Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't rewrite constraints in terraform lock file #15580

Closed
z0rc opened this issue May 14, 2022 · 19 comments
Closed

Don't rewrite constraints in terraform lock file #15580

z0rc opened this issue May 14, 2022 · 19 comments
Labels
manager:terraform Terraform package manager priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others status:requirements Full requirements are not yet known, so implementation should not be started type:bug Bug fix of existing functionality

Comments

@z0rc
Copy link

z0rc commented May 14, 2022

How are you running Renovate?

Self-hosted

If you're self-hosting Renovate, tell us what version of Renovate you run.

Latest from https://gitlab.com/renovate-bot/renovate-runner

Please select which platform you are using if self-hosting.

GitLab self-hosted

If you're self-hosting Renovate, tell us what version of the platform you run.

GitLab 14.10

Was this something which used to work for you, and then stopped?

I never saw this working

Describe the bug

Split from https://github.com/renovatebot/renovate/issues/13692#issuecomment-1020502570

With "rangeStrategy": "update-lockfile" Renovate rewrites constraints field, and logic is different from what terraform does with this field. This causes problem when actually working with code, like running terraform init will rewrite this field. terraform init used really often, when changing modules, or running pre-commit hooks.

Relevant debug logs

Logs
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Setting current branch to master","time":"2022-05-14T10:39:41.052Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","branchName":"master","latestCommitDate":"2022-05-13T14:41:13+00:00","msg":"latest commit","time":"2022-05-14T10:39:41.106Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getBranchPr(feature/renovate-aws-4.x-lockfile)","time":"2022-05-14T10:39:41.123Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"findPr(feature/renovate-aws-4.x-lockfile, undefined, open)","time":"2022-05-14T10:39:41.124Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getPr(216)","time":"2022-05-14T10:39:41.124Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getMR(216)","time":"2022-05-14T10:39:41.124Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"branchExists=true","time":"2022-05-14T10:39:41.126Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"dependencyDashboardCheck=undefined","time":"2022-05-14T10:39:41.126Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"PR rebase requested=false","time":"2022-05-14T10:39:41.127Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Checking if PR has been edited","time":"2022-05-14T10:39:41.127Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","branchName":"feature/renovate-aws-4.x-lockfile","msg":"Branch has not been modified","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Found existing branch PR","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Checking schedule(at any time, null)","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"No schedule defined","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Branch already exists","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getBranchPr(feature/renovate-aws-4.x-lockfile)","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"findPr(feature/renovate-aws-4.x-lockfile, undefined, open)","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getPr(216)","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getMR(216)","time":"2022-05-14T10:39:41.142Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","isStale":false,"currentBranch":"master","currentBranchSha":"64451537984f0bb2aa3f27078c329de60e052351","msg":"isBranchStale=false","time":"2022-05-14T10:39:41.159Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Branch is up-to-date","time":"2022-05-14T10:39:41.159Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"isBranchConflicted(master, feature/renovate-aws-4.x-lockfile)","time":"2022-05-14T10:39:41.159Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Branch does not need rebasing","time":"2022-05-14T10:39:41.475Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Using reuseExistingBranch: true","time":"2022-05-14T10:39:41.475Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"manager.getUpdatedPackageFiles() reuseExistinbranch=true","time":"2022-05-14T10:39:41.475Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","manager":"terraform","msg":"isLockFileUpdate without updateLockedDependency","time":"2022-05-14T10:39:41.494Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"terraform.updateArtifacts(infra/terraform.tf)","time":"2022-05-14T10:39:41.494Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Updated 1 package files","time":"2022-05-14T10:39:41.500Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","updatedArtifacts":["infra/.terraform.lock.hcl"],"msg":"Updated 1 lock files","time":"2022-05-14T10:39:41.500Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Ensuring comment \"⚠ Artifact update problem\" in #216 is removed","time":"2022-05-14T10:39:41.501Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Getting comments for #216","time":"2022-05-14T10:39:41.501Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Found 35 comments","time":"2022-05-14T10:39:41.868Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"2 file(s) to commit","time":"2022-05-14T10:39:41.868Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Preparing files for committing to branch feature/renovate-aws-4.x-lockfile","time":"2022-05-14T10:39:41.868Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","deletedFiles":[],"ignoredFiles":[],"result":{"author":null,"branch":"feature/renovate-aws-4.x-lockfile","commit":"764f122b91817ac55001c302669cb8c9b85f65f5","root":false,"summary":{"changes":1,"insertions":13,"deletions":0}},"msg":"git commit","time":"2022-05-14T10:39:42.135Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Pushing branch feature/renovate-aws-4.x-lockfile","time":"2022-05-14T10:39:42.166Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","result":{"pushed":[],"ref":{"local":"refs/remotes/origin/feature/renovate-aws-4.x-lockfile"},"remoteMessages":{"all":["View merge request for feature/renovate-aws-4.x-lockfile:","https://gitlab.hjoy.net/devops/k8s-platform/-/merge_requests/216"]}},"msg":"git push","time":"2022-05-14T10:39:42.618Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":30,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","commitSha":"764f122b91817ac55001c302669cb8c9b85f65f5","msg":"Branch updated","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Checking if we can automerge branch","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"mergeStatus=no automerge","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Ensuring PR","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"There are 0 errors and 0 warnings","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getBranchPr(feature/renovate-aws-4.x-lockfile)","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"findPr(feature/renovate-aws-4.x-lockfile, undefined, open)","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getPr(216)","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"getMR(216)","time":"2022-05-14T10:39:42.619Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Found existing PR","time":"2022-05-14T10:39:42.622Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Processing existing PR","time":"2022-05-14T10:39:42.636Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"Merge Request #216 does not need updating","time":"2022-05-14T10:39:42.643Z","v":0}
{"name":"renovate","hostname":"runner-ynyyaj6-project-403-concurrent-0jlldf","pid":14,"level":20,"logContext":"s1YcmrcxycX0RjcSOdMiq","repository":"devops/k8s-platform","branch":"feature/renovate-aws-4.x-lockfile","msg":"PR is not configured for automerge","time":"2022-05-14T10:39:42.643Z","v":0}

