dependabot-terraform 0.156.6 → 0.156.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/file_fetcher.rb +33 -0
- data/lib/dependabot/terraform/file_updater.rb +5 -2
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29709fe452803fd6ba8cb782eb7901c2b37e616fbec87334e1c84b3008984965
|
|
4
|
+
data.tar.gz: cad10085fa2305efb26971dc99c06a695a1bbd664fe2b4b7123507ea08e5a685
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6046798f76bd52a8eca3b93ae1534489ac541224afe36a3eb721c011609cd42489fe0857599ab9fe5699ae876939ce73182c10f6114ca26382defb71ac699c00
|
|
7
|
+
data.tar.gz: 5a3cf0547aa1ae16095e94e58e4b90f8cd438ba7e95aca47f18f6f0db34cac472573cc47d1a38d02c09b6652d3027013603b9fca6b9f7b34be9510298fa4a427
|
|
@@ -9,6 +9,9 @@ module Dependabot
|
|
|
9
9
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
10
10
|
include FileSelector
|
|
11
11
|
|
|
12
|
+
# https://www.terraform.io/docs/language/modules/sources.html#local-paths
|
|
13
|
+
LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}.freeze
|
|
14
|
+
|
|
12
15
|
def self.required_files_in?(filenames)
|
|
13
16
|
filenames.any? { |f| f.end_with?(".tf", ".hcl") }
|
|
14
17
|
end
|
|
@@ -23,6 +26,7 @@ module Dependabot
|
|
|
23
26
|
fetched_files = []
|
|
24
27
|
fetched_files += terraform_files
|
|
25
28
|
fetched_files += terragrunt_files
|
|
29
|
+
fetched_files += local_path_module_files(terraform_files)
|
|
26
30
|
fetched_files += [lock_file] if lock_file
|
|
27
31
|
|
|
28
32
|
return fetched_files if fetched_files.any?
|
|
@@ -47,6 +51,35 @@ module Dependabot
|
|
|
47
51
|
map { |f| fetch_file_from_host(f.name) }
|
|
48
52
|
end
|
|
49
53
|
|
|
54
|
+
def local_path_module_files(files, dir: ".")
|
|
55
|
+
terraform_files = []
|
|
56
|
+
|
|
57
|
+
files.each do |file|
|
|
58
|
+
terraform_file_local_module_details(file).each do |path|
|
|
59
|
+
base_path = Pathname.new(File.join(dir, path)).cleanpath.to_path
|
|
60
|
+
nested_terraform_files =
|
|
61
|
+
repo_contents(dir: base_path).
|
|
62
|
+
select { |f| f.type == "file" && f.name.end_with?(".tf") }.
|
|
63
|
+
map { |f| fetch_file_from_host(File.join(base_path, f.name)) }
|
|
64
|
+
terraform_files += nested_terraform_files
|
|
65
|
+
terraform_files += local_path_module_files(nested_terraform_files, dir: path)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# NOTE: The `support_file` attribute is not used but we set this to
|
|
70
|
+
# match what we do in other ecosystems
|
|
71
|
+
terraform_files.tap { |fs| fs.each { |f| f.support_file = true } }
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
def terraform_file_local_module_details(file)
|
|
75
|
+
return [] unless file.name.end_with?(".tf")
|
|
76
|
+
return [] unless file.content.match?(LOCAL_PATH_SOURCE)
|
|
77
|
+
|
|
78
|
+
file.content.scan(LOCAL_PATH_SOURCE).flatten.map do |path|
|
|
79
|
+
Pathname.new(path).cleanpath.to_path
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
50
83
|
def lock_file
|
|
51
84
|
@lock_file ||= fetch_file_if_present(".terraform.lock.hcl")
|
|
52
85
|
end
|
|
@@ -29,7 +29,7 @@ module Dependabot
|
|
|
29
29
|
|
|
30
30
|
updated_files << updated_file(file: file, content: updated_content)
|
|
31
31
|
end
|
|
32
|
-
updated_lockfile_content = update_lockfile_declaration
|
|
32
|
+
updated_lockfile_content = update_lockfile_declaration(updated_files)
|
|
33
33
|
|
|
34
34
|
if updated_lockfile_content && lock_file.content != updated_lockfile_content
|
|
35
35
|
updated_files << updated_file(file: lock_file, content: updated_lockfile_content)
|
|
@@ -92,7 +92,7 @@ module Dependabot
|
|
|
92
92
|
end
|
|
93
93
|
end
|
|
94
94
|
|
|
95
|
-
def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
|
|
95
|
+
def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metrics/AbcSize
|
|
96
96
|
return if lock_file.nil?
|
|
97
97
|
|
|
98
98
|
new_req = dependency.requirements.first
|
|
@@ -106,6 +106,9 @@ module Dependabot
|
|
|
106
106
|
|
|
107
107
|
base_dir = dependency_files.first.directory
|
|
108
108
|
SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
|
|
109
|
+
# Update the provider requirements in case the previous requirement doesn't allow the new version
|
|
110
|
+
updated_manifest_files.each { |f| File.write(f.name, f.content) }
|
|
111
|
+
|
|
109
112
|
File.write(".terraform.lock.hcl", lockfile_dependency_removed)
|
|
110
113
|
SharedHelpers.run_shell_command("terraform providers lock #{provider_source}")
|
|
111
114
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.156.
|
|
4
|
+
version: 0.156.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-07-
|
|
11
|
+
date: 2021-07-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.156.
|
|
19
|
+
version: 0.156.7
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.156.
|
|
26
|
+
version: 0.156.7
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -216,7 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
216
216
|
- !ruby/object:Gem::Version
|
|
217
217
|
version: 2.5.0
|
|
218
218
|
requirements: []
|
|
219
|
-
rubygems_version: 3.2.
|
|
219
|
+
rubygems_version: 3.2.22
|
|
220
220
|
signing_key:
|
|
221
221
|
specification_version: 4
|
|
222
222
|
summary: Terraform support for dependabot
|