From c7dcac9c25ef465c383fe295839739b392b2f264 Mon Sep 17 00:00:00 2001 From: David McIntosh <804610+mctofu@users.noreply.github.com> Date: Tue, 9 Mar 2021 13:56:37 -0800 Subject: [PATCH] docker: don't ignore version tag when consolidating dependencies This causes the docker file parser to consider the tag in addition to the image name when extracting depenencies. Previously php:8.0.1-apache and php:8.0.1-cli would be treated as the same dependency which caused them to both get updated to php:8.0.3-apache. With the change they are treated as separate dependencies and get updated to php:8.0.3-apache and php:8.0.3-cli in separate PRs. --- docker/lib/dependabot/docker/file_parser.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docker/lib/dependabot/docker/file_parser.rb b/docker/lib/dependabot/docker/file_parser.rb index 70590c8c9b..c5afa2c246 100644 --- a/docker/lib/dependabot/docker/file_parser.rb +++ b/docker/lib/dependabot/docker/file_parser.rb @@ -35,7 +35,7 @@ class FileParser < Dependabot::FileParsers::Base AWS_ECR_URL = /dkr\.ecr\.(?[^.]+).amazonaws\.com/.freeze def parse - dependency_set = DependencySet.new + dependencies = [] dockerfiles.each do |dockerfile| dockerfile.content.each_line do |line| @@ -47,7 +47,7 @@ def parse version = version_from(parsed_from_line) next unless version - dependency_set << Dependency.new( + current = Dependency.new( name: parsed_from_line.fetch("image"), version: version, package_manager: "docker", @@ -58,10 +58,16 @@ def parse source: source_from(parsed_from_line) ] ) + existing = dependencies.find {|d| d.name == current.name && d.version == current.version } + if existing + existing.requirements.push(*current.requirements).uniq! + else + dependencies << current + end end end - dependency_set.dependencies + dependencies end private