search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.62k stars 989 forks source link

Dependabot crashes on Terraform 1.8+ provider-defined functions #10315

Open mrcdb opened 1 month ago

mrcdb commented 1 month ago

Is there an existing issue for this?

Package ecosystem

Terraform

Package manager version

No response

Language version

1.9

Manifest location and content before the Dependabot update

Terraform versions.tf file:

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "5.60.0"
    }
  }
}

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "terraform"
    directories: 
      - "**" 
    schedule:
      interval: "weekly"
    registries: 
      - terraform-registry
    open-pull-requests-limit: 10
registries:
  terraform-registry:
    type: terraform-registry
    url: https://app.terraform.io
    token: ${{secrets.TERRAFORM_CLOUD_TOKEN}}

Updated dependency

No response

What you expected to see, versus what you actually saw

I would expect dependabot to provide me with information about any out to date versions of provider/module configuration in my Terraform code in automated PRs. Nevertheless, dependabot fails to show any information and it prints out the following error:

Dependabot can't parse your main.tf Dependabot failed to update your dependencies because there was an error parsing the main.tf found at /main.tf.

Dependabot encountered the following error:

Failed to convert file: parse config: [:65,15-16: Missing item separator; Expected a comma to mark the beginning of the next item.]

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

Any provider-defined function (such as the AWS-specific arn_parse function below) defined in the Terraform codebase scanned by Dependabot should reproduce the issue:

resource "aws_ecr_repository" "hashicups" {
  name = "hashicups"

  image_scanning_configuration {
    scan_on_push = true
  }
}

output "hashicups_ecr_repository_account_id" {
  value = provider::aws::arn_parse(aws_ecr_repository.hashicups.arn).account_id
}
abelmatos commented 1 month ago

Same issue with provider::kubernetes::manifest_decode_multi