Merge pull request #11977 from jpinz/docker-version-digest-fix

sachin-sandhu · web-flow · commit c3799f690f22 · 2025-04-16T17:25:02.000-04:00
Update docker version to include digest if applicable - Fixed
diff --git a/docker/lib/dependabot/docker/file_parser.rb b/docker/lib/dependabot/docker/file_parser.rb
@@ -155,7 +155,7 @@ def parse_helm(img_hash)
 
         image = "#{repo}:#{tag}"
         image.prepend("#{registry}/") if registry
-        image << "@sha256:#{digest}/" if digest
+        image << "@#{digest}/" if digest
         [image]
       end
 
diff --git a/docker/lib/dependabot/docker/update_checker.rb b/docker/lib/dependabot/docker/update_checker.rb
@@ -427,7 +427,7 @@ def digest_of(tag)
 
       sig { params(tag: String).returns(T.nilable(String)) }
       def fetch_digest_of(tag)
-        docker_registry_client.manifest_digest(docker_repo_name, tag)&.delete_prefix("sha256:")
+        docker_registry_client.manifest_digest(docker_repo_name, tag)
       rescue *transient_docker_errors => e
         attempt ||= 1
         attempt += 1
diff --git a/docker/lib/dependabot/shared/shared_file_parser.rb b/docker/lib/dependabot/shared/shared_file_parser.rb
@@ -33,7 +33,13 @@ class SharedFileParser < Dependabot::FileParsers::Base
 
       sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
       def version_from(parsed_line)
-        parsed_line.fetch("tag") || parsed_line.fetch("digest")
+        return nil unless parsed_line.fetch("tag") || parsed_line.fetch("digest")
+
+        if parsed_line.fetch("tag") && parsed_line.fetch("digest")
+          "#{parsed_line.fetch('tag')}@sha256:#{parsed_line.fetch('digest')}"
+        else
+          parsed_line.fetch("tag") || "sha256:#{parsed_line.fetch('digest')}"
+        end
       end
 
       sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T::Hash[String, T.nilable(String)]) }
@@ -42,7 +48,7 @@ def source_from(parsed_line)
 
         source[:registry] = parsed_line.fetch("registry") if parsed_line.fetch("registry")
         source[:tag] = parsed_line.fetch("tag") if parsed_line.fetch("tag")
-        source[:digest] = parsed_line.fetch("digest") if parsed_line.fetch("digest")
+        source[:digest] = "sha256:#{parsed_line.fetch('digest')}" if parsed_line.fetch("digest")
 
         source
       end
diff --git a/docker/lib/dependabot/shared/shared_file_updater.rb b/docker/lib/dependabot/shared/shared_file_updater.rb
@@ -92,7 +92,7 @@ def update_digest_and_tag(previous_content, old_source, new_source)
           end
         old_declaration +=
           if specified_with_digest?(old_source)
-            "@sha256:#{old_digest}"
+            "@#{old_digest}"
           else
             ""
           end
@@ -103,7 +103,7 @@ def update_digest_and_tag(previous_content, old_source, new_source)
 
         previous_content.gsub(old_declaration_regex) do |old_dec|
           old_dec
-            .gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
+            .gsub("@#{old_digest}", "@#{new_digest}")
             .gsub(":#{old_tag}", ":#{new_tag}")
         end
       end
@@ -160,7 +160,7 @@ def update_image(file, content)
       def new_yaml_image(file)
         element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
         prefix = element&.dig(:source, :registry) ? "#{element.fetch(:source)[:registry]}/" : ""
-        digest = element&.dig(:source, :digest) ? "@sha256:#{element.fetch(:source)[:digest]}" : ""
+        digest = element&.dig(:source, :digest) ? "@#{element.fetch(:source)[:digest]}" : ""
         tag = element&.dig(:source, :tag) ? ":#{element.fetch(:source)[:tag]}" : ""
         "#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
       end
@@ -169,7 +169,7 @@ def new_yaml_image(file)
       def old_yaml_images(file)
         T.must(previous_requirements(file)).map do |r|
           prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
-          digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
+          digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : ""
           tag = r.fetch(:source)[:tag] ? ":#{r.fetch(:source)[:tag]}" : ""
           "#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
         end
@@ -179,7 +179,7 @@ def old_yaml_images(file)
       def old_helm_tags(file)
         T.must(previous_requirements(file)).map do |r|
           tag = r.fetch(:source)[:tag] || ""
-          digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
+          digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : ""
           "#{tag}#{digest}"
         end
       end
@@ -188,7 +188,7 @@ def old_helm_tags(file)
       def new_helm_tag(file)
         element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
         tag = T.must(element).dig(:source, :tag) || ""
-        digest = T.must(element).dig(:source, :digest) ? "@sha256:#{T.must(element).dig(:source, :digest)}" : ""
+        digest = T.must(element).dig(:source, :digest) ? "@#{T.must(element).dig(:source, :digest)}" : ""
         "#{tag}#{digest}"
       end
 
