-
Notifications
You must be signed in to change notification settings - Fork 952
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect interpolation in terragrunt sources and skip if present #7502
Merged
jeffwidman
merged 10 commits into
dependabot:main
from
dwc0011:dwc0011-terragrunt-interpolation-error
Jul 15, 2023
Merged
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
7348c76
Detect if source uses interpolation and if so return nil and skip
dwc0011 7951e83
Add comment about why skip nil
dwc0011 006328b
Add in source_type specs
dwc0011 f43b216
Make regex safe
dwc0011 7d2f0fa
Add more interpolation tests to exercies the regex further
dwc0011 1562b87
Instead of a regex, convert to include, dependabot cannt process any …
dwc0011 36be8d1
Add additonial fields for spec
dwc0011 62ff9f2
Add files for the parser
dwc0011 b564cb7
Change unknown to registry
dwc0011 7dd3187
Revert changes
dwc0011 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know how this code is used, and don't know Terragrunt/Terraform very well.
Obviously we can't update local path modules as deps to the current terragrunt files, but is there any risk that this prevents updating a local path module that's sitting in the same monorepo? Ie, because this stops
from parsing the local module, it also prevent Dependabot from updating any remote deps listed in that local module?
I highly doubt that's a risk, so I'm going to merge, but wanted to doublecheck with you @dwc0011 since you're the expert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it would prevent it, exactly... There simply is no way for Dependabot to know how the Terragrunt interpolation resolves. The resolution depends on the Terragrunt config at runtime, and may not even be consistent. So when the user is using Terragrunt interpolation this way, Dependabot simply can't use its recursive feature to update anything in that other path anyway.
The workaround for the user would be just to specify both paths in the Dependabot config, so then Dependabot processes both. Which honestly is my preference anyway; the recursive feature in Dependabot has been a bit of a pain and I'd rather just disable it. (Though now with grouping it is becoming of more interest...)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeffwidman For terraform local path modules, dependabot does not support updating local path modules, so it makes sense that terragrunt local path modules would not be updated as well.
Local Path Module Files are found and traversed by the file fetcher, not the file parser, all files including those where local path modules are found are then passed to the file parser. That said Terragrunt files do not have a fetch local path module at this time. (This could be added in a separate PR)
As mentioned, the file fetcher is responsible for gathering all the files to process including local source module files.
For terraform files see: fetch local path modules.
Since the process is fetch the files, parse, check updatable, and then update; not returning terragrunt local path dependency in the file_parser makes the most sense. We do this for other types that are not supported as well. i.e. local path modules for terraform, interpolation for terragrunt (added by this PR),
Even if the dependency was added in the file parser, it would be removed later in the update checker
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks both of you. That's very helpful context, and I appreciate the extra details... Will be useful for any future
git blame
spelunkers.