diff --git a/carton/buildmodule_dependency.go b/carton/buildmodule_dependency.go index eb0072b..16321c0 100644 --- a/carton/buildmodule_dependency.go +++ b/carton/buildmodule_dependency.go @@ -44,6 +44,8 @@ type BuildModuleDependency struct { CPEPattern string PURL string PURLPattern string + Source string + SourceSHA256 string } func (b BuildModuleDependency) Update(options ...Option) { @@ -62,6 +64,8 @@ func (b BuildModuleDependency) Update(options ...Option) { logger.Headerf("CPEs: %s", b.CPE) logger.Headerf("URI: %s", b.URI) logger.Headerf("SHA256: %s", b.SHA256) + logger.Headerf("Source: %s", b.Source) + logger.Headerf("SourceSHA256: %s", b.SourceSHA256) versionExp, err := regexp.Compile(b.VersionPattern) if err != nil { @@ -152,6 +156,12 @@ func (b BuildModuleDependency) Update(options ...Option) { dep["version"] = b.Version dep["uri"] = b.URI dep["sha256"] = b.SHA256 + if b.SourceSHA256 != "" { + dep["source-sha256"] = b.SourceSHA256 + } + if b.Source != "" { + dep["source"] = b.Source + } purlUnwrapped, found := dep["purl"] if found { diff --git a/carton/buildmodule_dependency_test.go b/carton/buildmodule_dependency_test.go index 2da18ac..94ba12f 100644 --- a/carton/buildmodule_dependency_test.go +++ b/carton/buildmodule_dependency_test.go @@ -62,12 +62,14 @@ name = "Some Buildpack" version = "1.2.3" [[metadata.dependencies]] -id = "test-id" -name = "Test Name" -version = "test-version-1" -uri = "test-uri-1" -sha256 = "test-sha256-1" -stacks = [ "test-stack" ] +id = "test-id" +name = "Test Name" +version = "test-version-1" +uri = "test-uri-1" +sha256 = "test-sha256-1" +stacks = [ "test-stack" ] +source = "test-source-uri-1" +source-sha256 = "test-source-sha256-1" `), 0600)).To(Succeed()) d := carton.BuildModuleDependency{ @@ -77,6 +79,8 @@ stacks = [ "test-stack" ] URI: "test-uri-2", Version: "test-version-2", VersionPattern: `test-version-[\d]`, + Source: "test-source-uri-2", + SourceSHA256: "test-source-sha256-2", } d.Update(carton.WithExitHandler(exitHandler)) @@ -94,6 +98,8 @@ version = "test-version-2" uri = "test-uri-2" sha256 = "test-sha256-2" stacks = [ "test-stack" ] +source = "test-source-uri-2" +source-sha256 = "test-source-sha256-2" `)) }) @@ -148,13 +154,12 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:* `)) }) - it("updates multiple dependencies with different versions", func() { + it("updates dependency with source & sourceSha", func() { Expect(os.WriteFile(path, []byte(`api = "0.7" [buildpack] id = "some-buildpack" name = "Some Buildpack" version = "1.2.3" - [[metadata.dependencies]] id = "test-id" name = "Test Name" @@ -164,16 +169,75 @@ sha256 = "test-sha256-1" stacks = [ "test-stack" ] purl = "pkg:generic/test-jre@different-version-1?arch=amd64" cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*:*"] +`), 0600)).To(Succeed()) + + d := carton.BuildModuleDependency{ + BuildModulePath: path, + ID: "test-id", + SHA256: "test-sha256-2", + URI: "test-uri-2", + Version: "test-version-2", + VersionPattern: `test-version-[\d]`, + PURL: "different-version-2", + PURLPattern: `different-version-[\d]`, + CPE: "test-version-2:patch2", + CPEPattern: `test-version-[\d]:patch[\d]`, + Source: "test-new-source", + SourceSHA256: "test-new-source-sha", + } + + d.Update(carton.WithExitHandler(exitHandler)) + + Expect(os.ReadFile(path)).To(libpakTesting.MatchTOML(`api = "0.7" +[buildpack] +id = "some-buildpack" +name = "Some Buildpack" +version = "1.2.3" [[metadata.dependencies]] -id = "test-id" -name = "Test Name" -version = "test-version-2" -uri = "test-uri-2" -sha256 = "test-sha256-2" -stacks = [ "test-stack" ] -purl = "pkg:generic/test-jre@different-version-2?arch=amd64" -cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"] +id = "test-id" +name = "Test Name" +version = "test-version-2" +uri = "test-uri-2" +sha256 = "test-sha256-2" +stacks = [ "test-stack" ] +purl = "pkg:generic/test-jre@different-version-2?arch=amd64" +cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"] +source = "test-new-source" +source-sha256 = "test-new-source-sha" +`)) + }) + + it("updates multiple dependencies with different versions", func() { + Expect(os.WriteFile(path, []byte(`api = "0.7" +[buildpack] +id = "some-buildpack" +name = "Some Buildpack" +version = "1.2.3" + +[[metadata.dependencies]] +id = "test-id" +name = "Test Name" +version = "test-version-1" +uri = "test-uri-1" +sha256 = "test-sha256-1" +stacks = [ "test-stack" ] +purl = "pkg:generic/test-jre@different-version-1?arch=amd64" +cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*:*"] +source = "test-source-uri-1" +source-sha256 = "test-source-sha256-1" + +[[metadata.dependencies]] +id = "test-id" +name = "Test Name" +version = "test-version-2" +uri = "test-uri-2" +sha256 = "test-sha256-2" +stacks = [ "test-stack" ] +purl = "pkg:generic/test-jre@different-version-2?arch=amd64" +cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"] +source = "test-source-uri-2" +source-sha256 = "test-source-sha256-2" `), 0600)).To(Succeed()) d := carton.BuildModuleDependency{ @@ -187,6 +251,8 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:* PURLPattern: `different-version-[\d]`, CPE: "test-version-3:patch3", CPEPattern: `test-version-[\d]:patch[\d]`, + Source: "test-source-uri-3", + SourceSHA256: "test-source-sha256-3", } d.Update(carton.WithExitHandler(exitHandler)) @@ -198,24 +264,28 @@ name = "Some Buildpack" version = "1.2.3" [[metadata.dependencies]] -id = "test-id" -name = "Test Name" -version = "test-version-3" -uri = "test-uri-3" -sha256 = "test-sha256-3" -stacks = [ "test-stack" ] -purl = "pkg:generic/test-jre@different-version-3?arch=amd64" -cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-3:patch3:*:*:*:*:*:*:*"] +id = "test-id" +name = "Test Name" +version = "test-version-3" +uri = "test-uri-3" +sha256 = "test-sha256-3" +stacks = [ "test-stack" ] +purl = "pkg:generic/test-jre@different-version-3?arch=amd64" +cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-3:patch3:*:*:*:*:*:*:*"] +source = "test-source-uri-3" +source-sha256 = "test-source-sha256-3" [[metadata.dependencies]] -id = "test-id" -name = "Test Name" -version = "test-version-2" -uri = "test-uri-2" -sha256 = "test-sha256-2" -stacks = [ "test-stack" ] -purl = "pkg:generic/test-jre@different-version-2?arch=amd64" -cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"] +id = "test-id" +name = "Test Name" +version = "test-version-2" +uri = "test-uri-2" +sha256 = "test-sha256-2" +stacks = [ "test-stack" ] +purl = "pkg:generic/test-jre@different-version-2?arch=amd64" +cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-2:patch2:*:*:*:*:*:*:*"] +source = "test-source-uri-2" +source-sha256 = "test-source-sha256-2" `)) }) diff --git a/commands/dependency_update_build_module.go b/commands/dependency_update_build_module.go index ab5e783..34c1551 100644 --- a/commands/dependency_update_build_module.go +++ b/commands/dependency_update_build_module.go @@ -85,6 +85,8 @@ func DependencyUpdateBuildModuleCommand() *cobra.Command { dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.PURLPattern, "purl-pattern", "", "the purl version pattern of the dependency, if not set defaults to version-pattern") dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.CPE, "cpe", "", "the new version use in all CPEs, if not set defaults to version") dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.CPEPattern, "cpe-pattern", "", "the cpe version pattern of the dependency, if not set defaults to version-pattern") + dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.Source, "source", "", "the new uri of the dependency source") + dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.SourceSHA256, "source-sha256", "", "the new sha256 of the dependency source") return dependencyUpdateBuildModuleCmd }