dependabot-terraform 0.385.0 → 0.386.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a2db17b06544fab18770f449bd5dfc6868569050c79af1aa5e475a1ea806777f
|
|
4
|
+
data.tar.gz: 8513583d339fcdf8835510fb77d44543f20435c95c60f3591a7b37bedb80639c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f68f3accb451bfd3e1364a314a2928b652f973ce908a74a8aa2675d0e6a40f87907d97de4db935f1703262622c104702d5d66529abb7b91c943cabde2f99e8aa
|
|
7
|
+
data.tar.gz: 27dc678b5075b3a4914e24cf99cfd4f401a3b73db283979eaafff83b22120d82dfa5fef1acbcf85876cb0b4727c52982d110a7e2c7c0ab580bb538e5bc0e145e
|
|
@@ -13,7 +13,6 @@ module Dependabot
|
|
|
13
13
|
class PackageDetailsFetcher
|
|
14
14
|
extend T::Sig
|
|
15
15
|
|
|
16
|
-
RELEASES_URL_GIT = "https://api.github.com/repos/"
|
|
17
16
|
RELEASE_URL_FOR_PROVIDER = "https://registry.terraform.io/v2/providers/"
|
|
18
17
|
RELEASE_URL_FOR_MODULE = "https://registry.terraform.io/v2/modules/"
|
|
19
18
|
APPLICATION_JSON = "JSON"
|
|
@@ -46,34 +45,6 @@ module Dependabot
|
|
|
46
45
|
sig { returns(T::Array[Dependabot::Credential]) }
|
|
47
46
|
attr_reader :credentials
|
|
48
47
|
|
|
49
|
-
sig { returns(T::Array[GitTagWithDetail]) }
|
|
50
|
-
def fetch_tag_and_release_date
|
|
51
|
-
truncate_github_url = @dependency.name.gsub("github.com/", "")
|
|
52
|
-
url = RELEASES_URL_GIT + "#{truncate_github_url}/releases"
|
|
53
|
-
result_lines = T.let([], T::Array[GitTagWithDetail])
|
|
54
|
-
# Fetch the releases from the GitHub API
|
|
55
|
-
response = Excon.get(url, headers: { "Accept" => "application/vnd.github.v3+json" })
|
|
56
|
-
Dependabot.logger.error("Failed call details: #{response.body}") unless response.status == 200
|
|
57
|
-
return result_lines unless response.status == 200
|
|
58
|
-
|
|
59
|
-
# Parse the JSON response
|
|
60
|
-
releases = JSON.parse(response.body)
|
|
61
|
-
|
|
62
|
-
# Extract version names and release dates into a hash
|
|
63
|
-
releases.map do |release|
|
|
64
|
-
result_lines << GitTagWithDetail.new(
|
|
65
|
-
tag: release["tag_name"],
|
|
66
|
-
release_date: release["published_at"]
|
|
67
|
-
)
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
# sort the result lines by tag in descending order
|
|
71
|
-
result_lines = result_lines.sort_by(&:tag).reverse
|
|
72
|
-
# Log the extracted details for debugging
|
|
73
|
-
Dependabot.logger.info("Extracted release details: #{result_lines}")
|
|
74
|
-
result_lines
|
|
75
|
-
end
|
|
76
|
-
|
|
77
48
|
sig { returns(T::Array[GitTagWithDetail]) }
|
|
78
49
|
def fetch_tag_and_release_date_from_provider # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
|
|
79
50
|
return [] unless dependency_source_details
|
|
@@ -35,34 +35,6 @@ module Dependabot
|
|
|
35
35
|
sig { returns(Dependabot::Dependency) }
|
|
36
36
|
attr_reader :dependency
|
|
37
37
|
|
|
38
|
-
# Return latest version tag for the dependency, it removes tags that are in cooldown period
|
|
39
|
-
# and returns the latest version tag that is not in cooldown period. If exception occurs
|
|
40
|
-
# it will return the latest version tag from the git_commit_checker. as it was before
|
|
41
|
-
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
42
|
-
def latest_version_tag
|
|
43
|
-
# step one fetch allowed version tags and
|
|
44
|
-
allowed_version_tags = git_commit_checker.allowed_version_tags
|
|
45
|
-
begin
|
|
46
|
-
if cooldown_enabled?
