RubyGems - bundle_update_interactive - Versions diffs - 0.2.0 → 0.3.0 - Mend

bundle_update_interactive 0.2.0 → 0.3.0

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +87 -2
data/lib/bundle_update_interactive/changelog_locator.rb +54 -30
data/lib/bundle_update_interactive/outdated_gem.rb +26 -2
data/lib/bundle_update_interactive/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29c88bba35c4c9dc4c8240fc82afaa24c6ca1285ceceef1a43eef812b40cf090
-  data.tar.gz: a2fe1b8c99049ace9618297eebe954f3f744219eb11dc7298364611069ed0eb8
+  metadata.gz: 0bdc9b0322d61da7334ee24e12d415948f8f1117f6824ebb4afe5eec6eadd57e
+  data.tar.gz: bdc4cf0e7a740c4f33f9211b269257cc854ba49f9d190f956dcdb2513cbfef6b
 SHA512:
-  metadata.gz: 534ea176d1c50e3caaafcf10c35fbd4f3ca5732cde8beab21bb3889ea6c85e7011dd52118f1d161dad9f0fb93a2046115fa3e30fc5b637764c02cb35d646b21f
-  data.tar.gz: 2c9fee79c3d3404daac0558c44ed79717e493d47155d58a73fa4485470e119d51cd6be315e4830f449c3c8f96a18ea726eb56bd992db3485d0e3e1cfe692ccf2
+  metadata.gz: 6120695a0dcd0f21cc652e3e37a7b3f2a1573bfc042aba435d97896522cfd92a169c7d66cc73f7bbd2b4e5d8244b37321acda4e42ca61092201f80c584c65552
+  data.tar.gz: 37b171778494c7e5e8b89f16f6c9b0c6e47a22d2c3dc174c7d80e0324dac1a36260a485cc220aa7746d43db757917a8eb11df8dac312e6bee2048f5d0fb56371

data/README.md CHANGED Viewed

@@ -5,13 +5,15 @@
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mattbrictson/bundle_update_interactive/ci.yml)](https://github.com/mattbrictson/bundle_update_interactive/actions/workflows/ci.yml)
 [![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/mattbrictson/bundle_update_interactive)](https://codeclimate.com/github/mattbrictson/bundle_update_interactive)
-This gem adds an `update-interactive` command to [Bundler](https://bundler.io).
+**This gem adds an `update-interactive` command to [Bundler](https://bundler.io).** Run it to see what gems can be updated, then pick and choose which ones to update. If you've used `yarn upgrade-interactive`, the interface should be very familiar.
-https://github.com/user-attachments/assets/3ec11073-b365-4f92-be76-60c9ac73d1be
+<img src="images/update-interactive.png" alt="Screenshot of update-interactive UI" width="1154" />
 ---
 - [Quick start](#quick-start)
+- [Features](#features)
+- [Prior art](#prior-art)
 - [Support](#support)
 - [License](#license)
 - [Code of conduct](#code-of-conduct)
@@ -37,6 +39,85 @@ Or the shorthand:
 bundle ui
 ```
+## Features
+### Semver highlighting
+`bundle update-interactive` highlights each gem according the severity of its version upgrade.
+<img src="images/semver.png" alt="Severities are in red, yellow, and green" width="480" />
+Gems sourced from Git repositories are highlighted in cyan, regardless of the semver change, due to the fact that new commits pulled from the Git repo may not yet be officially released. In this case the semver information is unknown.
+`bundle update-interactive` also highlights the exact portion of the version number that has changed, so you can quickly scan gem versions for important differences.
+<img src="images/version-highlight.png" alt="Screenshot of highlighted version numbers" width="70" />
+### Security vulnerabilities
+`bundle update-interactive` uses [bundler-audit](https://github.com/rubysec/bundler-audit) internally to search for outdated gems that have known security vulnerabilities. These gems are highlighted prominently with white text on a red background.
+<img src="images/security.png" alt="Screenshot of security vulnerability highlighted in red" width="402" />
+Some gems, notably `rails`, are composed of smaller gems like `actionpack`, `activesupport`, `railties`, etc. Because of how these component gem versions are constrained, you cannot update just one of them; they all must be updated together.
+Therefore, if any Rails component has a security vulnerability, `bundle update-interactive` will automatically roll up that information into a single `rails` line item, so you can select it and upgrade all of its components in one shot.
+### Changelogs
+`bundle update-interactive` will do its best to find an appropriate changelog for each gem.
