From 8c11c1ae16bd9f07c57025d77b7ec9db31e3c8e8 Mon Sep 17 00:00:00 2001 From: Zachary Sanders Date: Wed, 26 May 2021 13:49:20 -0600 Subject: [PATCH 1/3] fix github parsing and remove docker digest filter --- dist/manager/ironbank/artifacts.js | 40 +++--- dist/manager/ironbank/artifacts.js.map | 2 +- dist/manager/ironbank/extract.js | 156 +++++++++++----------- dist/manager/ironbank/extract.js.map | 2 +- dist/manager/ironbank/update.js | 3 - dist/manager/ironbank/update.js.map | 2 +- lib/manager/ironbank/artifacts.ts | 53 ++++---- lib/manager/ironbank/extract.ts | 171 +++++++++++++------------ lib/manager/ironbank/update.ts | 4 - renovate.json | 21 +-- 10 files changed, 217 insertions(+), 237 deletions(-) diff --git a/dist/manager/ironbank/artifacts.js b/dist/manager/ironbank/artifacts.js index fac6ea5..1c4606c 100644 --- a/dist/manager/ironbank/artifacts.js +++ b/dist/manager/ironbank/artifacts.js @@ -30,34 +30,32 @@ async function updateArtifacts({ packageFileName, updatedDeps, newPackageFileCon if (!is_1.default.nonEmptyArray(updatedDeps)) { return null; } - let manifests; + let manifest; try { - manifests = js_yaml_1.default.safeLoadAll(newPackageFileContent, null, { json: true }); + manifest = js_yaml_1.default.safeLoad(newPackageFileContent, { json: true }); } catch (err) { logger_1.logger.error('Failed to parse hardening_manifest.yaml'); return null; } - for (const manifest of manifests) { - if (!(manifest && is_1.default.array(manifest.resources))) { - return null; - } - if (!((_a = manifest.resources[0].url) === null || _a === void 0 ? void 0 : _a.startsWith('helm://'))) { - return null; - } - const charts = new Map(); - for (const item of manifest.resources) { - if ((_b = item.url) === null || _b === void 0 ? void 0 : _b.startsWith('helm://')) { - charts.set(item.name, `${String('https://')}${String(item.url.substring(7))}`); - } + if (!(manifest && is_1.default.array(manifest.resources))) { + return null; + } + if (!((_a = manifest.resources[0].url) === null || _a === void 0 ? void 0 : _a.startsWith('helm://'))) { + return null; + } + const charts = new Map(); + for (const item of manifest.resources) { + if ((_b = item.url) === null || _b === void 0 ? void 0 : _b.startsWith('helm://')) { + charts.set(item.name, `${String('https://')}${String(item.url.substring(7))}`); } - for (const dep of updatedDeps) { - logger_1.logger.debug(`updatedDep(${dep})`); - if (charts.has(dep)) { - const result = await postUpgrade(charts.get(dep), upath_1.join(config.localDir, dep)); - if (!result) { - return null; - } + } + for (const dep of updatedDeps) { + logger_1.logger.debug(`updatedDep(${dep})`); + if (charts.has(dep)) { + const result = await postUpgrade(charts.get(dep), upath_1.join(config.localDir, dep)); + if (!result) { + return null; } } } diff --git a/dist/manager/ironbank/artifacts.js.map b/dist/manager/ironbank/artifacts.js.map index b99f0bd..15de2db 100644 --- a/dist/manager/ironbank/artifacts.js.map +++ b/dist/manager/ironbank/artifacts.js.map @@ -1 +1 @@ -{"version":3,"file":"artifacts.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/artifacts.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAClC,sDAA2B;AAC3B,iCAA6B;AAC7B,yCAAsC;AACtC,0CAAuC;AACvC,sCAA8C;AAC9C,wCAA+C;AAI/C,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,IAAY;IAClD,eAAM,CAAC,KAAK,CAAC,wBAAwB,GAAG,KAAK,IAAI,GAAG,CAAC,CAAC;IACtD,IAAI;QACF,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC/B,MAAM,IAAI,GAAG,cAAc,GAAG,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC;QACrD,MAAM,WAAI,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,KAAK,CAAC;KACd;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,eAAe,CAAC,EACpC,eAAe,EACf,WAAW,EACX,qBAAqB,EACrB,MAAM,GACS;;IACf,eAAM,CAAC,KAAK,CAAC,4BAA4B,eAAe,GAAG,CAAC,CAAC;IAC7D,IAAI,CAAC,YAAE,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE;QAClC,OAAO,IAAI,CAAC;KACb;IAED,IAAI,SAA8B,CAAC;IACnC,IAAI;QACF,SAAS,GAAG,iBAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;KAC3E;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;KACb;IAED,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;QAChC,IAAI,CAAC,CAAC,QAAQ,IAAI,YAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE;YAC/C,OAAO,IAAI,CAAC;SACb;QAED,IAAI,CAAC,CAAA,MAAA,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,0CAAE,UAAU,CAAC,SAAS,CAAC,CAAA,EAAE;YACrD,OAAO,IAAI,CAAC;SACb;QAED,MAAM,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE;YACrC,IAAI,MAAA,IAAI,CAAC,GAAG,0CAAE,UAAU,CAAC,SAAS,CAAC,EAAE;gBACnC,MAAM,CAAC,GAAG,CACR,IAAI,CAAC,IAAI,EACT,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CACxD,CAAC;aACH;SACF;QAED,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE;YAC7B,eAAM,CAAC,KAAK,CAAC,cAAc,GAAG,GAAG,CAAC,CAAC;YACnC,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBACnB,MAAM,MAAM,GAAG,MAAM,WAAW,CAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EACf,YAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAC3B,CAAC;gBACF,IAAI,CAAC,MAAM,EAAE;oBACX,OAAO,IAAI,CAAC;iBACb;aACF;SACF;KACF;IAED,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,MAAM,MAAM,GAAG,MAAM,mBAAa,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QACxD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE;gBACJ,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM,kBAAa,CAAC,CAAC,CAAC;aACjC;SACF,CAAC,CAAC;KACJ;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,EAAE;QACpC,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE;gBACJ,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,CAAC;aACZ;SACF,CAAC,CAAC;KACJ;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AA1ED,0CA0EC","sourcesContent":["import is from '@sindresorhus/is';\nimport yaml from 'js-yaml';\nimport { join } from 'upath';\nimport { logger } from '../../logger';\nimport { exec } from '../../util/exec';\nimport { readLocalFile } from '../../util/fs';\nimport { getRepoStatus } from '../../util/git';\nimport { UpdateArtifact, UpdateArtifactsResult } from '../types';\nimport { HardeningManifest } from './extract';\n\nasync function postUpgrade(url: string, path: string): Promise {\n logger.debug(`ironbank.postUpgrade(${url}, ${path})`);\n try {\n const cmd = 'ironbank-helm.sh';\n const args = '--directory ' + path + ' --url ' + url;\n await exec(`${cmd} ${args}`);\n } catch (err) {\n logger.error(err);\n return false;\n }\n return true;\n}\n\nexport async function updateArtifacts({\n packageFileName,\n updatedDeps,\n newPackageFileContent,\n config,\n}: UpdateArtifact): Promise {\n logger.debug(`ironbank.updateArtifacts(${packageFileName})`);\n if (!is.nonEmptyArray(updatedDeps)) {\n return null;\n }\n\n let manifests: HardeningManifest[];\n try {\n manifests = yaml.safeLoadAll(newPackageFileContent, null, { json: true });\n } catch (err) {\n logger.error('Failed to parse hardening_manifest.yaml');\n return null;\n }\n\n for (const manifest of manifests) {\n if (!(manifest && is.array(manifest.resources))) {\n return null;\n }\n\n if (!manifest.resources[0].url?.startsWith('helm://')) {\n return null;\n }\n\n const charts = new Map();\n for (const item of manifest.resources) {\n if (item.url?.startsWith('helm://')) {\n charts.set(\n item.name,\n `${String('https://')}${String(item.url.substring(7))}`\n );\n }\n }\n\n for (const dep of updatedDeps) {\n logger.debug(`updatedDep(${dep})`);\n if (charts.has(dep)) {\n const result = await postUpgrade(\n charts.get(dep),\n join(config.localDir, dep)\n );\n if (!result) {\n return null;\n }\n }\n }\n }\n\n const res = [];\n const status = await getRepoStatus();\n\n for (const f of status.modified.concat(status.not_added)) {\n res.push({\n file: {\n name: f,\n contents: await readLocalFile(f),\n },\n });\n }\n\n for (const f of status.deleted || []) {\n res.push({\n file: {\n name: '|delete|',\n contents: f,\n },\n });\n }\n\n return res;\n}\n"]} \ No newline at end of file +{"version":3,"file":"artifacts.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/artifacts.