|
|
47
|
-
# sort the allowed version tags by name in descending order
|
|
48
|
-
select_version_tags_in_cooldown_period&.each do |tag_name|
|
|
49
|
-
# filter out if name is not in cooldown period
|
|
50
|
-
allowed_version_tags.reject! do |gitref_filtered|
|
|
51
|
-
true if gitref_filtered.name == tag_name
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
end
|
|
55
|
-
Dependabot.logger.info(
|
|
56
|
-
"Allowed version tags after filtering versions in cooldown:
|
|
57
|
-
#{allowed_version_tags.map(&:name).join(', ')}"
|
|
58
|
-
)
|
|
59
|
-
git_commit_checker.max_local_tag(allowed_version_tags)
|
|
60
|
-
rescue StandardError => e
|
|
61
|
-
Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
|
|
62
|
-
git_commit_checker.local_tag_for_latest_version
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
|
|
66
38
|
# To filter versions in cooldown period based on version tags from registry call
|
|
67
39
|
sig do
|
|
68
40
|
params(versions: T::Array[Dependabot::Terraform::Version])
|
|
@@ -115,21 +87,6 @@ module Dependabot
|
|
|
115
87
|
versions
|
|
116
88
|
end
|
|
117
89
|
|
|
118
|
-
sig { returns(T.nilable(T::Array[String])) }
|
|
119
|
-
def select_version_tags_in_cooldown_period
|
|
120
|
-
version_tags_in_cooldown_period = T.let([], T::Array[String])
|
|
121
|
-
|
|
122
|
-
package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
|
|
123
|
-
if check_if_version_in_cooldown_period?(T.must(git_tag_with_detail.release_date))
|
|
124
|
-
version_tags_in_cooldown_period << git_tag_with_detail.tag
|
|
125
|
-
end
|
|
126
|
-
end
|
|
127
|
-
version_tags_in_cooldown_period
|
|
128
|
-
rescue StandardError => e
|
|
129
|
-
Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
|
|
130
|
-
version_tags_in_cooldown_period
|
|
131
|
-
end
|
|
132
|
-
|
|
133
90
|
sig { params(release_date: String).returns(T::Boolean) }
|
|
134
91
|
def check_if_version_in_cooldown_period?(release_date)
|
|
135
92
|
return false unless release_date.length.positive?
|
|
@@ -195,17 +152,6 @@ module Dependabot
|
|
|
195
152
|
)
|
|
196
153
|
end
|
|
197
154
|
|
|
198
|
-
sig { returns(T::Boolean) }
|
|
199
|
-
def cooldown_enabled?
|
|
200
|
-
# This is a simple check to see if user has put cooldown days.
|
|
201
|
-
# If not set, then we aassume user does not want cooldown.
|
|
202
|
-
# Since Terraform does not support Semver versioning, So option left
|
|
203
|
-
# for the user is to set cooldown default days.
|
|
204
|
-
return false if @cooldown_options.nil?
|
|
205
|
-
|
|
206
|
-
@cooldown_options.default_days.positive?
|
|
207
|
-
end
|
|
208
|
-
|
|
209
155
|
sig { returns(Dependabot::GitCommitChecker) }
|
|
210
156
|
attr_reader :git_commit_checker
|
|
211
157
|
|
|
@@ -172,31 +172,26 @@ module Dependabot
|
|
|
172
172
|
|
|
173
173
|
# If the dependency is pinned to a tag that looks like a version then
|
|
174
174
|
# we want to update that tag. Because we don't have a lockfile, the
|
|
175
|
-
# latest version is the tag itself.
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
version_rgx = GitCommitChecker::VERSION_REGEX
|
|
180
|
-
return unless latest_tag.match(version_rgx)
|
|
181
|
-
|
|
182
|
-
version = latest_tag.match(version_rgx)
|
|
183
|
-
.named_captures.fetch("version")
|
|
184
|
-
return version_class.new(version)
|
|
185
|
-
end
|
|
175
|
+
# latest version is the tag itself. Tags within their cooldown window
|
|
176
|
+
# are filtered out by the shared GitCommitChecker.
|
|
177
|
+
latest_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)&.fetch(:tag)
|
|
178
|
+
return unless latest_tag
|
|
186
179
|
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
180
|
+
version_rgx = GitCommitChecker::VERSION_REGEX
|
|
181
|
+
return unless latest_tag.match(version_rgx)
|
|
182
|
+
|
|
183
|
+
version = latest_tag.match(version_rgx)
|
|
184
|
+
.named_captures.fetch("version")
|
|
185
|
+
version_class.new(version)
|
|
190
186
|
end
|
|
191
187
|
|
|
192
188
|
sig { returns(T.nilable(String)) }
|
|
193
189
|
def tag_for_latest_version
|
|
194
190
|
return unless git_commit_checker.git_dependency?
|
|
195
|
-
return unless git_commit_checker.pinned?
|
|
196
|
-
return unless git_commit_checker.pinned_ref_looks_like_version?
|
|
197
191
|
|
|
198
|
-
latest_tag = git_commit_checker.
|
|
192
|
+
latest_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
|
|
199
193
|
&.fetch(:tag)
|
|
194
|
+
return unless latest_tag
|
|
200
195
|
|
|
201
196
|
version_rgx = GitCommitChecker::VERSION_REGEX
|
|
202
197
|
return unless latest_tag.match(version_rgx)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.386.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.386.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.386.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -263,7 +263,7 @@ licenses:
|
|
|
263
263
|
- MIT
|
|
264
264
|
metadata:
|
|
265
265
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
266
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
266
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.386.0
|
|
267
267
|
rdoc_options: []
|
|
268
268
|
require_paths:
|
|
269
269
|
- lib
|