed_seconds < days * DAY_IN_SECONDS
139
+ passed_seconds < cooldown.default_days * DAY_IN_SECONDS
136
140
  end
137
141
 
138
142
  sig { params(release_date: String).returns(Integer) }
@@ -184,10 +188,15 @@ module Dependabot
184
188
  )
185
189
  end
186
190
 
187
- # Since base class is returning false, we need to override it.
188
191
  sig { returns(T::Boolean) }
189
192
  def cooldown_enabled?
190
- true
193
+ # This is a simple check to see if user has put cooldown days.
194
+ # If not set, then we aassume user does not want cooldown.
195
+ # Since Terraform does not support Semver versioning, So option left
196
+ # for the user is to set cooldown default days.
197
+ return false if @cooldown_options.nil?
198
+
199
+ @cooldown_options.default_days.positive?
191
200
  end
192
201
 
193
202
  sig { returns(Dependabot::GitCommitChecker) }
data/lib/dependabot/terraform/update_checker.rb CHANGED
@@ -82,7 +82,9 @@ module Dependabot
82
82
 
83
83
  versions = all_module_versions
84
84
  # Filter versions which are in cooldown period
85
- latest_version_resolver.filter_versions_in_cooldown_period_from_module(versions)
85
+ if cooldown_enabled? # rubocop:disable Style/IfUnlessModifier
86
+ versions = latest_version_resolver.filter_versions_in_cooldown_period_from_module(versions)
87
+ end
86
88
  versions.reject!(&:prerelease?) unless wants_prerelease?
87
89
  versions.reject! { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
88
90
  @latest_version_for_registry_dependency = T.let(
@@ -122,7 +124,9 @@ module Dependabot
122
124
 
123
125
  versions = all_provider_versions
124
126
  # Filter versions which are in cooldown period
125
- latest_version_resolver.filter_versions_in_cooldown_period_from_provider(versions)
127
+ if cooldown_enabled?
128
+ versions = latest_version_resolver.filter_versions_in_cooldown_period_from_provider(versions)
129
+ end
126
130
  versions.reject!(&:prerelease?) unless wants_prerelease?
127
131
  versions.reject! { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
128
132
 
@@ -241,6 +245,17 @@ module Dependabot
241
245
  T.nilable(Dependabot::GitCommitChecker)
242
246
  )
243
247
  end
248
+
249
+ sig { returns(T::Boolean) }
250
+ def cooldown_enabled?
251
+ # This is a simple check to see if user has put cooldown days.
252
+ # If not set, then we aassume user does not want cooldown.
253
+ # Since Terraform does not support Semver versioning, So option left
254
+ # for the user is to set cooldown default days.
255
+ return false if update_cooldown.nil?
256
+
257
+ T.must(update_cooldown&.default_days).positive?
258
+ end
244
259
  end
245
260
  end
246
261
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.325.1
4
+ version: 0.326.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.325.1
18
+ version: 0.326.1
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.325.1
25
+ version: 0.326.1
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -262,7 +262,7 @@ licenses:
262
262
  - MIT
263
263
  metadata:
264
264
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
265
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.325.1
265
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.326.1
266
266
  rdoc_options: []
267
267
  require_paths:
268
268
  - lib