Have you created a minimal reproduction repository?

https://github.com/z0rc/renovate-15580

@z0rc z0rc added priority-5-triage status:requirements Full requirements are not yet known, so implementation should not be started type:bug Bug fix of existing functionality labels May 14, 2022
@viceice viceice added auto:reproduction A minimal reproduction is necessary to proceed manager:terraform Terraform package manager labels May 14, 2022
@github-actions
Copy link
Contributor

Hi there,

Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction.

We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

@z0rc
Copy link
Author

z0rc commented May 14, 2022

I don't think there is need for reproduction repository. See https://github.com/renovatebot/renovate/issues/13692#issuecomment-1020835777, this is known behavior.

and then see if the range list causes any problems in practice.

This issue describes how such behavior causes problem in practice.

@viceice
Copy link
Member

viceice commented May 14, 2022

this needs a reproduction to test and verify current and fixed behavior.

@z0rc
Copy link
Author

z0rc commented May 14, 2022

I don't think this is reproducible with public repository due to

As renovate and pre-commit use the same api user

@z0rc
Copy link
Author

z0rc commented May 15, 2022

Here are extracts from Renovate MR to better understand what is going on.

  1. Repo is configured with pre-commit hook, using following configuration
% cat .pre-commit-config.yaml
---
- repo: https://github.com/antonbabenko/pre-commit-terraform
  rev: v1.71.0
  hooks:
  - id: terraform_fmt
  - id: terraform_docs
  - id: terraform_providers_lock
    args:
    - --args=-platform=linux_amd64
    - --args=-platform=darwin_amd64
  1. Renovate creates MR with following commit
commit 1d846e7aa3c5501d9aa12cd5280d3d65ec0a9220
Author: Dobby Bot <[email protected]>
Date:   Sun May 15 09:38:54 2022 +0000

    chore: [deps] Update Terraform aws to v4.14.0

diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl
index dc85bd5..0d4e6f5 100644
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -2,32 +2,20 @@
 # Manual edits may be lost in future updates.

