feat: kustomize image digests (#11153)

Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Co-authored-by: Rhys Arkins <rhys@arkins.net>
renovatebot · Sep 10, 2021 · dc15dfd · dc15dfd
1 parent cdc083f
commit dc15dfd
Show file tree

Hide file tree

Showing 9 changed files with 286 additions and 62 deletions.
diff --git a/lib/manager/kustomize/__fixtures__/digest.yaml b/lib/manager/kustomize/__fixtures__/digest.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: hasura
+images:
+  - name: postgres
+    digest: sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
+  - name: postgres:11
+    digest: sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
+  # invalid - includes newTag and digest
+  - name: postgres
+    newTag: 11
+    digest: sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
+  # invalid - not a string
+  - name: postgres
+    digest: 02641143766
+  # invalid - missing prefix
+  - name: postgres
+    digest: b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
diff --git a/lib/manager/kustomize/__fixtures__/newName.yaml b/lib/manager/kustomize/__fixtures__/newName.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: hasura
+images:
+  - name: postgres
+    newName: awesome/postgres:11@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
+  - name: postgres
+    newName: awesome/postgres:11
+  - name: postgres
+    newName: awesome/postgres@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
diff --git a/lib/manager/kustomize/__fixtures__/newTag.yaml b/lib/manager/kustomize/__fixtures__/newTag.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: hasura
+images:
+  - name: postgres
+    newTag: "11"
+  - name: postgres
+    newTag: 11@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
+  # invalid - renders as `postgres:sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c`
+  - name: postgres
+    newTag: sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
diff --git a/lib/manager/kustomize/__fixtures__/sha.yaml b/lib/manager/kustomize/__fixtures__/sha.yaml
diff --git a/lib/manager/kustomize/__snapshots__/extract.spec.ts.snap b/lib/manager/kustomize/__snapshots__/extract.spec.ts.snap
@@ -1,5 +1,68 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`manager/kustomize/extract extractPackageFile() extracts from digest 1`] = `
+Object {
+  "deps": Array [
+    Object {
+      "currentDigest": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "currentValue": undefined,
+      "datasource": "docker",
+      "depName": "postgres",
+      "replaceString": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+    },
+    Object {
+      "currentDigest": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "currentValue": "11",
+      "datasource": "docker",
+      "depName": "postgres",
+      "replaceString": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+    },
+    Object {
+      "currentDigest": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "currentValue": 11,
+      "depName": "postgres",
+      "skipReason": "invalid-dependency-specification",
+    },
+    Object {
+      "currentValue": 2641143766,
+      "depName": "postgres",
+      "skipReason": "invalid-value",
+    },
+    Object {
+      "currentValue": "b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "depName": "postgres",
+      "skipReason": "invalid-value",
+    },
+  ],
+}
+`;
+
+exports[`manager/kustomize/extract extractPackageFile() extracts from newTag 1`] = `
+Object {
+  "deps": Array [
+    Object {
+      "currentDigest": undefined,
+      "currentValue": "11",
+      "datasource": "docker",
+      "depName": "postgres",
+      "replaceString": "11",
+    },
+    Object {
+      "currentDigest": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "currentValue": "11",
+      "datasource": "docker",
+      "depName": "postgres",
+      "replaceString": "11@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+    },
+    Object {
+      "currentValue": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "depName": "postgres",
+      "skipReason": "invalid-value",
+    },
+  ],
+}
+`;
+
 exports[`manager/kustomize/extract extractPackageFile() extracts http dependency 1`] = `
 Array [
   Object {
@@ -32,16 +95,29 @@ Array [
 ]
 `;
 
-exports[`manager/kustomize/extract extractPackageFile() extracts sha256 instead of tag 1`] = `
+exports[`manager/kustomize/extract extractPackageFile() extracts newName 1`] = `
 Object {
   "deps": Array [
+    Object {
+      "currentDigest": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+      "currentValue": "11",
+      "datasource": "docker",
+      "depName": "awesome/postgres",
+      "replaceString": "awesome/postgres:11@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
+    },
+    Object {
+      "currentDigest": undefined,
+      "currentValue": "11",
+      "datasource": "docker",
+      "depName": "awesome/postgres",
+      "replaceString": "awesome/postgres:11",
+    },
     Object {
       "currentDigest": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
       "currentValue": undefined,
       "datasource": "docker",
-      "depName": "postgres",
-      "replaceString": "sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
-      "versioning": "docker",
+      "depName": "awesome/postgres",
+      "replaceString": "awesome/postgres@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c",
     },
   ],
 }
@@ -95,39 +171,34 @@ Array [
     "datasource": "docker",
     "depName": "node",
     "replaceString": "v0.1.0",
-    "versioning": "docker",
   },
   Object {
     "currentDigest": undefined,
     "currentValue": "v0.0.1",
     "datasource": "docker",
     "depName": "group/instance",
     "replaceString": "v0.0.1",
-    "versioning": "docker",
   },
   Object {
     "currentDigest": undefined,
     "currentValue": "v0.0.2",
     "datasource": "docker",
     "depName": "quay.io/test/repo",
     "replaceString": "v0.0.2",
-    "versioning": "docker",
   },
   Object {
     "currentDigest": undefined,
     "currentValue": "v0.0.3",
     "datasource": "docker",
     "depName": "gitlab.com/org/suborg/image",
     "replaceString": "v0.0.3",
-    "versioning": "docker",
   },
   Object {
     "currentDigest": undefined,
     "currentValue": "v0.0.4",
     "datasource": "docker",
     "depName": "but.this.lives.on.local/private-registry",
     "replaceString": "v0.0.4",
-    "versioning": "docker",
   },
   Object {
     "currentValue": 2.5,

