bundle_update_interactive 0.1.2 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5528866f5f55fbafe54d180eb107216cb51960f6e4f2a19a6ab0d5747ba0a4c8
-  data.tar.gz: 1cf3a85d39c210a5b8e7f7788002411b652d504f8d4fb839c027085dcad56524
+  metadata.gz: 24de9c6dde2b3514ffad21a64256359200e2bb717b1a0385caa8d032776d5fe6
+  data.tar.gz: 4a1a1c65bd89e4c7e17d563c2a854c80e07edeb7d04e6b4ffdf3cbef1d47ddee
 SHA512:
-  metadata.gz: fd77e2d7fdbdce228366b613b0c1d68571bd8b75bf42299b216b14a2c4adb119b82dea42c82e879ade62241974006655f5e67594bc7e6b5f6d25a082efe0e774
-  data.tar.gz: 071b0269b26bf0d1b49fe65962a921846f0ad55ff5dff553ab4d174e1bac33f9000eba9257c6d89e7f376ab305cc1f24ac0b73202f4dfa5d1a12b4e5b02f3c7c
+  metadata.gz: 493421b5621ff128b56ed96041fd4c1e776de8c0160f330d8458d40963248e2c2e779dc64c7f7afd390c2f98d62a6203b3495534e7b57051f79add6edc729715
+  data.tar.gz: 638b235f21664177f8b9de29a0b69b9229ef1b57fc985c4ba6c73678ca2142a926caff18626a809b4ab4fdd2aeff4573e7a4137c471ca569d62b95e55322e0ec

data/README.md

@@ -5,13 +5,15 @@
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mattbrictson/bundle_update_interactive/ci.yml)](https://github.com/mattbrictson/bundle_update_interactive/actions/workflows/ci.yml)
 [![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/mattbrictson/bundle_update_interactive)](https://codeclimate.com/github/mattbrictson/bundle_update_interactive)
 
-This gem adds an `update-interactive` command to [Bundler](https://bundler.io).
+**This gem adds an `update-interactive` command to [Bundler](https://bundler.io).** Run it to see what gems can be updated, then pick and choose which ones to update. If you've used `yarn upgrade-interactive`, the interface should be very familiar.
 
-https://github.com/user-attachments/assets/3ec11073-b365-4f92-be76-60c9ac73d1be
+<img src="images/update-interactive.png" alt="Screenshot of update-interactive UI" width="1154" />
 