 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "4.13.0"
-  constraints = ">= 2.0.0, >= 3.38.0, ~> 4.0"
+  version     = "4.14.0"
+  constraints = "~> 4.0"
   hashes = [
-    "h1:3reDkc0ysWUlUFPFL/mLZDlPNODFDMF8s66DEEx4xIY=",
-    "h1:DK3+k7Yxeenw945TqdHD2RBHcgbxpM1Z+Cw5Q4mndKw=",
-    "h1:FQMJshmf3iohSjslJ0OkPFi7INz0K0PWI56jKyCLQcI=",
-    "h1:KrK7yxX49fGeF5S1Vdz2e5rIxuW8+TXwsLie0l5Xgf0=",
-    "h1:aasq4gl/aKUnCyjTEV04JbU3AIEYYE2oMlVHOZune8Q=",
-    "h1:b7cliAICwDxM1MY/zjfla3XYPzWHrCDy2/xjyHgoTmU=",
-    "h1:blbxVCtBm2aUxwTZeQ5JkA79bzV38REgAAzdNlA9te0=",
-    "h1:dgU1nsJHfLnpeKwHFh4QyxzBNOqqSzjWQnrCvlUIkg4=",
-    "h1:g77kJiEjm2fMQqQvt902DTXXjB0VpS1wWMOeesy0m4c=",
-    "h1:wJ9zY+k27og9sc7A9VWVYUIGJQkXiWOd5B0UuQF8mOk=",
-    "h1:z/HYB0bt+xbI6B1ef4PNA35Df5YtpG4SnvmMKjh+ogc=",
-    "zh:215226bc0372077d2ae6dba4e2f08f6361f8e4953d20bc4c682d40fdf5002544",
-    "zh:42777cbdc046181986c0260ea17027ef1364c31d73a57eb0ab539f6e1a3e0780",
-    "zh:78079d2f5fc35f3c43eb2a131cb49c2c77ddd04943bca97080f33355808d39cc",
-    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9c0404a044eae741f10f3d217dc28658e0f04082963918913b024d3305c11e79",
-    "zh:a1b5a53f60d4f7bff1cc84180fef6205c95b8793741dbc8c0564a6200424ca73",
-    "zh:ba6711064a855ddb55924342b70667e9bed660bde8552dc0bde4b7f8947a2ec4",
-    "zh:d0f77ed514d54f7380d7e1ef585d853f50f1bee381d6abbf3a68429b68de6045",
-    "zh:d5c454d2ac9aed01ae00c477192c93d54c8362357a87684a3171055dcec25f44",
-    "zh:dfd381ed7da945cb85b99df843ee7eab339dd1799fa70d1ad3e94331605aad01",
-    "zh:eb6dc84414714f61b9de0ac190c69f598af9b16d144a44f573df484c06c8d4ef",
-    "zh:f02e79599af3f8f63e4b885c5715be3a4060cbf98eb4bf46d616aa0d9f2b5cd3",
+    "h1:/Z1ZTSgDlAkOIcCwhkS8tT3YJ2x5/GmlicS9vq0jEJU=",
+    "h1:LsJOSk/ASMgecG2gNee5kZ+RLAXpG3pEE2NDv2SwzPg=",
+    "h1:MKddyG65c++8KMc7NM6kUVxPap8/UPH3S8FXd17CPUI=",
+    "h1:RqBO9RnwTLRLqBtFdzeBq/2WxFqZMaHUfKcUbK5dpZ8=",
+    "h1:bGBaP7gBAs8ow/atwraBfOby+2b0WW7YU1Qc0VtI4Ts=",
+    "h1:jTt95u25A6LCDwJpMCvChnVi33+hEyL/CxBNrB2Oytk=",
+    "h1:ouBz6K65xxHfaP6I+5oXYCvilGNsC5Qn8Dy5JAqlqBU=",
+    "h1:tAlEAj2fSHlbnAZlHwJB6aDIVT0By1Za7WEleGf12hQ=",
+    "h1:ulMeMXxXkPHud/g7rb7D3egoPEy4ijUQUPvAtC+sDlA=",
+    "h1:vDWK646jifftne/t5mmgcapLOrsm79MSHDH2icW+3uE=",
+    "h1:wJ1F5KqM9XLQqotZ82YFQywpN4pwtVFR35uc5ckqGKw=",
   ]
 }
  1. Pre-commit logic in gitlab CI checks the MR via running pre-commit run --all-files and adding commit to MR with diff after pre-commit run
commit 65a9233dea8d4c98a85785da1e620bf5682e09d9 (HEAD -> feature/renovate-aws-4.x-lockfile, origin/feature/renovate-aws-4.x-lockfile)
Author: Dobby Bot <[email protected]>
Date:   Sun May 15 09:40:15 2022 +0000

