Terragrunt source results in error

[dwc0011]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

Terraform

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

What I expected: The terragrunt source to be evaluated and if unable to, an error message would be logged and dependabot would continue processing the remainder of the reposititory.
What I saw: The path was incorrectly thought to be a registry source and found invalid. Dependabot threw an error and stopped processing the remainder of the repository.

/home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:213:in `registry_source_details_from': Invalid registry source specified: '${path_relative_from_include()}/..//.ci/${path_relative_to_include()}' (Dependabot::DependencyFileNotEvaluatable)
--
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:180:in `source_from'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:145:in `build_terragrunt_dependency'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:71:in `block (2 levels) in parse_terragrunt_files'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:68:in `each'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:68:in `block in parse_terragrunt_files'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:66:in `each'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:66:in `parse_terragrunt_files'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-terraform-0.211.0/lib/dependabot/terraform/file_parser.rb:34:in `parse'
from /home/dependabot/dependabot-script/updater.rb:81:in `update'

Native package manager behavior

Terragrunt will evaluate the path from the method and use it as a local path.

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

terraform {
 source          = "${path_relative_from_include()}/..//.ci/${path_relative_to_include()}"
 }

[jeffwidman]

👋 I'm not a terraform expert, but as best I understand it, Terragrunt is a wrapper around Terraform... so will your manifest above not be supported under native Terraform? IE, does it require Terragrunt in order to read that syntax?

I agree that it would be better to throw a nicer error, provided that we definitively knew under native Terraform that this wasn't a registry source... I doubt we'll get to this anytime soon, but as you know a PR is always welcome. 😄

[dwc0011]

Yes, it is a wrapper and is a terragrunt function, so native terraform wouldn't evaluate it, but if it's an unknown source then dependabot should report error and continue processing IMHO. Plus, dependabot does support terragrunt at least partially.

In this case it is also incorrectly identifying it as a registry source, which is a bug as well. I think this is a two part fix, identify it as an unknown source and report "error" and continue. As this is valid terragrunt and not truly an error, it is just that dependabot cannot evaluate it.

We do plan on working a PR for this as our schedule allows.

[dwc0011]

After more thought and conversations, we have determined terraform does not allow interpolation for sources. Terragrunt supports interpolation more widely for sources and this is the issue. There are some cases where the terragrunt interpolation would work but that type would be detected and returned prior to reaching our approach.
A valid approach we suggest is to have a regex that detects interpolation syntax i.e. ${.....} as an additional source type, checked after all other valid source types. if interpolation is detected report a warning that Dependabot does not support interpolation and continue processing other sources.

We will begin work on a PR as soon as possible.