Skip to content

Commit

Permalink
Merge pull request #61 from paketo-buildpacks/backports
Browse files Browse the repository at this point in the history
Backports
  • Loading branch information
dmikusa authored Nov 11, 2024
2 parents b03aa2e + b609918 commit 92ed56a
Show file tree
Hide file tree
Showing 11 changed files with 514 additions and 47 deletions.
61 changes: 55 additions & 6 deletions carton/buildmodule_dependency.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ import (

"github.com/paketo-buildpacks/libpak/v2/log"
"github.com/paketo-buildpacks/libpak/v2/utils"

"github.com/paketo-buildpacks/libpak-tools/internal"
)

const (
Expand All @@ -36,6 +38,7 @@ const (
type BuildModuleDependency struct {
BuildModulePath string
ID string
Arch string
SHA256 string
URI string
Version string
Expand All @@ -44,6 +47,9 @@ type BuildModuleDependency struct {
CPEPattern string
PURL string
PURLPattern string
Source string
SourceSHA256 string
EolID string
}

func (b BuildModuleDependency) Update(options ...Option) {
Expand All @@ -57,11 +63,15 @@ func (b BuildModuleDependency) Update(options ...Option) {

logger := log.NewPaketoLogger(os.Stdout)
_, _ = fmt.Fprintf(logger.TitleWriter(), "\n%s\n", log.FormatIdentity(b.ID, b.VersionPattern))
logger.Headerf("Version: %s", b.Version)
logger.Headerf("PURL: %s", b.PURL)
logger.Headerf("CPEs: %s", b.CPE)
logger.Headerf("URI: %s", b.URI)
logger.Headerf("SHA256: %s", b.SHA256)
logger.Headerf("Arch: %s", b.Arch)
logger.Headerf("Version: %s", b.Version)
logger.Headerf("PURL: %s", b.PURL)
logger.Headerf("CPEs: %s", b.CPE)
logger.Headerf("URI: %s", b.URI)
logger.Headerf("SHA256: %s", b.SHA256)
logger.Headerf("Source: %s", b.Source)
logger.Headerf("SourceSHA256: %s", b.SourceSHA256)
logger.Headerf("EOL ID: %s", b.EolID)

versionExp, err := regexp.Compile(b.VersionPattern)
if err != nil {
Expand Down Expand Up @@ -138,7 +148,27 @@ func (b BuildModuleDependency) Update(options ...Option) {
continue
}

if depID == b.ID {
// extract the arch from the PURL, it's the only place it lives consistently at the moment
var depArch string
purlUnwrapped, found := dep["purl"]
if found {
purl, ok := purlUnwrapped.(string)
if ok {
purlArchExp := regexp.MustCompile(`arch=(.*)`)
purlArchMatches := purlArchExp.FindStringSubmatch(purl)
if len(purlArchMatches) == 2 {
depArch = purlArchMatches[1]
}
}
}

// if not set, we presently need to default to amd64 because a lot of deps do not specify arch
// in the future when we add the arch field to our deps, then we can remove this because empty should then mean noarch
if depArch == "" {
depArch = "amd64"
}

if depID == b.ID && depArch == b.Arch {
depVersionUnwrapped, found := dep["version"]
if !found {
continue
Expand All @@ -148,10 +178,17 @@ func (b BuildModuleDependency) Update(options ...Option) {
if !ok {
continue
}

if versionExp.MatchString(depVersion) {
dep["version"] = b.Version
dep["uri"] = b.URI
dep["sha256"] = b.SHA256
if b.SourceSHA256 != "" {
dep["source-sha256"] = b.SourceSHA256
}
if b.Source != "" {
dep["source"] = b.Source
}

purlUnwrapped, found := dep["purl"]
if found {
Expand All @@ -175,6 +212,18 @@ func (b BuildModuleDependency) Update(options ...Option) {
}
}
}

if b.EolID != "" {
eolDate, err := internal.GetEolDate(b.EolID, b.Version)
if err != nil {
config.exitHandler.Error(fmt.Errorf("unable to fetch deprecation_date"))
return
}

if eolDate != "" {
dep["deprecation_date"] = eolDate
}
}
}
}
}
Expand Down
142 changes: 110 additions & 32 deletions carton/buildmodule_dependency_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,26 @@ name = "Some Buildpack"
version = "1.2.3"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
version = "test-version-1"
uri = "test-uri-1"
sha256 = "test-sha256-1"
stacks = [ "test-stack" ]
id = "test-id"
name = "Test Name"
version = "test-version-1"
uri = "test-uri-1"
sha256 = "test-sha256-1"
stacks = [ "test-stack" ]
source = "test-source-uri-1"
source-sha256 = "test-source-sha256-1"
`), 0600)).To(Succeed())

d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
VersionPattern: `test-version-[\d]`,
Source: "test-source-uri-2",
SourceSHA256: "test-source-sha256-2",
}

d.Update(carton.WithExitHandler(exitHandler))
Expand All @@ -94,6 +99,8 @@ version = "test-version-2"
uri = "test-uri-2"
sha256 = "test-sha256-2"
stacks = [ "test-stack" ]
source = "test-source-uri-2"
source-sha256 = "test-source-sha256-2"
`))
})