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAClC,sDAA2B;AAC3B,iCAA6B;AAC7B,yCAAsC;AACtC,0CAAuC;AACvC,sCAA8C;AAC9C,wCAA+C;AAI/C,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,IAAY;IAClD,eAAM,CAAC,KAAK,CAAC,wBAAwB,GAAG,KAAK,IAAI,GAAG,CAAC,CAAC;IACtD,IAAI;QACF,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC/B,MAAM,IAAI,GAAG,cAAc,GAAG,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC;QACrD,MAAM,WAAI,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,KAAK,CAAC;KACd;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,eAAe,CAAC,EACpC,eAAe,EACf,WAAW,EACX,qBAAqB,EACrB,MAAM,GACS;;IACf,eAAM,CAAC,KAAK,CAAC,4BAA4B,eAAe,GAAG,CAAC,CAAC;IAC7D,IAAI,CAAC,YAAE,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE;QAClC,OAAO,IAAI,CAAC;KACb;IAED,IAAI,QAA2B,CAAC;IAChC,IAAI;QACF,QAAQ,GAAG,iBAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAsB,CAAC;KACtF;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;KACb;IAED,IAAI,CAAC,CAAC,QAAQ,IAAI,YAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE;QAC/C,OAAO,IAAI,CAAC;KACb;IAED,IAAI,CAAC,CAAA,MAAA,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,0CAAE,UAAU,CAAC,SAAS,CAAC,CAAA,EAAE;QACrD,OAAO,IAAI,CAAC;KACb;IAED,MAAM,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;IACzB,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE;QACrC,IAAI,MAAA,IAAI,CAAC,GAAG,0CAAE,UAAU,CAAC,SAAS,CAAC,EAAE;YACnC,MAAM,CAAC,GAAG,CACR,IAAI,CAAC,IAAI,EACT,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CACxD,CAAC;SACH;KACF;IAED,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE;QAC7B,eAAM,CAAC,KAAK,CAAC,cAAc,GAAG,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACnB,MAAM,MAAM,GAAG,MAAM,WAAW,CAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EACf,YAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAC3B,CAAC;YACF,IAAI,CAAC,MAAM,EAAE;gBACX,OAAO,IAAI,CAAC;aACb;SACF;KACF;IAGD,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,MAAM,MAAM,GAAG,MAAM,mBAAa,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QACxD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE;gBACJ,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM,kBAAa,CAAC,CAAC,CAAC;aACjC;SACF,CAAC,CAAC;KACJ;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,EAAE;QACpC,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE;gBACJ,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,CAAC;aACZ;SACF,CAAC,CAAC;KACJ;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAzED,0CAyEC","sourcesContent":["import is from '@sindresorhus/is';\nimport yaml from 'js-yaml';\nimport { join } from 'upath';\nimport { logger } from '../../logger';\nimport { exec } from '../../util/exec';\nimport { readLocalFile } from '../../util/fs';\nimport { getRepoStatus } from '../../util/git';\nimport { UpdateArtifact, UpdateArtifactsResult } from '../types';\nimport { HardeningManifest } from './extract';\n\nasync function postUpgrade(url: string, path: string): Promise {\n logger.debug(`ironbank.postUpgrade(${url}, ${path})`);\n try {\n const cmd = 'ironbank-helm.sh';\n const args = '--directory ' + path + ' --url ' + url;\n await exec(`${cmd} ${args}`);\n } catch (err) {\n logger.error(err);\n return false;\n }\n return true;\n}\n\nexport async function updateArtifacts({\n packageFileName,\n updatedDeps,\n newPackageFileContent,\n config,\n}: UpdateArtifact): Promise {\n logger.debug(`ironbank.updateArtifacts(${packageFileName})`);\n if (!is.nonEmptyArray(updatedDeps)) {\n return null;\n }\n\n let manifest: HardeningManifest;\n try {\n manifest = yaml.safeLoad(newPackageFileContent, { json: true }) as HardeningManifest;\n } catch (err) {\n logger.error('Failed to parse hardening_manifest.yaml');\n return null;\n }\n\n if (!(manifest && is.array(manifest.resources))) {\n return null;\n }\n\n if (!manifest.resources[0].url?.startsWith('helm://')) {\n return null;\n }\n\n const charts = new Map();\n for (const item of manifest.resources) {\n if (item.url?.startsWith('helm://')) {\n charts.set(\n item.name,\n `${String('https://')}${String(item.url.substring(7))}`\n );\n }\n }\n\n for (const dep of updatedDeps) {\n logger.debug(`updatedDep(${dep})`);\n if (charts.has(dep)) {\n const result = await postUpgrade(\n charts.get(dep),\n join(config.localDir, dep)\n );\n if (!result) {\n return null;\n }\n }\n }\n\n\n const res = [];\n const status = await getRepoStatus();\n\n for (const f of status.modified.concat(status.not_added)) {\n res.push({\n file: {\n name: f,\n contents: await readLocalFile(f),\n },\n });\n }\n\n for (const f of status.deleted || []) {\n res.push({\n file: {\n name: '|delete|',\n contents: f,\n },\n });\n }\n\n return res;\n}\n"]} \ No newline at end of file diff --git a/dist/manager/ironbank/extract.js b/dist/manager/ironbank/extract.js index 3c494a7..c05a74f 100644 --- a/dist/manager/ironbank/extract.js +++ b/dist/manager/ironbank/extract.js @@ -59,7 +59,12 @@ function parseUrl(urlString) { currentValue = path[4]; } if (path[2] === 'archive') { - currentValue = path[3].replace(/\.tar\.gz$/, ''); + if (path[3] === 'refs') { + currentValue = path[5].replace(/\.tar\.gz$/, ''); + } + else { + currentValue = path[3].replace(/\.tar\.gz$/, ''); + } } if (currentValue) { return { repo, currentValue }; @@ -69,91 +74,90 @@ function parseUrl(urlString) { } function extractPackageFile(content) { const deps = []; - let manifests; + // let man: HardeningManifest; + let manifest; try { - manifests = js_yaml_1.default.safeLoadAll(content, null, { json: true }); + manifest = js_yaml_1.default.safeLoad(content, { json: true }); } catch (err) { logger_1.logger.debug('Failed to parse hardening_manifest.yaml'); return null; } - for (const manifest of manifests) { - if (!(manifest && is_1.default.array(manifest.resources))) { - logger_1.logger.debug('hardening_manifest.yaml has no dependencies'); - return null; - } - for (const item of manifest.resources) { - const dep = { managerData: { item } }; - if (item.url) { - // docker - if (item.url.startsWith('docker://')) { - const currentDigest = item.url.split('@')[1]; - const [lookupName, currentValue] = item.tag.split(':'); - dep.depType = 'ironbank-docker'; - dep.depName = lookupName; - dep.datasource = datasourceDocker.id; - dep.versioning = dockerVersioning.id; - dep.lookupName = lookupName; - dep.currentDigest = currentDigest; - dep.currentValue = currentValue; + if (!(manifest && is_1.default.array(manifest.resources))) { + logger_1.logger.debug('hardening_manifest.yaml has no dependencies'); + return null; + } + for (const item of manifest.resources) { + const dep = { managerData: { item } }; + if (item.url) { + // docker + if (item.url.startsWith('docker://')) { + const currentDigest = item.url.split('@')[1]; + const [lookupName, currentValue] = item.tag.split(':'); + dep.depType = 'ironbank-docker'; + dep.depName = lookupName; + dep.datasource = datasourceDocker.id; + dep.versioning = dockerVersioning.id; + dep.lookupName = lookupName; + dep.currentDigest = currentDigest; + dep.currentValue = currentValue; + deps.push(dep); + } + // github-releases + else if (item.url.startsWith('https://github.com')) { + const parsedUrl = parseUrl(item.url); + dep.depType = 'ironbank-github'; + dep.depName = parsedUrl.repo; + dep.repo = parsedUrl.repo; + dep.currentValue = parsedUrl.currentValue; + dep.datasource = getDatasourceId(dep.repo, item.url); + dep.lookupName = dep.repo; + deps.push(dep); + } + // helm + else if (item.url.startsWith('helm://')) { + const regex = new RegExp('helm://(?.*/)(?.*?)-(?.*?).tgz'); + const groups = regex.exec(item.url).groups; + if ((groups === null || groups === void 0 ? void 0 : groups.registryUrl) && groups.lookupName && groups.currentValue) { + logger_1.logger.info(groups.registryUrl); + dep.depType = 'ironbank-helm'; + dep.depName = item.name; + dep.datasource = datasourceHelm.id; + dep.registryUrls = [ + `${String('https://')}${String(groups.registryUrl)}`, + ]; + dep.lookupName = groups.lookupName; + dep.currentValue = groups.currentValue; deps.push(dep); } - // github-releases - else if (item.url.startsWith('https://github.com')) { - const parsedUrl = parseUrl(item.url); - dep.depType = 'ironbank-github'; - dep.depName = parsedUrl.repo; - dep.repo = parsedUrl.repo; - dep.currentValue = parsedUrl.currentValue; - dep.datasource = getDatasourceId(dep.repo, item.url); - dep.lookupName = dep.repo; + } + // rubygems + else if (item.url.startsWith('https://rubygems.org')) { + const regex = new RegExp('https://(?.*)/(.*/)(?.*-?)-(?.*?).gem'); + const groups = regex.exec(item.url).groups; + if ((groups === null || groups === void 0 ? void 0 : groups.registryUrl) && groups.lookupName && groups.currentValue) { + dep.depType = 'ironbank-rubygems'; + dep.depName = groups.lookupName; + dep.lookupName = groups.lookupName; + dep.datasource = datasourceRubyGems.id; + dep.currentValue = groups.currentValue; + dep.registryUrls = [ + `${String('https://')}${String(groups.registryUrl)}`, + ]; deps.push(dep); } - // helm - else if (item.url.startsWith('helm://')) { - const regex = new RegExp('helm://(?.*/)(?.*?)-(?.*?).tgz'); - const groups = regex.exec(item.url).groups; - if ((groups === null || groups === void 0 ? void 0 : groups.registryUrl) && groups.lookupName && groups.currentValue) { - logger_1.logger.info(groups.registryUrl); - dep.depType = 'ironbank-helm'; - dep.depName = item.name; - dep.datasource = datasourceHelm.id; - dep.registryUrls = [ - `${String('https://')}${String(groups.registryUrl)}`, - ]; - dep.lookupName = groups.lookupName; - dep.currentValue = groups.currentValue; - deps.push(dep); - } - } - // rubygems - else if (item.url.startsWith('https://rubygems.org')) { - const regex = new RegExp('https://(?.*)/(.*/)(?.*-?)-(?.*?).gem'); - const groups = regex.exec(item.url).groups; - if ((groups === null || groups === void 0 ? void 0 : groups.registryUrl) && groups.lookupName && groups.currentValue) { - dep.depType = 'ironbank-rubygems'; - dep.depName = groups.lookupName; - dep.lookupName = groups.lookupName; - dep.datasource = datasourceRubyGems.id; - dep.currentValue = groups.currentValue; - dep.registryUrls = [ - `${String('https://')}${String(groups.registryUrl)}`, - ]; - deps.push(dep); - } - } - else if (item.url.startsWith('https://files.pythonhosted.org')) { - const regex = new RegExp('https://(.*)/(.*)/(.*)/(.*)/(.*)/(?.*?)-(?.*?)-(.