    Apply pre-commit changes

diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl
index 0d4e6f5..f589393 100644
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -3,7 +3,7 @@

 provider "registry.terraform.io/hashicorp/aws" {
   version     = "4.14.0"
-  constraints = "~> 4.0"
+  constraints = ">= 2.0.0, >= 3.38.0, ~> 4.0"
   hashes = [
     "h1:/Z1ZTSgDlAkOIcCwhkS8tT3YJ2x5/GmlicS9vq0jEJU=",
     "h1:LsJOSk/ASMgecG2gNee5kZ+RLAXpG3pEE2NDv2SwzPg=",
@@ -16,6 +16,18 @@ provider "registry.terraform.io/hashicorp/aws" {
     "h1:ulMeMXxXkPHud/g7rb7D3egoPEy4ijUQUPvAtC+sDlA=",
     "h1:vDWK646jifftne/t5mmgcapLOrsm79MSHDH2icW+3uE=",
     "h1:wJ1F5KqM9XLQqotZ82YFQywpN4pwtVFR35uc5ckqGKw=",
+    "zh:00d03c06e6a7f8ccf8a5a8e03d71842ebe75c9bf4a94112429cf457ae50e9ec4",
+    "zh:1dc73df493294451a8a5bf80575d083958b8e33051f5a37764dcfd6264e0fd37",
+    "zh:4427e14bf3e1e0879f44edcf81a7091c67f7dd3c0b4a842f70ab2c5108452108",
+    "zh:4c9d8e627881207354020bcc2c6fede891d85a1893ee1a60c96e96f26bb792a7",
+    "zh:69c1dd3e8d1cfe85529d201ac6390df5e28bc353cf340b1ec3c5981d696f6373",
+    "zh:76df2d46384d7bf3c10e799145ee16c829f5bbf9218896aab4a73ec57dae0e90",
+    "zh:863ce9721e6d1f8554d77541545b6081e2afb1f38cb0c73a0491e58235ed588e",
+    "zh:9a8184398f83781623b2257361a1c038fb0eeb8361bb4714d1897f2479398b49",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:bbf27af267e5a77780ccc83b2f79e75f47ce7b8ed4f864b34baad01cbf2f54fb",
+    "zh:f31cfa54f3951d4623a25712964724a57f491ab17b3944802d55072768b41043",
+    "zh:fe17dfac4954873faf340088949e2434058f6f6b2f228fe3e349527f1ecde92d",
   ]
 }

diff --git a/infra/README.md b/infra/README.md
index 1d9acf1..0e68b50 100644
--- a/infra/README.md
+++ b/infra/README.md
@@ -15,7 +15,7 @@

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.13.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.11.0 |
 | <a name="provider_vault"></a> [vault](#provider\_vault) | 3.5.0 |

This results in MR with two commits.

Screen Shot 2022-05-15 at 13 33 53

We're using same API user for renovate and pre-commit automation to not drain GitLab licensed user seats with automation users. As renovate and pre-commit make commits under the same git author, I assume that renovate treats whole MR as its own. On next iteration renovate rebases the MR leaving only first commit, so pre-commit automation does second commit again, and cycle continues until MR is merged.