Expand All @@ -118,6 +125,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
Expand Down Expand Up @@ -148,13 +156,12 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*
`))
})

it("updates multiple dependencies with different versions", func() {
it("updates dependency with source & sourceSha", func() {
Expect(os.WriteFile(path, []byte(`api = "0.7"
[buildpack]
id = "some-buildpack"
name = "Some Buildpack"
version = "1.2.3"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
Expand All @@ -164,21 +171,82 @@ sha256 = "test-sha256-1"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-1?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*:*"]
`), 0600)).To(Succeed())

d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
VersionPattern: `test-version-[\d]`,
PURL: "different-version-2",
PURLPattern: `different-version-[\d]`,
CPE: "test-version-2:patch2",
CPEPattern: `test-version-[\d]:patch[\d]`,
Source: "test-new-source",
SourceSHA256: "test-new-source-sha",
}

d.Update(carton.WithExitHandler(exitHandler))

Expect(os.ReadFile(path)).To(libpakTesting.MatchTOML(`api = "0.7"
[buildpack]
id = "some-buildpack"
name = "Some Buildpack"
version = "1.2.3"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
version = "test-version-2"
uri = "test-uri-2"
sha256 = "test-sha256-2"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-2?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
id = "test-id"
name = "Test Name"
version = "test-version-2"
uri = "test-uri-2"
sha256 = "test-sha256-2"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-2?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
source = "test-new-source"
source-sha256 = "test-new-source-sha"
`))
})

it("updates multiple dependencies with different versions", func() {
Expect(os.WriteFile(path, []byte(`api = "0.7"
[buildpack]
id = "some-buildpack"
name = "Some Buildpack"
version = "1.2.3"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
version = "test-version-1"
uri = "test-uri-1"
sha256 = "test-sha256-1"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-1?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*:*"]
source = "test-source-uri-1"
source-sha256 = "test-source-sha256-1"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
version = "test-version-2"
uri = "test-uri-2"
sha256 = "test-sha256-2"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-2?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
source = "test-source-uri-2"
source-sha256 = "test-source-sha256-2"
`), 0600)).To(Succeed())

d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-3",
URI: "test-uri-3",
Version: "test-version-3",
Expand All @@ -187,6 +255,8 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*
PURLPattern: `different-version-[\d]`,
CPE: "test-version-3:patch3",
CPEPattern: `test-version-[\d]:patch[\d]`,
Source: "test-source-uri-3",
SourceSHA256: "test-source-sha256-3",
}

d.Update(carton.WithExitHandler(exitHandler))
Expand All @@ -198,24 +268,28 @@ name = "Some Buildpack"
version = "1.2.3"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
version = "test-version-3"
uri = "test-uri-3"
sha256 = "test-sha256-3"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-3?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-3:patch3:*:*:*:*:*:*:*"]
id = "test-id"
name = "Test Name"
version = "test-version-3"
uri = "test-uri-3"
sha256 = "test-sha256-3"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-3?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-3:patch3:*:*:*:*:*:*:*"]
source = "test-source-uri-3"
source-sha256 = "test-source-sha256-3"
[[metadata.dependencies]]
id = "test-id"
name = "Test Name"
version = "test-version-2"
uri = "test-uri-2"
sha256 = "test-sha256-2"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-2?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
id = "test-id"
name = "Test Name"
version = "test-version-2"
uri = "test-uri-2"
sha256 = "test-sha256-2"
stacks = [ "test-stack" ]
purl = "pkg:generic/test-jre@different-version-2?arch=amd64"
cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
source = "test-source-uri-2"
source-sha256 = "test-source-sha256-2"
`))
})

Expand All @@ -239,6 +313,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
Expand Down Expand Up @@ -289,6 +364,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
Expand Down Expand Up @@ -340,6 +416,7 @@ cpes = 1234
d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
Expand Down Expand Up @@ -393,6 +470,7 @@ version = "1.2.3"
d := carton.BuildModuleDependency{
BuildModulePath: path,
ID: "test-id",
Arch: "amd64",
SHA256: "test-sha256-2",
URI: "test-uri-2",
Version: "test-version-2",
Expand Down
Loading

0 comments on commit 92ed56a

Please sign in to comment.