Skip to content

Commit

Permalink
fix: auto-replace pinning (#20627)
Browse files Browse the repository at this point in the history
  • Loading branch information
@setchy
setchy committed Mar 5, 2023
1 parent eb5db5b commit 923755e
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 39 deletions.
46 changes: 32 additions & 14 deletions lib/workers/repository/update/branch/auto-replace.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,24 @@ describe('workers/repository/update/branch/auto-replace', () => {
await expect(res).rejects.toThrow(WORKER_FILE_UPDATE_FAILED);
});

it('fails with digest mismatch', async () => {
const dockerfile = codeBlock`
FROM java:11@sha256-1234 as build
`;
upgrade.manager = 'dockerfile';
upgrade.pinDigests = true;
upgrade.depName = 'java';
upgrade.currentValue = '11';
upgrade.currentDigest = 'sha256-1234';
upgrade.depIndex = 0;
upgrade.newName = 'java';
upgrade.newValue = '11';
upgrade.newDigest = 'sha256-5678';
upgrade.packageFile = 'Dockerfile';
const res = doAutoReplace(upgrade, dockerfile, reuseExistingBranch);
await expect(res).rejects.toThrow(WORKER_FILE_UPDATE_FAILED);
});

it('updates with docker replacement', async () => {
const dockerfile = 'FROM bitnami/redis:6.0.8';
upgrade.manager = 'dockerfile';
Expand Down Expand Up @@ -1044,12 +1062,12 @@ describe('workers/repository/update/branch/auto-replace', () => {
FROM ubuntu:18.04
`;
upgrade.manager = 'dockerfile';
upgrade.updateType = 'replacement';
upgrade.pinDigests = true;
upgrade.depName = 'ubuntu';
upgrade.currentValue = '18.04';
upgrade.currentDigest = undefined;
upgrade.depIndex = 0;
upgrade.pinDigests = true;
upgrade.updateType = 'replacement';
upgrade.replaceString = 'ubuntu:18.04';
upgrade.newName = 'alpine';
upgrade.newValue = '3.16';
Expand All @@ -1068,12 +1086,12 @@ describe('workers/repository/update/branch/auto-replace', () => {
FROM ubuntu:18.04@sha256:q1w2e3r4t5z6u7i8o9p0
`;
upgrade.manager = 'dockerfile';
upgrade.updateType = 'replacement';
upgrade.pinDigests = true;
upgrade.depName = 'ubuntu';
upgrade.currentValue = '18.04';
upgrade.currentDigest = 'sha256:q1w2e3r4t5z6u7i8o9p0';
upgrade.depIndex = 0;
upgrade.pinDigests = true;
upgrade.updateType = 'replacement';
upgrade.replaceString = 'ubuntu:18.04@sha256:q1w2e3r4t5z6u7i8o9p0';
upgrade.newName = 'alpine';
upgrade.newValue = '3.16';
Expand All @@ -1090,6 +1108,7 @@ describe('workers/repository/update/branch/auto-replace', () => {
it('regex: updates with pinDigest enabled but no currentDigest value', async () => {
const yml = 'image: "some.url.com/my-repository:1.0"';
upgrade.manager = 'regex';
upgrade.updateType = 'replacement';
upgrade.pinDigests = true;
upgrade.depName = 'some.url.com/my-repository';
upgrade.currentValue = '1.0';
Expand All @@ -1111,6 +1130,7 @@ describe('workers/repository/update/branch/auto-replace', () => {
const yml =
'image: "some.url.com/my-repository:1.0@sha256:q1w2e3r4t5z6u7i8o9p0"';
upgrade.manager = 'regex';
upgrade.updateType = 'replacement';
upgrade.pinDigests = true;
upgrade.depName = 'some.url.com/my-repository';
upgrade.currentValue = '1.0';
Expand All @@ -1131,7 +1151,7 @@ describe('workers/repository/update/branch/auto-replace', () => {
);
});

it('github-actions: update with newValue only', async () => {
it('github-actions: updates with newValue only', async () => {
const githubAction = codeBlock`
jobs:
build:
Expand All @@ -1140,15 +1160,14 @@ describe('workers/repository/update/branch/auto-replace', () => {
- uses: actions/checkout@v1.0.0
`;
upgrade.manager = 'github-actions';
upgrade.updateType = 'replacement';
upgrade.autoReplaceStringTemplate =
'{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}';
upgrade.depName = 'actions/checkout';
upgrade.currentValue = 'v1.0.0';
upgrade.currentDigest = undefined;
upgrade.currentDigestShort = undefined;
upgrade.depIndex = 0;
upgrade.pinDigests = true;
upgrade.updateType = 'replacement';
upgrade.replaceString = 'actions/checkout@v1.0.0';
upgrade.newValue = 'v2.0.0';
upgrade.newDigest = undefined;
Expand All @@ -1169,7 +1188,7 @@ describe('workers/repository/update/branch/auto-replace', () => {
);
});

