Skip invalid docker image references in helm charts

[lyoung-confluent]

It is possible to include variables/references in a helm chart, ex:

image:
  repository: foo/bar
  tag: "${bar.foo}"

Currently, the docker parser will extract this and construct the docker reference as the string foo/bar:${bar.foo}.

Because this reference contains invalid characters ({, }, $) for a docker tag, the regex match against IMAGE_SPEC will (correctly) result in nil:

lib/dependabot/docker/file_parser.rb:172:in `block (2 levels) in workfile_file_dependencies': undefined method `named_captures' for nil:NilClass (NoMethodError)

By adding a next unless check we can skip over references like this without crashing allowing the rest of the file/directory to be upgraded.

[jeffwidman]

Nice find!

Can you add a test?

[github-actions]

👋 This pull request has been marked as stale because it has been open for 2 years with no activity. You can comment on the PR to hold stalebot off for a while, or do nothing. If you do nothing, this pull request will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details.

[markhallen]

Thank you for the contribution @lyoung-confluent. We really appreciate your effort in finding the exact cause of this problem.

It seems that a recent change addressed this issue and you can see the updated code here:

dependabot-core/docker/lib/dependabot/docker/file_parser.rb

Lines 104 to 115 in b9ea83b

	images.each do |string|
	# TODO: Support Docker references and path references
	details = string.match(IMAGE_SPEC)&.named_captures
	next if details.nil?
	details["registry"] = nil if details["registry"] == "docker.io"
	version = version_from(details)
	next unless version
	dependency_set << build_dependency(file, details, version)
	end

I'm going to close this PR. Please let me know if the problem is resolved for you or if you continue to have issues. Thanks