dependabot-terraform 0.151.1 → 0.152.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dfefb1320f00b268bba02b10255217750cb091d1cd275183a436d6bddcb799f3
|
|
4
|
+
data.tar.gz: 751a7d3e23094385b25cb7dd7d228dc92d6ca4a3ed4da5c61edd7e9b662a6348
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 02cc22ac7e9c4a6eb94d3d87fb2924aa04a8e671e477e35495960d067366f63832f11413b4cbbb9490c1ff732830676be5eabfe4eb6d08e83e7562ff5223f190
|
|
7
|
+
data.tar.gz: 48ffc333db0dbe7ca16e9caad59d5aeb36c49cd235145763be36d405503e16c6915f3f567f7303e726dd5024dce7904681505dc99bbf66db7d74f4f38218861d
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
fetched_files = []
|
|
24
24
|
fetched_files += terraform_files
|
|
25
25
|
fetched_files += terragrunt_files
|
|
26
|
+
fetched_files += [lock_file] if lock_file
|
|
26
27
|
|
|
27
28
|
return fetched_files if fetched_files.any?
|
|
28
29
|
|
|
@@ -45,6 +46,10 @@ module Dependabot
|
|
|
45
46
|
select { |f| f.type == "file" && terragrunt_file?(f.name) }.
|
|
46
47
|
map { |f| fetch_file_from_host(f.name) }
|
|
47
48
|
end
|
|
49
|
+
|
|
50
|
+
def lock_file
|
|
51
|
+
@lock_file ||= fetch_file_if_present(".terraform.lock.hcl")
|
|
52
|
+
end
|
|
48
53
|
end
|
|
49
54
|
end
|
|
50
55
|
end
|
|
@@ -12,6 +12,14 @@ module FileSelector
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def terragrunt_file?(file_name)
|
|
15
|
-
file_name
|
|
15
|
+
!lock_file?(file_name) && file_name.end_with?(".hcl")
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def lock_file?(filename)
|
|
19
|
+
filename == ".terraform.lock.hcl"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def lock_file
|
|
23
|
+
dependency_files.find { |f| lock_file?(f.name) }
|
|
16
24
|
end
|
|
17
25
|
end
|
|
@@ -4,6 +4,7 @@ require "dependabot/file_updaters"
|
|
|
4
4
|
require "dependabot/file_updaters/base"
|
|
5
5
|
require "dependabot/errors"
|
|
6
6
|
require "dependabot/terraform/file_selector"
|
|
7
|
+
require "dependabot/shared_helpers"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
module Terraform
|
|
@@ -21,10 +22,18 @@ module Dependabot
|
|
|
21
22
|
next unless file_changed?(file)
|
|
22
23
|
|
|
23
24
|
updated_content = updated_terraform_file_content(file)
|
|
25
|
+
|
|
24
26
|
raise "Content didn't change!" if updated_content == file.content
|
|
25
27
|
|
|
26
28
|
updated_files << updated_file(file: file, content: updated_content)
|
|
27
29
|
end
|
|
30
|
+
updated_lockfile_content = update_lockfile_declaration
|
|
31
|
+
|
|
32
|
+
if updated_lockfile_content && lock_file.content != updated_lockfile_content
|
|
33
|
+
updated_files << updated_file(file: lock_file, content: updated_lockfile_content)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
updated_files.compact!
|
|
28
37
|
|
|
29
38
|
raise "No files changed!" if updated_files.none?
|
|
30
39
|
|
|
@@ -39,7 +48,7 @@ module Dependabot
|
|
|
39
48
|
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
|
40
49
|
reject { |new_req, old_req| new_req == old_req }
|
|
41
50
|
|
|
42
|
-
# Loop through each changed requirement and update the files
|
|
51
|
+
# Loop through each changed requirement and update the files and lockfile
|
|
43
52
|
reqs.each do |new_req, old_req|
|
|
44
53
|
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
|
45
54
|
next unless new_req.fetch(:file) == file.name
|
|
@@ -81,6 +90,45 @@ module Dependabot
|
|
|
81
90
|
end
|
|
82
91
|
end
|
|
83
92
|
|
|
93
|
+
def update_lockfile_declaration
|
|
94
|
+
return if lock_file.nil?
|
|
95
|
+
|
|
96
|
+
new_req = dependency.requirements.first
|
|
97
|
+
content = lock_file.content.dup
|
|
98
|
+
|
|
99
|
+
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
100
|
+
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
101
|
+
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
|
102
|
+
|
|
103
|
+
SharedHelpers.in_a_temporary_directory do
|
|
104
|
+
write_dependency_files
|
|
105
|
+
|
|
106
|
+
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
|
107
|
+
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
|
108
|
+
|
|
109
|
+
updated_lockfile = File.read(".terraform.lock.hcl")
|
|
110
|
+
updated_dependency = updated_lockfile.scan(declaration_regex).first
|
|
111
|
+
|
|
112
|
+
# Terraform will occasionally update h1 hashes without updating the version of the dependency
|
|
113
|
+
# Here we make sure the dependency's version actually changes in the lockfile
|
|
114
|
+
unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
|
|
115
|
+
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
|
116
|
+
content.sub!(declaration_regex, updated_dependency)
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
content
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
def write_dependency_files
|
|
124
|
+
dependency_files.each do |file|
|
|
125
|
+
# Do not include the .terraform directory or .terraform.lock.hcl
|
|
126
|
+
next if file.name.include?(".terraform")
|
|
127
|
+
|
|
128
|
+
File.write(file.name, file.content)
|
|
129
|
+
end
|
|
130
|
+
end
|
|
131
|
+
|
|
84
132
|
def dependency
|
|
85
133
|
# Terraform updates will only ever be updating a single dependency
|
|
86
134
|
dependencies.first
|
|
@@ -131,6 +179,14 @@ module Dependabot
|
|
|
131
179
|
source = dependency.requirements.map { |r| r[:source] }.compact.first
|
|
132
180
|
source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
|
|
133
181
|
end
|
|
182
|
+
|
|
183
|
+
def lockfile_declaration_regex(provider_source)
|
|
184
|
+
/
|
|
185
|
+
(?:(?!^\}).)*
|
|
186
|
+
provider\s*["']#{Regexp.escape(provider_source)}["']\s*\{
|
|
187
|
+
(?:(?!^\}).)*}
|
|
188
|
+
/mx
|
|
189
|
+
end
|
|
134
190
|
end
|
|
135
191
|
end
|
|
136
192
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.152.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.152.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.152.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|