 ---
 
 - [Quick start](#quick-start)
+- [Features](#features)
+- [Prior art](#prior-art)
 - [Support](#support)
 - [License](#license)
 - [Code of conduct](#code-of-conduct)
@@ -37,6 +39,85 @@ Or the shorthand:
 bundle ui
 ```
 
+## Features
+
+### Semver highlighting
+
+`bundle update-interactive` highlights each gem according the severity of its version upgrade.
+
+<img src="images/semver.png" alt="Severities are in red, yellow, and green" width="480" />
+
+Gems sourced from Git repositories are highlighted in cyan, regardless of the semver change, due to the fact that new commits pulled from the Git repo may not yet be officially released. In this case the semver information is unknown.
+
+`bundle update-interactive` also highlights the exact portion of the version number that has changed, so you can quickly scan gem versions for important differences.
+
+<img src="images/version-highlight.png" alt="Screenshot of highlighted version numbers" width="70" />
+
+### Security vulnerabilities
+
+`bundle update-interactive` uses [bundler-audit](https://github.com/rubysec/bundler-audit) internally to search for outdated gems that have known security vulnerabilities. These gems are highlighted prominently with white text on a red background.
+
+<img src="images/security.png" alt="Screenshot of security vulnerability highlighted in red" width="402" />
+
+Some gems, notably `rails`, are composed of smaller gems like `actionpack`, `activesupport`, `railties`, etc. Because of how these component gem versions are constrained, you cannot update just one of them; they all must be updated together.
+
+Therefore, if any Rails component has a security vulnerability, `bundle update-interactive` will automatically roll up that information into a single `rails` line item, so you can select it and upgrade all of its components in one shot.
+
+### Changelogs
+
+`bundle update-interactive` will do its best to find an appropriate changelog for each gem.
+
+It prefers the `changelog_uri` [metadata](https://guides.rubygems.org/specification-reference/#metadata) published in the gem itself. However, this metadata field is optional, and many gem authors do not provide it.
+
+As a fallback, `bundle update-interactive` will check if the gem's source code is hosted on GitHub, and scans the GitHub repo for obvious changelog files like `CHANGELOG.md`, `NEWS`, etc. Finally, if the project is actively documenting versions using GitHub Releases, the Releases URL will be used.
+
+If you discover a gem that is missing a changelog in `bundle update-interactive`, [log an issue](https://github.com/mattbrictson/bundle_update_interactive/issues) and I'll see if the algorithm can be improved.
+
+### Git diffs
+
+If your `Gemfile` sources a gem from a GitHub repo like this:
+
+```ruby
+gem "rails", github: "rails/rails", branch: "7-1-stable"
+```
+
+Then `bundle update-interactive` will show a GitHub diff link instead of a changelog, so you can see exactly what changed when the gem is updated. For example:
+
+https://github.com/rails/rails/compare/5a8d894...77dfa65
+
+Currently only GitHub repos are supported, but I'm considering adding GitLab and BitBucket as well.
+
+### Conservative updates
+
+`bundle update-interactive` updates the gems you select by running `bundle update --conservative [GEMS...]`. This means that only those specific gems will be updated. Indirect dependencies shared with other gems will not be affected.
+
+<img src="images/conservative.png" alt="Screenshot of gems being updated" width="762" />
+
+An exception is made for "meta gems" like `rails` that are composed of dependencies locked at exact versions. For example, if you chose to upgrade `rails`, the actual command issued to Bundler will be:
+
+```
+bundle update --conservative \
+  rails \
+  actioncable \
+  actionmailbox \
+  actionmailer \
+  actionpack \
+  actiontext \
+  actionview \
+  activejob \
+  activemodel \
+  activerecord \
+  activestorage \
+  activesupport \
+  railties
+```
+
+## Prior art
+
+This project was inspired by [yarn upgrade-interactive](https://classic.yarnpkg.com/lang/en/docs/cli/upgrade-interactive/), and borrows many of its interface ideas.
+
+Before creating `bundle update-interactive`, I published [bundleup](https://github.com/mattbrictson/bundleup), a gem that serves a similar purpose but with a simpler, non-interactive approach.
+
 ## Support
 
 If you want to report a bug, or have ideas, feedback or questions about the gem, [let me know via GitHub issues](https://github.com/mattbrictson/bundle_update_interactive/issues/new) and I will do my best to provide a helpful answer. Happy hacking!
@@ -52,3 +133,7 @@ Everyone interacting in this project’s codebases, issue trackers, chat rooms a
 ## Contribution guide
 
 Pull requests are welcome!
+
+To test your locally cloned version of `bundle update-interactive`, run `rake install`. This will install the gem and its executable so that you can try it out on other local projects.
+
+Before submitting a PR, make sure to run `rake` to see if there are any RuboCop or test failures.

data/lib/bundle_update_interactive/changelog_locator.rb

@@ -5,8 +5,8 @@ require "json"
 
 GITHUB_PATTERN = %r{^(?:https?://)?github\.com/([^/]+/[^/]+)(?:\.git)?/?}.freeze
 URI_KEYS = %w[source_code_uri homepage_uri bug_tracker_uri wiki_uri].freeze
-FILE_PATTERN = /(?:changelog|changes|history|news|release)/.freeze
-EXT_PATTERN = /(?:md|txt|rdoc)/.freeze
+FILE_PATTERN = /changelog|changes|history|news|release/i.freeze
+EXT_PATTERN = /md|txt|rdoc/i.freeze
 
 module BundleUpdateInteractive
   class ChangelogLocator

data/lib/bundle_update_interactive/cli/multi_select.rb

@@ -39,6 +39,8 @@ class BundleUpdateInteractive::CLI
           exit(130)
         }
       )
+      add_keybindings
+
       @pastel = BundleUpdateInteractive.pastel
     end
 
@@ -51,6 +53,13 @@ class BundleUpdateInteractive::CLI
 
     attr_reader :pastel, :table, :tty_prompt, :title
 
+    def add_keybindings
+      tty_prompt.on(:keypress) do |event|
+        tty_prompt.trigger(:keyup) if %w[k p].include?(event.value)
+        tty_prompt.trigger(:keydown) if %w[j n].include?(event.value)
+      end
+    end
+
     def help
       [
         pastel.dim("\nPress <space> to select, ↑/↓ move, <ctrl-a> all, <ctrl-r> reverse, <enter> to finish."),

data/lib/bundle_update_interactive/cli/table.rb

@@ -28,7 +28,7 @@ class BundleUpdateInteractive::CLI
 
     def render
       lines = [render_header]
-      rows.each_key { |name| lines << render_gem(name) }
+      rows.keys.sort.each { |name| lines << render_gem(name) }
       lines.join("\n")
     end
 

data/lib/bundle_update_interactive/outdated_gem.rb

@@ -2,19 +2,21 @@
 
 module BundleUpdateInteractive
   class OutdatedGem
-    attr_reader :current_lockfile_entry, :updated_lockfile_entry, :gemfile_groups
-    attr_writer :vulnerable
+    attr_accessor :name,
+                  :gemfile_groups,
+                  :git_source_uri,
+                  :current_version,
+                  :current_git_version,
+                  :updated_version,
+                  :updated_git_version
 
-    def initialize(current_lockfile_entry:, updated_lockfile_entry:, gemfile_groups:)
-      @current_lockfile_entry = current_lockfile_entry
-      @updated_lockfile_entry = updated_lockfile_entry
-      @gemfile_groups = gemfile_groups
-      @changelog_locator = ChangelogLocator.new
+    attr_writer :rubygems_source, :vulnerable
+
+    def initialize(**attrs)
       @vulnerable = nil
-    end
+      @changelog_locator = ChangelogLocator.new
 
-    def name
-      current_lockfile_entry.name
+      attrs.each { |name, value| public_send(:"#{name}=", value) }
     end
 
     def semver_change
@@ -25,13 +27,17 @@ module BundleUpdateInteractive
       @vulnerable
     end
 
+    def rubygems_source?
+      @rubygems_source
+    end
+
     def changelog_uri
       return @changelog_uri if defined?(@changelog_uri)
 
       @changelog_uri =
-        if git_version_changed?
+        if git_version_changed? && github_repo
           "https://github.com/#{github_repo}/compare/#{current_git_version}...#{updated_git_version}"
-        elsif updated_lockfile_entry.rubygems_source?
+        elsif rubygems_source?
           changelog_locator.find_changelog_uri(name: name, version: updated_version.to_s)
         else
           begin
@@ -42,22 +48,6 @@ module BundleUpdateInteractive
         end
     end
 
-    def current_version
-      current_lockfile_entry.version
-    end
-
-    def updated_version
-      updated_lockfile_entry.version
-    end
-
-    def current_git_version
-      current_lockfile_entry.git_version
-    end
-
-    def updated_git_version
-      updated_lockfile_entry.git_version
-    end
-
     def git_version_changed?
       current_git_version && updated_git_version && current_git_version != updated_git_version
     end
@@ -69,8 +59,7 @@ module BundleUpdateInteractive
     def github_repo
       return nil unless updated_git_version
 
-      updated_lockfile_entry.git_source_uri.to_s[%r{^(?:git@github.com:|https://github.com/)([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i,
-                                                 1]
+      git_source_uri.to_s[%r{^(?:git@github.com:|https://github.com/)([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
     end
   end
 end

data/lib/bundle_update_interactive/report.rb

@@ -21,16 +21,12 @@ module BundleUpdateInteractive
 
     def initialize(gemfile:, current_lockfile:, updated_lockfile:)
       @current_lockfile = current_lockfile
-      outdated_names = current_lockfile.entries.each_with_object([]) do |current_entry, arr|
-        updated_entry = updated_lockfile[current_entry.name]
-        arr << current_entry.name if current_entry.older_than?(updated_entry)
-      end
-      @outdated_gems ||= outdated_names.sort.each_with_object({}) do |name, hash|
-        hash[name] = OutdatedGem.new(
-          current_lockfile_entry: current_lockfile[name],
-          updated_lockfile_entry: updated_lockfile[name],
-          gemfile_groups: gemfile[name]&.groups
-        )
+      @outdated_gems ||= current_lockfile.entries.each_with_object({}) do |current_lockfile_entry, hash|
+        name = current_lockfile_entry.name
+        updated_lockfile_entry = updated_lockfile[name]
+        next unless current_lockfile_entry.older_than?(updated_lockfile_entry)
+
+        hash[name] = build_outdated_gem(current_lockfile_entry, updated_lockfile_entry, gemfile[name]&.groups)
       end.freeze
     end
 
@@ -39,12 +35,14 @@ module BundleUpdateInteractive
     end
 
     def updateable_gems
-      outdated_gems.reject { |_, gem| gem.current_lockfile_entry.exact_dependency? }
+      @updateable_gems ||= outdated_gems.reject do |name, _|
+        current_lockfile[name].exact_dependency?
+      end.freeze
     end
 
     def expand_gems_with_exact_dependencies(*gem_names)
       gem_names.flatten!
-      gem_names.flat_map { [_1, *outdated_gems[_1].current_lockfile_entry.exact_dependencies] }.uniq
+      gem_names.flat_map { |name| [name, *current_lockfile[name].exact_dependencies] }.uniq
     end
 
     def scan_for_vulnerabilities!
@@ -68,5 +66,18 @@ module BundleUpdateInteractive
     private
 
     attr_reader :current_lockfile
+
+    def build_outdated_gem(current_lockfile_entry, updated_lockfile_entry, gemfile_groups)
+      OutdatedGem.new(
+        name: current_lockfile_entry.name,
+        gemfile_groups: gemfile_groups,
+        rubygems_source: updated_lockfile_entry.rubygems_source?,
+        git_source_uri: updated_lockfile_entry.git_source_uri&.to_s,
+        current_version: current_lockfile_entry.version.to_s,
+        current_git_version: current_lockfile_entry.git_version&.strip,
+        updated_version: updated_lockfile_entry.version.to_s,
+        updated_git_version: updated_lockfile_entry.git_version&.strip
+      )
+    end
   end
 end

data/lib/bundle_update_interactive/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BundleUpdateInteractive
-  VERSION = "0.1.2"
+  VERSION = "0.2.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundle_update_interactive
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.1
 platform: ruby
 authors:
 - Matt Brictson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-11 00:00:00.000000000 Z
+date: 2024-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler