Merge pull request #3968 from dependabot/feelepxyz/run-terraform-init

Terraform: install modules when updating lockfile
dependabot · Jun 22, 2021 · 005039f · 005039f
2 parents 45ab2e5 + 9e48daf
commit 005039f
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 1 deletion.
diff --git a/terraform/lib/dependabot/terraform/file_updater.rb b/terraform/lib/dependabot/terraform/file_updater.rb
@@ -90,7 +90,7 @@ def update_registry_declaration(new_req, old_req, updated_content)
         end
       end
 
-      def update_lockfile_declaration
+      def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
         return if lock_file.nil?
 
         new_req = dependency.requirements.first
@@ -115,6 +115,14 @@ def update_lockfile_declaration
                  content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
             content.sub!(declaration_regex, updated_dependency)
           end
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          raise if @retrying_lock || !e.message.include?("terraform init")
+
+          # NOTE: Modules need to be installed before terraform can update the
+          # lockfile
+          @retrying_lock = true
+          SharedHelpers.run_shell_command("terraform init")
+          retry
         end
 
         content

diff --git a/terraform/spec/dependabot/terraform/file_updater_spec.rb b/terraform/spec/dependabot/terraform/file_updater_spec.rb
@@ -838,5 +838,51 @@ module "github_terraform" {
         )
       end
     end
+
+    describe "with a lockfile and modules that need to be installed" do
+      let(:files) { project_dependency_files("lockfile_with_modules") }
+      let(:dependencies) do
+        [
+          Dependabot::Dependency.new(
+            name: "integrations/github",
+            version: "4.12.0",
+            previous_version: "4.4.0",
+            requirements: [{
+              requirement: "4.12.0",
+              groups: [],
+              file: "main.tf",
+              source: {
+                type: "registry",
+                registry_hostname: "registry.terraform.io",
+                module_identifier: "integrations/github"
+              }
+            }],
+            previous_requirements: [{
+              requirement: "4.4.0",
+              groups: [],
+              file: "main.tf",
+              source: {
+                type: "registry",
+                registry_hostname: "registry.terraform.io",
+                module_identifier: "integrations/github"
+              }
+            }],
+            package_manager: "terraform"
+          )
+        ]
+      end
+
+      it "updates the version in the lockfile" do
+        lockfile = subject.find { |file| file.name == ".terraform.lock.hcl" }
+
+        expect(lockfile.content).to include(
+          <<~DEP
+            provider "registry.terraform.io/integrations/github" {
+              version     = "4.12.0"
+              constraints = "~> 4.4"
+          DEP
+        )
+      end
+    end
   end
 end
diff --git a/terraform/spec/fixtures/projects/lockfile_with_modules/.terraform.lock.hcl b/terraform/spec/fixtures/projects/lockfile_with_modules/.terraform.lock.hcl
diff --git a/terraform/spec/fixtures/projects/lockfile_with_modules/caf_module.tf b/terraform/spec/fixtures/projects/lockfile_with_modules/caf_module.tf
@@ -0,0 +1,4 @@
+module "caf" {
+  source  = "aztfmod/caf/azurerm"
+  version = "5.1.0"
+}
diff --git a/terraform/spec/fixtures/projects/lockfile_with_modules/versions.tf b/terraform/spec/fixtures/projects/lockfile_with_modules/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 4.4"
+    }
+  }
+  required_version = ">= 0.14"
+}