Backport paketo-buildpacks/libpak#196

Signed-off-by: Daniel Mikusa <dan@mikusa.com>
paketo-buildpacks · Nov 9, 2024 · f6f1485 · f6f1485
1 parent d765d63
commit f6f1485
Show file tree

Hide file tree

Showing 3 changed files with 114 additions and 32 deletions.
diff --git a/carton/buildmodule_dependency.go b/carton/buildmodule_dependency.go
@@ -44,6 +44,8 @@ type BuildModuleDependency struct {
 	CPEPattern      string
 	PURL            string
 	PURLPattern     string
+	Source          string
+	SourceSHA256    string
 }
 
 func (b BuildModuleDependency) Update(options ...Option) {
@@ -62,6 +64,8 @@ func (b BuildModuleDependency) Update(options ...Option) {
 	logger.Headerf("CPEs:    %s", b.CPE)
 	logger.Headerf("URI:     %s", b.URI)
 	logger.Headerf("SHA256:  %s", b.SHA256)
+	logger.Headerf("Source:       %s", b.Source)
+	logger.Headerf("SourceSHA256: %s", b.SourceSHA256)
 
 	versionExp, err := regexp.Compile(b.VersionPattern)
 	if err != nil {
@@ -152,6 +156,12 @@ func (b BuildModuleDependency) Update(options ...Option) {
 				dep["version"] = b.Version
 				dep["uri"] = b.URI
 				dep["sha256"] = b.SHA256
+				if b.SourceSHA256 != "" {
+					dep["source-sha256"] = b.SourceSHA256
+				}
+				if b.Source != "" {
+					dep["source"] = b.Source
+				}
 
 				purlUnwrapped, found := dep["purl"]
 				if found {

diff --git a/carton/buildmodule_dependency_test.go b/carton/buildmodule_dependency_test.go
@@ -62,12 +62,14 @@ name = "Some Buildpack"
 version = "1.2.3"
 
 [[metadata.dependencies]]
-id      = "test-id"
-name    = "Test Name"
-version = "test-version-1"
-uri     = "test-uri-1"
-sha256  = "test-sha256-1"
-stacks  = [ "test-stack" ]
+id            = "test-id"
+name          = "Test Name"
+version       = "test-version-1"
+uri           = "test-uri-1"
+sha256        = "test-sha256-1"
+stacks        = [ "test-stack" ]
+source        = "test-source-uri-1"
+source-sha256 = "test-source-sha256-1"
 `), 0600)).To(Succeed())
 
 		d := carton.BuildModuleDependency{
@@ -77,6 +79,8 @@ stacks  = [ "test-stack" ]
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
 			VersionPattern:  `test-version-[\d]`,
+			Source:          "test-source-uri-2",
+			SourceSHA256:    "test-source-sha256-2",
 		}
 
 		d.Update(carton.WithExitHandler(exitHandler))
@@ -94,6 +98,8 @@ version = "test-version-2"
 uri     = "test-uri-2"
 sha256  = "test-sha256-2"
 stacks  = [ "test-stack" ]
+source        = "test-source-uri-2"
+source-sha256 = "test-source-sha256-2"
 `))
 	})
 
@@ -148,13 +154,12 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*
 `))
 	})
 
-	it("updates multiple dependencies with different versions", func() {
+	it("updates dependency with source & sourceSha", func() {
 		Expect(os.WriteFile(path, []byte(`api = "0.7"
 [buildpack]
 id = "some-buildpack"
 name = "Some Buildpack"
 version = "1.2.3"
-
 [[metadata.dependencies]]
 id      = "test-id"
 name    = "Test Name"
@@ -164,16 +169,75 @@ sha256  = "test-sha256-1"
 stacks  = [ "test-stack" ]
 purl    = "pkg:generic/test-jre@different-version-1?arch=amd64"
 cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*:*"]
+`), 0600)).To(Succeed())
+
+		d := carton.BuildModuleDependency{
+			BuildModulePath: path,
+			ID:              "test-id",
+			SHA256:          "test-sha256-2",
+			URI:             "test-uri-2",
+			Version:         "test-version-2",
+			VersionPattern:  `test-version-[\d]`,
+			PURL:            "different-version-2",
+			PURLPattern:     `different-version-[\d]`,
+			CPE:             "test-version-2:patch2",
+			CPEPattern:      `test-version-[\d]:patch[\d]`,
+			Source:          "test-new-source",
+			SourceSHA256:    "test-new-source-sha",
+		}
+
+		d.Update(carton.WithExitHandler(exitHandler))
+
+		Expect(os.ReadFile(path)).To(libpakTesting.MatchTOML(`api = "0.7"
+[buildpack]
+id = "some-buildpack"
+name = "Some Buildpack"
+version = "1.2.3"
 
