Adding support for helm charts

dependabot · Mar 4, 2025 · 2ba7691 · 2ba7691
1 parent d6085b3
commit 2ba7691
Show file tree

Hide file tree

Showing 131 changed files with 13,094 additions and 0 deletions.
diff --git a/Dockerfile.updater-core b/Dockerfile.updater-core
@@ -97,6 +97,7 @@ COPY --chown=dependabot:dependabot git_submodules/.bundle git_submodules/dependa
 COPY --chown=dependabot:dependabot github_actions/.bundle github_actions/dependabot-github_actions.gemspec github_actions/
 COPY --chown=dependabot:dependabot go_modules/.bundle go_modules/dependabot-go_modules.gemspec go_modules/
 COPY --chown=dependabot:dependabot gradle/.bundle gradle/dependabot-gradle.gemspec gradle/
+COPY --chown=dependabot:dependabot helm/.bundle helm/dependabot-helm.gemspec helm/
 COPY --chown=dependabot:dependabot hex/.bundle hex/dependabot-hex.gemspec hex/
 COPY --chown=dependabot:dependabot maven/.bundle maven/dependabot-maven.gemspec maven/
 COPY --chown=dependabot:dependabot npm_and_yarn/.bundle npm_and_yarn/dependabot-npm_and_yarn.gemspec npm_and_yarn/

diff --git a/bin/docker-dev-shell b/bin/docker-dev-shell
@@ -195,6 +195,11 @@ docker run --rm -ti \
   -v "$(pwd)/gradle/lib:$CODE_DIR/gradle/lib" \
   -v "$(pwd)/gradle/script:$CODE_DIR/gradle/script" \
   -v "$(pwd)/gradle/spec:$CODE_DIR/gradle/spec" \
+  -v "$(pwd)/helm/.rubocop.yml:$CODE_DIR/helm/.rubocop.yml" \
+  -v "$(pwd)/helm/dependabot-helm.gemspec:$CODE_DIR/helm/dependabot-helm.gemspec" \
+  -v "$(pwd)/helm/lib:$CODE_DIR/helm/lib" \
+  -v "$(pwd)/helm/script:$CODE_DIR/helm/script" \
+  -v "$(pwd)/helm/spec:$CODE_DIR/helm/spec" \
   -v "$(pwd)/hex/.rubocop.yml:$CODE_DIR/hex/.rubocop.yml" \
   -v "$(pwd)/hex/dependabot-hex.gemspec:$CODE_DIR/hex/dependabot-hex.gemspec" \
   -v "$(pwd)/hex/helpers:$CODE_DIR/hex/helpers" \

diff --git a/bin/dry-run.rb b/bin/dry-run.rb
@@ -39,6 +39,7 @@
 # - devcontainers
 # - dotnet_sdk
 # - bun
+# - helm
 
 # rubocop:disable Style/GlobalVars
 
@@ -66,6 +67,7 @@
 $LOAD_PATH << "./github_actions/lib"
 $LOAD_PATH << "./go_modules/lib"
 $LOAD_PATH << "./gradle/lib"
+$LOAD_PATH << "./helm/lib"
 $LOAD_PATH << "./hex/lib"
 $LOAD_PATH << "./maven/lib"
 $LOAD_PATH << "./npm_and_yarn/lib"
@@ -115,6 +117,7 @@
 require "dependabot/github_actions"
 require "dependabot/go_modules"
 require "dependabot/gradle"
+require "dependabot/helm"
 require "dependabot/hex"
 require "dependabot/maven"
 require "dependabot/npm_and_yarn"

diff --git a/common/lib/dependabot/config/file.rb b/common/lib/dependabot/config/file.rb
@@ -73,6 +73,7 @@ def self.parse(config)
         "gradle" => "gradle",
         "maven" => "maven",
         "mix" => "hex",
+        "helm" => "helm",
         "nuget" => "nuget",
         "npm" => "npm_and_yarn",
         "pip" => "pip",

