feat: add datasource for versioned AWS ARNs

[kayman-mk]

Changes

Just a draft to have something on my worklist.

This PR adds a new datasource to update versioned AWS ARNs.

Context

Documentation (please check one with an [x])

• [x] I have updated the documentation, or
• [ ] No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

• [ ] Code inspection only, or
• [x] Newly added/modified unit tests, or
• [ ] No unit tests but ran on a real repository, or
• [ ] Both unit tests + ran on a real repository

[kayman-mk]

@HonkingGoose Thanks for your review. I committed your change.

I still have two questions which I can't answer. How does Renovate know what to put into the serializedArnFilter of my datasource (how to get the runtime, architecture and depName from the code into my function)? And how does Renovate know, which part of my string has to be updated? I simply do not understand how it works.

Could you please clarify?

locals {
  # renovate: datasource=aws-versioned-arn architecture=x86_64 runtime=python37
  insight_layer_arn = "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension:21"
}

resource "aws_lambda_function" "example" {
  # ... other configuration ...

  layers = [local.insight_layer_arn]
}

{
  "regexManagers": [
    {
      "fileMatch": ["\\.tf$"],
      "matchStrings": [
        ".*renovate: datasource=aws-versioned-arn architecture=(?<architecture>.*) runtime=(?<runtime>.*)\\s+.* = \"(?<depName>.*):(?<currentValue>\\d+)\""
      ],
      "versioningTemplate": "loose"
    }
  ]
}

 async getReleases({
    packageName: serializedArnFilter,
  }: GetReleasesConfig): Promise<ReleaseResult | null> {
    const lambdaLayerVersions = await this.getSortedLambdaLayerVersions(
      serializedArnFilter
    );
}

[HonkingGoose]

I'll let the maintainers answer your questions. 😉

[kayman-mk]

@JamieMagee Could you step in please?

[kayman-mk]

@viceice I am almost satisfied with the results here. The only problem I have is, that Renovate tries to update the dependency name as well. Let's say the newest version of my lambda is 3 and I have the following file:

locals {
  # renovate: datasource=aws-lambda-layer filter={"name": "my-layer", "architecture": "x86_64", "runtime": "python3.7"}
  my_layer_arn = "arn:aws:lambda:us-east-1:223456789022:layer:my-layer:1"
}

After Renovate ran on my repository, I see the following change: my_layer_arn = "arn:aws:lambda:us-east-3:223456789022:layer:my-layer:3". As you can see, the version number was updated (after the last colon) but us-east-1 was changed to us-east-3. Seems that the RegEx manager replaces every 1 by a 3.

I tried to find some docs explaining the logic here, but didn't found any. Could you shed some light on this, please?

[JamieMagee]

What's your renovate config for that upgrade? It looks like it's finding it somewhere in auto-replace, but you'd need to debug through to see exactly where.

[kayman-mk]

I am developing with VSCode using the devcontainer option. I followed the steps in the local_development and exported my AWS credentials and the Renovate token. No other special configuration set.

I started renovate with LOG_LEVEL=debug yarn start kayman-mk/renovate-test within this feature branch. The only file I added was .nvmrc as described in the docs.

[protoz]

Not to derail the current design according to the readme using a specific local variable, but it may be good to support the aws provider's data source aws_lambda_layer_version.

data "aws_lambda_layer_version" "datadog_extension" {
  layer_name = "arn:aws:lambda:us-east-1:464622532012:layer:Datadog-Extension"
  version = 37
}

By specifying aws_lambda_layer_version.datadog_extension.arn it will append the version appropriately as arn:aws:lambda:us-east-1:464622532012:layer:Datadog-Extension:37 in this case. That may simplify the regex issues you are having.