 [[metadata.dependencies]]
-id      = "test-id"
-name    = "Test Name"
-version = "test-version-2"
-uri     = "test-uri-2"
-sha256  = "test-sha256-2"
-stacks  = [ "test-stack" ]
-purl    = "pkg:generic/test-jre@different-version-2?arch=amd64"
-cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
+id            = "test-id"
+name          = "Test Name"
+version       = "test-version-2"
+uri           = "test-uri-2"
+sha256        = "test-sha256-2"
+stacks        = [ "test-stack" ]
+purl          = "pkg:generic/test-jre@different-version-2?arch=amd64"
+cpes          = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
+source        = "test-new-source"
+source-sha256 = "test-new-source-sha"
+`))
+	})
+
+	it("updates multiple dependencies with different versions", func() {
+		Expect(os.WriteFile(path, []byte(`api = "0.7"
+[buildpack]
+id = "some-buildpack"
+name = "Some Buildpack"
+version = "1.2.3"
+
+[[metadata.dependencies]]
+id            = "test-id"
+name          = "Test Name"
+version       = "test-version-1"
+uri           = "test-uri-1"
+sha256        = "test-sha256-1"
+stacks        = [ "test-stack" ]
+purl          = "pkg:generic/test-jre@different-version-1?arch=amd64"
+cpes          = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*:*"]
+source        = "test-source-uri-1"
+source-sha256 = "test-source-sha256-1"
+
+[[metadata.dependencies]]
+id            = "test-id"
+name          = "Test Name"
+version       = "test-version-2"
+uri           = "test-uri-2"
+sha256        = "test-sha256-2"
+stacks        = [ "test-stack" ]
+purl          = "pkg:generic/test-jre@different-version-2?arch=amd64"
+cpes          = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
+source        = "test-source-uri-2"
+source-sha256 = "test-source-sha256-2"
 `), 0600)).To(Succeed())
 
 		d := carton.BuildModuleDependency{
@@ -187,6 +251,8 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*
 			PURLPattern:     `different-version-[\d]`,
 			CPE:             "test-version-3:patch3",
 			CPEPattern:      `test-version-[\d]:patch[\d]`,
+			Source:          "test-source-uri-3",
+			SourceSHA256:    "test-source-sha256-3",
 		}
 
 		d.Update(carton.WithExitHandler(exitHandler))
@@ -198,24 +264,28 @@ name = "Some Buildpack"
 version = "1.2.3"
 
 [[metadata.dependencies]]
-id      = "test-id"
-name    = "Test Name"
-version = "test-version-3"
-uri     = "test-uri-3"
-sha256  = "test-sha256-3"
-stacks  = [ "test-stack" ]
-purl    = "pkg:generic/test-jre@different-version-3?arch=amd64"
-cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-3:patch3:*:*:*:*:*:*:*"]
+id            = "test-id"
+name          = "Test Name"
+version       = "test-version-3"
+uri           = "test-uri-3"
+sha256        = "test-sha256-3"
+stacks        = [ "test-stack" ]
+purl          = "pkg:generic/test-jre@different-version-3?arch=amd64"
+cpes          = ["cpe:2.3:a:test-vendor:test-product:test-version-3:patch3:*:*:*:*:*:*:*"]
+source        = "test-source-uri-3"
+source-sha256 = "test-source-sha256-3"
 
 [[metadata.dependencies]]
-id      = "test-id"
-name    = "Test Name"
-version = "test-version-2"
-uri     = "test-uri-2"
-sha256  = "test-sha256-2"
-stacks  = [ "test-stack" ]
-purl    = "pkg:generic/test-jre@different-version-2?arch=amd64"
-cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
+id            = "test-id"
+name          = "Test Name"
+version       = "test-version-2"
+uri           = "test-uri-2"
+sha256        = "test-sha256-2"
+stacks        = [ "test-stack" ]
+purl          = "pkg:generic/test-jre@different-version-2?arch=amd64"
+cpes          = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"]
+source        = "test-source-uri-2"
+source-sha256 = "test-source-sha256-2"
 `))
 	})
 

diff --git a/commands/dependency_update_build_module.go b/commands/dependency_update_build_module.go
@@ -85,6 +85,8 @@ func DependencyUpdateBuildModuleCommand() *cobra.Command {
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.PURLPattern, "purl-pattern", "", "the purl version pattern of the dependency, if not set defaults to version-pattern")
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.CPE, "cpe", "", "the new version use in all CPEs, if not set defaults to version")
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.CPEPattern, "cpe-pattern", "", "the cpe version pattern of the dependency, if not set defaults to version-pattern")
+	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.Source, "source", "", "the new uri of the dependency source")
+	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.SourceSHA256, "source-sha256", "", "the new sha256 of the dependency source")
 
 	return dependencyUpdateBuildModuleCmd
 }