Class: Dependabot::Docker::UpdateChecker

Inherits:
UpdateCheckers::Base
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/docker/update_checker.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary collapse

MANIFEST_LIST_TYPES = 
T.let(
  [
    "application/vnd.docker.distribution.manifest.list.v2+json",
    "application/vnd.oci.image.index.v1+json"
  ].freeze,
  T::Array[String]
)
PLATFORM_TIMESTAMP_TOLERANCE_SECONDS =

Tolerance window for platform timestamp comparison. Multi-arch CI builds may finish platforms at slightly different times.

T.let(3 * 60 * 60, Integer)
MAX_PLATFORM_VALIDATION_ATTEMPTS =

Maximum number of candidates to run platform timestamp validation against. Each validation can require 1 + 1 + N*2 registry API calls for N platforms, so we cap the attempts to avoid rate limiting or excessive latency.

T.let(5, Integer)
T.let(
  [
    /^\d+$/,                          # pure numbers: "123", "8"
    /^\d+\.\d+$/,                     # semver-like: "1.2"
    /^v\d+/,                          # v-prefixed: "v2", "v10"
    /^(?=.*\d)(?=.*[a-z])[a-z\d]+$/i, # broad mixed alphanumeric: "rc1", "beta2", "alpine3", "ltsc2022"
    /^(rc|jre)$/,                     # common Docker tag components that are part of versioning
    /^kb\d+$/i,                       # Microsoft KB numbers: "KB4505057"
    /^g[0-9a-f]{5,}$/,                # git SHAs: "g1a2b3c4"
    /^\d{8,14}$/,                     # timestamps: "20250909"
    /\d+_\d+/                         # underscore-separated version parts: "12_8"
  ].freeze,
  T::Array[Regexp]
)
T.let(
  [
    /^\d+$/,                          # pure numbers: "123", "8"
    /^\d+\.\d+$/,                     # semver-like: "1.2"
    /^v\d+/,                          # v-prefixed: "v2", "v10"
    /^\d+[a-z]+\d+$/i,                # digit-letters-digit version parts: "0a1", "0b1", "0rc1"
    /^kb\d+$/i,                       # Microsoft KB numbers: "KB4505057"
    /^g[0-9a-f]{5,}$/,                # git SHAs: "g1a2b3c4"
    /^\d{8,14}$/,                     # timestamps: "20250909"
    /\d+_\d+/                         # underscore-separated version parts: "12_8"
  ].freeze,
  T::Array[Regexp]
)

Instance Method Summary collapse

Instance Method Details

#latest_resolvable_versionObject 



93
94
95
96
 
# File 'lib/dependabot/docker/update_checker.rb', line 93

def latest_resolvable_version
  # Resolvability isn't an issue for Docker containers.
  latest_version
end

#latest_resolvable_version_with_no_unlockObject 



99
100
101
102
 
# File 'lib/dependabot/docker/update_checker.rb', line 99

def latest_resolvable_version_with_no_unlock
  # No concept of "unlocking" for Docker containers
  dependency.version
end

#latest_versionObject 



88
89
90
 
# File 'lib/dependabot/docker/update_checker.rb', line 88

def latest_version
  latest_version_from(T.must(dependency.version))
end

#updated_requirementsObject 



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/dependabot/docker/update_checker.rb', line 105

def updated_requirements
  dependency.requirements.map do |req|
    updated_source = req.fetch(:source).dup

    tag = req[:source][:tag]
    digest = req[:source][:digest]

    if tag
      updated_tag = latest_version_from(tag)
      updated_source[:tag] = updated_tag
      updated_source[:digest] = digest_of(updated_tag) if digest || pin_digests?
    elsif digest
      updated_source[:digest] = digest_of("latest")
    end

    req.merge(source: updated_source)
  end
end