From 735345821e30c3a55835c5e3d5fb44831da51c1a Mon Sep 17 00:00:00 2001
From: Diogenes Fernandes <diofeher@gmail.com>
Date: Mon, 24 Nov 2025 18:54:04 -0300
Subject: [PATCH 1/4] Fix builtin/terraform error while updating

Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>
---
 opentofu/README.md                              | 5 +++++
 opentofu/lib/dependabot/opentofu/file_parser.rb | 9 ++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/opentofu/README.md b/opentofu/README.md
index c61b5004903..efd9be29871 100644
--- a/opentofu/README.md
+++ b/opentofu/README.md
@@ -15,6 +15,11 @@ OpenTofu support for [`dependabot-core`][core-repo].
    [dependabot-core-dev] ~ $ cd opentofu && rspec
    ```
 
+3. Run against an existing repo:
+   ```
+   bin/dry-run.rb opentofu diofeher/dependabot-example --dep="specific-dependency"
+   ```
+
 ### Configuration
 
 To enable OpenTofu support, add to your `dependabot.yml`:
diff --git a/opentofu/lib/dependabot/opentofu/file_parser.rb b/opentofu/lib/dependabot/opentofu/file_parser.rb
index 4a824f422b1..c43a62fdb1e 100644
--- a/opentofu/lib/dependabot/opentofu/file_parser.rb
+++ b/opentofu/lib/dependabot/opentofu/file_parser.rb
@@ -94,7 +94,14 @@ def parse_opentofu_files(dependency_set)
             required_providers = opentofu.fetch("required_providers", {})
             required_providers.each do |provider|
               provider.each do |name, details|
-                dependency_set << build_provider_dependency(file, name, details)
+                Dependabot.logger.info("Building provider dependency for #{name} in #{file.name}")
+                dep = build_provider_dependency(file, name, details)
+                if dep.name == "builtin/terraform"
+                  Dependabot.logger.info("Skipping builtin/terraform provider as it's not possible to update it")
+                  next
+                end
+
+                dependency_set << dep
               end
             end
           end

From 982947cdd42a75b0dc72165cd957faa0ab8c246c Mon Sep 17 00:00:00 2001
From: Diogenes Fernandes <diofeher@gmail.com>
Date: Mon, 24 Nov 2025 20:18:58 -0300
Subject: [PATCH 2/4] Lint

Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>
---
 opentofu/lib/dependabot/opentofu/file_parser.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/opentofu/lib/dependabot/opentofu/file_parser.rb b/opentofu/lib/dependabot/opentofu/file_parser.rb
index c43a62fdb1e..82aa2b4c0b6 100644
--- a/opentofu/lib/dependabot/opentofu/file_parser.rb
+++ b/opentofu/lib/dependabot/opentofu/file_parser.rb
@@ -58,6 +58,7 @@ def ecosystem
       private
 
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/MethodLength
       sig { params(dependency_set: Dependabot::FileParsers::Base::DependencySet).void }
       def parse_opentofu_files(dependency_set)
         opentofu_files.each do |file|
@@ -107,6 +108,7 @@ def parse_opentofu_files(dependency_set)
           end
         end
       end
+      # rubocop:enable Metrics/MethodLength
 
       sig { params(dependency_set: Dependabot::FileParsers::Base::DependencySet).void }
       def parse_terragrunt_files(dependency_set)

From 81863fa9d5b1731dbd7df933b3f54aad32438d9e Mon Sep 17 00:00:00 2001
From: Diogenes Fernandes <diofeher@gmail.com>
Date: Tue, 25 Nov 2025 02:46:11 -0300
Subject: [PATCH 3/4] Adding tests to it

Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>
---
 .../dependabot/opentofu/file_parser_spec.rb   | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/opentofu/spec/dependabot/opentofu/file_parser_spec.rb b/opentofu/spec/dependabot/opentofu/file_parser_spec.rb
index e464df1541d..c11dcd3709b 100644
--- a/opentofu/spec/dependabot/opentofu/file_parser_spec.rb
+++ b/opentofu/spec/dependabot/opentofu/file_parser_spec.rb
@@ -968,6 +968,29 @@
       end
     end
 