+It prefers the `changelog_uri` [metadata](https://guides.rubygems.org/specification-reference/#metadata) published in the gem itself. However, this metadata field is optional, and many gem authors do not provide it.
+As a fallback, `bundle update-interactive` will check if the gem's source code is hosted on GitHub, and scans the GitHub repo for obvious changelog files like `CHANGELOG.md`, `NEWS`, etc. Finally, if the project is actively documenting versions using GitHub Releases, the Releases URL will be used.
+If you discover a gem that is missing a changelog in `bundle update-interactive`, [log an issue](https://github.com/mattbrictson/bundle_update_interactive/issues) and I'll see if the algorithm can be improved.
+### Git diffs
+If your `Gemfile` sources a gem from a Git repo like this:
+```ruby
+gem "rails", github: "rails/rails", branch: "7-1-stable"
+```
+Then `bundle update-interactive` will show a diff link instead of a changelog, so you can see exactly what changed when the gem is updated. For example:
+https://github.com/rails/rails/compare/5a8d894...77dfa65
+This feature currently works for GitHub, GitLab, and Bitbucket repos.
+### Conservative updates
+`bundle update-interactive` updates the gems you select by running `bundle update --conservative [GEMS...]`. This means that only those specific gems will be updated. Indirect dependencies shared with other gems will not be affected.
+<img src="images/conservative.png" alt="Screenshot of gems being updated" width="762" />
+An exception is made for "meta gems" like `rails` that are composed of dependencies locked at exact versions. For example, if you chose to upgrade `rails`, the actual command issued to Bundler will be:
+```
+bundle update --conservative \
+  rails \
+  actioncable \
+  actionmailbox \
+  actionmailer \
+  actionpack \
+  actiontext \
+  actionview \
+  activejob \
+  activemodel \
+  activerecord \
+  activestorage \
+  activesupport \
+  railties
+```
+## Prior art
+This project was inspired by [yarn upgrade-interactive](https://classic.yarnpkg.com/lang/en/docs/cli/upgrade-interactive/), and borrows many of its interface ideas.
+Before creating `bundle update-interactive`, I published [bundleup](https://github.com/mattbrictson/bundleup), a gem that serves a similar purpose but with a simpler, non-interactive approach.
 ## Support
 If you want to report a bug, or have ideas, feedback or questions about the gem, [let me know via GitHub issues](https://github.com/mattbrictson/bundle_update_interactive/issues/new) and I will do my best to provide a helpful answer. Happy hacking!
@@ -52,3 +133,7 @@ Everyone interacting in this project’s codebases, issue trackers, chat rooms a
 ## Contribution guide
 Pull requests are welcome!
+To test your locally cloned version of `bundle update-interactive`, run `rake install`. This will install the gem and its executable so that you can try it out on other local projects.
+Before submitting a PR, make sure to run `rake` to see if there are any RuboCop or test failures.

data/lib/bundle_update_interactive/changelog_locator.rb CHANGED Viewed

@@ -5,53 +5,77 @@ require "json"
 GITHUB_PATTERN = %r{^(?:https?://)?github\.com/([^/]+/[^/]+)(?:\.git)?/?}.freeze
 URI_KEYS = %w[source_code_uri homepage_uri bug_tracker_uri wiki_uri].freeze
-FILE_PATTERN = /(?:changelog|changes|history|news|release)/.freeze
-EXT_PATTERN = /(?:md|txt|rdoc)/.freeze
+FILE_PATTERN = /changelog|changes|history|news|release/i.freeze
+EXT_PATTERN = /md|txt|rdoc/i.freeze
 module BundleUpdateInteractive
   class ChangelogLocator
-    # TODO: refactor
-    def find_changelog_uri(name:, version: nil) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-      if version
-        response = Faraday.get("https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json")
-        version = nil unless response.success?
+    class GitHubRepo
+      def self.from_uris(*uris)
+        uris.flatten.each do |uri|
+          return new(Regexp.last_match(1)) if uri&.match(GITHUB_PATTERN)
+        end
+        nil
       end
-      response = Faraday.get("https://rubygems.org/api/v1/gems/#{name}.json") if version.nil?
+      attr_reader :path
-      return nil unless response.success?
+      def initialize(path)
+        @path = path
+      end
-      data = JSON.parse(response.body)
+      def discover_changelog_uri(version)
+        repo_html = fetch_repo_html(follow_redirect: true)
+        return if repo_html.nil?