diff --git a/docker/spec/dependabot/docker/common/shared_examples_for_docker_update_checkers.rb b/docker/spec/dependabot/docker/common/shared_examples_for_docker_update_checkers.rb
@@ -112,7 +112,7 @@
         context "when digest is up-to-date" do
           let(:source) do
             {
-              digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86ca97" \
+              digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86ca97" \
                       "eba880ebf600d68608"
             }
           end
@@ -610,7 +610,7 @@
               groups: [],
               file: file_name,
               source: {
-                digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \
+                digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \
                         "ca97eba880ebf600d68608"
               }
             }]
@@ -636,7 +636,7 @@
               groups: [],
               file: file_name,
               source: {
-                digest: "3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \
+                digest: "sha256:3ea1ca1aa8483a38081750953ad75046e6cc9f6b86" \
                         "ca97eba880ebf600d68608",
                 tag: "17.10"
               }
diff --git a/docker/spec/dependabot/docker/file_parser_spec.rb b/docker/spec/dependabot/docker/file_parser_spec.rb
@@ -158,14 +158,14 @@
             requirement: nil,
             groups: [],
             file: "Dockerfile",
-            source: { digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" }
+            source: { digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005" }
           }]
         end
 
         it "has the right details" do
           expect(dependency).to be_a(Dependabot::Dependency)
           expect(dependency.name).to eq("my-fork/ubuntu")
-          expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005")
+          expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005")
           expect(dependency.requirements).to eq(expected_requirements)
         end
       end
@@ -275,7 +275,7 @@
               groups: [],
               file: "Dockerfile",
               source: {
-                digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \
+                digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \
                         "fc38288cf73aa07485005"
               }
             }]
@@ -284,7 +284,7 @@
           it "has the right details" do
             expect(dependency).to be_a(Dependabot::Dependency)
             expect(dependency.name).to eq("ubuntu")
-            expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005")
+            expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005")
             expect(dependency.requirements).to eq(expected_requirements)
           end
         end
@@ -335,7 +335,7 @@
                   groups: [],
                   file: "Dockerfile",
                   source: {
-                    digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \
+                    digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \
                             "fc38288cf73aa07485005"
                   }
                 }]
@@ -344,7 +344,7 @@
               it "has the right details" do
                 expect(dependency).to be_a(Dependabot::Dependency)
                 expect(dependency.name).to eq("ubuntu")
-                expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8d" \
+                expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \
                                                  "fc38288cf73aa07485005")
                 expect(dependency.requirements).to eq(expected_requirements)
               end
@@ -380,14 +380,15 @@
       it "determines the correct version" do
         expect(dependency).to be_a(Dependabot::Dependency)
         expect(dependency.name).to eq("ubuntu")
-        expect(dependency.version).to eq("12.04.5")
+        expect(dependency.version).to eq("12.04.5@sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \
+                                         "fc38288cf73aa07485005")
         expect(dependency.requirements).to eq([{
           requirement: nil,
           groups: [],
           file: "Dockerfile",
           source: {
             tag: "12.04.5",
-            digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005"
+            digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005"
           }
         }])
       end
@@ -831,7 +832,7 @@
               groups: [],
               file: "digest.yaml",
               source: {
-                digest: "18305429afa14ea462f810146ba44d4363ae76e4c8d" \
+                digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \
                         "fc38288cf73aa07485005"
               }
             }]
@@ -840,7 +841,7 @@
           it "has the right details" do
             expect(dependency).to be_a(Dependabot::Dependency)
             expect(dependency.name).to eq("ubuntu")
-            expect(dependency.version).to eq("18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005")
+            expect(dependency.version).to eq("sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005")
             expect(dependency.requirements).to eq(expected_requirements)
           end
         end
@@ -873,14 +874,15 @@
       it "determines the correct version" do
         expect(dependency).to be_a(Dependabot::Dependency)
         expect(dependency.name).to eq("ubuntu")
-        expect(dependency.version).to eq("12.04.5")
+        expect(dependency.version).to eq("12.04.5@sha256:18305429afa14ea462f810146ba44d4363ae76e4c8d" \
+                                         "fc38288cf73aa07485005")
         expect(dependency.requirements).to eq([{
           requirement: nil,
           groups: [],
           file: "digest_and_tag.yaml",
           source: {
             tag: "12.04.5",
-            digest: "18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005"
+            digest: "sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005"
           }
         }])
       end
diff --git a/docker/spec/dependabot/docker/file_updater_spec.rb b/docker/spec/dependabot/docker/file_updater_spec.rb
diff --git a/docker/spec/dependabot/docker/update_checker_spec.rb b/docker/spec/dependabot/docker/update_checker_spec.rb