*)'); - const group = regex.exec(item.url).groups; - if (group.lookupName && group.version) { - dep.depType = 'ironbank-pypi'; - dep.currentDigest = item.validation.value; - dep.currentValue = group.version; - dep.depName = group.lookupName; - dep.datasource = datasourcePypi.id; - dep.lookupName = group.lookupName; - deps.push(dep); - } + } + else if (item.url.startsWith('https://files.pythonhosted.org')) { + const regex = new RegExp('https://(.*)/(.*)/(.*)/(.*)/(.*)/(?.*?)-(?.*?)-(.*)'); + const group = regex.exec(item.url).groups; + if (group.lookupName && group.version) { + dep.depType = 'ironbank-pypi'; + dep.currentDigest = item.validation.value; + dep.currentValue = group.version; + dep.depName = group.lookupName; + dep.datasource = datasourcePypi.id; + dep.lookupName = group.lookupName; + deps.push(dep); } } } diff --git a/dist/manager/ironbank/extract.js.map b/dist/manager/ironbank/extract.js.map index c9dc820..b27d4d4 100644 --- a/dist/manager/ironbank/extract.js.map +++ b/dist/manager/ironbank/extract.js.map @@ -1 +1 @@ -{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/extract.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAAsC;AACtC,0DAAkC;AAClC,sDAA2B;AAC3B,0EAA4D;AAC5D,2FAA6E;AAC7E,mFAAqE;AACrE,sEAAwD;AACxD,sEAAwD;AACxD,8EAAgE;AAChE,yCAAsC;AACtC,0EAA4D;AAuD5D,SAAS,eAAe,CAAC,UAAkB,EAAE,GAAW;IACtD,IAAI,UAAU,KAAK,eAAe,EAAE;QAClC,OAAO,oBAAoB,CAAC,EAAE,CAAC;KAChC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC3B,OAAO,oBAAoB,CAAC,EAAE,CAAC;KAChC;IAED,OAAO,wBAAwB,CAAC,EAAE,CAAC;AACrC,CAAC;AAED,SAAS,QAAQ,CAAC,SAAiB;IACjC,qBAAqB;IACrB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,IAAI,CAAC;KACb;IACD,MAAM,GAAG,GAAG,WAAM,CAAC,SAAS,CAAC,CAAC;IAC9B,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;QAC7B,OAAO,IAAI,CAAC;KACb;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,YAAY,GAAW,IAAI,CAAC;IAChC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;QACpD,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;KACxB;IACD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE;QACzB,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;KAClD;IACD,IAAI,YAAY,EAAE;QAChB,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;KAC/B;IACD,uBAAuB;IACvB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe;IAChD,MAAM,IAAI,GAAwB,EAAE,CAAC;IACrC,IAAI,SAA8B,CAAC;IAEnC,IAAI;QACF,SAAS,GAAG,iBAAI,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;KAC7D;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;KACb;IAED,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;QAChC,IAAI,CAAC,CAAC,QAAQ,IAAI,YAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE;YAC/C,eAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;SACb;QAED,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE;YACrC,MAAM,GAAG,GAAsB,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,GAAG,EAAE;gBACZ,SAAS;gBACT,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;oBACpC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC7C,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACvD,GAAG,CAAC,OAAO,GAAG,iBAAiB,CAAC;oBAChC,GAAG,CAAC,OAAO,GAAG,UAAU,CAAC;oBACzB,GAAG,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;oBACrC,GAAG,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;oBACrC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC;oBAC5B,GAAG,CAAC,aAAa,GAAG,aAAa,CAAC;oBAClC,GAAG,CAAC,YAAY,GAAG,YAAY,CAAC;oBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAChB;gBACD,kBAAkB;qBACb,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE;oBAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACrC,GAAG,CAAC,OAAO,GAAG,iBAAiB,CAAC;oBAChC,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC;oBAC7B,GAAG,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;oBAC1B,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC;oBAC1C,GAAG,CAAC,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;oBACrD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAChB;gBACD,OAAO;qBACF,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;oBACvC,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,uEAAuE,CACxE,CAAC;oBACF,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;oBAC3C,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,WAAW,KAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,EAAE;wBACnE,eAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;wBAChC,GAAG,CAAC,OAAO,GAAG,eAAe,CAAC;wBAC9B,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC;wBACxB,GAAG,CAAC,UAAU,GAAG,cAAc,CAAC,EAAE,CAAC;wBACnC,GAAG,CAAC,YAAY,GAAG;4BACjB,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE;yBACrD,CAAC;wBACF,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;wBACnC,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;wBACvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAChB;iBACF;gBACD,WAAW;qBACN,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE;oBACpD,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,8EAA8E,CAC/E,CAAC;oBACF,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;oBAC3C,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,WAAW,KAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,EAAE;wBACnE,GAAG,CAAC,OAAO,GAAG,mBAAmB,CAAC;wBAClC,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC;wBAChC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;wBACnC,GAAG,CAAC,UAAU,GAAG,kBAAkB,CAAC,EAAE,CAAC;wBACvC,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;wBACvC,GAAG,CAAC,YAAY,GAAG;4BACjB,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE;yBACrD,CAAC;wBACF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAChB;iBACF;qBAAM,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,gCAAgC,CAAC,EAAE;oBAChE,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,0EAA0E,CAC3E,CAAC;oBACF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;oBAE1C,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,EAAE;wBACrC,GAAG,CAAC,OAAO,GAAG,eAAe,CAAC;wBAC9B,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;wBAC1C,GAAG,CAAC,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;wBACjC,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,UAAU,CAAC;wBAC/B,GAAG,CAAC,UAAU,GAAG,cAAc,CAAC,EAAE,CAAC;wBACnC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;wBAElC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAChB;iBACF;aACF;SACF;KACF;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;QAChB,OAAO,IAAI,CAAC;KACb;IACD,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAzGD,gDAyGC","sourcesContent":["import { parse as _parse } from 'url';\nimport is from '@sindresorhus/is';\nimport yaml from 'js-yaml';\nimport * as datasourceDocker from '../../datasource/docker';\nimport * as datasourceGithubReleases from '../../datasource/github-releases';\nimport * as datasourceGithubTags from '../../datasource/github-tags';\nimport * as datasourceHelm from '../../datasource/helm';\nimport * as datasourcePypi from '../../datasource/pypi';\nimport * as datasourceRubyGems from '../../datasource/rubygems';\nimport { logger } from '../../logger';\nimport * as dockerVersioning from '../../versioning/docker';\nimport { PackageDependency, PackageFile } from '../types';\n\nexport interface HardeningManifest {\n apiVersion: string;\n name: string;\n tags: string[];\n args: Args;\n labels: Labels;\n resources: Resource[];\n maintainers: Maintainer[];\n}\n\nexport interface Args {\n BASE_IMAGE: string;\n BASE_TAG: string;\n}\n\nexport interface Labels {\n 'org.opencontainers.image.title': string;\n 'org.opencontainers.image.description': string;\n 'org.opencontainers.image.licenses': string;\n 'org.opencontainers.image.url': string;\n 'org.opencontainers.image.vendor': string;\n 'org.opencontainers.image.version': string;\n 'mil.dso.ironbank.image.keywords': string;\n 'mil.dso.ironbank.image.type': string;\n 'mil.dso.ironbank.product.name': string;\n}\n\nexport interface Maintainer {\n name: string;\n username: string;\n email: string;\n cht_member: boolean;\n}\n\nexport interface Resource {\n tag?: string;\n url: string;\n name?: string;\n filename?: string;\n validation?: Validation;\n}\n\nexport interface Validation {\n type: string;\n value: string;\n}\n\ninterface UrlParsedResult {\n repo: string;\n currentValue: string;\n}\n\nfunction getDatasourceId(lookupName: string, url: string): string {\n if (lookupName === 'antirez/redis') {\n return datasourceGithubTags.id;\n }\n if (url.includes('archive')) {\n return datasourceGithubTags.id;\n }\n\n return datasourceGithubReleases.id;\n}\n\nfunction parseUrl(urlString: string): UrlParsedResult | null {\n // istanbul ignore if\n if (!urlString) {\n return null;\n }\n const url = _parse(urlString);\n if (url.host !== 'github.com') {\n return null;\n }\n const path = url.path.split('/').slice(1);\n const repo = path[0] + '/' + path[1];\n let currentValue: string = null;\n if (path[2] === 'releases' && path[3] === 'download') {\n currentValue = path[4];\n }\n if (path[2] === 'archive') {\n currentValue = path[3].replace(/\\.tar\\.gz$/, '');\n }\n if (currentValue) {\n return { repo, currentValue };\n }\n // istanbul ignore next\n return null;\n}\n\nexport function extractPackageFile(content: string): PackageFile {\n const deps: PackageDependency[] = [];\n let manifests: HardeningManifest[];\n\n try {\n manifests = yaml.safeLoadAll(content, null, { json: true });\n } catch (err) {\n logger.debug('Failed to parse hardening_manifest.yaml');\n return null;\n }\n\n for (const manifest of manifests) {\n if (!