-      version ||= data["version"]
-      changelog_uri = data["changelog_uri"]
-      github_repo = guess_github_repo(data)
+        changelog_path = repo_html[%r{/(#{path}/blob/[^/]+/#{FILE_PATTERN}(?:\.#{EXT_PATTERN})?)"}i, 1]
+        return "https://github.com/#{changelog_path}" if changelog_path
-      if changelog_uri.nil? && github_repo
-        file_list = Faraday.get("https://github.com/#{github_repo}")
-        if file_list.status == 301
-          github_repo = file_list.headers["Location"][GITHUB_PATTERN, 1]
-          file_list = Faraday.get(file_list.headers["Location"])
-        end
-        match = file_list.body.match(%r{/(#{github_repo}/blob/[^/]+/#{FILE_PATTERN}(?:\.#{EXT_PATTERN})?)"}i)
-        changelog_uri = "https://github.com/#{match[1]}" if match
+        releases_url = "https://github.com/#{path}/releases"
+        releases_url if Faraday.head("#{releases_url}/tag/v#{version}").success?
       end
-      if changelog_uri.nil? && github_repo
-        releases_uri = "https://github.com/#{github_repo}/releases"
-        changelog_uri = releases_uri if Faraday.head("#{releases_uri}/tag/v#{version}").success?
+      private
+      def fetch_repo_html(follow_redirect:)
+        response = Faraday.get("https://github.com/#{path}")
+        if response.status == 301 && follow_redirect
+          @path = response.headers["Location"][GITHUB_PATTERN, 1]
+          return fetch_repo_html(follow_redirect: false)
+        end
+        response.success? ? response.body : nil
       end
+    end
+    def find_changelog_uri(name:, version: nil)
+      data = fetch_rubygems_data(name, version)
+      return if data.nil?
-      changelog_uri
+      if (rubygems_changelog_uri = data["changelog_uri"])
+        rubygems_changelog_uri
+      elsif (github_repo = GitHubRepo.from_uris(data.values_at(*URI_KEYS)))
+        github_repo.discover_changelog_uri(data["version"])
+      end
     end
     private
-    def guess_github_repo(data)
-      data.values_at(*URI_KEYS).each do |uri|
-        return Regexp.last_match(1) if uri&.match(GITHUB_PATTERN)
-      end
-      nil
+    def fetch_rubygems_data(name, version)
+      api_url = if version.nil?
+                  "https://rubygems.org/api/v1/gems/#{name}.json"
+                else
+                  "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
+                end
+      response = Faraday.get(api_url)
+      # Try again without the version in case the version does not exist at rubygems for some reason.
+      # This can happen when using a pre-release Ruby that has a bundled gem newer than the published version.
+      return fetch_rubygems_data(name, nil) if !response.success? && !version.nil?
+      response.success? ? JSON.parse(response.body) : nil
     end
   end
 end

data/lib/bundle_update_interactive/outdated_gem.rb CHANGED Viewed

@@ -35,8 +35,8 @@ module BundleUpdateInteractive
       return @changelog_uri if defined?(@changelog_uri)
       @changelog_uri =
-        if git_version_changed?
-          "https://github.com/#{github_repo}/compare/#{current_git_version}...#{updated_git_version}"
+        if (diff_url = build_git_diff_url)
+          diff_url
         elsif rubygems_source?
           changelog_locator.find_changelog_uri(name: name, version: updated_version.to_s)
         else
@@ -56,10 +56,34 @@ module BundleUpdateInteractive
     attr_reader :changelog_locator
+    def build_git_diff_url
+      return nil unless git_version_changed?
+      if github_repo
+        "https://github.com/#{github_repo}/compare/#{current_git_version}...#{updated_git_version}"
+      elsif gitlab_repo
+        "https://gitlab.com/os85/httpx/-/compare/#{current_git_version}...#{updated_git_version}"
+      elsif bitbucket_cloud_repo
+        "https://bitbucket.org/#{bitbucket_cloud_repo}/branches/compare/#{updated_git_version}..#{current_git_version}"
+      end
+    end
     def github_repo
       return nil unless updated_git_version
       git_source_uri.to_s[%r{^(?:git@github.com:|https://github.com/)([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
     end
+    def gitlab_repo
+      return nil unless updated_git_version
+      git_source_uri.to_s[%r{^(?:git@gitlab.com:|https://gitlab.com/)([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
+    end
+    def bitbucket_cloud_repo
+      return nil unless updated_git_version
+      git_source_uri.to_s[%r{(?:@|://)bitbucket.org[:/]([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
+    end
   end
 end

data/lib/bundle_update_interactive/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module BundleUpdateInteractive
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundle_update_interactive
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Matt Brictson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-14 00:00:00.000000000 Z
+date: 2024-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler