dependabot-terraform 0.146.0 → 0.146.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0e0e4b2c49852d13b19402f2fdd23baa832ca40a285b1875407b4316f5a1be35
|
|
4
|
+
data.tar.gz: 5ae48fd942a0614878c439998b153bd82038b3b759206cc1b639ff4616e1fe3e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a21225eb63d2ba7e7c2a973f92fa0f923ed8beb43c6f143e5bd3373eee249e95a7131384363285d523521846fcf7477f3cae059d6b9bd5ff2a88491dc84aa72e
|
|
7
|
+
data.tar.gz: bfef2a31dccd5e6f4c18e7591f08462888ebf4d2d3bbb30802e9a2b3e74a570cde408f7478ee32939eb8aed36c442c06c553258c9c62b247657d0934a7a01b42
|
data/helpers/build
CHANGED
|
@@ -13,7 +13,17 @@ if [ ! -d "$install_dir/bin" ]; then
|
|
|
13
13
|
fi
|
|
14
14
|
|
|
15
15
|
os="$(uname -s | tr '[:upper:]' '[:lower:]')"
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
|
|
17
|
+
json2hcl_checksum="d124ed13f3538c465fcab19e6015d311d3cd56f7dc2db7609b6e72fec666482d"
|
|
18
|
+
json2hcl_url="https://github.com/kvz/json2hcl/releases/download/v0.0.6/json2hcl_v0.0.6_${os}_amd64"
|
|
19
|
+
json2hcl_path="$install_dir/bin/json2hcl"
|
|
20
|
+
wget -O "$json2hcl_path" "$json2hcl_url"
|
|
21
|
+
echo "$json2hcl_checksum $json2hcl_path" | sha256sum -c
|
|
19
22
|
chmod +x "$install_dir/bin/json2hcl"
|
|
23
|
+
|
|
24
|
+
hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
|
|
25
|
+
hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
|
|
26
|
+
hcl2json_path="$install_dir/bin/hcl2json"
|
|
27
|
+
wget -O "$hcl2json_path" "$hcl2json_url"
|
|
28
|
+
echo "$hcl2json_checksum $hcl2json_path" | sha256sum -c
|
|
29
|
+
chmod +x "$install_dir/bin/hcl2json"
|
|
@@ -2,10 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
require "dependabot/file_fetchers"
|
|
4
4
|
require "dependabot/file_fetchers/base"
|
|
5
|
+
require "dependabot/terraform/file_selector"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module Terraform
|
|
8
9
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
10
|
+
include FileSelector
|
|
11
|
+
|
|
9
12
|
def self.required_files_in?(filenames)
|
|
10
13
|
filenames.any? { |f| f.end_with?(".tf", ".tfvars") }
|
|
11
14
|
end
|
|
@@ -39,7 +42,7 @@ module Dependabot
|
|
|
39
42
|
def terragrunt_files
|
|
40
43
|
@terragrunt_files ||=
|
|
41
44
|
repo_contents(raise_errors: false).
|
|
42
|
-
select { |f| f.type == "file" && f.name
|
|
45
|
+
select { |f| f.type == "file" && terragrunt_file?(f.name) }.
|
|
43
46
|
map { |f| fetch_file_from_host(f.name) }
|
|
44
47
|
end
|
|
45
48
|
end
|
|
@@ -10,27 +10,32 @@ require "dependabot/file_parsers/base"
|
|
|
10
10
|
require "dependabot/git_commit_checker"
|
|
11
11
|
require "dependabot/shared_helpers"
|
|
12
12
|
require "dependabot/errors"
|
|
13
|
+
require "dependabot/terraform/file_selector"
|
|
13
14
|
|
|
14
15
|
module Dependabot
|
|
15
16
|
module Terraform
|
|
16
17
|
class FileParser < Dependabot::FileParsers::Base
|
|
17
18
|
require "dependabot/file_parsers/base/dependency_set"
|
|
18
19
|
|
|
20
|
+
include FileSelector
|
|
21
|
+
|
|
19
22
|
ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
|
|
20
23
|
|
|
21
24
|
def parse
|
|
22
25
|
dependency_set = DependencySet.new
|
|
23
26
|
|
|
24
27
|
terraform_files.each do |file|
|
|
25
|
-
modules = parsed_file(file).fetch("module",
|
|
28
|
+
modules = parsed_file(file).fetch("module", {})
|
|
26
29
|
modules.each do |name, details|
|
|
27
30
|
dependency_set << build_terraform_dependency(file, name, details)
|
|
28
31
|
end
|
|
29
32
|
end
|
|
30
33
|
|
|
31
34
|
terragrunt_files.each do |file|
|
|
32
|
-
|
|
33
|
-
|
|
35
|
+
# legacy terragrunt (.tfvars) files have a top-level "terragrunt" key
|
|
36
|
+
# that has since been removed.
|
|
37
|
+
legacy_modules = (parsed_file(file).fetch("terragrunt", []).first || {}).fetch("terraform", [])
|
|
38
|
+
modules = parsed_file(file).fetch("terraform", []) + legacy_modules
|
|
34
39
|
modules.each do |details|
|
|
35
40
|
next unless details["source"]
|
|
36
41
|
|
|
@@ -38,7 +43,7 @@ module Dependabot
|
|
|
38
43
|
end
|
|
39
44
|
end
|
|
40
45
|
|
|
41
|
-
dependency_set.dependencies
|
|
46
|
+
dependency_set.dependencies.sort_by(&:name)
|
|
42
47
|
end
|
|
43
48
|
|
|
44
49
|
private
|
|
@@ -210,29 +215,85 @@ module Dependabot
|
|
|
210
215
|
end
|
|
211
216
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
212
217
|
|
|
218
|
+
def parsed_file_hcl2(file)
|
|
219
|
+
SharedHelpers.in_a_temporary_directory do
|
|
220
|
+
File.write("tmp.tf", file.content)
|
|
221
|
+
|
|
222
|
+
command = "#{terraform_hcl2_parser_path} < tmp.tf"
|
|
223
|
+
start = Time.now
|
|
224
|
+
stdout, stderr, process = Open3.capture3(command)
|
|
225
|
+
time_taken = Time.now - start
|
|
226
|
+
|
|
227
|
+
unless process.success?
|
|
228
|
+
raise SharedHelpers::HelperSubprocessFailed.new(
|
|
229
|
+
message: stderr,
|
|
230
|
+
error_context: {
|
|
231
|
+
command: command,
|
|
232
|
+
time_taken: time_taken,
|
|
233
|
+
process_exit_value: process.to_s
|
|
234
|
+
}
|
|
235
|
+
)
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
JSON.parse(stdout)
|
|
239
|
+
end
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
def parsed_file_hcl1(file)
|
|
243
|
+
SharedHelpers.in_a_temporary_directory do
|
|
244
|
+
File.write("tmp.tf", file.content)
|
|
245
|
+
|
|
246
|
+
command = "#{terraform_parser_path} -reverse < tmp.tf"
|
|
247
|
+
start = Time.now
|
|
248
|
+
stdout, stderr, process = Open3.capture3(command)
|
|
249
|
+
time_taken = Time.now - start
|
|
250
|
+
|
|
251
|
+
unless process.success?
|
|
252
|
+
raise SharedHelpers::HelperSubprocessFailed.new(
|
|
253
|
+
message: stderr,
|
|
254
|
+
error_context: {
|
|
255
|
+
command: command,
|
|
256
|
+
time_taken: time_taken,
|
|
257
|
+
process_exit_value: process.to_s
|
|
258
|
+
}
|
|
259
|
+
)
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
json = JSON.parse(stdout)
|
|
263
|
+
json["module"] = json.fetch("module", []).inject({}) { |memo, item| memo.merge(item) }
|
|
264
|
+
json
|
|
265
|
+
end
|
|
266
|
+
end
|
|
267
|
+
|
|
268
|
+
# == Returns:
|
|
269
|
+
# A Hash representing each module found in the specified file
|
|
270
|
+
#
|
|
271
|
+
# E.g.
|
|
272
|
+
# {
|
|
273
|
+
# "module" => {
|
|
274
|
+
# {
|
|
275
|
+
# "consul" => [
|
|
276
|
+
# {
|
|
277
|
+
# "source"=>"consul/aws",
|
|
278
|
+
# "version"=>"0.1.0"
|
|
279
|
+
# }
|
|
280
|
+
# ]
|
|
281
|
+
# }
|
|
282
|
+
# },
|
|
283
|
+
# "terragrunt"=>[
|
|
284
|
+
# {
|
|
285
|
+
# "include"=>[{ "path"=>"${find_in_parent_folders()}" }],
|
|
286
|
+
# "terraform"=>[{ "source" => "git::git@github.com:gruntwork-io/modules-example.git//consul?ref=v0.0.2" }]
|
|
287
|
+
# }
|
|
288
|
+
# ],
|
|
289
|
+
# }
|
|
213
290
|
def parsed_file(file)
|
|
214
291
|
@parsed_buildfile ||= {}
|
|
215
292
|
@parsed_buildfile[file.name] ||=
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
start = Time.now
|
|
221
|
-
stdout, stderr, process = Open3.capture3(command)
|
|
222
|
-
time_taken = Time.now - start
|
|
223
|
-
|
|
224
|
-
unless process.success?