Screen Shot 2022-05-15 at 13 16 24

@rarkins
Copy link
Collaborator

rarkins commented May 15, 2022

Independently of this topic, this is why we recommend Renovate gets a dedicated user and is not shared with other bots

@rarkins
Copy link
Collaborator

rarkins commented May 15, 2022

If you change the git author for either bot then you might avoid the flip flopping

@z0rc
Copy link
Author

z0rc commented May 16, 2022

@rarkins We'll try to look into switching renovate to another user. Though I'm afraid it won't be easy, AFAIU switching to new API user will orphan all existing MRs but will create exact same ones under new user. Is there any way on renovate side to close or migrate MRs at this situation?

@github-actions
Copy link
Contributor

When a bug has been marked as needing a reproduction, it means nobody can work on it until one is provided. In cases where no reproduction is possible, or the issue creator does not have the time to reproduce, we unfortunately need to close such issues as they are non-actionable and serve no benefit by remaining open. This issue will be closed after 7 days of inactivity.

@github-actions github-actions bot added the stale label May 31, 2022
@z0rc
Copy link
Author

z0rc commented May 31, 2022

Rewrite of constraints field in terraform lock file is known behavior of renovate bot. This ticket is about this behavior, as it's considered incorrect because it causes issue down the road with regular terraform operations.

@github-actions github-actions bot removed the stale label Jun 1, 2022
@github-actions
Copy link
Contributor

When a bug has been marked as needing a reproduction, it means nobody can work on it until one is provided. In cases where no reproduction is possible, or the issue creator does not have the time to reproduce, we unfortunately need to close such issues as they are non-actionable and serve no benefit by remaining open. This issue will be closed after 7 days of inactivity.

@github-actions github-actions bot added the stale label Jun 15, 2022
@z0rc
Copy link
Author

z0rc commented Jun 15, 2022

Not stale.

@rarkins rarkins removed the stale label Jun 15, 2022
@rarkins
Copy link
Collaborator

rarkins commented Jun 15, 2022

@z0rc something which will make this issue less likely to be resolved is that two different topics have been mixed together:

  • How/what Renovate updates in terraform files
  • How things behave if you have two bots with same username pushing to same PR

I recommend that you update the original description and then hide all unrelated/off-topic comments so that we can get back to the original discussion. And of course a reproduction is still required, just for the terraform constraints part.

@github-actions
Copy link
Contributor

When a bug has been marked as needing a reproduction, it means nobody can work on it until one is provided. In cases where no reproduction is possible, or the issue creator does not have the time to reproduce, we unfortunately need to close such issues as they are non-actionable and serve no benefit by remaining open. This issue will be closed after 7 days of inactivity.

@github-actions github-actions bot added the stale label Jun 30, 2022
@z0rc
Copy link
Author

z0rc commented Jul 5, 2022

@rarkins done.

@github-actions github-actions bot removed the stale label Jul 6, 2022
@rarkins rarkins added reproduction:provided and removed auto:reproduction A minimal reproduction is necessary to proceed priority-5-triage labels Jul 6, 2022
@rarkins rarkins added the priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others label Jul 6, 2022
@hskrtich
Copy link

I am also running into this issue. I am using the cloud hosted renovate bot and its updating the constraints value in the lock file to an invalid format for terraform.

Can this get worked on?

@johnywas
Copy link

johnywas commented May 23, 2023

Same here with self hosted Renovate and self hosted Gitlab.
Having this:

terraform {
  required_version = ">= 0.13.4"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = ">= 3.0"
    }
  }
}

Renovate PR to update terraform lockfile leads to:

