dependabot-terraform 0.151.1 → 0.152.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dfefb1320f00b268bba02b10255217750cb091d1cd275183a436d6bddcb799f3
|
|
4
|
+
data.tar.gz: 751a7d3e23094385b25cb7dd7d228dc92d6ca4a3ed4da5c61edd7e9b662a6348
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 02cc22ac7e9c4a6eb94d3d87fb2924aa04a8e671e477e35495960d067366f63832f11413b4cbbb9490c1ff732830676be5eabfe4eb6d08e83e7562ff5223f190
|
|
7
|
+
data.tar.gz: 48ffc333db0dbe7ca16e9caad59d5aeb36c49cd235145763be36d405503e16c6915f3f567f7303e726dd5024dce7904681505dc99bbf66db7d74f4f38218861d
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
fetched_files = []
|
|
24
24
|
fetched_files += terraform_files
|
|
25
25
|
fetched_files += terragrunt_files
|
|
26
|
+
fetched_files += [lock_file] if lock_file
|
|
26
27
|
|
|
27
28
|
return fetched_files if fetched_files.any?
|
|
28
29
|
|
|
@@ -45,6 +46,10 @@ module Dependabot
|
|
|
45
46
|
select { |f| f.type == "file" && terragrunt_file?(f.name) }.
|
|
46
47
|
map { |f| fetch_file_from_host(f.name) }
|
|
47
48
|
end
|
|
49
|
+
|
|
50
|
+
def lock_file
|
|
51
|
+
@lock_file ||= fetch_file_if_present(".terraform.lock.hcl")
|
|
52
|
+
end
|
|
48
53
|
end
|
|
49
54
|
end
|
|
50
55
|
end
|
|
@@ -12,6 +12,14 @@ module FileSelector
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def terragrunt_file?(file_name)
|
|
15
|
-
file_name
|
|
15
|
+
!lock_file?(file_name) && file_name.end_with?(".hcl")
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def lock_file?(filename)
|
|
19
|
+
filename == ".terraform.lock.hcl"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def lock_file
|
|
23
|
+
dependency_files.find { |f| lock_file?(f.name) }
|
|
16
24
|
end
|
|
17
25
|
end
|
|
@@ -4,6 +4,7 @@ require "dependabot/file_updaters"
|
|
|
4
4
|
require "dependabot/file_updaters/base"
|
|
5
5
|
require "dependabot/errors"
|
|
6
6
|
require "dependabot/terraform/file_selector"
|
|
7
|
+
require "dependabot/shared_helpers"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
module Terraform
|
|
@@ -21,10 +22,18 @@ module Dependabot
|
|
|
21
22
|
next unless file_changed?(file)
|
|
22
23
|
|
|
23
24
|
updated_content = updated_terraform_file_content(file)
|
|
25
|
+
|
|
24
26
|
raise "Content didn't change!" if updated_content == file.content
|
|
25
27
|
|
|
26
28
|
updated_files << updated_file(file: file, content: updated_content)
|
|
27
29
|
end
|
|
30
|
+
updated_lockfile_content = update_lockfile_declaration
|
|
31
|
+
|
|
32
|
+
if updated_lockfile_content && lock_file.content != updated_lockfile_content
|
|
33
|
+
updated_files << updated_file(file: lock_file, content: updated_lockfile_content)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
updated_files.compact!
|
|
28
37
|
|
|
29
38
|
raise "No files changed!" if updated_files.none?
|
|
30
39
|
|
|
@@ -39,7 +48,7 @@ module Dependabot
|
|
|
39
48
|
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
|
40
49
|
reject { |new_req, old_req| new_req == old_req }
|
|
41
50
|
|
|
42
|
-
# Loop through each changed requirement and update the files
|
|
51
|
+
# Loop through each changed requirement and update the files and lockfile
|
|
43
52
|
reqs.each do |new_req, old_req|
|
|
44
53
|
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
|
45
54
|
next unless new_req.fetch(:file) == file.name
|
|
@@ -81,6 +90,45 @@ module Dependabot
|
|
|
81
90
|
end
|
|
82
91
|
end
|
|
83
92
|
|
|
93
|
+
def update_lockfile_declaration
|
|
94
|
+
return if lock_file.nil?
|
|
95
|
+
|
|
96
|
+
new_req = dependency.requirements.first
|
|
97
|
+
content = lock_file.content.dup
|
|
98
|
+
|
|
99
|
+
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
100
|
+
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
101
|
+
lockfile_dependency_removed = content.sub(declaration_regex, "")
|
|
102
|
+
|
|
103
|
+
SharedHelpers.in_a_temporary_directory do
|
|
104
|
+
write_dependency_files
|
|
105
|
+
|
|
106
|
+
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
|
107
|
+
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
|
108
|
+
|
|
109
|
+
updated_lockfile = File.read(".terraform.lock.hcl")
|
|
110
|
+
updated_dependency = updated_lockfile.scan(declaration_regex).first
|
|
111
|
+
|
|
112
|
+
# Terraform will occasionally update h1 hashes without updating the version of the dependency
|
|
113
|
+
# Here we make sure the dependency's version actually changes in the lockfile
|
|
114
|
+
unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
|
|
115
|
+
content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
|
|
116
|
+
content.sub!(declaration_regex, updated_dependency)
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
content
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
def write_dependency_files
|
|
124
|
+
dependency_files.each do |file|
|
|
125
|
+
# Do not include the .terraform directory or .terraform.lock.hcl
|
|
126
|
+
next if file.name.include?(".terraform")
|
|
127
|
+
|
|
128
|
+
File.write(file.name, file.content)
|
|
129
|
+
end
|
|
130
|
+
end
|
|
131
|
+
|
|
84
132
|
def dependency
|
|
85
133
|
# Terraform updates will only ever be updating a single dependency
|
|
86
134
|
dependencies.first
|
|
@@ -131,6 +179,14 @@ module Dependabot
|
|
|
131
179
|
source = dependency.requirements.map { |r| r[:source] }.compact.first
|
|
132
180
|
source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
|
|
133
181
|
end
|
|
182
|
+
|
|
183
|
+
def lockfile_declaration_regex(provider_source)
|
|
184
|
+
/
|
|
185
|
+
(?:(?!^\}).)*
|
|
186
|
+
provider\s*["']#{Regexp.escape(provider_source)}["']\s*\{
|
|
187
|
+
(?:(?!^\}).)*}
|
|
188
|
+
/mx
|
|
189
|
+
end
|
|
134
190
|
end
|
|
135
191
|
end
|
|
136
192
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.152.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.152.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.152.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|