diff --git a/lib/manager/kustomize/extract.spec.ts b/lib/manager/kustomize/extract.spec.ts
@@ -3,7 +3,6 @@ import * as datasourceDocker from '../../datasource/docker';
 import * as datasourceGitTags from '../../datasource/git-tags';
 import * as datasourceGitHubTags from '../../datasource/github-tags';
 import { SkipReason } from '../../types';
-import * as dockerVersioning from '../../versioning/docker';
 import {
   extractBase,
   extractImage,
@@ -19,7 +18,9 @@ const kustomizeWithLocal = loadFixture('kustomizeWithLocal.yaml');
 const nonKustomize = loadFixture('service.yaml');
 const gitImages = loadFixture('gitImages.yaml');
 const kustomizeDepsInResources = loadFixture('depsInResources.yaml');
-const sha = loadFixture('sha.yaml');
+const newTag = loadFixture('newTag.yaml');
+const newName = loadFixture('newName.yaml');
+const digest = loadFixture('digest.yaml');
 
 describe('manager/kustomize/extract', () => {
   it('should successfully parse a valid kustomize file', () => {
@@ -131,7 +132,6 @@ describe('manager/kustomize/extract', () => {
         currentValue: 'v1.0.0',
         datasource: datasourceDocker.id,
         replaceString: 'v1.0.0',
-        versioning: dockerVersioning.id,
         depName: 'node',
       };
       const pkg = extractImage({
@@ -146,7 +146,6 @@ describe('manager/kustomize/extract', () => {
         currentValue: 'v1.0.0',
         datasource: datasourceDocker.id,
         replaceString: 'v1.0.0',
-        versioning: dockerVersioning.id,
         depName: 'test/node',
       };
       const pkg = extractImage({
@@ -161,7 +160,6 @@ describe('manager/kustomize/extract', () => {
         currentValue: 'v1.0.0',
         datasource: datasourceDocker.id,
         replaceString: 'v1.0.0',
-        versioning: dockerVersioning.id,
         depName: 'quay.io/repo/image',
       };
       const pkg = extractImage({
@@ -175,7 +173,6 @@ describe('manager/kustomize/extract', () => {
         currentDigest: undefined,
         currentValue: 'v1.0.0',
         datasource: datasourceDocker.id,
-        versioning: dockerVersioning.id,
         replaceString: 'v1.0.0',
         depName: 'localhost:5000/repo/image',
       };
@@ -191,7 +188,6 @@ describe('manager/kustomize/extract', () => {
         currentValue: 'v1.0.0',
         replaceString: 'v1.0.0',
         datasource: datasourceDocker.id,
-        versioning: dockerVersioning.id,
         depName: 'localhost:5000/repo/image/service',
       };
       const pkg = extractImage({
@@ -253,13 +249,76 @@ describe('manager/kustomize/extract', () => {
       expect(res.deps[1].depName).toEqual('fluxcd/flux');
       expect(res.deps[2].depName).toEqual('fluxcd/flux');
     });
-    it('extracts sha256 instead of tag', () => {
-      expect(extractPackageFile(sha)).toMatchSnapshot({
+
+    const postgresDigest =
+      'sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c';
+
+    it('extracts from newTag', () => {
+      expect(extractPackageFile(newTag)).toMatchSnapshot({
         deps: [
           {
-            currentDigest:
-              'sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c',
+            currentDigest: undefined,
+            currentValue: '11',
+            replaceString: '11',
+          },
+          {
+            currentDigest: postgresDigest,
+            currentValue: '11',
+            replaceString: `11@${postgresDigest}`,
+          },
+          {
+            skipReason: SkipReason.InvalidValue,
+          },
+        ],
+      });
+    });
+
+    it('extracts from digest', () => {
+      expect(extractPackageFile(digest)).toMatchSnapshot({
+        deps: [
+          {
+            currentDigest: postgresDigest,
+            currentValue: undefined,
+            replaceString: postgresDigest,
+          },
+          {
+            currentDigest: postgresDigest,
+            currentValue: '11',
+            replaceString: postgresDigest,
+          },
+          {
+            skipReason: SkipReason.InvalidDependencySpecification,
+          },
+          {
+            skipReason: SkipReason.InvalidValue,
+          },
+          {
+            skipReason: SkipReason.InvalidValue,
+          },
+        ],
+      });
+    });
+
+    it('extracts newName', () => {
+      expect(extractPackageFile(newName)).toMatchSnapshot({
+        deps: [
+          {
+            depName: 'awesome/postgres',
+            currentDigest: postgresDigest,
+            currentValue: '11',
+            replaceString: `awesome/postgres:11@${postgresDigest}`,
+          },
+          {
+            depName: 'awesome/postgres',
+            currentDigest: undefined,
+            currentValue: '11',
+            replaceString: 'awesome/postgres:11',
+          },
+          {
+            depName: 'awesome/postgres',
+            currentDigest: postgresDigest,
             currentValue: undefined,
+            replaceString: `awesome/postgres@${postgresDigest}`,
           },
         ],
       });