Closed secustor closed 3 months ago
https://github.com/secustor/renovate-test/pull/2 and issue identified:
The problem is that the Oktas release artifact not only contains files but also a folder with the name readme-assets, tough not sure how Terraforms h1 algorithm handles the hash generation in that cases. This needs some investigation.
Renovates relevant code: https://github.com/renovatebot/renovate/blob/main/lib/modules/manager/terraform/lockfile/hash.ts#L34
I fully support the author. I faced a similar problem updating the lock file for the okta provider. For comparison, I put the ''aws" and "okta" providers in a reproduction repo https://github.com/CamaroKyiv/okta_min_reproduction to investigate the behavior. The versions in the provider.tf file have been updated by Renovate, and the .terraform.lock.hcl has been updated only for the "aws" provider but not for 'okta' provider: https://github.com/CamaroKyiv/okta_min_reproduction/pull/2
same issue on ovh provider
Discussed in https://github.com/renovatebot/renovate/discussions/25973
Logs
``` DEBUG: File config { "config": {} } DEBUG: CLI config { "config": {} } DEBUG: Env config { "config": { "allowPostUpgradeCommandTemplating": true, "allowedPostUpgradeCommands": [ "^git add --all$", "^git reset$", "^npx beachball change( --no-fetch)? --no-commit --type (patch|none) --message '{{{commitMessage}}}'$", "^pwd$" ], "baseDir": "/tmp/worker/615dc2/44ec84", "binarySource": "docker", "cacheTtlOverride": { "datasource-docker-digest": 180, "datasource-docker-labels": 180, "datasource-docker-releases": 180, "datasource-docker-tags": 180 }, "customizeDashboard": { "repoProblemsHeader": "These problems occurred while renovating this repository. [View logs](https://developer.mend.io/{{platform}}/{{repository}})." }, "dependencyDashboardFooter": "\n- [ ] Check this box to trigger a request for Renovate to run again on this repository\n", "dockerImagePrefix": "ghcr.io/containerbase", "enabled": true, "extends": [ "mergeConfidence:all-badges" ], "forkProcessing": "enabled", "gitAuthor": "renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>", "gitIgnoredAuthors": [ "29139614+renovate[bot]@users.noreply.github.com" ], "hostRules": [ { "hostType": "docker", "matchHost": "docker.io", "password": "***********", "username": "mdpprodrenovate" } ], "logContext": "1eb0fe62721c4063904146e36d5a3520", "logFile": "/tmp/worker/615dc2/44ec84/github/mrtc0-sandbox/renovate-test/1eb0fe62721c4063904146e36d5a3520.log", "logFileLevel": "debug", "onboarding": true, "onboardingConfig": { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended" ] }, "onboardingNoDeps": true, "platform": "github", "platformCommit": true, "prFooter": "This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/{{platform}}/{{repository}}).", "prHeader": "[![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)", "redisUrl": "redis://mend-developer-platform-renovate-prod.aqffol.ng.0001.use1.cache.amazonaws.com:6379", "repositories": [ "mrtc0-sandbox/renovate-test" ], "repositoryCache": "enabled", "repositoryCacheType": "s3://mend-developer-platform-prod/renovate/", "requireConfig": "required", "token": "***********", "username": "renovate[bot]", "dockerChildPrefix": "renovate_a_", "dockerCliOptions": "--memory=3584m", "privateKey": "***********", "privateKeyOld": "***********" } } DEBUG: Combined config { "config": { "allowPostUpgradeCommandTemplating": true, "allowedPostUpgradeCommands": [ "^git add --all$", "^git reset$", "^npx beachball change( --no-fetch)? --no-commit --type (patch|none) --message '{{{commitMessage}}}'$", "^pwd$" ], "baseDir": "/tmp/worker/615dc2/44ec84", "binarySource": "docker", "cacheTtlOverride": { "datasource-docker-digest": 180, "datasource-docker-labels": 180, "datasource-docker-releases": 180, "datasource-docker-tags": 180 }, "customizeDashboard": { "repoProblemsHeader": "These problems occurred while renovating this repository. [View logs](https://developer.mend.io/{{platform}}/{{repository}})." }, "dependencyDashboardFooter": "\n- [ ] Check this box to trigger a request for Renovate to run again on this repository\n", "dockerImagePrefix": "ghcr.io/containerbase", "enabled": true, "extends": [ "mergeConfidence:all-badges" ], "forkProcessing": "enabled", "gitAuthor": "renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>", "gitIgnoredAuthors": [ "29139614+renovate[bot]@users.noreply.github.com" ], "hostRules": [ { "hostType": "docker", "matchHost": "docker.io", "password": "***********", "username": "mdpprodrenovate" } ], "logContext": "1eb0fe62721c4063904146e36d5a3520", "logFile": "/tmp/worker/615dc2/44ec84/github/mrtc0-sandbox/renovate-test/1eb0fe62721c4063904146e36d5a3520.log", "logFileLevel": "debug", "onboarding": true, "onboardingConfig": { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended" ] }, "onboardingNoDeps": true, "platform": "github", "platformCommit": true, "prFooter": "This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/{{platform}}/{{repository}}).", "prHeader": "[![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)", "redisUrl": "redis://mend-developer-platform-renovate-prod.aqffol.ng.0001.use1.cache.amazonaws.com:6379", "repositories": [ "mrtc0-sandbox/renovate-test" ], "repositoryCache": "enabled", "repositoryCacheType": "s3://mend-developer-platform-prod/renovate/", "requireConfig": "required", "token": "***********", "username": "renovate[bot]", "dockerChildPrefix": "renovate_a_", "dockerCliOptions": "--memory=3584m", "privateKey": "***********", "privateKeyOld": "***********" } } DEBUG: Enabling forkProcessing while in non-autodiscover mode DEBUG: Found valid git version: 2.42.0 DEBUG: Setting global hostRules DEBUG: Adding password authentication for docker.io (hostType=docker) to hostRules DEBUG: Using default github endpoint: https://api.github.com/ DEBUG: Platform config { "platformConfig": { "hostType": "github", "endpoint": "https://api.github.com/", "isGHApp": true, "isGhe": false } "renovateUsername": "renovate[bot]" } DEBUG: Using configured gitAuthor (renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>) DEBUG: Adding token authentication for api.github.com (hostType=github) to hostRules DEBUG: Using configured baseDir: /tmp/worker/615dc2/44ec84 DEBUG: Using cacheDir: /tmp/worker/615dc2/44ec84/cache DEBUG: Using containerbaseDir: /tmp/worker/615dc2/44ec84/cache/containerbase DEBUG: Redis cache init DEBUG: Commits limit = null DEBUG: Setting global hostRules DEBUG: Adding password authentication for docker.io (hostType=docker) to hostRules DEBUG: Adding token authentication for api.github.com (hostType=github) to hostRules DEBUG: validatePresets() DEBUG: Reinitializing hostRules for repo DEBUG: Clearing hostRules DEBUG: Adding password authentication for docker.io (hostType=docker) to hostRules DEBUG: Adding token authentication for api.github.com (hostType=github) to hostRules DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "37.59.8" } DEBUG: Using localDir: /tmp/worker/615dc2/44ec84/repos/github/mrtc0-sandbox/renovate-test DEBUG: PackageFiles.clear() - Package files deleted DEBUG: initRepo("mrtc0-sandbox/renovate-test") DEBUG: mrtc0-sandbox/renovate-test default branch = master DEBUG: Using app token for git init DEBUG: RepoCacheS3.read() - success DEBUG: Repository cache is restored from revision 13 DEBUG: Resetting npmrc DEBUG: Resetting npmrc DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: findPr(renovate/configure, Configure Renovate, !open) DEBUG: getPrList success { "pullsTotal": 2 "requestsTotal": 1 "apiQuotaAffected": true } DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repository config { "fileName": "renovate.json" "config": { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended" ] } } DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: Setting hostRules from config DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: No vulnerability alerts found DEBUG: No vulnerability alerts found DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 1 issues DEBUG: Found issue 3 DEBUG: No baseBranches DEBUG: extract() DEBUG: Cached extract result cannot be used due to base branch SHA change (old=aa824c44feeb8113314ed4ea6b1e4ee0bf8b43a0, new=fae6eef857ff96ddb0e36bc6a324d7b9bf7e1cbb) DEBUG: Setting current branch to master DEBUG: Initializing git repository into /tmp/worker/615dc2/44ec84/repos/github/mrtc0-sandbox/renovate-test DEBUG: Performing blobless clone DEBUG: git clone completed { "durationMs": 321 } DEBUG: latest repository commit { "latestCommit": { "hash": "fae6eef857ff96ddb0e36bc6a324d7b9bf7e1cbb", "date": "2023-11-27T11:48:34+09:00", "message": "chore: remove", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "Kohei Morita", "author_email": "moritakouhei@graffer.jp" } } DEBUG: latest commit { "branchName": "master" "latestCommitDate": "2023-11-27T11:48:34+09:00" } DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)galaxy\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)\.tool-versions$ for manager asdf DEBUG: Using file match: azure.