dependabot-terraform 0.260.0 → 0.261.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/terraform/file_updater.rb +25 -14
  3. data/lib/dependabot/terraform/metadata_finder.rb +8 -1
  4. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43fecafce99d6aeb9224e649b26718f7ced8d4947aa9fb9b6ca2645ad38abf52
4
- data.tar.gz: 776bc8eb679e454945242ae40fd57df3fb611d5da901c76086fc2b5bb312ce5a
3
+ metadata.gz: b5bf4ee2034d691008382f6d6ce217a3d0b010ae6359310aaab7cd8b348dd3b1
4
+ data.tar.gz: 0f930b2c435202ab7d301b28fa7e0f0f17ea07b3348e1937aacf820ee88fe6d6
5
5
  SHA512:
6
- metadata.gz: 1289bb397dd90e3ecb75da84617e96944ace792d6cc79fff16c488a2e1f2d7e7b90cc37a8b87ed7e6053857097a93d849645eddbd1d6848f1841d7f977bdad55
7
- data.tar.gz: ff031b7ab0bc2b590cdbaab97abeed9525a5a418a9ea36b021d4eb6b7e4825e19d65ebbb7e1a4a432053874af0fa721535af4f92d4a59ec2ed9af9f400f828b6
6
+ metadata.gz: 948fd636cdbf07154bf5692e99aaa67865f88a9707aacd727fa1593cc5f37c1f05bffab1f161a62d5ee3ed11122333dd7a839785de4dac93921aecb4c0342cd6
7
+ data.tar.gz: 68a81f0c15a466e3ba2357daab254ebc2f6be558c0571c6db4a2037b17b4b7d5f8d5c58879635b9cc2949404db12a0e230a7eac6f62dc072d61b7ff1895e899b
data/lib/dependabot/terraform/file_updater.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/file_updaters"
5
7
  require "dependabot/file_updaters/base"
6
8
  require "dependabot/errors"
@@ -10,6 +12,8 @@ require "dependabot/shared_helpers"
10
12
  module Dependabot
11
13
  module Terraform
12
14
  class FileUpdater < Dependabot::FileUpdaters::Base
15
+ extend T::Sig
16
+
13
17
  include FileSelector
14
18
 
15
19
  PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
@@ -36,8 +40,8 @@ module Dependabot
36
40
  end
37
41
  updated_lockfile_content = update_lockfile_declaration(updated_files)
38
42
 
39
- if updated_lockfile_content && lockfile.content != updated_lockfile_content
40
- updated_files << updated_file(file: lockfile, content: updated_lockfile_content)
43
+ if updated_lockfile_content && T.must(lockfile).content != updated_lockfile_content
44
+ updated_files << updated_file(file: T.must(lockfile), content: updated_lockfile_content)
41
45
  end
42
46
 
43
47
  updated_files.compact!
@@ -137,12 +141,18 @@ module Dependabot
137
141
  .sub(hashes_object_regex, "")
138
142
  end
139
143
 
144
+ sig do
145
+ params(
146
+ new_req: T::Hash[Symbol, T.untyped]
147
+ )
148
+ .returns([String, String, Regexp])
149
+ end
140
150
  def lockfile_details(new_req)
141
- content = lockfile.content.dup
151
+ content = T.must(lockfile).content.dup
142
152
  provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
143
153
  declaration_regex = lockfile_declaration_regex(provider_source)
144
154
 
145
- [content, provider_source, declaration_regex]
155
+ [T.must(content), provider_source, declaration_regex]
146
156
  end
147
157
 
148
158
  def lookup_hash_architecture # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
@@ -164,7 +174,7 @@ module Dependabot
164
174
  linux_arm64
165
175
  )
166
176
 
167
- base_dir = dependency_files.first.directory
177
+ base_dir = T.must(dependency_files.first).directory
168
178
  lockfile_hash_removed = remove_provider_h1_hashes(content, declaration_regex)
169
179
 
170
180
  # This runs in the same directory as the actual lockfile update so
@@ -198,7 +208,7 @@ module Dependabot
198
208
  end
199
209
  rescue SharedHelpers::HelperSubprocessFailed => e
200
210
  if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
201
- mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
211
+ mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
202
212
  raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
203
213
  end
204
214
  raise if @retrying_lock || !e.message.include?("terraform init")
@@ -226,7 +236,7 @@ module Dependabot
226
236
  content, provider_source, declaration_regex = lockfile_details(new_req)
227
237
  lockfile_dependency_removed = content.sub(declaration_regex, "")
228
238
 
