diff --git a/carton/buildpack_dependency.go b/carton/buildpack_dependency.go index b2ef05b..428a6b8 100644 --- a/carton/buildpack_dependency.go +++ b/carton/buildpack_dependency.go @@ -35,6 +35,7 @@ const ( type BuildpackDependency struct { BuildpackPath string ID string + Arch string SHA256 string URI string Version string @@ -58,6 +59,7 @@ func (b BuildpackDependency) Update(options ...Option) { logger := bard.NewLogger(os.Stdout) _, _ = fmt.Fprintf(logger.TitleWriter(), "\n%s\n", bard.FormatIdentity(b.ID, b.VersionPattern)) + logger.Headerf("Arch: %s", b.Arch) logger.Headerf("Version: %s", b.Version) logger.Headerf("PURL: %s", b.PURL) logger.Headerf("CPEs: %s", b.CPE) @@ -141,7 +143,28 @@ func (b BuildpackDependency) Update(options ...Option) { continue } - if depId == b.ID { + // extract the arch from the PURL, it's the only place it lives consistently at the moment + var depArch string + purlUnwrapped, found := dep["purl"] + if found { + purl, ok := purlUnwrapped.(string) + if ok { + purlArchExp := regexp.MustCompile(`arch=(.*)`) + purlArchMatches := purlArchExp.FindStringSubmatch(purl) + if len(purlArchMatches) == 2 { + depArch = purlArchMatches[1] + } + } + } + + // if not set, we presently need to default to amd64 because a lot of deps do not specify arch + // in the future when we add the arch field to our deps, then we can remove this because empty should then mean noarch + if depArch == "" { + depArch = "amd64" + } + + if depId == b.ID && depArch == b.Arch { + depVersionUnwrapped, found := dep["version"] if !found { continue @@ -151,6 +174,7 @@ func (b BuildpackDependency) Update(options ...Option) { if !ok { continue } + if versionExp.MatchString(depVersion) { dep["version"] = b.Version dep["uri"] = b.URI diff --git a/carton/buildpack_dependency_test.go b/carton/buildpack_dependency_test.go index 48f0842..a1e1a03 100644 --- a/carton/buildpack_dependency_test.go +++ b/carton/buildpack_dependency_test.go @@ -74,6 +74,7 @@ source-sha256 = "test-source-sha256-1" d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -123,6 +124,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -174,6 +176,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -182,8 +185,8 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* PURLPattern: `different-version-[\d]`, CPE: "test-version-2:patch2", CPEPattern: `test-version-[\d]:patch[\d]`, - Source: "test-new-source", - SourceSHA256: "test-new-source-sha", + Source: "test-new-source", + SourceSHA256: "test-new-source-sha", } d.Update(carton.WithExitHandler(exitHandler)) @@ -243,6 +246,7 @@ source-sha256 = "test-source-sha256-2" d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-3", URI: "test-uri-3", Version: "test-version-3", @@ -309,6 +313,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -359,6 +364,7 @@ cpes = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:* d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -410,6 +416,7 @@ cpes = 1234 d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", @@ -463,6 +470,7 @@ version = "1.2.3" d := carton.BuildpackDependency{ BuildpackPath: path, ID: "test-id", + Arch: "amd64", SHA256: "test-sha256-2", URI: "test-uri-2", Version: "test-version-2", diff --git a/cmd/update-buildpack-dependency/main.go b/cmd/update-buildpack-dependency/main.go index 4fcabe5..4645c5b 100644 --- a/cmd/update-buildpack-dependency/main.go +++ b/cmd/update-buildpack-dependency/main.go @@ -32,6 +32,7 @@ func main() { flagSet := pflag.NewFlagSet("Update Buildpack Dependency", pflag.ExitOnError) flagSet.StringVar(&b.BuildpackPath, "buildpack-toml", "", "path to buildpack.toml") flagSet.StringVar(&b.ID, "id", "", "the id of the dependency") + flagSet.StringVar(&b.Arch, "arch", "", "the arch of the dependency") flagSet.StringVar(&b.SHA256, "sha256", "", "the new sha256 of the dependency") flagSet.StringVar(&b.URI, "uri", "", "the new uri of the dependency") flagSet.StringVar(&b.Version, "version", "", "the new version of the dependency") @@ -55,6 +56,10 @@ func main() { log.Fatal("id must be set") } + if b.Arch == "" { + b.Arch = "amd64" + } + if b.SHA256 == "" { log.Fatal("sha256 must be set") }