Merge branch 'main' into fix/panic-deprecationdate

paketo-buildpacks · Jan 22, 2024 · 9e4edd1 · 9e4edd1
2 parents 7c5ecaf + 0039462
commit 9e4edd1
Show file tree

Hide file tree

Showing 10 changed files with 55 additions and 18 deletions.
diff --git a/.github/pipeline-version b/.github/pipeline-version
@@ -1 +1 @@
-1.34.0
+1.36.2
diff --git a/.github/workflows/pb-synchronize-labels.yml b/.github/workflows/pb-synchronize-labels.yml
@@ -11,7 +11,7 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - uses: micnncim/action-label-syncer@v1
               env:
                 GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/pb-tests.yml b/.github/workflows/pb-tests.yml
@@ -15,13 +15,13 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
-            - uses: actions/cache@v3
+            - uses: actions/checkout@v4
+            - uses: actions/cache@v4
               with:
                 key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
                 path: ${{ env.HOME }}/go/pkg/mod
                 restore-keys: ${{ runner.os }}-go-
-            - uses: actions/setup-go@v4
+            - uses: actions/setup-go@v5
               with:
                 go-version: "1.20"
             - name: Install richgo

diff --git a/.github/workflows/pb-update-go.yml b/.github/workflows/pb-update-go.yml
@@ -9,10 +9,10 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/setup-go@v4
+            - uses: actions/setup-go@v5
               with:
                 go-version: "1.20"
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Update Go Version & Modules
               id: update-go
               run: |

diff --git a/.github/workflows/pb-update-pipeline.yml b/.github/workflows/pb-update-pipeline.yml
@@ -14,7 +14,7 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/setup-go@v4
+            - uses: actions/setup-go@v5
               with:
                 go-version: "1.20"
             - name: Install octo
@@ -24,7 +24,7 @@ jobs:
                 set -euo pipefail
 
                 go install -ldflags="-s -w" github.com/paketo-buildpacks/pipeline-builder/cmd/octo@latest
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Update Pipeline
               id: pipeline
               run: |

diff --git a/carton/buildpack_dependency.go b/carton/buildpack_dependency.go
@@ -35,6 +35,7 @@ const (
 type BuildpackDependency struct {
 	BuildpackPath  string
 	ID             string
+	Arch           string
 	SHA256         string
 	URI            string
 	Version        string
@@ -58,6 +59,7 @@ func (b BuildpackDependency) Update(options ...Option) {
 
 	logger := bard.NewLogger(os.Stdout)
 	_, _ = fmt.Fprintf(logger.TitleWriter(), "\n%s\n", bard.FormatIdentity(b.ID, b.VersionPattern))
+	logger.Headerf("Arch:         %s", b.Arch)
 	logger.Headerf("Version:      %s", b.Version)
 	logger.Headerf("PURL:         %s", b.PURL)
 	logger.Headerf("CPEs:         %s", b.CPE)
@@ -141,7 +143,28 @@ func (b BuildpackDependency) Update(options ...Option) {
 			continue
 		}
 
-		if depId == b.ID {
+		// extract the arch from the PURL, it's the only place it lives consistently at the moment
+		var depArch string
+		purlUnwrapped, found := dep["purl"]
+		if found {
+			purl, ok := purlUnwrapped.(string)
+			if ok {
+				purlArchExp := regexp.MustCompile(`arch=(.*)`)
+				purlArchMatches := purlArchExp.FindStringSubmatch(purl)
+				if len(purlArchMatches) == 2 {
+					depArch = purlArchMatches[1]
+				}
+			}
+		}
+
+		// if not set, we presently need to default to amd64 because a lot of deps do not specify arch
+		//   in the future when we add the arch field to our deps, then we can remove this because empty should then mean noarch
+		if depArch == "" {
+			depArch = "amd64"
+		}
+
+		if depId == b.ID && depArch == b.Arch {
+
 			depVersionUnwrapped, found := dep["version"]
 			if !found {
 				continue
@@ -151,6 +174,7 @@ func (b BuildpackDependency) Update(options ...Option) {
 			if !ok {
 				continue
 			}
+
 			if versionExp.MatchString(depVersion) {
 				dep["version"] = b.Version
 				dep["uri"] = b.URI

diff --git a/carton/buildpack_dependency_test.go b/carton/buildpack_dependency_test.go
@@ -74,6 +74,7 @@ source-sha256 = "test-source-sha256-1"
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",
@@ -123,6 +124,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",
@@ -174,6 +176,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",
@@ -182,8 +185,8 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 			PURLPattern:    `different-version-[\d]`,
 			CPE:            "test-version-2:patch2",
 			CPEPattern:     `test-version-[\d]:patch[\d]`,
-			Source:          "test-new-source",
-			SourceSHA256:    "test-new-source-sha",
+			Source:         "test-new-source",
+			SourceSHA256:   "test-new-source-sha",
 		}
 
 		d.Update(carton.WithExitHandler(exitHandler))
@@ -243,6 +246,7 @@ source-sha256 = "test-source-sha256-2"
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-3",
 			URI:            "test-uri-3",
 			Version:        "test-version-3",
@@ -309,6 +313,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",
@@ -359,6 +364,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",
@@ -410,6 +416,7 @@ cpes    = 1234
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",
@@ -463,6 +470,7 @@ version = "1.2.3"
 		d := carton.BuildpackDependency{
 			BuildpackPath:  path,
 			ID:             "test-id",
+			Arch:           "amd64",
 			SHA256:         "test-sha256-2",
 			URI:            "test-uri-2",
 			Version:        "test-version-2",

diff --git a/cmd/update-buildpack-dependency/main.go b/cmd/update-buildpack-dependency/main.go
@@ -32,6 +32,7 @@ func main() {
 	flagSet := pflag.NewFlagSet("Update Buildpack Dependency", pflag.ExitOnError)
 	flagSet.StringVar(&b.BuildpackPath, "buildpack-toml", "", "path to buildpack.toml")
 	flagSet.StringVar(&b.ID, "id", "", "the id of the dependency")
+	flagSet.StringVar(&b.Arch, "arch", "", "the arch of the dependency")
 	flagSet.StringVar(&b.SHA256, "sha256", "", "the new sha256 of the dependency")
 	flagSet.StringVar(&b.URI, "uri", "", "the new uri of the dependency")
 	flagSet.StringVar(&b.Version, "version", "", "the new version of the dependency")
@@ -55,6 +56,10 @@ func main() {
 		log.Fatal("id must be set")
 	}
 
+	if b.Arch == "" {
+		b.Arch = "amd64"
+	}
+
 	if b.SHA256 == "" {
 		log.Fatal("sha256 must be set")
 	}

diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/heroku/color v0.0.6
 	github.com/imdario/mergo v0.3.16
 	github.com/mitchellh/hashstructure/v2 v2.0.2
-	github.com/onsi/gomega v1.30.0
+	github.com/onsi/gomega v1.31.1
 	github.com/sclevine/spec v1.4.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4

diff --git a/go.sum b/go.sum
@@ -9,7 +9,7 @@ github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
@@ -33,9 +33,9 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
 github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8=
@@ -63,7 +63,7 @@ golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=