|
|
225
|
-
raise SharedHelpers::HelperSubprocessFailed.new(
|
|
226
|
-
message: stderr,
|
|
227
|
-
error_context: {
|
|
228
|
-
command: command,
|
|
229
|
-
time_taken: time_taken,
|
|
230
|
-
process_exit_value: process.to_s
|
|
231
|
-
}
|
|
232
|
-
)
|
|
233
|
-
end
|
|
234
|
-
|
|
235
|
-
JSON.parse(stdout)
|
|
293
|
+
if options[:terraform_hcl2]
|
|
294
|
+
parsed_file_hcl2(file)
|
|
295
|
+
else
|
|
296
|
+
parsed_file_hcl1(file)
|
|
236
297
|
end
|
|
237
298
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
238
299
|
msg = e.message.strip
|
|
@@ -244,19 +305,16 @@ module Dependabot
|
|
|
244
305
|
Pathname.new(File.join(helper_bin_dir, "json2hcl")).cleanpath.to_path
|
|
245
306
|
end
|
|
246
307
|
|
|
308
|
+
def terraform_hcl2_parser_path
|
|
309
|
+
helper_bin_dir = File.join(native_helpers_root, "terraform/bin")
|
|
310
|
+
Pathname.new(File.join(helper_bin_dir, "hcl2json")).cleanpath.to_path
|
|
311
|
+
end
|
|
312
|
+
|
|
247
313
|
def native_helpers_root
|
|
248
314
|
default_path = File.join(__dir__, "../../../helpers/install-dir")
|
|
249
315
|
ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
|
|
250
316
|
end
|
|
251
317
|
|
|
252
|
-
def terraform_files
|
|
253
|
-
dependency_files.select { |f| f.name.end_with?(".tf") }
|
|
254
|
-
end
|
|
255
|
-
|
|
256
|
-
def terragrunt_files
|
|
257
|
-
dependency_files.select { |f| f.name.end_with?(".tfvars") }
|
|
258
|
-
end
|
|
259
|
-
|
|
260
318
|
def check_required_files
|
|
261
319
|
return if [*terraform_files, *terragrunt_files].any?
|
|
262
320
|
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module FileSelector
|
|
4
|
+
private
|
|
5
|
+
|
|
6
|
+
def terraform_files
|
|
7
|
+
dependency_files.select { |f| f.name.end_with?(".tf") }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def terragrunt_files
|
|
11
|
+
dependency_files.select { |f| terragrunt_file?(f.name) }
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def terragrunt_file?(file_name)
|
|
15
|
+
file_name != ".terraform.lock.hcl" &&
|
|
16
|
+
(file_name.end_with?(".tfvars") || file_name.end_with?(".hcl"))
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -3,12 +3,15 @@
|
|
|
3
3
|
require "dependabot/file_updaters"
|
|
4
4
|
require "dependabot/file_updaters/base"
|
|
5
5
|
require "dependabot/errors"
|
|
6
|
+
require "dependabot/terraform/file_selector"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module Terraform
|
|
9
10
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
11
|
+
include FileSelector
|
|
12
|
+
|
|
10
13
|
def self.updated_files_regex
|
|
11
|
-
[/\.tf$/, /\.tfvars$/]
|
|
14
|
+
[/\.tf$/, /\.tfvars$/, /\.hcl$/]
|
|
12
15
|
end
|
|
13
16
|
|
|
14
17
|
def updated_dependency_files
|
|
@@ -87,14 +90,6 @@ module Dependabot
|
|
|
87
90
|
dependency_files.select { |file| filenames.include?(file.name) }
|
|
88
91
|
end
|
|
89
92
|
|
|
90
|
-
def terraform_files
|
|
91
|
-
dependency_files.select { |f| f.name.end_with?(".tf") }
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
def terragrunt_files
|
|
95
|
-
dependency_files.select { |f| f.name.end_with?(".tfvars") }
|
|
96
|
-
end
|
|
97
|
-
|
|
98
93
|
def check_required_files
|
|
99
94
|
return if [*terraform_files, *terragrunt_files].any?
|
|
100
95
|
|
|
@@ -113,7 +108,7 @@ module Dependabot
|
|
|
113
108
|
def git_declaration_regex(filename)
|
|
114
109
|
# For terragrunt dependencies there's not a lot we can base the
|
|
115
110
|
# regex on. Just look for declarations within a `terraform` block
|
|
116
|
-
return /terraform\s*\{(?:(?!^\}).)*/m if
|
|
111
|
+
return /terraform\s*\{(?:(?!^\}).)*/m if terragrunt_file?(filename)
|
|
117
112
|
|
|
118
113
|
# For modules we can do better - filter for module blocks that use the
|
|
119
114
|
# name of the dependency
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.146.
|
|
4
|
+
version: 0.146.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.146.
|
|
19
|
+
version: 0.146.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.146.
|
|
26
|
+
version: 0.146.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -189,6 +189,7 @@ files:
|
|
|
189
189
|
- lib/dependabot/terraform.rb
|
|
190
190
|
- lib/dependabot/terraform/file_fetcher.rb
|
|
191
191
|
- lib/dependabot/terraform/file_parser.rb
|
|
192
|
+
- lib/dependabot/terraform/file_selector.rb
|
|
192
193
|
- lib/dependabot/terraform/file_updater.rb
|
|
193
194
|
- lib/dependabot/terraform/metadata_finder.rb
|
|
194
195
|
- lib/dependabot/terraform/requirement.rb
|