229
- base_dir = dependency_files.first.directory
239
+ base_dir = T.must(dependency_files.first).directory
230
240
  SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
231
241
  # Determine the provider using the original manifest files
232
242
  platforms = architecture_type.map { |arch| "-platform=#{arch}" }.join(" ")
@@ -242,17 +252,17 @@ module Dependabot
242
252
  )
243
253
 
244
254
  updated_lockfile = File.read(".terraform.lock.hcl")
245
- updated_dependency = updated_lockfile.scan(declaration_regex).first
255
+ updated_dependency = T.cast(updated_lockfile.scan(declaration_regex).first, String)
246
256
 
247
257
  # Terraform will occasionally update h1 hashes without updating the version of the dependency
248
258
  # Here we make sure the dependency's version actually changes in the lockfile
249
- unless updated_dependency.scan(declaration_regex).first.scan(/^\s*version\s*=.*/) ==
250
- content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
259
+ unless T.cast(updated_dependency.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/) ==
260
+ T.cast(content.scan(declaration_regex).first, String).scan(/^\s*version\s*=.*/)
251
261
  content.sub!(declaration_regex, updated_dependency)
252
262
  end
253
263
  rescue SharedHelpers::HelperSubprocessFailed => e
254
264
  if @retrying_lock && e.message.match?(MODULE_NOT_INSTALLED_ERROR)
255
- mod = e.message.match(MODULE_NOT_INSTALLED_ERROR).named_captures.fetch("mod")
265
+ mod = T.must(e.message.match(MODULE_NOT_INSTALLED_ERROR)).named_captures.fetch("mod")
256
266
  raise Dependabot::DependencyFileNotResolvable, "Attempt to install module #{mod} failed"
257
267
  end
258
268
  raise if @retrying_lock || !e.message.include?("terraform init")
@@ -276,8 +286,8 @@ module Dependabot
276
286
  output = e.message
277
287
 
278
288
  if output.match?(PRIVATE_MODULE_ERROR)
279
- repo = output.match(PRIVATE_MODULE_ERROR).named_captures.fetch("repo")
280
- if repo.match?(GIT_HTTPS_PREFIX)
289
+ repo = T.must(output.match(PRIVATE_MODULE_ERROR)).named_captures.fetch("repo")
290
+ if repo&.match?(GIT_HTTPS_PREFIX)
281
291
  repo = repo.sub(GIT_HTTPS_PREFIX, "")
282
292
  repo = repo.sub(/\.git$/, "")
283
293
  end
@@ -363,6 +373,7 @@ module Dependabot
363
373
  source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
364
374
  end
365
375
 
376
+ sig { params(provider_source: String).returns(Regexp) }
366
377
  def lockfile_declaration_regex(provider_source)
367
378
  /
368
379
  (?:(?!^\}).)*
data/lib/dependabot/terraform/metadata_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -7,12 +7,16 @@ require "dependabot/metadata_finders"
7
7
  require "dependabot/metadata_finders/base"
8
8
  require "dependabot/terraform/registry_client"
9
9
  require "dependabot/shared_helpers"
10
+ require "sorbet-runtime"
10
11
 
11
12
  module Dependabot
12
13
  module Terraform
13
14
  class MetadataFinder < Dependabot::MetadataFinders::Base
15
+ extend T::Sig
16
+
14
17
  private
15
18
 
19
+ sig { override.returns(T.nilable(Dependabot::Source)) }
16
20
  def look_up_source
17
21
  case new_source_type
18
22
  when "git" then find_source_from_git_url
@@ -21,10 +25,12 @@ module Dependabot
21
25
  end
22
26
  end
23
27
 
28
+ sig { returns(T.nilable(String)) }
24
29
  def new_source_type
25
30
  dependency.source_type
26
31
  end
27
32
 
33
+ sig { returns(T.nilable(Dependabot::Source)) }
28
34
  def find_source_from_git_url
29
35
  info = dependency.requirements.filter_map { |r| r[:source] }.first
30
36
 
@@ -32,6 +38,7 @@ module Dependabot
32
38
  Source.from_url(url)
33
39
  end
34
40
 
41
+ sig { returns(T.nilable(Dependabot::Source)) }
35
42
  def find_source_from_registry_details
36
43
  info = dependency.requirements.filter_map { |r| r[:source] }.first
37
44
  hostname = info[:registry_hostname] || info["registry_hostname"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -260,7 +260,7 @@ licenses:
260
260
  - MIT
261
261
  metadata:
262
262
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
263
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
264
264
  post_install_message:
265
265
  rdoc_options: []
266
266
  require_paths: