From 608e38b9ac9eaa21b1d5189963f3edd35a46ff7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Mon, 3 Apr 2023 20:53:38 +0200 Subject: [PATCH] When updating digests only, keep PR names consistent Previously we would generate something like ``` bump ubuntu from sha256:817cfe4672284dcbfee885b1a66094fd907630d610cab329114d036716be49ba to sha256:67211c14fa74f070d27cc59d69a7fa9aeff8e28ea118ef3babc295a0428a6d21 ``` when updating a Dockerfile like ``` FROM ubuntu@sha256:817cfe4672284dcbfee885b1a66094fd907630d610cab329114d036716be49ba ``` but something like ``` bump ubuntu from `817cfe4` to `67211c1` ``` when updating a Dockerfile like ``` FROM ubuntu:22.04@sha256:817cfe4672284dcbfee885b1a66094fd907630d610cab329114d036716be49ba ``` Now we generate the shortened version consistently. --- .../pull_request_creator/message_builder.rb | 4 +- .../message_builder_spec.rb | 4 +- docker/lib/dependabot/docker/file_parser.rb | 6 +-- docker/lib/dependabot/docker/file_updater.rb | 8 ++-- .../lib/dependabot/docker/update_checker.rb | 2 +- .../dependabot/docker/file_parser_spec.rb | 20 ++++----- .../dependabot/docker/file_updater_spec.rb | 44 +++++++++---------- .../dependabot/docker/update_checker_spec.rb | 18 ++++---- 8 files changed, 53 insertions(+), 53 deletions(-) diff --git a/common/lib/dependabot/pull_request_creator/message_builder.rb b/common/lib/dependabot/pull_request_creator/message_builder.rb index 7ba402d509c5..1a76cd2c01cd 100644 --- a/common/lib/dependabot/pull_request_creator/message_builder.rb +++ b/common/lib/dependabot/pull_request_creator/message_builder.rb @@ -470,7 +470,7 @@ def previous_version(dependency) return ref_changed?(dependency) ? previous_ref(dependency) : nil end - if dependency.previous_version.match?(/^[0-9a-f]{40}$/) + if dependency.previous_version.match?(/^[0-9a-f]{40}/) return previous_ref(dependency) if ref_changed?(dependency) && previous_ref(dependency) "`#{dependency.previous_version[0..6]}`" @@ -484,7 +484,7 @@ def previous_version(dependency) end def new_version(dependency) - if dependency.version.match?(/^[0-9a-f]{40}$/) + if dependency.version.match?(/^[0-9a-f]{40}/) return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency) "`#{dependency.version[0..6]}`" diff --git a/common/spec/dependabot/pull_request_creator/message_builder_spec.rb b/common/spec/dependabot/pull_request_creator/message_builder_spec.rb index 9c2f07e1996a..5fedcbab4d4d 100644 --- a/common/spec/dependabot/pull_request_creator/message_builder_spec.rb +++ b/common/spec/dependabot/pull_request_creator/message_builder_spec.rb @@ -431,7 +431,7 @@ def commits_details(base:, head:) groups: [], source: { type: "digest", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \ "fc38288cf73aa07485005" } }], @@ -441,7 +441,7 @@ def commits_details(base:, head:) groups: [], source: { type: "digest", - digest: "sha256:2167a21baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \ + digest: ":2167a21baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \ "aaaaaaaaaaaaaaaaaaaaa" } }] diff --git a/docker/lib/dependabot/docker/file_parser.rb b/docker/lib/dependabot/docker/file_parser.rb index b91630a0f3cf..6520f5a13d74 100644 --- a/docker/lib/dependabot/docker/file_parser.rb +++ b/docker/lib/dependabot/docker/file_parser.rb @@ -24,15 +24,15 @@ class FileParser < Dependabot::FileParsers::Base FROM = /FROM/i PLATFORM = /--platform\=(?\S+)/ TAG = /:(?[\w][\w.-]{0,127})/ - DIGEST = /(?sha256:[0-9a-f]{64})/ + DIGEST = /(?[0-9a-f]{64})/ NAME = /\s+AS\s+(?[\w-]+)/ FROM_LINE = %r{^#{FROM}\s+(#{PLATFORM}\s+)?(#{REGISTRY}/)? - #{IMAGE}#{TAG}?(?:@#{DIGEST})?#{NAME}?}x + #{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x AWS_ECR_URL = /dkr\.ecr\.(?[^.]+)\.amazonaws\.com/ - IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@#{DIGEST})?#{NAME}?}x + IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x def parse dependency_set = DependencySet.new diff --git a/docker/lib/dependabot/docker/file_updater.rb b/docker/lib/dependabot/docker/file_updater.rb index d213b33bb793..25e4b757c435 100644 --- a/docker/lib/dependabot/docker/file_updater.rb +++ b/docker/lib/dependabot/docker/file_updater.rb @@ -82,11 +82,11 @@ def update_digest_and_tag(previous_content, old_source, new_source) old_tag = old_source[:tag] new_tag = new_source[:tag] - old_declaration_regex = /^#{FROM_REGEX}\s+.*@#{old_digest}/ + old_declaration_regex = /^#{FROM_REGEX}\s+.*@sha256:#{old_digest}/ previous_content.gsub(old_declaration_regex) do |old_dec| old_dec. - gsub("@#{old_digest}", "@#{new_digest}"). + gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}"). gsub(":#{old_tag}", ":#{new_tag}") end end @@ -181,7 +181,7 @@ def update_image(file, content) def new_yaml_image(file) element = dependency.requirements.find { |r| r[:file] == file.name } prefix = element.fetch(:source)[:registry] ? "#{element.fetch(:source)[:registry]}/" : "" - digest = element.fetch(:source)[:digest] ? "@#{element.fetch(:source)[:digest]}" : "" + digest = element.fetch(:source)[:digest] ? "@sha256:#{element.fetch(:source)[:digest]}" : "" tag = element.fetch(:source)[:tag] ? ":#{element.fetch(:source)[:tag]}" : "" "#{prefix}#{dependency.name}#{tag}#{digest}" end @@ -194,7 +194,7 @@ def new_yaml_tag(file) def old_yaml_images(file) previous_requirements(file).map do |r| prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : "" - digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : "" + digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : "" tag = r.fetch(:source)[:tag] ? ":#{r.fetch(:source)[:tag]}" : "" "#{prefix}#{dependency.name}#{tag}#{digest}" end diff --git a/docker/lib/dependabot/docker/update_checker.rb b/docker/lib/dependabot/docker/update_checker.rb index 885bdc70b3e8..32a0ddb0c29b 100644 --- a/docker/lib/dependabot/docker/update_checker.rb +++ b/docker/lib/dependabot/docker/update_checker.rb @@ -245,7 +245,7 @@ def digest_of(tag) end def fetch_digest_of(tag) - docker_registry_client.digest(docker_repo_name, tag) + docker_registry_client.digest(docker_repo_name, tag)&.delete_prefix("sha256:") rescue *transient_docker_errors => e attempt ||= 1 attempt += 1 diff --git a/docker/spec/dependabot/docker/file_parser_spec.rb b/docker/spec/dependabot/docker/file_parser_spec.rb index a6c8373f1567..c0d21ed2781c 100644 --- a/docker/spec/dependabot/docker/file_parser_spec.rb +++ b/docker/spec/dependabot/docker/file_parser_spec.rb @@ -136,14 +136,14 @@ requirement: nil, groups: [], file: "Dockerfile", - source: { digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" } + source: { digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" } }] end it "has the right details" do expect(dependency).to be_a(Dependabot::Dependency) expect(dependency.name).to eq("my-fork/ubuntu") - expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005") + expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005") expect(dependency.requirements).to eq(expected_requirements) end end @@ -250,7 +250,7 @@ groups: [], file: "Dockerfile", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \ "fc38288cf73aa07485005" } }] @@ -259,7 +259,7 @@ it "has the right details" do expect(dependency).to be_a(Dependabot::Dependency) expect(dependency.name).to eq("ubuntu") - expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005") + expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005") expect(dependency.requirements).to eq(expected_requirements) end end @@ -309,7 +309,7 @@ groups: [], file: "Dockerfile", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \ "fc38288cf73aa07485005" } }] @@ -318,7 +318,7 @@ it "has the right details" do expect(dependency).to be_a(Dependabot::Dependency) expect(dependency.name).to eq("ubuntu") - expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \ + expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8d" \ "fc38288cf73aa07485005") expect(dependency.requirements).to eq(expected_requirements) end @@ -361,7 +361,7 @@ file: "Dockerfile", source: { tag: "12.04.5", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" } }]) end @@ -756,7 +756,7 @@ groups: [], file: "digest.yaml", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \ "fc38288cf73aa07485005" } }] @@ -765,7 +765,7 @@ it "has the right details" do expect(dependency).to be_a(Dependabot::Dependency) expect(dependency.name).to eq("ubuntu") - expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005") + expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005") expect(dependency.requirements).to eq(expected_requirements) end end @@ -805,7 +805,7 @@ file: "digest_and_tag.yaml", source: { tag: "12.04.5", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" } }]) end diff --git a/docker/spec/dependabot/docker/file_updater_spec.rb b/docker/spec/dependabot/docker/file_updater_spec.rb index 3df0bd4991af..a3ff18bdb7a2 100644 --- a/docker/spec/dependabot/docker/file_updater_spec.rb +++ b/docker/spec/dependabot/docker/file_updater_spec.rb @@ -340,7 +340,7 @@ file: "Dockerfile", source: { tag: "17.10", - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }], @@ -350,7 +350,7 @@ file: "Dockerfile", source: { tag: "12.04.5", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }], @@ -394,7 +394,7 @@ file: "Dockerfile", source: { registry: "registry-host.io:5000", - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }], @@ -404,7 +404,7 @@ file: "Dockerfile", source: { registry: "registry-host.io:5000", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }], @@ -450,7 +450,7 @@ groups: [], file: "Dockerfile", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }, { @@ -458,7 +458,7 @@ groups: [], file: "custom-name", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608", tag: "17.10" } @@ -468,7 +468,7 @@ groups: [], file: "Dockerfile", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }, { @@ -476,7 +476,7 @@ groups: [], file: "custom-name", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005", tag: "12.04.5" } @@ -511,7 +511,7 @@ groups: [], file: "custom-name", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608", tag: "17.10" } @@ -521,7 +521,7 @@ groups: [], file: "custom-name", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005", tag: "12.04.5" } @@ -883,7 +883,7 @@ groups: [], file: "digest.yaml", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }], @@ -892,7 +892,7 @@ groups: [], file: "digest.yaml", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }], @@ -931,7 +931,7 @@ file: "digest_and_tag.yaml", source: { tag: "17.10", - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }], @@ -941,7 +941,7 @@ file: "digest_and_tag.yaml", source: { tag: "12.04.5", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }], @@ -980,7 +980,7 @@ file: "private_digest.yaml", source: { registry: "registry-host.io:5000", - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }], @@ -990,7 +990,7 @@ file: "private_digest.yaml", source: { registry: "registry-host.io:5000", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }], @@ -1042,7 +1042,7 @@ groups: [], file: "digest.yaml", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }, { @@ -1050,7 +1050,7 @@ groups: [], file: "digest_and_tag.yaml", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608", tag: "17.10" } @@ -1060,7 +1060,7 @@ groups: [], file: "digest.yaml", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }, { @@ -1068,7 +1068,7 @@ groups: [], file: "digest_and_tag.yaml", source: { - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005", tag: "12.04.5" } @@ -1104,7 +1104,7 @@ file: "digest_and_tag.yaml", source: { tag: "17.10", - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }], @@ -1114,7 +1114,7 @@ file: "digest_and_tag.yaml", source: { tag: "12.04.5", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8" \ + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8" \ "dfc38288cf73aa07485005" } }], diff --git a/docker/spec/dependabot/docker/update_checker_spec.rb b/docker/spec/dependabot/docker/update_checker_spec.rb index 909131807191..af55931e99d4 100644 --- a/docker/spec/dependabot/docker/update_checker_spec.rb +++ b/docker/spec/dependabot/docker/update_checker_spec.rb @@ -103,7 +103,7 @@ def stub_tag_with_no_digest(tag) it { is_expected.to be_falsey } context "and a digest" do - let(:source) { { digest: "sha256:old_digest" } } + let(:source) { { digest: "old_digest" } } let(:headers_response) do fixture("docker", "registry_manifest_headers", "generic.json") end @@ -114,7 +114,7 @@ def stub_tag_with_no_digest(tag) end context "that is out-of-date" do - let(:source) { { digest: "sha256:old_digest" } } + let(:source) { { digest: "old_digest" } } it { is_expected.to be_truthy } context "but the response doesn't include a new digest" do @@ -133,7 +133,7 @@ def stub_tag_with_no_digest(tag) context "that is up-to-date" do let(:source) do { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86ca97" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86ca97" \ "eba880ebf600d68608" } end @@ -159,13 +159,13 @@ def stub_tag_with_no_digest(tag) end context "that is out-to-date" do - let(:digest) { "sha256:c5dcd377b75ca89f40a7b4284c05c58be4cd43d089f83af1333e56bde33d579f" } + let(:digest) { "c5dcd377b75ca89f40a7b4284c05c58be4cd43d089f83af1333e56bde33d579f" } it { is_expected.to be_truthy } end context "that is up-to-date" do - let(:latest_digest) { "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86ca97eba880ebf600d68608" } + let(:latest_digest) { "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86ca97eba880ebf600d68608" } let(:digest) { latest_digest } it { is_expected.to be_falsy } @@ -993,7 +993,7 @@ def stub_tag_with_no_digest(tag) context "when the docker registry only knows about versions older than the current version" do let(:dependency_name) { "jetstack/cert-manager-controller" } let(:version) { "v1.7.2" } - let(:digest) { "sha256:1815870847a48a9a6f177b90005d8df273e79d00830c21af9d43e1b5d8d208b4" } + let(:digest) { "1815870847a48a9a6f177b90005d8df273e79d00830c21af9d43e1b5d8d208b4" } let(:dependency) do Dependabot::Dependency.new( name: dependency_name, @@ -1005,7 +1005,7 @@ def stub_tag_with_no_digest(tag) source: { registry: "quay.io", tag: "v1.7.2", - digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" + digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" } }], package_manager: "docker" @@ -1067,7 +1067,7 @@ def stub_tag_with_no_digest(tag) groups: [], file: "Dockerfile", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608" } }] @@ -1093,7 +1093,7 @@ def stub_tag_with_no_digest(tag) groups: [], file: "Dockerfile", source: { - digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ + digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \ "ca97eba880ebf600d68608", tag: "17.10" }