(manifest && is.array(manifest.resources))) {\n logger.debug('hardening_manifest.yaml has no dependencies');\n return null;\n }\n\n for (const item of manifest.resources) {\n const dep: PackageDependency = { managerData: { item } };\n if (item.url) {\n // docker\n if (item.url.startsWith('docker://')) {\n const currentDigest = item.url.split('@')[1];\n const [lookupName, currentValue] = item.tag.split(':');\n dep.depType = 'ironbank-docker';\n dep.depName = lookupName;\n dep.datasource = datasourceDocker.id;\n dep.versioning = dockerVersioning.id;\n dep.lookupName = lookupName;\n dep.currentDigest = currentDigest;\n dep.currentValue = currentValue;\n deps.push(dep);\n }\n // github-releases\n else if (item.url.startsWith('https://github.com')) {\n const parsedUrl = parseUrl(item.url);\n dep.depType = 'ironbank-github';\n dep.depName = parsedUrl.repo;\n dep.repo = parsedUrl.repo;\n dep.currentValue = parsedUrl.currentValue;\n dep.datasource = getDatasourceId(dep.repo, item.url);\n dep.lookupName = dep.repo;\n deps.push(dep);\n }\n // helm\n else if (item.url.startsWith('helm://')) {\n const regex = new RegExp(\n 'helm://(?.*/)(?.*?)-(?.*?).tgz'\n );\n const groups = regex.exec(item.url).groups;\n if (groups?.registryUrl && groups.lookupName && groups.currentValue) {\n logger.info(groups.registryUrl);\n dep.depType = 'ironbank-helm';\n dep.depName = item.name;\n dep.datasource = datasourceHelm.id;\n dep.registryUrls = [\n `${String('https://')}${String(groups.registryUrl)}`,\n ];\n dep.lookupName = groups.lookupName;\n dep.currentValue = groups.currentValue;\n deps.push(dep);\n }\n }\n // rubygems\n else if (item.url.startsWith('https://rubygems.org')) {\n const regex = new RegExp(\n 'https://(?.*)/(.*/)(?.*-?)-(?.*?).gem'\n );\n const groups = regex.exec(item.url).groups;\n if (groups?.registryUrl && groups.lookupName && groups.currentValue) {\n dep.depType = 'ironbank-rubygems';\n dep.depName = groups.lookupName;\n dep.lookupName = groups.lookupName;\n dep.datasource = datasourceRubyGems.id;\n dep.currentValue = groups.currentValue;\n dep.registryUrls = [\n `${String('https://')}${String(groups.registryUrl)}`,\n ];\n deps.push(dep);\n }\n } else if (item.url.startsWith('https://files.pythonhosted.org')) {\n const regex = new RegExp(\n 'https://(.*)/(.*)/(.*)/(.*)/(.*)/(?.*?)-(?.*?)-(.*)'\n );\n const group = regex.exec(item.url).groups;\n\n if (group.lookupName && group.version) {\n dep.depType = 'ironbank-pypi';\n dep.currentDigest = item.validation.value;\n dep.currentValue = group.version;\n dep.depName = group.lookupName;\n dep.datasource = datasourcePypi.id;\n dep.lookupName = group.lookupName;\n\n deps.push(dep);\n }\n }\n }\n }\n }\n\n if (!deps.length) {\n return null;\n }\n return { deps };\n}\n"]} \ No newline at end of file +{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/extract.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6BAAsC;AACtC,0DAAkC;AAClC,sDAA2B;AAC3B,0EAA4D;AAC5D,2FAA6E;AAC7E,mFAAqE;AACrE,sEAAwD;AACxD,sEAAwD;AACxD,8EAAgE;AAChE,yCAAsC;AACtC,0EAA4D;AAuD5D,SAAS,eAAe,CAAC,UAAkB,EAAE,GAAW;IACtD,IAAI,UAAU,KAAK,eAAe,EAAE;QAClC,OAAO,oBAAoB,CAAC,EAAE,CAAC;KAChC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC3B,OAAO,oBAAoB,CAAC,EAAE,CAAC;KAChC;IAED,OAAO,wBAAwB,CAAC,EAAE,CAAC;AACrC,CAAC;AAED,SAAS,QAAQ,CAAC,SAAiB;IACjC,qBAAqB;IACrB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,IAAI,CAAC;KACb;IACD,MAAM,GAAG,GAAG,WAAM,CAAC,SAAS,CAAC,CAAC;IAC9B,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;QAC7B,OAAO,IAAI,CAAC;KACb;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,YAAY,GAAW,IAAI,CAAC;IAChC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;QACpD,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;KACxB;IACD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE;QACzB,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE;YACtB,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAA;SACjD;aAAM;YACL,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;SAClD;KACF;IACD,IAAI,YAAY,EAAE;QAChB,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;KAC/B;IACD,uBAAuB;IACvB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe;IAChD,MAAM,IAAI,GAAwB,EAAE,CAAC;IACrC,8BAA8B;IAE9B,IAAI,QAA2B,CAAC;IAEhC,IAAI;QACF,QAAQ,GAAG,iBAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAC,CAAuB,CAAA;KACvE;IAAC,OAAO,GAAG,EAAE;QACZ,eAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;KACb;IAED,IAAI,CAAC,CAAC,QAAQ,IAAI,YAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE;QAC/C,eAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC;KACb;IAED,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE;QACrC,MAAM,GAAG,GAAsB,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC;QACzD,IAAI,IAAI,CAAC,GAAG,EAAE;YACZ,SAAS;YACT,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;gBACpC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC7C,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvD,GAAG,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAChC,GAAG,CAAC,OAAO,GAAG,UAAU,CAAC;gBACzB,GAAG,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC;gBAC5B,GAAG,CAAC,aAAa,GAAG,aAAa,CAAC;gBAClC,GAAG,CAAC,YAAY,GAAG,YAAY,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aAChB;YACD,kBAAkB;iBACb,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE;gBAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrC,GAAG,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAChC,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC;gBAC7B,GAAG,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;gBAC1B,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC;gBAC1C,GAAG,CAAC,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aAChB;YACD,OAAO;iBACF,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;gBACvC,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,uEAAuE,CACxE,CAAC;gBACF,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;gBAC3C,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,WAAW,KAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,EAAE;oBACnE,eAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;oBAChC,GAAG,CAAC,OAAO,GAAG,eAAe,CAAC;oBAC9B,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC;oBACxB,GAAG,CAAC,UAAU,GAAG,cAAc,CAAC,EAAE,CAAC;oBACnC,GAAG,CAAC,YAAY,GAAG;wBACjB,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE;qBACrD,CAAC;oBACF,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;oBACnC,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;oBACvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAChB;aACF;YACD,WAAW;iBACN,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE;gBACpD,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,8EAA8E,CAC/E,CAAC;gBACF,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;gBAC3C,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,WAAW,KAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,EAAE;oBACnE,GAAG,CAAC,OAAO,GAAG,mBAAmB,CAAC;oBAClC,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC;oBAChC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;oBACnC,GAAG,CAAC,UAAU,GAAG,kBAAkB,CAAC,EAAE,CAAC;oBACvC,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;oBACvC,GAAG,CAAC,YAAY,GAAG;wBACjB,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE;qBACrD,CAAC;oBACF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAChB;aACF;iBAAM,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,gCAAgC,CAAC,EAAE;gBAChE,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,0EAA0E,CAC3E,CAAC;gBACF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;gBAE1C,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,EAAE;oBACrC,GAAG,CAAC,OAAO,GAAG,eAAe,CAAC;oBAC9B,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;oBAC1C,GAAG,CAAC,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;oBACjC,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,UAAU,CAAC;oBAC/B,GAAG,CAAC,UAAU,GAAG,cAAc,CAAC,EAAE,CAAC;oBACnC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;oBAElC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAChB;aACF;SACF;KACF;IAGD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;QAChB,OAAO,IAAI,CAAC;KACb;IACD,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AA1GD,gDA0GC","sourcesContent":["import { parse as _parse } from 'url';\nimport is from '@sindresorhus/is';\nimport yaml from 'js-yaml';\nimport * as datasourceDocker from '../../datasource/docker';\nimport * as datasourceGithubReleases from '../../datasource/github-releases';\nimport * as datasourceGithubTags from '../../datasource/github-tags';\nimport * as datasourceHelm from '../../datasource/helm';\nimport * as datasourcePypi from '../../datasource/pypi';\nimport * as datasourceRubyGems from '../../datasource/rubygems';\nimport { logger } from '../../logger';\nimport * as dockerVersioning from '../../versioning/docker';\nimport { PackageDependency, PackageFile } from '../types';\n\nexport interface HardeningManifest {\n apiVersion: string;\n name: string;\n tags: string[];\n args: Args;\n labels: Labels;\n resources: Resource[];\n maintainers: Maintainer[];\n}\n\nexport interface Args {\n BASE_IMAGE: string;\n BASE_TAG: string;\n}\n\nexport interface Labels {\n 'org.opencontainers.image.title': string;\n 'org.opencontainers.image.description': string;\n 'org.opencontainers.image.licenses': string;\n 'org.opencontainers.image.url': string;\n 'org.opencontainers.image.vendor': string;\n 'org.opencontainers.image.version': string;\n 'mil.dso.ironbank.image.keywords': string;\n 'mil.dso.ironbank.image.type': string;\n 'mil.dso.ironbank.product.name': string;\n}\n\nexport interface Maintainer {\n name: string;\n username: string;\n email: string;\n cht_member: boolean;\n}\n\nexport interface Resource {\n tag?: string;\n url: string;\n name?: string;\n filename?: string;\n validation?: Validation;\n}\n\nexport interface Validation {\n type: string;\n value: string;\n}\n\ninterface UrlParsedResult {\n repo: string;\n currentValue: string;\n}\n\nfunction getDatasourceId(lookupName: string, url: string): string {\n if (lookupName === 'antirez/redis') {\n return datasourceGithubTags.id;\n }\n if (url.includes('archive')) {\n return datasourceGithubTags.id;\n }\n\n return datasourceGithubReleases.id;\n}\n\nfunction parseUrl(urlString: string): UrlParsedResult | null {\n // istanbul ignore if\n if (!urlString) {\n return null;\n }\n const url = _parse(urlString);\n if (url.host !== 'github.com') {\n return null;\n }\n const path = url.path.split('/').slice(1);\n const repo = path[0] + '/' + path[1];\n let currentValue: string = null;\n if (path[2] === 'releases' && path[3] === 'download') {\n currentValue = path[4];\n }\n if (path[2] === 'archive') {\n if (path[3] === 'refs') {\n currentValue = path[5].replace(/\\.tar\\.gz$/, '')\n } else {\n currentValue = path[3].replace(/\\.tar\\.gz$/, '');\n }\n }\n if (currentValue) {\n return { repo, currentValue };\n }\n // istanbul ignore next\n return null;\n}\n\nexport function extractPackageFile(content: string): PackageFile {\n const deps: PackageDependency[] = [];\n // let man: HardeningManifest;\n\n let manifest: HardeningManifest;\n\n try {\n manifest = yaml.safeLoad(content, { json: true} ) as HardeningManifest\n } catch (err) {\n logger.debug('Failed to parse hardening_manifest.yaml');\n return null;\n }\n\n if (!(manifest && is.array(manifest.resources))) {\n logger.debug('hardening_manifest.yaml has no dependencies');\n return null;\n }\n\n for (const item of manifest.resources) {\n const dep: PackageDependency = { managerData: { item } };\n if (item.url) {\n // docker\n if (item.url.startsWith('docker://')) {\n const currentDigest = item.url.split('@')[1];\n const [lookupName, currentValue] = item.tag.split(':');\n dep.depType = 'ironbank-docker';\n dep.depName = lookupName;\n dep.datasource = datasourceDocker.id;\n dep.versioning = dockerVersioning.id;\n dep.lookupName = lookupName;\n dep.currentDigest = currentDigest;\n dep.currentValue = currentValue;\n deps.push(dep);\n }\n // github-releases\n else if (item.url.startsWith('https://github.com')) {\n const parsedUrl = parseUrl(item.url);\n dep.depType = 'ironbank-github';\n dep.depName = parsedUrl.repo;\n dep.repo = parsedUrl.repo;\n dep.currentValue = parsedUrl.currentValue;\n dep.datasource = getDatasourceId(dep.repo, item.url);\n dep.lookupName = dep.repo;\n deps.push(dep);\n }\n // helm\n else if (item.url.startsWith('helm://')) {\n const regex = new RegExp(\n 'helm://(?.*/)(?.*?)-(?.*?).tgz'\n );\n const groups = regex.exec(item.url).groups;\n if (groups?.registryUrl && groups.lookupName && groups.currentValue) {\n logger.info(groups.registryUrl);\n dep.depType = 'ironbank-helm';\n dep.depName = item.name;\n dep.datasource = datasourceHelm.id;\n dep.registryUrls = [\n `${String('https://')}${String(groups.registryUrl)}`,\n ];\n dep.lookupName = groups.lookupName;\n dep.currentValue = groups.currentValue;\n deps.push(dep);\n }\n }\n // rubygems\n else if (item.url.startsWith('https://rubygems.org')) {\n const regex = new RegExp(\n 'https://(?.*)/(.*/)(?.*-?)-(?.*?).gem'\n );\n const groups = regex.exec(item.url).groups;\n if (groups?.registryUrl && groups.lookupName && groups.currentValue) {\n dep.depType = 'ironbank-rubygems';\n dep.depName = groups.lookupName;\n dep.lookupName = groups.lookupName;\n dep.datasource = datasourceRubyGems.id;\n dep.currentValue = groups.currentValue;\n dep.registryUrls = [\n `${String('https://')}${String(groups.registryUrl)}`,\n ];\n deps.push(dep);\n }\n } else if (item.url.startsWith('https://files.pythonhosted.org')) {\n const regex = new RegExp(\n 'https://(.*)/(.*)/(.*)/(.*)/(.*)/(?.*?)-(?.*?)-(.*)'\n );\n const group = regex.exec(item.url).groups;\n\n if (group.lookupName && group.version) {\n dep.depType = 'ironbank-pypi';\n dep.currentDigest = item.validation.value;\n dep.currentValue = group.version;\n dep.depName = group.lookupName;\n dep.datasource = datasourcePypi.id;\n dep.lookupName = group.lookupName;\n\n deps.push(dep);\n }\n }\n }\n }\n\n\n if (!deps.length) {\n return null;\n }\n return { deps };\n}\n"]} \ No newline at end of file diff --git a/dist/manager/ironbank/update.js b/dist/manager/ironbank/update.js index b2d99f2..2d68dfb 100644 --- a/dist/manager/ironbank/update.js +++ b/dist/manager/ironbank/update.js @@ -80,9 +80,6 @@ async function updateDependency({ fileContent, upgrade, }) { const newTag = upgrade.lookupName + ':' + upgrade.newValue; const oldUrl = upgrade.managerData.item.url; const newUrl = `${String(upgrade.managerData.item.url.split('@')[0])}@${upgrade.newDigest}`; - if (oldUrl === newUrl || oldTag === newTag) { - return null; - } let newContent = fileContent; newContent = newContent.replace(oldTag, newTag); newContent = newContent.replace(oldUrl, newUrl); diff --git a/dist/manager/ironbank/update.js.map b/dist/manager/ironbank/update.js.map index 2529268..7a195ed 100644 --- a/dist/manager/ironbank/update.js.map +++ b/dist/manager/ironbank/update.js.map @@ -1 +1 @@ -{"version":3,"file":"update.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/update.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,6BAAsC;AACtC,iCAAmC;AACnC,yCAAsC;AACtC,0CAAuC;AAGvC,MAAM,IAAI,GAAG,IAAI,WAAI,CAAC,UAAU,CAAC,CAAC;AAElC,KAAK,UAAU,eAAe,CAC5B,GAAW,EACX,QAAgB;IAEhB,eAAM,CAAC,KAAK,CAAC,mBAAmB,GAAG,GAAG,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC;IACzD,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,IAAI,EAAE;YACf,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,8BAA8B;gBAC5B,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAClD,CAAC;YACF,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC9C,IAAI,MAAM,EAAE;gBACV,OAAO,MAAM,CAAC,IAAI,CAAC;aACpB;SACF;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,IAAI;QACF,MAAM,SAAS,GAAG,WAAM,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,cAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnD,IAAI,IAAY,CAAC;QACjB,IAAI,GAAG,MAAM,eAAe,CAAC,QAAQ,GAAG,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7D,IAAI,IAAI,EAAE;YACR,OAAO,IAAI,CAAC;SACb;QACD,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5E,IAAI,IAAI,EAAE;YACR,OAAO,IAAI,CAAC;SACb;QACD,IAAI,GAAG,MAAM,kBAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACxC,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,GAAW;IAEX,eAAM,CAAC,KAAK,CAAC,GAAG,cAAc,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC,CAAC;IACvD,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,IAAI,EAAE;YACf,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;gBAC/C,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;oBAC5C,MAAM,MAAM,GAAG;wBACb,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM;wBACnC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG;qBAChC,CAAC;oBAEF,OAAO,MAAM,CAAC;iBACf;aACF;SACF;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,EACrC,WAAW,EACX,OAAO,GACgB;IACvB,gCAAgC;IAEhC,QAAQ,OAAO,CAAC,OAAO,EAAE;QACvB,KAAK,iBAAiB,CAAC,CAAC;YACtB,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;YAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;YAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAClE,OAAO,CAAC,SACV,EAAE,CAAC;YAEH,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM,EAAE;gBAC1C,OAAO,IAAI,CAAC;aACb;YAED,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChD,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEhD,OAAO,UAAU,CAAC;SACnB;QACD,KAAK,iBAAiB,CAAC,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9C,eAAM,CAAC,IAAI,CACT,GAAG,oCAAoC,IAAI,OAAO,CAAC,UAAU,EAAE,CAChE,CAAC;gBACF,OAAO,IAAI,CAAC;aACb;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,IAAI,IAAI,EAAE;gBACR,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EACzC,IAAI,CACL,CAAC;gBACF,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aACjD;YACD,OAAO,UAAU,CAAC;SACnB;QACD,KAAK,eAAe,CAAC,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9C,eAAM,CAAC,IAAI,CAAC,GAAG,kCAAkC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;aACb;YAED,OAAO,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;SACpE;QACD,KAAK,mBAAmB,CAAC,CAAC;YACxB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9C,eAAM,CAAC,IAAI,CACT,GAAG,sCAAsC,IAAI,OAAO,CAAC,OAAO,EAAE,CAC/D,CAAC;gBACF,OAAO,IAAI,CAAC;aACb;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;YAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,IAAI,IAAI,EAAE;gBACR,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EACzC,IAAI,CACL,CAAC;gBACF,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aACjD;YACD,OAAO,UAAU,CAAC;SACnB;QACD,KAAK,eAAe,CAAC,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBACrB,eAAM,CAAC,IAAI,CAAC,GAAG,kCAAkC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;aACb;YAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,SAAS,GAAG,yBAAyB,OAAO,CAAC,OAAO,IAAI,QAAQ,OAAO,CAAC;YAC9E,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;YAE3C,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC,UAAU,EAAE;gBAC7D,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EACzC,CAAC,MAAM,WAAW,CAAC,CAAC,GAAG,CACxB,CAAC;gBACF,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,WAAW,CAAC,CAAC,UAAU,CAAC,CAAC;aACzE;YACD,OAAO,UAAU,CAAC;SACnB;QACD;YACE,OAAO,IAAI,CAAC;KACf;AACH,CAAC;AAvGD,4CAuGC","sourcesContent":["import