fix(pip_requirements): ignore extras in test for hashes

lib/modules/manager/pip_requirements/artifacts.spec.ts

@@ -1,17 +1,28 @@
-import { fs } from '../../../../test/util';
+import { fs, mockedFunction } from '../../../../test/util';
 import { GlobalConfig } from '../../../config/global';
+import { exec } from '../../../util/exec';
 import type { UpdateArtifactsConfig } from '../types';
 import { updateArtifacts } from '.';
 
 jest.mock('child_process');
 jest.mock('../../../util/exec');
 jest.mock('../../../util/fs');
+const mockedExec = mockedFunction(exec);
 
 const config: UpdateArtifactsConfig = {};
 
-const newPackageFileContent = `atomicwrites==1.4.0 \
+const newPackageFileContent = `aniso8601==9.0.1 \
+--hash=sha256:1d2b7ef82963909e93c4f24ce48d4de9e66009a21bf1c1e1c85bdd0812fe412f \
+--hash=sha256:72e3117667eedf66951bb2d93f4296a56b94b078a8a95905a052611fb3f1b973\n\
+atomicwrites==1.4.0 \
 --hash=sha256:03472c30eb2c5d1ba9227e4c2ca66ab8287fbfbbda3888aa93dc2e28fc6811b4 \
---hash=sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6`;
+--hash=sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6\n\
+boto3-stubs[iam]==1.24.36.post1 \
+--hash=sha256:39acbbc8c87a101bdf46e058fbb012d044b773b43f7ed02cc4c24192a564411e \
+--hash=sha256:ca3b3066773fc727fea0dbec252d098098e45fe0def011b22036ef674344def2\n\
+botocore==1.27.46 \
+--hash=sha256:747b7e94aef41498f063fc0be79c5af102d940beea713965179e1ead89c7e9ec \
+--hash=sha256:f66d8305d1f59d83334df9b11b6512bb1e14698ec4d5d6d42f833f39f3304ca7`;
 
 describe('modules/manager/pip_requirements/artifacts', () => {
   beforeEach(() => {
@@ -43,29 +54,53 @@ describe('modules/manager/pip_requirements/artifacts', () => {
     ).toBeNull();
   });
 
-  it('returns null if unchanged', async () => {
-    fs.readLocalFile.mockResolvedValueOnce(newPackageFileContent);
-    expect(
-      await updateArtifacts({
-        packageFileName: 'requirements.txt',
-        updatedDeps: [{ depName: 'atomicwrites' }],
-        newPackageFileContent,
-        config,
-      })
-    ).toBeNull();
-  });
+  it.each([
+    ['dependency w/o extras', 'atomicwrites'],
+    ['dependency with extras', 'boto3-stubs'],
+  ])(
+    'returns null if %s unchanged',
+    async (_description: string, depName: string) => {
+      fs.readLocalFile.mockResolvedValueOnce(newPackageFileContent);
+      expect(
+        await updateArtifacts({
+          packageFileName: 'requirements.txt',
+          updatedDeps: [{ depName }],
+          newPackageFileContent,
+          config,
+        })
+      ).toBeNull();
+    }
+  );
 
-  it('returns updated file', async () => {
-    fs.readLocalFile.mockResolvedValueOnce('new content');
-    expect(
-      await updateArtifacts({
-        packageFileName: 'requirements.txt',
-        updatedDeps: [{ depName: 'atomicwrites' }],
-        newPackageFileContent,
-        config,
-      })
-    ).toHaveLength(1);
-  });
+  it.each([
+    ['dependency w/o extras', 'atomicwrites', 'atomicwrites==1.4.0'],
+    [
+      'dependency with extras',
+      'boto3-stubs',
+      'boto3-stubs[iam]==1.24.36.post1',
+    ],
+  ])(
+    'returns updated file for %s',
+    async (
+      _description: string,
+      depName: string,
+      expectedDependencyConstraint: string
+    ) => {
+      fs.readLocalFile.mockResolvedValueOnce('new content');
+      expect(
+        await updateArtifacts({
+          packageFileName: 'requirements.txt',
+          updatedDeps: [{ depName }],
+          newPackageFileContent,
+          config,
+        })
+      ).toHaveLength(1);
+      // verify we captured the dependency correctly
+      expect(mockedExec.mock.calls[0][0]).toStrictEqual([
+        `hashin ${expectedDependencyConstraint} -r requirements.txt`,
+      ]);
+    }
+  );
 