diff --git a/helm/.gitignore b/helm/.gitignore
@@ -0,0 +1,5 @@
+/.bundle/
+!.bundle/config
+/.env
+/tmp
+/dependabot-*.gem
diff --git a/helm/.rubocop.yml b/helm/.rubocop.yml
@@ -0,0 +1,4 @@
+inherit_from: ../.rubocop.yml
+
+Sorbet/StrictSigil:
+  Enabled: true
diff --git a/helm/Dockerfile b/helm/Dockerfile
@@ -0,0 +1,5 @@
+FROM ghcr.io/dependabot/dependabot-updater-docker
+USER dependabot
+
+COPY --chown=dependabot:dependabot docker_compose $DEPENDABOT_HOME/helm
+
diff --git a/helm/README.md b/helm/README.md
@@ -0,0 +1,45 @@
+## `dependabot-docker_compose`
+
+Docker support for [`dependabot-core`][core-repo].
+
+### Running locally
+
+1. Start a development shell
+
+  ```
+  $ bin/docker-dev-shell docker_compose
+  ```
+
+2. Run tests
+   ```
+   [dependabot-core-dev] ~ $ cd docker_compose && rspec
+   ```
+
+[core-repo]: https://github.com/dependabot/dependabot-core
+
+### Supported tag schemas
+
+Dependabot supports updates for Docker Compose tags that use semver versioning, dates, and build numbers.
+The Docker Compose tag class is located at:
+https://github.com/dependabot/dependabot-core/blob/main/docker_compose/lib/dependabot/docker_compose/tag.rb
+
+#### Semver
+
+Dependabot will attempt to parse a semver version from a tag and will only update it to a tag with a matching prefix and suffix.
+
+As an example, `base-12.5.1` and `base-12.5.1-golden` would be parsed as `<prefix>-<version>` and `<prefix>-<version>-<suffix>` respectively.
+
+That means for `base-12.5.1` only another `<prefix>-<version>` tag would be a viable update, and for `base-12.5.1-golden`, only another `<prefix>-<version>-<suffix>` tag would be viable. The exception to this is if the suffix is a SHA, in which case it does not get compared and only the `<prefix-<version>` parts are considered in finding a viable tag.
+
+#### Dates
+
+Dependabot will parse dates in the `yyyy-mm`, `yyyy-mm-dd` formats (or with `.` instead of `-`) and update tags to the latest date.
+
+As an example, `2024-01` will get updated to `2024-02` and `2024.01.29` will get updated to `2024.03.15`.
+
+#### Build numbers
+
+Dependabot will recognize build numbers and will update to the highest build number available.
+
+As an example, `21-ea-32`, `22-ea-7`, and `22-ea-jdk-nanoserver-1809` are mapped to `<version>-ea-<build_num>`, `<version>-ea-<build_num>`, and `<version>-ea-jdk-nanoserver-<build_num>` respectively.
+That means only "22-ea-7" will be considered as a viable update candidate for `21-ea-32`, since it's the only one that respects that format.
diff --git a/helm/dependabot-helm.gemspec b/helm/dependabot-helm.gemspec
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |spec|
+  common_gemspec =
+    Bundler.load_gemspec_uncached("../common/dependabot-common.gemspec")
+
+  spec.name         = "dependabot-helm"
+  spec.summary      = "Provides Dependabot support for Helm"
+  spec.description  = "Dependabot-Helm provides support for bumping Helm image tags via " \
+                      "Dependabot. If you want support for multiple package managers, you probably want the meta-gem " \
+                      "dependabot-omnibus."
+
+  spec.author       = common_gemspec.author
+  spec.email        = common_gemspec.email
+  spec.homepage     = common_gemspec.homepage
+  spec.license      = common_gemspec.license
+
+  spec.metadata = {
+    "bug_tracker_uri" => common_gemspec.metadata["bug_tracker_uri"],
+    "changelog_uri" => common_gemspec.metadata["changelog_uri"]
+  }
+
+  spec.version = common_gemspec.version
+  spec.required_ruby_version = common_gemspec.required_ruby_version
+  spec.required_rubygems_version = common_gemspec.required_ruby_version
+
+  spec.require_path = "lib"
+  spec.files        = Dir["lib/**/*"]
+
+  spec.add_dependency "dependabot-docker", Dependabot::VERSION
+  spec.add_dependency "dependabot-helm", Dependabot::VERSION
+
+  common_gemspec.development_dependencies.each do |dep|
+    spec.add_development_dependency dep.name, *dep.requirement.as_list
+  end
+end
diff --git a/helm/lib/dependabot/helm.rb b/helm/lib/dependabot/helm.rb
@@ -0,0 +1,23 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+
+require "dependabot/docker"
+
+require "dependabot/helm/file_fetcher"
+require "dependabot/helm/file_parser"
+require "dependabot/helm/file_updater"
+
+Dependabot::Utils.register_version_class("helm", Dependabot::Docker::Version)
+Dependabot::UpdateCheckers.register("helm", Dependabot::Docker::UpdateChecker)
+Dependabot::Utils.register_requirement_class("helm", Dependabot::Docker::Requirement)
+Dependabot::MetadataFinders.register("helm", Dependabot::Docker::MetadataFinder)
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("helm", name: "helm", colour: "E5F2FC")
+
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check("helm", ->(_) { true })
diff --git a/helm/lib/dependabot/helm/file_fetcher.rb b/helm/lib/dependabot/helm/file_fetcher.rb
@@ -0,0 +1,67 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/shared/shared_file_fetcher"
+
+module Dependabot
+  module Helm
+    class FileFetcher < Dependabot::Shared::SharedFileFetcher
+      FILENAME_REGEX = /.*\.ya?ml$/i
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        fetched_files = []
+        fetched_files += correctly_encoded_helm_files
+
+        return fetched_files if fetched_files.any?
+
+        raise_appropriate_error
+      end
+
+      sig { override.returns(Regexp) }
+      def self.filename_regex
+        FILENAME_REGEX
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def helm_files
+        @helm_files ||=
+          T.let(repo_contents(raise_errors: false)
+          .select { |f| f.type == "file" && f.name.match?(FILENAME_REGEX) }
+          .map { |f| fetch_file_from_host(f.name) }, T.nilable(T::Array[DependencyFile]))
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def correctly_encoded_helm_files
+        helm_files.select { |f| T.must(f.content).valid_encoding? }
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def incorrectly_encoded_helm_files_files
+        helm_files.reject { |f| T.must(f.content).valid_encoding? }
+      end
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a Helm charts file."
+      end
+
+      private
+
+      sig { override.returns(String) }
+      def default_file_name
+        "charts.yaml"
+      end
+
+      sig { override.returns(String) }
+      def file_type
+        "Helm Chart"
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register(
+  "helm",
+  Dependabot::Helm::FileFetcher
+)