*pipelines?.*\.ya?ml$ for manager azure-pipelines DEBUG: Using file match: (^|/)batect(-bundle)?\.ya?ml$ for manager batect DEBUG: Using file match: (^|/)batect$ for manager batect-wrapper DEBUG: Using file match: (^|/)WORKSPACE(|\.bazel)$ for manager bazel DEBUG: Using file match: \.bzl$ for manager bazel DEBUG: Using file match: (^|/)MODULE\.bazel$ for manager bazel-module DEBUG: Using file match: (^|/)\.bazelversion$ for manager bazelisk DEBUG: Using file match: \.bicep$ for manager bicep DEBUG: Using file match: (^|/)\.?bitbucket-pipelines\.ya?ml$ for manager bitbucket-pipelines DEBUG: Using file match: buildkite\.ya?ml for manager buildkite DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite DEBUG: Using file match: (^|/)bun\.lockb$ for manager bun DEBUG: Using file match: (^|/)Gemfile$ for manager bundler DEBUG: Using file match: \.cake$ for manager cake DEBUG: Using file match: (^|/)Cargo\.toml$ for manager cargo DEBUG: Using file match: (^|/)\.circleci/config\.ya?ml$ for manager circleci DEBUG: Using file match: (^|/)cloudbuild\.ya?ml for manager cloudbuild DEBUG: Using file match: (^|/)Podfile$ for manager cocoapods DEBUG: Using file match: (^|/)([\w-]*)composer\.json$ for manager composer DEBUG: Using file match: (^|/)conanfile\.(txt|py)$ for manager conan DEBUG: Using file match: (^|/)cpanfile$ for manager cpanfile DEBUG: Using file match: (^|/)(?:deps|bb)\.edn$ for manager deps-edn DEBUG: Using file match: (^|/)(?:docker-)?compose[^/]*\.ya?ml$ for manager docker-compose DEBUG: Using file match: (^|/|\.)([Dd]ocker|[Cc]ontainer)file$ for manager dockerfile DEBUG: Using file match: (^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$ for manager dockerfile DEBUG: Using file match: (^|/)\.drone\.yml$ for manager droneci DEBUG: Using file match: (^|/)fleet\.ya?ml for manager fleet DEBUG: Using file match: (?:^|/)gotk-components\.ya?ml$ for manager flux DEBUG: Using file match: (^|/)\.fvm/fvm_config\.json$ for manager fvm DEBUG: Using file match: (^|/)\.gitmodules$ for manager git-submodules DEBUG: Using file match: (^|/)(workflow-templates|\.(?:github|gitea|forgejo)/workflows)/[^/]+\.ya?ml$ for manager github-actions DEBUG: Using file match: (^|/)action\.ya?ml$ for manager github-actions DEBUG: Using file match: \.gitlab-ci\.ya?ml$ for manager gitlabci DEBUG: Using file match: \.gitlab-ci\.ya?ml$ for manager gitlabci-include DEBUG: Using file match: (^|/)go\.mod$ for manager gomod DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle DEBUG: Using file match: (^|/)gradle\.properties$ for manager gradle DEBUG: Using file match: (^|/)gradle/.+\.toml$ for manager gradle DEBUG: Using file match: (^|/)buildSrc/.+\.kt$ for manager gradle DEBUG: Using file match: \.versions\.toml$ for manager gradle DEBUG: Using file match: (^|/)versions.props$ for manager gradle DEBUG: Using file match: (^|/)versions.lock$ for manager gradle DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper\.properties$ for manager gradle-wrapper DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager helm-requirements DEBUG: Using file match: (^|/)values\.ya?ml$ for manager helm-values DEBUG: Using file match: (^|/)helmfile\.ya?ml$ for manager helmfile DEBUG: Using file match: (^|/)Chart\.ya?ml$ for manager helmv3 DEBUG: Using file match: (^|/)bin/hermit$ for manager hermit DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew DEBUG: Using file match: \.html?$ for manager html DEBUG: Using file match: (^|/)plugins\.(txt|ya?ml)$ for manager jenkins DEBUG: Using file match: (^|/)jsonnetfile\.json$ for manager jsonnet-bundler DEBUG: Using file match: ^.+\.main\.kts$ for manager kotlin-script DEBUG: Using file match: (^|/)kustomization\.ya?ml$ for manager kustomize DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen DEBUG: Using file match: (^|/|\.)pom\.xml$ for manager maven DEBUG: Using file match: ^(((\.mvn)|(\.m2))/)?settings\.xml$ for manager maven DEBUG: Using file match: (^|\/).mvn/wrapper/maven-wrapper.properties$ for manager maven-wrapper DEBUG: Using file match: (^|/)package\.js$ for manager meteor DEBUG: Using file match: (^|/)Mintfile$ for manager mint DEBUG: Using file match: (^|/)mix\.exs$ for manager mix DEBUG: Using file match: (^|/)flake\.nix$ for manager nix DEBUG: Using file match: (^|/)\.node-version$ for manager nodenv DEBUG: Using file match: (^|/)package\.json$ for manager npm DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget DEBUG: Using file match: \.(?:props|targets)$ for manager nuget DEBUG: Using file match: (^|/)dotnet-tools\.json$ for manager nuget DEBUG: Using file match: (^|/)global\.json$ for manager nuget DEBUG: Using file match: (^|/)\.nvmrc$ for manager nvm DEBUG: Using file match: (^|/)src/main/features/.+\.json$ for manager osgi DEBUG: Using file match: (^|/)pyproject\.toml$ for manager pep621 DEBUG: Using file match: (^|/)[\w-]*requirements(-\w+)?\.(txt|pip)$ for manager pip_requirements DEBUG: Using file match: (^|/)setup\.py$ for manager pip_setup DEBUG: Using file match: (^|/)Pipfile$ for manager pipenv DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry DEBUG: Using file match: (^|/)\.pre-commit-config\.ya?ml$ for manager pre-commit DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub DEBUG: Using file match: (^|/)Puppetfile$ for manager puppet DEBUG: Using file match: (^|/)\.python-version$ for manager pyenv DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version DEBUG: Using file match: \.sbt$ for manager sbt DEBUG: Using file match: project/[^/]*\.scala$ for manager sbt DEBUG: Using file match: project/build\.properties$ for manager sbt DEBUG: Using file match: (^|/)setup\.cfg$ for manager setup-cfg DEBUG: Using file match: (^|/)Package\.swift for manager swift DEBUG: Using file match: \.tf$ for manager terraform DEBUG: Using file match: (^|/)\.terraform-version$ for manager terraform-version DEBUG: Using file match: (^|/)terragrunt\.hcl$ for manager terragrunt DEBUG: Using file match: (^|/)\.terragrunt-version$ for manager terragrunt-version DEBUG: Using file match: \.tflint\.hcl$ for manager tflint-plugin DEBUG: Using file match: ^\.travis\.ya?ml$ for manager travis DEBUG: Using file match: (^|/)\.vela\.ya?ml$ for manager velaci DEBUG: Using file match: ^\.woodpecker(?:/[^/]+)?\.ya?ml$ for manager woodpecker DEBUG: Matched 1 file(s) for manager terraform: terraform/versions.tf DEBUG: manager extract durations (ms) { "managers": { "terraform": 30 } } DEBUG: Found terraform package files DEBUG: Found 1 package file(s) INFO: Dependency extraction complete { "baseBranch": "master" "stats": { "managers": { "terraform": { "fileCount": 1, "depCount": 2 } }, "total": { "fileCount": 1, "depCount": 2 } } } DEBUG: PackageFiles.add() - Package file saved for base branch { "baseBranch": "master" } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: detectSemanticCommits() DEBUG: getCommitMessages DEBUG: semanticCommits: detected "angular" DEBUG: semanticCommits: enabled DEBUG: 1 flattened updates found: okta DEBUG: Returning 1 branch(es) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "baseBranch": "master" "config": { "terraform": [ { "deps": [ { "currentValue": "~> 4.4.2", "depType": "required_provider", "depName": "okta", "datasource": "terraform-provider", "packageName": "okta/okta", "lockedVersion": "4.4.3", "updates": [ { "bucket": "non-major", "newVersion": "4.6.1", "newValue": "~> 4.6.0", "releaseTimestamp": "2023-11-02T21:34:20.000Z", "newMajor": 4, "newMinor": 6, "updateType": "minor", "isRange": true, "branchName": "renovate/okta-4.x" } ], "versioning": "hashicorp", "warnings": [], "sourceUrl": "https://github.com/okta/terraform-provider-okta", "registryUrl": "https://registry.terraform.io", "homepage": "https://registry.terraform.io/providers/okta/okta", "currentVersion": "4.4.3", "isSingleVersion": false, "fixedVersion": "4.4.3" }, { "currentValue": "1.6.4", "depType": "required_version", "datasource": "github-releases", "depName": "hashicorp/terraform", "extractVersion": "v(?