   it('catches and returns errors', async () => {
     fs.readLocalFile.mockImplementation(() => {

lib/modules/manager/pip_requirements/artifacts.ts

@@ -4,8 +4,34 @@ import { logger } from '../../../logger';
 import { exec } from '../../../util/exec';
 import type { ExecOptions } from '../../../util/exec/types';
 import { readLocalFile } from '../../../util/fs';
-import { newlineRegex, regEx } from '../../../util/regex';
+import { escapeRegExp, regEx } from '../../../util/regex';
 import type { UpdateArtifact, UpdateArtifactsResult } from '../types';
+import { extrasPattern } from './extract';
+
+/**
+ * Create a RegExp that matches the first dependency pattern for
+ * the named dependency that is followed by package hashes.
+ *
+ * The regular expression defines a single named group `depConstraint`
+ * that holds the dependency constraint without the hash specifiers.
+ * The substring matched by this named group will start with the dependency
+ * name and end with a non-whitespace character.
+ *
+ * @param depName the name of the dependency
+ */
+function dependencyAndHashPattern(depName: string): RegExp {
+  const escapedDepName = escapeRegExp(depName);
+
+  // extrasPattern covers any whitespace between the dep name and the optional extras specifier,
+  // but it does not cover any whitespace in front of the equal signs.
+  //
+  // Use a non-greedy wildcard for the range pattern; otherwise, we would
+  // include all but the last hash specifier into depConstraint.
+  return new RegExp(
+    `^\\s*(?<depConstraint>${escapedDepName}${extrasPattern}\\s*==.*?\\S)\\s+--hash=`,
+    'm'
+  );
+}
 
 export async function updateArtifacts({
   packageFileName,
@@ -21,17 +47,17 @@ export async function updateArtifacts({
   try {
     const cmd: string[] = [];
     const rewrittenContent = newPackageFileContent.replace(regEx(/\\\n/g), '');
-    const lines = rewrittenContent
-      .split(newlineRegex)
-      .map((line) => line.trim());
     for (const dep of updatedDeps) {
-      const hashLine = lines.find(
-        (line) =>
-          // TODO: types (#7154)
-          line.startsWith(`${dep.depName!}==`) && line.includes('--hash=')
+      if (!dep.depName) {
+        continue;
+      }
+      const depAndHashMatch = dependencyAndHashPattern(dep.depName).exec(
+        rewrittenContent
       );
-      if (hashLine) {
-        const depConstraint = hashLine.split(' ')[0];
+      if (depAndHashMatch) {
+        // If there's a match, then the regular expression guarantees
+        // that the named subgroup deepConstraint did match as well.
+        const depConstraint = depAndHashMatch.groups!.depConstraint;
         cmd.push(`hashin ${depConstraint} -r ${packageFileName}`);
       }
     }

lib/modules/manager/pip_requirements/extract.ts

@@ -11,7 +11,7 @@ import type { PackageDependency, PackageFile } from '../types';
 
 export const packagePattern =
   '[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]';
-const extrasPattern = '(?:\\s*\\[[^\\]]+\\])?';
+export const extrasPattern = '(?:\\s*\\[[^\\]]+\\])?';
 const packageGitRegex = regEx(
   /(?<source>(?:git\+)(?<protocol>git|ssh|https):\/\/(?<gitUrl>(?:(?<user>[^@]+)@)?(?<hostname>[\w.-]+)(?<delimiter>\/)(?<scmPath>.*\/(?<depName>[\w/-]+))(\.git)?(?:@(?<version>.*))))/
 );