path from 'path';\nimport { parse as _parse } from 'url';\nimport { fromStream } from 'hasha';\nimport { logger } from '../../logger';\nimport { Http } from '../../util/http';\nimport { UpdateDependencyConfig } from '../types';\n\nconst http = new Http('ironbank');\n\nasync function getHashFromFile(\n url: string,\n filename: string\n): Promise {\n logger.debug('getHashFromFile: ' + url + ' ' + filename);\n try {\n const result = await http.get(url);\n if (result.body) {\n const regex = new RegExp(\n '(?[A-Fa-f0-9]{64})\\\\s+' +\n filename.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&')\n );\n const groups = regex.exec(result.body).groups;\n if (groups) {\n return groups.hash;\n }\n }\n return null;\n } catch (err) /* istanbul ignore next */ {\n return null;\n }\n}\n\nasync function getHashFromUrl(url: string): Promise {\n try {\n const parsedUrl = _parse(url);\n const filename = path.basename(parsedUrl.pathname);\n\n let hash: string;\n hash = await getHashFromFile(filename + '.sha256', filename);\n if (hash) {\n return hash;\n }\n hash = await getHashFromFile(url.replace(filename, 'SHA256SUMS'), filename);\n if (hash) {\n return hash;\n }\n hash = await fromStream(http.stream(url), {\n algorithm: 'sha256',\n });\n return hash;\n } catch (err) /* istanbul ignore next */ {\n return null;\n }\n}\n\nasync function getPypiData(\n url: string\n): Promise<{ sha: string; updatedUrl: string }> {\n logger.debug(`${'getPypiData:'} ${url} ${'filename'}`);\n try {\n const result = await http.get(url);\n if (result.body) {\n const results = JSON.parse(result.body);\n\n for (let i = 0; i < results.urls.length; i += 1) {\n if (results.urls[i].filename.endsWith('whl')) {\n const output = {\n sha: results.urls[i].digests.sha256,\n updatedUrl: results.urls[i].url,\n };\n\n return output;\n }\n }\n }\n return null;\n } catch (err) /* istanbul ignore next */ {\n return null;\n }\n}\n\nexport async function updateDependency({\n fileContent,\n upgrade,\n}: UpdateDependencyConfig): Promise {\n // let newContent = fileContent;\n\n switch (upgrade.depType) {\n case 'ironbank-docker': {\n const oldTag = upgrade.lookupName + ':' + upgrade.currentValue;\n const newTag = upgrade.lookupName + ':' + upgrade.newValue;\n const oldUrl = upgrade.managerData.item.url;\n const newUrl = `${String(upgrade.managerData.item.url.split('@')[0])}@${\n upgrade.newDigest\n }`;\n\n if (oldUrl === newUrl || oldTag === newTag) {\n return null;\n }\n\n let newContent = fileContent;\n newContent = newContent.replace(oldTag, newTag);\n newContent = newContent.replace(oldUrl, newUrl);\n\n return newContent;\n }\n case 'ironbank-github': {\n if (!upgrade.currentValue && !upgrade.newValue) {\n logger.warn(\n `${'issue updating ironbank-github for'} ${upgrade.lookupName}`\n );\n return null;\n }\n\n const currentValue = upgrade.currentValue.replace(/^v/, '');\n const newValue = upgrade.newValue.replace(/^v/, '');\n const oldUrl = upgrade.managerData.item.url;\n const newUrl = oldUrl.replace(new RegExp(currentValue, 'g'), newValue);\n const hash = await getHashFromUrl(newUrl);\n let newContent = fileContent;\n if (hash) {\n newContent = newContent.replace(\n upgrade.managerData.item.validation.value,\n hash\n );\n newContent = newContent.replace(oldUrl, newUrl);\n }\n return newContent;\n }\n case 'ironbank-helm': {\n if (!upgrade.currentValue && !upgrade.newValue) {\n logger.warn(`${'issue updating ironbank-helm for'} ${upgrade.depName}`);\n return null;\n }\n\n return fileContent.replace(upgrade.currentValue, upgrade.newValue);\n }\n case 'ironbank-rubygems': {\n if (!upgrade.currentValue && !upgrade.newValue) {\n logger.warn(\n `${'issue updating ironbank-rubygems for'} ${upgrade.depName}`\n );\n return null;\n }\n\n const currentValue = upgrade.currentValue;\n const newValue = upgrade.newValue;\n const oldUrl = upgrade.managerData.item.url;\n const newUrl = oldUrl.replace(new RegExp(currentValue, 'g'), newValue);\n const hash = await getHashFromUrl(newUrl);\n let newContent = fileContent;\n if (hash) {\n newContent = newContent.replace(\n upgrade.managerData.item.validation.value,\n hash\n );\n newContent = newContent.replace(oldUrl, newUrl);\n }\n return newContent;\n }\n case 'ironbank-pypi': {\n if (!upgrade.newValue) {\n logger.warn(`${'issue updating ironbank-pypi for'} ${upgrade.depName}`);\n return null;\n }\n\n const newValue = upgrade.newValue;\n const oldUrl = upgrade.managerData.item.url;\n const searchURL = `https://pypi.org/pypi/${upgrade.depName}/${newValue}/json`;\n const updatedData = getPypiData(searchURL);\n\n let newContent = fileContent;\n if ((await updatedData).sha && (await updatedData).updatedUrl) {\n newContent = newContent.replace(\n upgrade.managerData.item.validation.value,\n (await updatedData).sha\n );\n newContent = newContent.replace(oldUrl, (await updatedData).updatedUrl);\n }\n return newContent;\n }\n default:\n return null;\n }\n}\n"]} \ No newline at end of file +{"version":3,"file":"update.js","sourceRoot":"","sources":["../../../lib/manager/ironbank/update.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,6BAAsC;AACtC,iCAAmC;AACnC,yCAAsC;AACtC,0CAAuC;AAGvC,MAAM,IAAI,GAAG,IAAI,WAAI,CAAC,UAAU,CAAC,CAAC;AAElC,KAAK,UAAU,eAAe,CAC5B,GAAW,EACX,QAAgB;IAEhB,eAAM,CAAC,KAAK,CAAC,mBAAmB,GAAG,GAAG,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC;IACzD,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,IAAI,EAAE;YACf,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,8BAA8B;gBAC5B,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAClD,CAAC;YACF,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC9C,IAAI,MAAM,EAAE;gBACV,OAAO,MAAM,CAAC,IAAI,CAAC;aACpB;SACF;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,IAAI;QACF,MAAM,SAAS,GAAG,WAAM,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,cAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnD,IAAI,IAAY,CAAC;QACjB,IAAI,GAAG,MAAM,eAAe,CAAC,QAAQ,GAAG,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7D,IAAI,IAAI,EAAE;YACR,OAAO,IAAI,CAAC;SACb;QACD,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5E,IAAI,IAAI,EAAE;YACR,OAAO,IAAI,CAAC;SACb;QACD,IAAI,GAAG,MAAM,kBAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACxC,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,GAAW;IAEX,eAAM,CAAC,KAAK,CAAC,GAAG,cAAc,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC,CAAC;IACvD,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,IAAI,EAAE;YACf,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;gBAC/C,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;oBAC5C,MAAM,MAAM,GAAG;wBACb,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM;wBACnC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG;qBAChC,CAAC;oBAEF,OAAO,MAAM,CAAC;iBACf;aACF;SACF;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,GAAG,EAAE,0BAA0B,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,EACrC,WAAW,EACX,OAAO,GACgB;IACvB,gCAAgC;IAEhC,QAAQ,OAAO,CAAC,OAAO,EAAE;QACvB,KAAK,iBAAiB,CAAC,CAAC;YACtB,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;YAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;YAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAClE,OAAO,CAAC,SACV,EAAE,CAAC;YAEH,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChD,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEhD,OAAO,UAAU,CAAC;SACnB;QACD,KAAK,iBAAiB,CAAC,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9C,eAAM,CAAC,IAAI,CACT,GAAG,oCAAoC,IAAI,OAAO,CAAC,UAAU,EAAE,CAChE,CAAC;gBACF,OAAO,IAAI,CAAC;aACb;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,IAAI,IAAI,EAAE;gBACR,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EACzC,IAAI,CACL,CAAC;gBACF,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aACjD;YACD,OAAO,UAAU,CAAC;SACnB;QACD,KAAK,eAAe,CAAC,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9C,eAAM,CAAC,IAAI,CAAC,GAAG,kCAAkC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;aACb;YAED,OAAO,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;SACpE;QACD,KAAK,mBAAmB,CAAC,CAAC;YACxB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9C,eAAM,CAAC,IAAI,CACT,GAAG,sCAAsC,IAAI,OAAO,CAAC,OAAO,EAAE,CAC/D,CAAC;gBACF,OAAO,IAAI,CAAC;aACb;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;YAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,IAAI,IAAI,EAAE;gBACR,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EACzC,IAAI,CACL,CAAC;gBACF,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aACjD;YACD,OAAO,UAAU,CAAC;SACnB;QACD,KAAK,eAAe,CAAC,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBACrB,eAAM,CAAC,IAAI,CAAC,GAAG,kCAAkC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;aACb;YAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,MAAM,SAAS,GAAG,yBAAyB,OAAO,CAAC,OAAO,IAAI,QAAQ,OAAO,CAAC;YAC9E,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;YAE3C,IAAI,UAAU,GAAG,WAAW,CAAC;YAC7B,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC,UAAU,EAAE;gBAC7D,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EACzC,CAAC,MAAM,WAAW,CAAC,CAAC,GAAG,CACxB,CAAC;gBACF,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,WAAW,CAAC,CAAC,UAAU,CAAC,CAAC;aACzE;YACD,OAAO,UAAU,CAAC;SACnB;QACD;YACE,OAAO,IAAI,CAAC;KACf;AACH,CAAC;AAnGD,4CAmGC","sourcesContent":["import path from 'path';\nimport { parse as _parse } from 'url';\nimport { fromStream } from 'hasha';\nimport { logger } from '../../logger';\nimport { Http } from '../../util/http';\nimport { UpdateDependencyConfig } from '../types';\n\nconst http = new Http('ironbank');\n\nasync function getHashFromFile(\n url: string,\n filename: string\n): Promise {\n logger.debug('getHashFromFile: ' + url + ' ' + filename);\n try {\n const result = await http.get(url);\n if (result.body) {\n const regex = new RegExp(\n '(?[A-Fa-f0-9]{64})\\\\s+' +\n filename.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&')\n );\n const groups = regex.exec(result.body).groups;\n if (groups) {\n return groups.hash;\n }\n }\n return null;\n } catch (err) /* istanbul ignore next */ {\n return null;\n }\n}\n\nasync function getHashFromUrl(url: string): Promise {\n try {\n const parsedUrl = _parse(url);\n const filename = path.basename(parsedUrl.pathname);\n\n let hash: string;\n hash = await getHashFromFile(filename + '.sha256', filename);\n if (hash) {\n return hash;\n }\n hash = await getHashFromFile(url.replace(filename, 'SHA256SUMS'), filename);\n if (hash) {\n return hash;\n }\n hash = await fromStream(http.stream(url), {\n algorithm: 'sha256',\n });\n return hash;\n } catch (err) /* istanbul ignore next */ {\n return null;\n }\n}\n\nasync function getPypiData(\n url: string\n): Promise<{ sha: string; updatedUrl: string }> {\n logger.debug(`${'getPypiData:'} ${url} ${'filename'}`);\n try {\n const result = await http.get(url);\n if (result.body) {\n const results = JSON.parse(result.body);\n\n for (let i = 0; i < results.urls.length; i += 1) {\n if (results.urls[i].filename.endsWith('whl')) {\n const output = {\n sha: results.urls[i].digests.sha256,\n updatedUrl: results.urls[i].url,\n };\n\n return output;\n }\n }\n }\n return null;\n } catch (err) /* istanbul ignore next */ {\n return null;\n }\n}\n\nexport async function updateDependency({\n fileContent,\n upgrade,\n}: UpdateDependencyConfig): Promise {\n // let newContent = fileContent;\n\n switch (upgrade.depType) {\n case 'ironbank-docker': {\n const oldTag = upgrade.lookupName + ':' + upgrade.currentValue;\n const newTag = upgrade.lookupName + ':' + upgrade.newValue;\n const oldUrl = upgrade.managerData.item.url;\n const newUrl = `${String(upgrade.managerData.item.url.split('@')[0])}@${\n upgrade.newDigest\n }`;\n\n let newContent = fileContent;\n newContent = newContent.replace(oldTag, newTag);\n newContent = newContent.replace(oldUrl, newUrl);\n\n return newContent;\n }\n case 'ironbank-github': {\n if (!upgrade.currentValue && !upgrade.newValue) {\n logger.warn(\n `${'issue updating ironbank-github for'} ${upgrade.lookupName}`\n );\n return null;\n }\n\n const currentValue = upgrade.currentValue.replace(/^v/, '');\n const newValue = upgrade.newValue.replace(/^v/, '');\n const oldUrl = upgrade.managerData.item.url;\n const newUrl = oldUrl.replace(new RegExp(currentValue, 'g'), newValue);\n const hash = await getHashFromUrl(newUrl);\n let newContent = fileContent;\n if (hash) {\n newContent = newContent.replace(\n upgrade.managerData.item.validation.value,\n hash\n );\n newContent = newContent.replace(oldUrl, newUrl);\n }\n return newContent;\n }\n case 'ironbank-helm': {\n if (!upgrade.currentValue && !upgrade.newValue) {\n logger.warn(`${'issue updating ironbank-helm for'} ${upgrade.depName}`);\n return null;\n }\n\n return fileContent.replace(upgrade.currentValue, upgrade.newValue);\n }\n case 'ironbank-rubygems': {\n if (!upgrade.currentValue && !upgrade.newValue) {\n logger.warn(\n `${'issue updating ironbank-rubygems for'} ${upgrade.depName}`\n );\n return null;\n }\n\n const currentValue = upgrade.currentValue;\n const newValue = upgrade.newValue;\n const oldUrl = upgrade.managerData.item.url;\n const newUrl = oldUrl.replace(new RegExp(currentValue, 'g'), newValue);\n const hash = await getHashFromUrl(newUrl);\n let newContent = fileContent;\n if (hash) {\n newContent = newContent.replace(\n upgrade.managerData.item.validation.value,\n hash\n );\n newContent = newContent.replace(oldUrl, newUrl);\n }\n return newContent;\n }\n case 'ironbank-pypi': {\n if (!upgrade.newValue) {\n logger.warn(`${'issue updating ironbank-pypi for'} ${upgrade.depName}`);\n return null;\n }\n\n const newValue = upgrade.newValue;\n const oldUrl = upgrade.managerData.item.url;\n const searchURL = `https://pypi.org/pypi/${upgrade.depName}/${newValue}/json`;\n const updatedData = getPypiData(searchURL);\n\n let newContent = fileContent;\n if ((await updatedData).sha && (await updatedData).updatedUrl) {\n newContent = newContent.replace(\n upgrade.managerData.item.validation.value,\n (await updatedData).sha\n );\n newContent = newContent.replace(oldUrl, (await updatedData).updatedUrl);\n }\n return newContent;\n }\n default:\n return null;\n }\n}\n"]} \ No newline at end of file diff --git a/lib/manager/ironbank/artifacts.ts b/lib/manager/ironbank/artifacts.ts index ee1b55c..2407d92 100644 --- a/lib/manager/ironbank/artifacts.ts +++ b/lib/manager/ironbank/artifacts.ts @@ -32,47 +32,46 @@ export async function updateArtifacts({ return null; } - let manifests: HardeningManifest[]; + let manifest: HardeningManifest; try { - manifests = yaml.safeLoadAll(newPackageFileContent, null, { json: true }); + manifest = yaml.safeLoad(newPackageFileContent, { json: true }) as HardeningManifest; } catch (err) { logger.error('Failed to parse hardening_manifest.yaml'); return null; } - for (const manifest of manifests) { - if (!(manifest && is.array(manifest.resources))) { - return null; - } + if (!(manifest && is.array(manifest.resources))) { + return null; + } - if (!manifest.resources[0].url?.startsWith('helm://')) { - return null; - } + if (!manifest.resources[0].url?.startsWith('helm://')) { + return null; + } - const charts = new Map(); - for (const item of manifest.resources) { - if (item.url?.startsWith('helm://')) { - charts.set( - item.name, - `${String('https://')}${String(item.url.substring(7))}` - ); - } + const charts = new Map(); + for (const item of manifest.resources) { + if (item.url?.startsWith('helm://')) { + charts.set( + item.name, + `${String('https://')}${String(item.url.substring(7))}` + ); } + } - for (const dep of updatedDeps) { - logger.debug(`updatedDep(${dep})`); - if (charts.has(dep)) { - const result = await postUpgrade( - charts.get(dep), - join(config.localDir, dep) - ); - if (!result) { - return null; - } + for (const dep of updatedDeps) { + logger.debug(`updatedDep(${dep})`); + if (charts.has(dep)) { + const result = await postUpgrade( + charts.get(dep), + join(config.localDir, dep) + ); + if (!result) { + return null; } } } + const res = []; const status = await getRepoStatus(); diff --git a/lib/manager/ironbank/extract.ts b/lib/manager/ironbank/extract.ts index 8a58360..a9226c1 100644 --- a/lib/manager/ironbank/extract.ts +++ b/lib/manager/ironbank/extract.ts @@ -90,7 +90,11 @@ function parseUrl(urlString: string): UrlParsedResult | null { currentValue = path[4]; } if (path[2] === 'archive') { - currentValue = path[3].replace(/\.tar\.gz$/, ''); + if (path[3] === 'refs') { + currentValue = path[5].replace(/\.tar\.gz$/, '') + } else { + currentValue = path[3].replace(/\.tar\.gz$/, ''); + } } if (currentValue) { return { repo, currentValue }; @@ -101,105 +105,106 @@ function parseUrl(urlString: string): UrlParsedResult | null { export function extractPackageFile(content: string): PackageFile { const deps: PackageDependency[] = []; - let manifests: HardeningManifest[]; + // let man: HardeningManifest; + + let manifest: HardeningManifest; try { - manifests = yaml.safeLoadAll(content, null, { json: true }); + manifest = yaml.safeLoad(content, { json: true} ) as HardeningManifest } catch (err) { logger.debug('Failed to parse hardening_manifest.yaml'); return null; } - for (const manifest of manifests) { - if (!(manifest && is.array(manifest.resources))) { - logger.debug('hardening_manifest.yaml has no dependencies'); - return null; - } + if (!(manifest && is.array(manifest.resources))) { + logger.debug('hardening_manifest.yaml has no dependencies'); + return null; + } - for (const item of manifest.resources) { - const dep: PackageDependency = { managerData: { item } }; - if (item.url) { - // docker - if (item.url.startsWith('docker://')) { - const currentDigest = item.url.split('@')[1]; - const [lookupName, currentValue] = item.tag.split(':'); - dep.depType = 'ironbank-docker'; - dep.depName = lookupName; - dep.datasource = datasourceDocker.id; - dep.versioning = dockerVersioning.id; - dep.lookupName = lookupName; - dep.currentDigest = currentDigest; - dep.currentValue = currentValue; + for (const item of manifest.resources) { + const dep: PackageDependency = { managerData: { item } }; + if (item.url) { + // docker + if (item.url.startsWith('docker://')) { + const currentDigest = item.url.split('@')[1]; + const [lookupName, currentValue] = item.tag.split(':'); + dep.depType = 'ironbank-docker'; + dep.depName = lookupName; + dep.datasource = datasourceDocker.id; + dep.versioning = dockerVersioning.id; + dep.lookupName = lookupName; + dep.currentDigest = currentDigest; + dep.currentValue = currentValue; + deps.push(dep); + } + // github-releases + else if (item.url.startsWith('https://github.com')) { + const parsedUrl = parseUrl(item.url); + dep.depType = 'ironbank-github'; + dep.depName = parsedUrl.repo; + dep.repo = parsedUrl.repo; + dep.currentValue = parsedUrl.currentValue; + dep.datasource = getDatasourceId(dep.repo, item.url); + dep.lookupName = dep.repo; + deps.push(dep); + } + // helm + else if (item.url.startsWith('helm://')) { + const regex = new RegExp( + 'helm://(?.*/)(?.*?)-(?.*?).tgz' + ); + const groups = regex.exec(item.url).groups; + if (groups?.registryUrl && groups.lookupName && groups.currentValue) { + logger.info(groups.registryUrl); + dep.depType = 'ironbank-helm'; + dep.depName = item.name; + dep.datasource = datasourceHelm.id; + dep.registryUrls = [ + `${String('https://')}${String(groups.registryUrl)}`, + ]; + dep.lookupName = groups.lookupName; + dep.currentValue = groups.currentValue; deps.push(dep); } - // github-releases - else if (item.url.startsWith('https://github.com')) { - const parsedUrl = parseUrl(item.url); - dep.depType = 'ironbank-github'; - dep.depName = parsedUrl.repo; - dep.repo = parsedUrl.repo; - dep.currentValue = parsedUrl.currentValue; - dep.datasource = getDatasourceId(dep.repo, item.url); - dep.lookupName = dep.repo; + } + // rubygems + else if (item.url.startsWith('https://rubygems.org')) { + const regex = new RegExp( + 'https://(?.*)/(.*/)(?.*-?)-(?.*?).gem' + ); + const groups = regex.exec(item.url).groups; + if (groups?.registryUrl && groups.lookupName && groups.currentValue) { + dep.depType = 'ironbank-rubygems'; + dep.depName = groups.lookupName; + dep.lookupName = groups.lookupName; + dep.datasource = datasourceRubyGems.id; + dep.currentValue = groups.currentValue; + dep.registryUrls = [ + `${String('https://')}${String(groups.registryUrl)}`, + ]; deps.push(dep); } - // helm - else if (item.url.startsWith('helm://')) { - const regex = new RegExp( - 'helm://(?.*/)(?.*?)-(?.*?).tgz' - ); - const groups = regex.exec(item.url).groups; - if (groups?.registryUrl && groups.lookupName && groups.currentValue) { - logger.info(groups.registryUrl); - dep.depType = 'ironbank-helm'; - dep.depName = item.name; - dep.datasource = datasourceHelm.id; - dep.registryUrls = [ - `${String('https://')}${String(groups.registryUrl)}`, - ]; - dep.lookupName = groups.lookupName; - dep.currentValue = groups.currentValue; - deps.push(dep); - } - } - // rubygems - else if (item.url.startsWith('https://rubygems.org')) { - const regex = new RegExp( - 'https://(?.*)/(.*/)(?.*-?)-(?.*?).gem' - ); - const groups = regex.exec(item.url).groups; - if (groups?.registryUrl && groups.lookupName && groups.currentValue) { - dep.depType = 'ironbank-rubygems'; - dep.depName = groups.lookupName; - dep.lookupName = groups.lookupName; - dep.datasource = datasourceRubyGems.id; - dep.currentValue = groups.currentValue; - dep.registryUrls = [ - `${String('https://')}${String(groups.registryUrl)}`, - ]; - deps.push(dep); - } - } else if (item.url.startsWith('https://files.pythonhosted.org')) { - const regex = new RegExp( - 'https://(.*)/(.*)/(.*)/(.*)/(.*)/(?.*?)-(?.*?)-(.*)' - ); - const group = regex.exec(item.url).groups; - - if (group.lookupName && group.version) { - dep.depType = 'ironbank-pypi'; - dep.currentDigest = item.validation.value; - dep.currentValue = group.version; - dep.depName = group.lookupName; - dep.datasource = datasourcePypi.id; - dep.lookupName = group.lookupName; - - deps.push(dep); - } + } else if (item.url.startsWith('https://files.pythonhosted.org')) { + const regex = new RegExp( + 'https://(.*)/(.*)/(.*)/(.*)/(.*)/(?.*?)-(?.*?)-(.*)' + ); + const group = regex.exec(item.url).groups; + + if (group.lookupName && group.version) { + dep.depType = 'ironbank-pypi'; + dep.currentDigest = item.validation.value; + dep.currentValue = group.version; + dep.depName = group.lookupName; + dep.datasource = datasourcePypi.id; + dep.lookupName = group.lookupName; + + deps.push(dep); } } } } + if (!deps.length) { return null; } diff --git a/lib/manager/ironbank/update.ts b/lib/manager/ironbank/update.ts index 2c20aed..eef9ad1 100644 --- a/lib/manager/ironbank/update.ts +++ b/lib/manager/ironbank/update.ts @@ -94,10 +94,6 @@ export async function updateDependency({ upgrade.newDigest }`; - if (oldUrl === newUrl || oldTag === newTag) { - return null; - } - let newContent = fileContent; newContent = newContent.replace(oldTag, newTag); newContent = newContent.replace(oldUrl, newUrl); diff --git a/renovate.json b/renovate.json index 3b955b7..e812733 100644 --- a/renovate.json +++ b/renovate.json @@ -19,31 +19,12 @@ } ], "regexManagers": [ - { - "fileMatch": [ - "^Dockerfile$" - ], - "matchStrings": [ - "version=\"(?.*?)\"" - ], - "depNameTemplate": "renovate/renovate", - "datasourceTemplate": "docker" - }, - { - "fileMatch": [ - "^hardening_manifest.yaml$" - ], - "matchStrings": [ - "org\\.opencontainers\\.image\\.version:\\s+\"(?.+?)\"" - ], - "depNameTemplate": "renovate/renovate", - "datasourceTemplate": "docker" - }, { "fileMatch": [ "^hardening_manifest.yaml$" ], "matchStrings": [ + "org\\.opencontainers\\.image\\.version:\\s+\"(?.+?)\"", "tags:\\s+-\\s+\"(?.+?)\"" ], "depNameTemplate": "renovate/renovate", -- GitLab From 364d13e28c5328c93bde1bd06c1507e9c675c046 Mon Sep 17 00:00:00 2001 From: renovate Date: Tue, 1 Jun 2021 01:15:50 +0000 Subject: [PATCH 2/3] Update renovate/renovate Docker tag to v25.34.0 --- Dockerfile | 2 +- hardening_manifest.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 46d1282..a20f321 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/opensource/nodejs/nodejs14 ARG BASE_TAG=14.15.5 -FROM renovate/renovate:25.30.0-slim as builder +FROM renovate/renovate:25.34.0-slim as builder FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f9b0e7c..5979618 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "container-hardening-tools/renovate/renovate" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "25.30.0" +- "25.34.0" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://github.com/renovatebot/renovate" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "WhiteSource" - org.opencontainers.image.version: "25.30.0" + org.opencontainers.image.version: "25.34.0" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "automation,dependency,updates" ## This value can be "opensource" or "commercial" -- GitLab From a6966d75144692d89ccf233e05437d76299b327a Mon Sep 17 00:00:00 2001 From: Sean Melissari Date: Tue, 1 Jun 2021 11:51:59 -0400 Subject: [PATCH 3/3] v25.34.3 --- Dockerfile | 4 ++-- hardening_manifest.yaml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index a20f321..f1599fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/opensource/nodejs/nodejs14 -ARG BASE_TAG=14.15.5 +ARG BASE_TAG=14.17.0 -FROM renovate/renovate:25.34.0-slim as builder +FROM renovate/renovate:25.34.3-slim as builder FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5979618..7b2a727 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "container-hardening-tools/renovate/renovate" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "25.34.0" +- "25.34.3" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://github.com/renovatebot/renovate" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "WhiteSource" - org.opencontainers.image.version: "25.34.0" + org.opencontainers.image.version: "25.34.3" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "automation,dependency,updates" ## This value can be "opensource" or "commercial" @@ -37,8 +37,8 @@ labels: # List of resources to make available to the offline build context resources: -- tag: renovate/renovate:25.30.0-slim - url: docker://docker.io/renovate/renovate@sha256:f75130e9e2f2e98e30da69ccb87ef22c0e7fcd2d10e9563e241e247d001658b4 +- tag: renovate/renovate:25.34.3-slim + url: docker://docker.io/renovate/renovate@sha256:c36d07c5bf1ea24e00ffeeb09723f219305f5921eea7559405884bb506a84478 - filename: helm-docs.tar.gz url: https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz validation: -- GitLab