dependabot-terraform 0.385.0 → 0.386.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d1ca89854c82fa7e3fb30f29c0c54a1349a2a1d0ba8141b74af54e5a24b9a64
4
- data.tar.gz: c1f468d483d4802f42417df0fc195cb7ffbfd91397eca765ea0cb9b8d266e64f
3
+ metadata.gz: a2db17b06544fab18770f449bd5dfc6868569050c79af1aa5e475a1ea806777f
4
+ data.tar.gz: 8513583d339fcdf8835510fb77d44543f20435c95c60f3591a7b37bedb80639c
5
5
  SHA512:
6
- metadata.gz: ebf5726c0729bef200b83243308b3eb3c17856148f529a919b8bc6cc62f0fe7cbc230aff1575d779b5525ff901b7ef5c4a5c7ba6e4edd68782a67d89d5b5cf79
7
- data.tar.gz: d6853847fb38d9066171837d9bda41ea79d2a2db6df5488febc30653f98677c49d57e441bbbc9cca730969693fb6539bacd85ed8d35215e6f86b7eaa2070a1ea
6
+ metadata.gz: f68f3accb451bfd3e1364a314a2928b652f973ce908a74a8aa2675d0e6a40f87907d97de4db935f1703262622c104702d5d66529abb7b91c943cabde2f99e8aa
7
+ data.tar.gz: 27dc678b5075b3a4914e24cf99cfd4f401a3b73db283979eaafff83b22120d82dfa5fef1acbcf85876cb0b4727c52982d110a7e2c7c0ab580bb538e5bc0e145e
@@ -13,7 +13,6 @@ module Dependabot
13
13
  class PackageDetailsFetcher
14
14
  extend T::Sig
15
15
 
16
- RELEASES_URL_GIT = "https://api.github.com/repos/"
17
16
  RELEASE_URL_FOR_PROVIDER = "https://registry.terraform.io/v2/providers/"
18
17
  RELEASE_URL_FOR_MODULE = "https://registry.terraform.io/v2/modules/"
19
18
  APPLICATION_JSON = "JSON"
@@ -46,34 +45,6 @@ module Dependabot
46
45
  sig { returns(T::Array[Dependabot::Credential]) }
47
46
  attr_reader :credentials
48
47
 
49
- sig { returns(T::Array[GitTagWithDetail]) }
50
- def fetch_tag_and_release_date
51
- truncate_github_url = @dependency.name.gsub("github.com/", "")
52
- url = RELEASES_URL_GIT + "#{truncate_github_url}/releases"
53
- result_lines = T.let([], T::Array[GitTagWithDetail])
54
- # Fetch the releases from the GitHub API
55
- response = Excon.get(url, headers: { "Accept" => "application/vnd.github.v3+json" })
56
- Dependabot.logger.error("Failed call details: #{response.body}") unless response.status == 200
57
- return result_lines unless response.status == 200
58
-
59
- # Parse the JSON response
60
- releases = JSON.parse(response.body)
61
-
62
- # Extract version names and release dates into a hash
63
- releases.map do |release|
64
- result_lines << GitTagWithDetail.new(
65
- tag: release["tag_name"],
66
- release_date: release["published_at"]
67
- )
68
- end
69
-
70
- # sort the result lines by tag in descending order
71
- result_lines = result_lines.sort_by(&:tag).reverse
72
- # Log the extracted details for debugging
73
- Dependabot.logger.info("Extracted release details: #{result_lines}")
74
- result_lines
75
- end
76
-
77
48
  sig { returns(T::Array[GitTagWithDetail]) }
78
49
  def fetch_tag_and_release_date_from_provider # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
79
50
  return [] unless dependency_source_details
@@ -35,34 +35,6 @@ module Dependabot
35
35
  sig { returns(Dependabot::Dependency) }
36
36
  attr_reader :dependency
37
37
 
38
- # Return latest version tag for the dependency, it removes tags that are in cooldown period
39
- # and returns the latest version tag that is not in cooldown period. If exception occurs
40
- # it will return the latest version tag from the git_commit_checker. as it was before
41
- sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
42
- def latest_version_tag
43
- # step one fetch allowed version tags and
44
- allowed_version_tags = git_commit_checker.allowed_version_tags
45
- begin
46
- if cooldown_enabled?
47
- # sort the allowed version tags by name in descending order
48
- select_version_tags_in_cooldown_period&.each do |tag_name|
49
- # filter out if name is not in cooldown period
50
- allowed_version_tags.reject! do |gitref_filtered|
51
- true if gitref_filtered.name == tag_name
52
- end
53
- end
54
- end
55
- Dependabot.logger.info(
56
- "Allowed version tags after filtering versions in cooldown:
57
- #{allowed_version_tags.map(&:name).join(', ')}"
58
- )
59
- git_commit_checker.max_local_tag(allowed_version_tags)
60
- rescue StandardError => e
61
- Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
62
- git_commit_checker.local_tag_for_latest_version
63
- end
64
- end
65
-
66
38
  # To filter versions in cooldown period based on version tags from registry call
67
39
  sig do
68
40
  params(versions: T::Array[Dependabot::Terraform::Version])
@@ -115,21 +87,6 @@ module Dependabot
115
87
  versions
116
88
  end
117
89
 
118
- sig { returns(T.nilable(T::Array[String])) }
119
- def select_version_tags_in_cooldown_period
120
- version_tags_in_cooldown_period = T.let([], T::Array[String])
121
-
122
- package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
123
- if check_if_version_in_cooldown_period?(T.must(git_tag_with_detail.release_date))
124
- version_tags_in_cooldown_period << git_tag_with_detail.tag
125
- end
126
- end
127
- version_tags_in_cooldown_period
128
- rescue StandardError => e
129
- Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
130
- version_tags_in_cooldown_period
131
- end
132
-
133
90
  sig { params(release_date: String).returns(T::Boolean) }
134
91
  def check_if_version_in_cooldown_period?(release_date)
135
92
  return false unless release_date.length.positive?
@@ -195,17 +152,6 @@ module Dependabot
195
152
  )
196
153
  end
197
154
 
198
- sig { returns(T::Boolean) }
199
- def cooldown_enabled?
200
- # This is a simple check to see if user has put cooldown days.
201
- # If not set, then we aassume user does not want cooldown.
202
- # Since Terraform does not support Semver versioning, So option left
203
- # for the user is to set cooldown default days.
204
- return false if @cooldown_options.nil?
205
-
206
- @cooldown_options.default_days.positive?
207
- end
208
-
209
155
  sig { returns(Dependabot::GitCommitChecker) }
210
156
  attr_reader :git_commit_checker
211
157
 
@@ -172,31 +172,26 @@ module Dependabot
172
172
 
173
173
  # If the dependency is pinned to a tag that looks like a version then
174
174
  # we want to update that tag. Because we don't have a lockfile, the
175
- # latest version is the tag itself.
176
- if git_commit_checker.pinned_ref_looks_like_version?
177
- # Filter version tags that are in cooldown period
178
- latest_tag = latest_version_resolver.latest_version_tag&.fetch(:tag)
179
- version_rgx = GitCommitChecker::VERSION_REGEX
180
- return unless latest_tag.match(version_rgx)
181
-
182
- version = latest_tag.match(version_rgx)
183
- .named_captures.fetch("version")
184
- return version_class.new(version)
185
- end
175
+ # latest version is the tag itself. Tags within their cooldown window
176
+ # are filtered out by the shared GitCommitChecker.
177
+ latest_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)&.fetch(:tag)
178
+ return unless latest_tag
186
179
 
187
- # If the dependency is pinned to a tag that doesn't look like a
188
- # version then there's nothing we can do.
189
- nil
180
+ version_rgx = GitCommitChecker::VERSION_REGEX
181
+ return unless latest_tag.match(version_rgx)
182
+
183
+ version = latest_tag.match(version_rgx)
184
+ .named_captures.fetch("version")
185
+ version_class.new(version)
190
186
  end
191
187
 
192
188
  sig { returns(T.nilable(String)) }
193
189
  def tag_for_latest_version
194
190
  return unless git_commit_checker.git_dependency?
195
- return unless git_commit_checker.pinned?
196
- return unless git_commit_checker.pinned_ref_looks_like_version?
197
191
 
198
- latest_tag = git_commit_checker.local_tag_for_latest_version
192
+ latest_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
199
193
  &.fetch(:tag)
194
+ return unless latest_tag
200
195
 
201
196
  version_rgx = GitCommitChecker::VERSION_REGEX
202
197
  return unless latest_tag.match(version_rgx)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.385.0
4
+ version: 0.386.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.385.0
18
+ version: 0.386.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.385.0
25
+ version: 0.386.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -263,7 +263,7 @@ licenses:
263
263
  - MIT
264
264
  metadata:
265
265
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
266
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
266
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.386.0
267
267
  rdoc_options: []
268
268
  require_paths:
269
269
  - lib