provider "registry.terraform.io/hashicorp/google" {
  version     = "4.66.0"
  constraints = ">= 3.0"
  hashes = [
    "h1:5nXbUI6p3+MB0p/fhBXSzpwOUY4zkhqqwhnhJEYR07g=",
    "h1:CdjxpTV2ZZlCyJJMjQbrIysFBL1mVEpu6rtRIAlJELs=",
    "h1:XkZvUaH5h/qVxcov8ffH3YUwmskAe/6xkKIwsp35/T0=",
    "h1:aUKSdXehj2tc0tnK+FMniQ+ekPQwneGDrdS1ziWHkqE=",
    "h1:hWdFHWdIyfSPBDm1XwEMsHl3k5CqoAzNiwgZj839Gtk=",
    "h1:ha9Gq9th/P4LBxJuTF+g7Hm0/a+XLT8HVCXfEDEGxBw=",
    "h1:pGIFZyCdEXc8PECJgZaXyXItG0XDwj14NXWINYVvYnQ=",
    "h1:rN7iHu/t+Xps0D4RUM2ZkgLdXAY6ftey+o/5osP9jKE=",
    "h1:swReK2MenK3Djny0VLjCD7AAIXo1ikgpwwHmELM8Z/w=",
    "h1:vrcGaRJuaHbPMlX9+5GHjJz/p+nllL9tPCQ93b7eExU=",
    "h1:ykmsArGX1/JTEbqMMUXA9s1H+IdtXnKanl5dh4YsaXo=",
  ]
}

Then terraform init fails with:

$ terraform init
Initializing the backend...
╷
│ Error: failed to read dependency lock file: Invalid provider version constraints: The recorded version constraints for provider registry.terraform.io/hashicorp/google-beta must be written in normalized form: ">= 3.0.0".

Terraform init completes successfully with the following lockfile:

provider "registry.terraform.io/hashicorp/google" {
  version     = "4.66.0"
  constraints = ">= 3.0.0"
  hashes = [
    "h1:5nXbUI6p3+MB0p/fhBXSzpwOUY4zkhqqwhnhJEYR07g=",
    "h1:CdjxpTV2ZZlCyJJMjQbrIysFBL1mVEpu6rtRIAlJELs=",
    "h1:XkZvUaH5h/qVxcov8ffH3YUwmskAe/6xkKIwsp35/T0=",
    "h1:aUKSdXehj2tc0tnK+FMniQ+ekPQwneGDrdS1ziWHkqE=",
    "h1:hWdFHWdIyfSPBDm1XwEMsHl3k5CqoAzNiwgZj839Gtk=",
    "h1:ha9Gq9th/P4LBxJuTF+g7Hm0/a+XLT8HVCXfEDEGxBw=",
    "h1:pGIFZyCdEXc8PECJgZaXyXItG0XDwj14NXWINYVvYnQ=",
    "h1:rN7iHu/t+Xps0D4RUM2ZkgLdXAY6ftey+o/5osP9jKE=",
    "h1:swReK2MenK3Djny0VLjCD7AAIXo1ikgpwwHmELM8Z/w=",
    "h1:vrcGaRJuaHbPMlX9+5GHjJz/p+nllL9tPCQ93b7eExU=",
    "h1:ykmsArGX1/JTEbqMMUXA9s1H+IdtXnKanl5dh4YsaXo=",
  ]
}

Any feedback or suggestion is greatly appreciated.

@saez0pub
Copy link

saez0pub commented Jul 26, 2023

Renovate uses the required_providers.*.version to guess what to write in the lockfile, that's a bug.
It is not only tied to the required_providers block but also to modules we are using.
While someone finds how to make renovate to stop rewriting the constraints in lockfile, use a valid lockfile constraint in required_providers.
Example this patch prevents renovate to produce a non valid constraint:

   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.50"
+      version = ">= 3.50.0"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.50"
+      version = ">= 3.50.0"
     }
   }
 }

@pascal-hofmann
Copy link

pascal-hofmann commented Jul 28, 2023

I think this and #21062 are the same issue. In #21062 there also is a minimal reproduction repository:

repo
working state pre-update: commit (check)
onboarding PR: DavidS-ovm/renovate-tf-repro#1
failing PR: DavidS-ovm/renovate-tf-repro#2

@renovatebot renovatebot locked and limited conversation to collaborators Oct 1, 2023
@rarkins rarkins converted this issue into discussion #24879 Oct 1, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Labels
manager:terraform Terraform package manager priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others status:requirements Full requirements are not yet known, so implementation should not be started type:bug Bug fix of existing functionality
Projects
None yet
Development

No branches or pull requests

7 participants