Backport paketo-buildpacks/libpak#306

Signed-off-by: Daniel Mikusa <[email protected]>

carton/buildmodule_dependency.go

@@ -36,6 +36,7 @@ const (
 type BuildModuleDependency struct {
 	BuildModulePath string
 	ID              string
+	Arch            string
 	SHA256          string
 	URI             string
 	Version         string
@@ -59,11 +60,12 @@ func (b BuildModuleDependency) Update(options ...Option) {
 
 	logger := log.NewPaketoLogger(os.Stdout)
 	_, _ = fmt.Fprintf(logger.TitleWriter(), "\n%s\n", log.FormatIdentity(b.ID, b.VersionPattern))
-	logger.Headerf("Version: %s", b.Version)
-	logger.Headerf("PURL:    %s", b.PURL)
-	logger.Headerf("CPEs:    %s", b.CPE)
-	logger.Headerf("URI:     %s", b.URI)
-	logger.Headerf("SHA256:  %s", b.SHA256)
+	logger.Headerf("Arch:         %s", b.Arch)
+	logger.Headerf("Version:      %s", b.Version)
+	logger.Headerf("PURL:         %s", b.PURL)
+	logger.Headerf("CPEs:         %s", b.CPE)
+	logger.Headerf("URI:          %s", b.URI)
+	logger.Headerf("SHA256:       %s", b.SHA256)
 	logger.Headerf("Source:       %s", b.Source)
 	logger.Headerf("SourceSHA256: %s", b.SourceSHA256)
 
@@ -142,7 +144,27 @@ func (b BuildModuleDependency) Update(options ...Option) {
 			continue
 		}
 
-		if depID == b.ID {
+		// extract the arch from the PURL, it's the only place it lives consistently at the moment
+		var depArch string
+		purlUnwrapped, found := dep["purl"]
+		if found {
+			purl, ok := purlUnwrapped.(string)
+			if ok {
+				purlArchExp := regexp.MustCompile(`arch=(.*)`)
+				purlArchMatches := purlArchExp.FindStringSubmatch(purl)
+				if len(purlArchMatches) == 2 {
+					depArch = purlArchMatches[1]
+				}
+			}
+		}
+
+		// if not set, we presently need to default to amd64 because a lot of deps do not specify arch
+		//   in the future when we add the arch field to our deps, then we can remove this because empty should then mean noarch
+		if depArch == "" {
+			depArch = "amd64"
+		}
+
+		if depID == b.ID && depArch == b.Arch {
 			depVersionUnwrapped, found := dep["version"]
 			if !found {
 				continue
@@ -152,6 +174,7 @@ func (b BuildModuleDependency) Update(options ...Option) {
 			if !ok {
 				continue
 			}
+
 			if versionExp.MatchString(depVersion) {
 				dep["version"] = b.Version
 				dep["uri"] = b.URI

carton/buildmodule_dependency_test.go

@@ -75,6 +75,7 @@ source-sha256 = "test-source-sha256-1"
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
@@ -124,6 +125,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
@@ -174,6 +176,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
@@ -243,6 +246,7 @@ source-sha256 = "test-source-sha256-2"
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-3",
 			URI:             "test-uri-3",
 			Version:         "test-version-3",
@@ -309,6 +313,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
@@ -359,6 +364,7 @@ cpes    = ["cpe:2.3:a:test-vendor:test-product:test-version-1:patch1:*:*:*:*:*:*
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
@@ -410,6 +416,7 @@ cpes    = 1234
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",
@@ -463,6 +470,7 @@ version = "1.2.3"
 		d := carton.BuildModuleDependency{
 			BuildModulePath: path,
 			ID:              "test-id",
+			Arch:            "amd64",
 			SHA256:          "test-sha256-2",
 			URI:             "test-uri-2",
 			Version:         "test-version-2",

commands/dependency_update_build_module.go

@@ -39,6 +39,10 @@ func DependencyUpdateBuildModuleCommand() *cobra.Command {
 				log.Fatal("id must be set")
 			}
 
+			if b.Arch == "" {
+				b.Arch = "amd64"
+			}
+
 			if b.SHA256 == "" {
 				log.Fatal("sha256 must be set")
 			}
@@ -77,6 +81,7 @@ func DependencyUpdateBuildModuleCommand() *cobra.Command {
 
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.BuildModulePath, "buildmodule-toml", "", "path to buildpack.toml or extension.toml")
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.ID, "id", "", "the id of the dependency")
+	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.Arch, "arch", "", "the arch of the dependency")
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.SHA256, "sha256", "", "the new sha256 of the dependency")
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.URI, "uri", "", "the new uri of the dependency")
 	dependencyUpdateBuildModuleCmd.Flags().StringVar(&b.Version, "version", "", "the new version of the dependency")