it('github-actions: update with newValue and newDigest', async () => {
it('github-actions: updates with newValue and newDigest', async () => {
const githubAction = codeBlock`
jobs:
build:
Expand All @@ -1178,15 +1197,14 @@ describe('workers/repository/update/branch/auto-replace', () => {
- uses: actions/checkout@v1.0.0
`;
upgrade.manager = 'github-actions';
upgrade.updateType = 'replacement';
upgrade.autoReplaceStringTemplate =
'{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}';
upgrade.depName = 'actions/checkout';
upgrade.currentValue = 'v1.0.0';
upgrade.currentDigest = undefined;
upgrade.currentDigestShort = undefined;
upgrade.depIndex = 0;
upgrade.pinDigests = true;
upgrade.updateType = 'replacement';
upgrade.replaceString = 'actions/checkout@v1.0.0';
upgrade.newValue = 'v2.0.0';
upgrade.newDigest = '1cf887';
Expand Down Expand Up @@ -1216,15 +1234,15 @@ describe('workers/repository/update/branch/auto-replace', () => {
- uses: actions/checkout@v1.0.0
`;
upgrade.manager = 'github-actions';
upgrade.updateType = 'replacement';
upgrade.pinDigests = true;
upgrade.autoReplaceStringTemplate =
'{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}';
upgrade.depName = 'actions/checkout';
upgrade.currentValue = 'v1.0.0';
upgrade.currentDigest = undefined;
upgrade.currentDigestShort = undefined;
upgrade.depIndex = 0;
upgrade.pinDigests = true;
upgrade.updateType = 'replacement';
upgrade.replaceString = 'actions/checkout@v1.0.0';
upgrade.newName = 'some-other-action/checkout';
upgrade.newValue = 'v2.0.0';
Expand Down Expand Up @@ -1255,14 +1273,14 @@ describe('workers/repository/update/branch/auto-replace', () => {
- uses: actions/checkout@2485f4 # tag=v1.0.0
`;
upgrade.manager = 'github-actions';
upgrade.updateType = 'replacement';
upgrade.pinDigests = true;
upgrade.autoReplaceStringTemplate =
'{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}';
upgrade.depName = 'actions/checkout';
upgrade.currentValue = 'v1.0.0';
upgrade.currentDigestShort = '2485f4';
upgrade.depIndex = 0;
upgrade.pinDigests = true;
upgrade.updateType = 'replacement';
upgrade.replaceString = 'actions/checkout@2485f4 # tag=v1.0.0';
upgrade.newName = 'some-other-action/checkout';
upgrade.newValue = 'v2.0.0';
Expand Down
57 changes: 32 additions & 25 deletions lib/workers/repository/update/branch/auto-replace.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,7 @@ export async function confirmIfDepUpdated(
upgrade: BranchUpgradeConfig,
newContent: string
): Promise<boolean> {
const {
manager,
packageFile,
newValue,
newDigest,
depIndex,
currentDigest,
pinDigests,
} = upgrade;
const { manager, packageFile, depIndex } = upgrade;
let newUpgrade: PackageDependency;
try {
const newExtract = await extractPackageFile(
Expand Down Expand Up @@ -63,35 +55,50 @@ export async function confirmIfDepUpdated(
return false;
}

if (newValue && newUpgrade.currentValue !== newValue) {
if (upgrade.newName && upgrade.newName !== newUpgrade.depName) {
logger.debug(
{
manager,
packageFile,
currentDepName: upgrade.depName,
newDepName: newUpgrade.depName,
},
'depName is not updated'
);
return false;
}

if (upgrade.newValue && upgrade.newValue !== newUpgrade.currentValue) {
logger.debug(
{
manager,
packageFile,
expectedValue: newValue,
expectedValue: upgrade.newValue,
foundValue: newUpgrade.currentValue,
},
'Value is not updated'
);
return false;
}

if (!newDigest) {
return true;
}
if (newUpgrade.currentDigest === newDigest) {
return true;
}
if (!currentDigest) {
if (!pinDigests) {
return true;
} else if (newDigest) {
return true;
}
if (
upgrade.newDigest &&
(upgrade.isPinDigest || upgrade.currentDigest) &&
upgrade.newDigest !== newUpgrade.currentDigest
) {
logger.debug(
{
manager,
packageFile,
expectedValue: upgrade.newDigest,
foundValue: newUpgrade.currentDigest,
},
'Digest is not updated'
);
return false;
}

// istanbul ignore next
return false;
return true;
}

function getDepsSignature(deps: PackageDependency[]): string {
Expand Down

0 comments on commit 923755e

Please sign in to comment.