[Feature request] CDKTF Manager

[secustor]

Discussed in https://github.com/renovatebot/renovate/discussions/27161

^{Originally posted by **froblesmartin** February 8, 2024} **New package manager questionnaire at the bottom in collapsible** Hi! I have just started using Renovate, and Dependabot is covering most of our cases, but this is one of those that does not cover. We have a couple of [CDKTF](https://developer.hashicorp.com/terraform/cdktf) projects, and there we have the Terraform providers and modules defined in the `cdktf.json` file. For now, I have managed to update them with a custom manager, but it is not nice. I have to keep the providers as a one-line definition, and the modules as a block, so that they are matched by different regular expressions. I am considering adding the new manager, but I would need to dive into the project's code. Actually, maybe this would not be a new manager, just an extension to the Terraform one to also support the `cdktf.json` file and format 🤔 . I am posting this also so that others can use the custom manager as well for now. 😄 Example `cdktf.json`: ```json { "terraformProviders": [ "hashicorp/google@~>5.14.0", "hashicorp/google-beta@~>5.14.0", "hashicorp/kubernetes@~>2.25.2", "hashicorp/helm@~>2.12.1" ], "terraformModules": [ { "name": "kubernetes-engine", "source": "terraform-google-modules/kubernetes-engine/google", "version": "~> 30.0" }, { "name": "network", "source": "terraform-google-modules/network/google", "version": "~> 9.0" } ] } ``` And the `customManagers`: ```json { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "enabledManagers": ["custom.regex"], "customManagers": [{ "customType": "regex", "fileMatch": ["(^|/)cdktf\\.json$"], "matchStrings": [ "\\s*\\\"(?.*?\\/(?.*?))@~>(?[=>\\s\\w+\\.\\-]*)\\\"?" ], "datasourceTemplate": "terraform-provider" },{ "customType": "regex", "fileMatch": ["(^|/)cdktf\\.json$"], "matchStrings": [ "[\\s\\S]*?\\\"name\\\": \\\"(?.*?)\\\",[\\s\\S]*?\\\"source\\\": \\\"(?.*?)\\\",[\\s\\S]*?\\\"version\\\": \\\"(?[=><~\\s\\w+\\.\\-]*)\\\"" ], "datasourceTemplate": "terraform-module" }] } ```

New package manager questionnaire

# New package manager questionnaire Did you read our documentation on adding a package manager? - [X] I've read the [adding a package manager](adding-a-package-manager.md) documentation. ## Basics ### What's the name of the package manager? CDKTF ### What language(s) does this package manager support? Terraform ### How popular is this package manager? Based on Terraform, becoming more and more popular. ### Does this language have other (competing?) package managers? - [ ] Yes (give names). - [X] No. ### What are the big selling points for this package manager? Supporting a Terraform official Hashicorp project. ## Detecting package files ### What kind of package files, and names, does this package manager use? `cdktf.json` ### Which [`fileMatch`](../usage/configuration-options.md#filematch) pattern(s) should Renovate use? "fileMatch": ["(^|/)cdktf\\.json$"] ### Do many users need to extend the [`fileMatch`](../usage/configuration-options.md#filematch) pattern for custom file names? - [ ] Yes, provide details. - [X] No. ### Is the [`fileMatch`](../usage/configuration-options.md#filematch) pattern going to get many "false hits" for files that have nothing to do with package management? No. ## Parsing and Extraction ### Can package files have "local" links to each other that need to be resolved? Yes, you can define local modules for example (https://developer.hashicorp.com/terraform/cdktf/create-and-deploy/configuration-file#module-source). ### Package file parsing method Parse the JSON file, and then it is the same as other Terraform files. The package files should be: - [X] Parsed together (in serial). - [ ] Parsed independently. ### Which format/syntax does the package file use? - [X] JSON - [ ] TOML - [ ] YAML - [ ] Custom (explain below) ### How should we parse the package files? - [ ] Off the shelf parser. - [ ] Using regex. - [X] Custom-parsed line by line. - [ ] Other. ### Does the package file have different "types" of dependencies? - [X] Yes, production and development dependencies. Providers and modules. - [ ] No, all dependencies are treated the same. ### List all the sources/syntaxes of dependencies that can be extracted Same as Terraform ### Describe which types of dependencies above are supported and which will be implemented in future Same as Terraform ## Versioning ### What versioning scheme does the package file(s) use? Same as Terraform ### Does this versioning scheme support range constraints, like `^1.0.0` or `1.x`? - [X] Supports range constraints (for example: `^1.0.0` or `1.x`), provide details. - [ ] No. ## Lookup ### Is a new datasource required? - [ ] Yes, provide details. - [X] No. ### Will users want (or need to) set a custom host or custom registry for Renovate's lookup? - [X] Yes, provide details. - [ ] No. Where can Renovate find the custom host/registry? - [ ] No custom host or registry is needed. - [X] In the package file(s), provide details. - [ ] In some other file inside the repository, provide details. - [ ] User needs to configure Renovate where to find the information, provide details. ### Are there any constraints in the package files that Renovate should use in the lookup procedure? - [ ] Yes, there are constraints on the parent language (for example: supports only Python `v3.x`), provide details. - [ ] Yes, there are constraints on the parent platform (for example: only supports Linux, Windows, etc.), provide details. - [X] Yes, some other kind of constraint, provide details. - [ ] No constraints. ### Will users need the ability to configure language or other constraints using Renovate config? - [ ] Yes, provide details. - [X] No. ## Artifacts ### Does the package manager use a lock file or checksum file? - [ ] Yes, uses lock file. - [ ] Yes, uses checksum file. - [ ] Yes, uses lock file _and_ checksum file. - [X] No lock file or checksum. ### Is the locksum or checksum mandatory? - [ ] Yes, locksum is mandatory. - [ ] Yes, checksum is mandatory. - [ ] Yes, lock file _and_ checksum are mandatory. - [ ] No mandatory locksum or checksum. - [X] Package manager does not use locksums or checksums. ### If lockfiles or checksums are used: what tool and exact commands should Renovate use to update one (or more) package versions in a dependency file? ### Package manager cache #### Does the package manager use a cache? - [X] Yes, provide details. - [ ] No. #### If the package manager uses a cache, how can Renovate control the cache? - [ ] Package manager does not use a cache. - [X] Controlled via command line interface, provide details. - [ ] Controlled via environment variables, provide details. #### Should Renovate keep a cache? - [X] Yes, ignore/disable the cache. - [ ] No. ### Generating a lockfile from scratch Renovate can perform "lock file maintenance" by getting the package manager to generate a lockfile from scratch. Can the package manager generate a lockfile from scratch? - [ ] Yes, explain which command Renovate should use to generate the lockfile. - [ ] No, the package manager does _not_ generate a lockfile from scratch. - [X] No, the package manager does not use lockfiles. ## Other ### What else should we know about this package manager?

[secustor]

This is a simple and straight forward issue.

• Follow https://github.com/renovatebot/renovate/blob/main/docs/development/adding-a-package-manager.md
• Parse the JSON using ZOD via our utilities
• hashicorp versioning as well as terraform-modules and terraform-providers can be reused.