-
Notifications
You must be signed in to change notification settings - Fork 2.4k
/
artifacts.ts
113 lines (110 loc) · 3.71 KB
/
artifacts.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import is from '@sindresorhus/is';
import { quote } from 'shlex';
import { TEMPORARY_ERROR } from '../../../constants/error-messages';
import { logger } from '../../../logger';
import { exec } from '../../../util/exec';
import type { ExecOptions } from '../../../util/exec/types';
import { ensureCacheDir, readLocalFile } from '../../../util/fs';
import { escapeRegExp, regEx } from '../../../util/regex';
import type { UpdateArtifact, UpdateArtifactsResult } from '../types';
import { extrasPattern } from './extract';
/**
* Create a RegExp that matches the first dependency pattern for
* the named dependency that is followed by package hashes.
*
* The regular expression defines a single named group `depConstraint`
* that holds the dependency constraint without the hash specifiers.
* The substring matched by this named group will start with the dependency
* name and end with a non-whitespace character.
*
* @param depName the name of the dependency
*/
function dependencyAndHashPattern(depName: string): RegExp {
const escapedDepName = escapeRegExp(depName);
// extrasPattern covers any whitespace between the dep name and the optional extras specifier,
// but it does not cover any whitespace in front of the equal signs.
//
// Use a non-greedy wildcard for the range pattern; otherwise, we would
// include all but the last hash specifier into depConstraint.
return regEx(
`^\\s*(?<depConstraint>${escapedDepName}${extrasPattern}\\s*==.*?\\S)\\s+--hash=`,
'm'
);
}
export async function updateArtifacts({
packageFileName,
updatedDeps,
newPackageFileContent,
config,
}: UpdateArtifact): Promise<UpdateArtifactsResult[] | null> {
logger.debug(`pip_requirements.updateArtifacts(${packageFileName})`);
if (!is.nonEmptyArray(updatedDeps)) {
logger.debug('No updated pip_requirements deps - returning null');
return null;
}
try {
const cmd: string[] = [];
const rewrittenContent = newPackageFileContent.replace(regEx(/\\\n/g), '');
for (const dep of updatedDeps) {
if (!dep.depName) {
continue;
}
const depAndHashMatch = dependencyAndHashPattern(dep.depName).exec(
rewrittenContent
);
if (depAndHashMatch) {
// If there's a match, then the regular expression guarantees
// that the named subgroup deepConstraint did match as well.
const depConstraint = depAndHashMatch.groups!.depConstraint;
cmd.push(`hashin ${quote(depConstraint)} -r ${quote(packageFileName)}`);
}
}
if (!cmd.length) {
logger.debug('No hashin commands to run - returning');
return null;
}
const execOptions: ExecOptions = {
cwdFile: '.',
docker: {
image: 'sidecar',
},
preCommands: ['pip install --user hashin'],
toolConstraints: [
{ toolName: 'python', constraint: config.constraints?.python },
],
extraEnv: {
PIP_CACHE_DIR: await ensureCacheDir('pip'),
},
};
await exec(cmd, execOptions);
const newContent = await readLocalFile(packageFileName, 'utf8');
if (newContent === newPackageFileContent) {
logger.debug(`${packageFileName} is unchanged`);
return null;
}
logger.debug(`Returning updated ${packageFileName}`);
return [
{
file: {
type: 'addition',
path: packageFileName,
contents: newContent,
},
},
];
} catch (err) {
// istanbul ignore if
if (err.message === TEMPORARY_ERROR) {
throw err;
}
logger.debug({ err }, `Failed to update ${packageFileName} file`);
return [
{
artifactError: {
lockFile: packageFileName,
stderr: `${String(err.stdout)}\n${String(err.stderr)}`,
},
},
];
}
}