+    context "with a terraform.io/builtin/terraform provider" do
+      let(:files) { project_dependency_files("provider_with_builtin_terraform") }
+
+      it "skips the builtin/terraform provider" do
+        expect(dependencies.length).to eq(2)
+        # Should not include builtin/terraform provider
+        expect(dependencies.find { |d| d.name == "builtin/terraform" }).to be_nil
+        # Should include other providers
+        expect(dependencies.find { |d| d.name == "hashicorp/http" }).not_to be_nil
+        expect(dependencies.find { |d| d.name == "hashicorp/aws" }).not_to be_nil
+      end
+
+      it "parses other providers correctly" do
+        http_provider = dependencies.find { |d| d.name == "hashicorp/http" }
+        expect(http_provider.version).to eq("2.1.0")
+        expect(http_provider.requirements.first[:requirement]).to eq("~> 2.0")
+
+        aws_provider = dependencies.find { |d| d.name == "hashicorp/aws" }
+        expect(aws_provider.version).to eq("3.37.0")
+        expect(aws_provider.requirements.first[:requirement]).to eq("3.37.0")
+      end
+    end
+
     context "with a private module with directory suffix" do
       let(:files) { project_dependency_files("private_module_with_dir_suffix") }
 

From 9adfaa8bf164febd846f28b6ff46c5cf552cb48b Mon Sep 17 00:00:00 2001
From: Diogenes Fernandes <diofeher@gmail.com>
Date: Tue, 25 Nov 2025 02:54:05 -0300
Subject: [PATCH 4/4] Missing test file

Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>
---
 .../.terraform.lock.hcl                       | 25 +++++++++++++++++++
 .../provider_with_builtin_terraform/main.tf   | 24 ++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 opentofu/spec/fixtures/projects/provider_with_builtin_terraform/.terraform.lock.hcl
 create mode 100644 opentofu/spec/fixtures/projects/provider_with_builtin_terraform/main.tf

diff --git a/opentofu/spec/fixtures/projects/provider_with_builtin_terraform/.terraform.lock.hcl b/opentofu/spec/fixtures/projects/provider_with_builtin_terraform/.terraform.lock.hcl
new file mode 100644
index 00000000000..b36212ecae1
--- /dev/null
+++ b/opentofu/spec/fixtures/projects/provider_with_builtin_terraform/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "builtin/terraform" {
+  version = "1.0.0"
+}
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version     = "3.37.0"
+  constraints = "3.37.0"
+  hashes = [
+    "h1:mJschciSYzJWKqAXZ9YqgB4S28DCFvJXwErCQV/5Vkw=",
+    "zh:064c9b21bcd69be7a8631ccb3eccb8690c6a9955051145920803ef6ce6fc06bf"
+  ]
+}
+
+provider "registry.opentofu.org/hashicorp/http" {
+  version     = "2.1.0"
+  constraints = "~> 2.0"
+  hashes = [
+    "h1:GYoVrTtiSAE3nlDJ2wqM8l0hjBF9eIj0R9f+Z1sOw0c=",
+    "zh:03d82dc0887d755b8406697b1d27506bc9f86f93b3e9b4d26e0679d96b802826"
+  ]
+}
+
diff --git a/opentofu/spec/fixtures/projects/provider_with_builtin_terraform/main.tf b/opentofu/spec/fixtures/projects/provider_with_builtin_terraform/main.tf
new file mode 100644
index 00000000000..9de5e055502
--- /dev/null
+++ b/opentofu/spec/fixtures/projects/provider_with_builtin_terraform/main.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    terraform = {
+      source  = "terraform.io/builtin/terraform"
+    }
+
+    http = {
+      source  = "hashicorp/http"
+      version = "~> 2.0"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.37.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-west-1"
+}
+