bundle_update_interactive 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29c88bba35c4c9dc4c8240fc82afaa24c6ca1285ceceef1a43eef812b40cf090
4
- data.tar.gz: a2fe1b8c99049ace9618297eebe954f3f744219eb11dc7298364611069ed0eb8
3
+ metadata.gz: 0bdc9b0322d61da7334ee24e12d415948f8f1117f6824ebb4afe5eec6eadd57e
4
+ data.tar.gz: bdc4cf0e7a740c4f33f9211b269257cc854ba49f9d190f956dcdb2513cbfef6b
5
5
  SHA512:
6
- metadata.gz: 534ea176d1c50e3caaafcf10c35fbd4f3ca5732cde8beab21bb3889ea6c85e7011dd52118f1d161dad9f0fb93a2046115fa3e30fc5b637764c02cb35d646b21f
7
- data.tar.gz: 2c9fee79c3d3404daac0558c44ed79717e493d47155d58a73fa4485470e119d51cd6be315e4830f449c3c8f96a18ea726eb56bd992db3485d0e3e1cfe692ccf2
6
+ metadata.gz: 6120695a0dcd0f21cc652e3e37a7b3f2a1573bfc042aba435d97896522cfd92a169c7d66cc73f7bbd2b4e5d8244b37321acda4e42ca61092201f80c584c65552
7
+ data.tar.gz: 37b171778494c7e5e8b89f16f6c9b0c6e47a22d2c3dc174c7d80e0324dac1a36260a485cc220aa7746d43db757917a8eb11df8dac312e6bee2048f5d0fb56371
data/README.md CHANGED
@@ -5,13 +5,15 @@
5
5
  [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mattbrictson/bundle_update_interactive/ci.yml)](https://github.com/mattbrictson/bundle_update_interactive/actions/workflows/ci.yml)
6
6
  [![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/mattbrictson/bundle_update_interactive)](https://codeclimate.com/github/mattbrictson/bundle_update_interactive)
7
7
 
8
- This gem adds an `update-interactive` command to [Bundler](https://bundler.io).
8
+ **This gem adds an `update-interactive` command to [Bundler](https://bundler.io).** Run it to see what gems can be updated, then pick and choose which ones to update. If you've used `yarn upgrade-interactive`, the interface should be very familiar.
9
9
 
10
- https://github.com/user-attachments/assets/3ec11073-b365-4f92-be76-60c9ac73d1be
10
+ <img src="images/update-interactive.png" alt="Screenshot of update-interactive UI" width="1154" />
11
11
 
12
12
  ---
13
13
 
14
14
  - [Quick start](#quick-start)
15
+ - [Features](#features)
16
+ - [Prior art](#prior-art)
15
17
  - [Support](#support)
16
18
  - [License](#license)
17
19
  - [Code of conduct](#code-of-conduct)
@@ -37,6 +39,85 @@ Or the shorthand:
37
39
  bundle ui
38
40
  ```
39
41
 
42
+ ## Features
43
+
44
+ ### Semver highlighting
45
+
46
+ `bundle update-interactive` highlights each gem according the severity of its version upgrade.
47
+
48
+ <img src="images/semver.png" alt="Severities are in red, yellow, and green" width="480" />
49
+
50
+ Gems sourced from Git repositories are highlighted in cyan, regardless of the semver change, due to the fact that new commits pulled from the Git repo may not yet be officially released. In this case the semver information is unknown.
51
+
52
+ `bundle update-interactive` also highlights the exact portion of the version number that has changed, so you can quickly scan gem versions for important differences.
53
+
54
+ <img src="images/version-highlight.png" alt="Screenshot of highlighted version numbers" width="70" />
55
+
56
+ ### Security vulnerabilities
57
+
58
+ `bundle update-interactive` uses [bundler-audit](https://github.com/rubysec/bundler-audit) internally to search for outdated gems that have known security vulnerabilities. These gems are highlighted prominently with white text on a red background.
59
+
60
+ <img src="images/security.png" alt="Screenshot of security vulnerability highlighted in red" width="402" />
61
+
62
+ Some gems, notably `rails`, are composed of smaller gems like `actionpack`, `activesupport`, `railties`, etc. Because of how these component gem versions are constrained, you cannot update just one of them; they all must be updated together.
63
+
64
+ Therefore, if any Rails component has a security vulnerability, `bundle update-interactive` will automatically roll up that information into a single `rails` line item, so you can select it and upgrade all of its components in one shot.
65
+
66
+ ### Changelogs
67
+
68
+ `bundle update-interactive` will do its best to find an appropriate changelog for each gem.
69
+
70
+ It prefers the `changelog_uri` [metadata](https://guides.rubygems.org/specification-reference/#metadata) published in the gem itself. However, this metadata field is optional, and many gem authors do not provide it.
71
+
72
+ As a fallback, `bundle update-interactive` will check if the gem's source code is hosted on GitHub, and scans the GitHub repo for obvious changelog files like `CHANGELOG.md`, `NEWS`, etc. Finally, if the project is actively documenting versions using GitHub Releases, the Releases URL will be used.
73
+
74
+ If you discover a gem that is missing a changelog in `bundle update-interactive`, [log an issue](https://github.com/mattbrictson/bundle_update_interactive/issues) and I'll see if the algorithm can be improved.
75
+
76
+ ### Git diffs
77
+
78
+ If your `Gemfile` sources a gem from a Git repo like this:
79
+
80
+ ```ruby
81
+ gem "rails", github: "rails/rails", branch: "7-1-stable"
82
+ ```
83
+
84
+ Then `bundle update-interactive` will show a diff link instead of a changelog, so you can see exactly what changed when the gem is updated. For example:
85
+
86
+ https://github.com/rails/rails/compare/5a8d894...77dfa65
87
+
88
+ This feature currently works for GitHub, GitLab, and Bitbucket repos.
89
+
90
+ ### Conservative updates
91
+
92
+ `bundle update-interactive` updates the gems you select by running `bundle update --conservative [GEMS...]`. This means that only those specific gems will be updated. Indirect dependencies shared with other gems will not be affected.
93
+
94
+ <img src="images/conservative.png" alt="Screenshot of gems being updated" width="762" />
95
+
96
+ An exception is made for "meta gems" like `rails` that are composed of dependencies locked at exact versions. For example, if you chose to upgrade `rails`, the actual command issued to Bundler will be:
97
+
98
+ ```
99
+ bundle update --conservative \
100
+ rails \
101
+ actioncable \
102
+ actionmailbox \
103
+ actionmailer \
104
+ actionpack \
105
+ actiontext \
106
+ actionview \
107
+ activejob \
108
+ activemodel \
109
+ activerecord \
110
+ activestorage \
111
+ activesupport \
112
+ railties
113
+ ```
114
+
115
+ ## Prior art
116
+
117
+ This project was inspired by [yarn upgrade-interactive](https://classic.yarnpkg.com/lang/en/docs/cli/upgrade-interactive/), and borrows many of its interface ideas.
118
+
119
+ Before creating `bundle update-interactive`, I published [bundleup](https://github.com/mattbrictson/bundleup), a gem that serves a similar purpose but with a simpler, non-interactive approach.
120
+
40
121
  ## Support
41
122
 
42
123
  If you want to report a bug, or have ideas, feedback or questions about the gem, [let me know via GitHub issues](https://github.com/mattbrictson/bundle_update_interactive/issues/new) and I will do my best to provide a helpful answer. Happy hacking!
@@ -52,3 +133,7 @@ Everyone interacting in this project’s codebases, issue trackers, chat rooms a
52
133
  ## Contribution guide
53
134
 
54
135
  Pull requests are welcome!
136
+
137
+ To test your locally cloned version of `bundle update-interactive`, run `rake install`. This will install the gem and its executable so that you can try it out on other local projects.
138
+
139
+ Before submitting a PR, make sure to run `rake` to see if there are any RuboCop or test failures.
@@ -5,53 +5,77 @@ require "json"
5
5
 
6
6
  GITHUB_PATTERN = %r{^(?:https?://)?github\.com/([^/]+/[^/]+)(?:\.git)?/?}.freeze
7
7
  URI_KEYS = %w[source_code_uri homepage_uri bug_tracker_uri wiki_uri].freeze
8
- FILE_PATTERN = /(?:changelog|changes|history|news|release)/.freeze
9
- EXT_PATTERN = /(?:md|txt|rdoc)/.freeze
8
+ FILE_PATTERN = /changelog|changes|history|news|release/i.freeze
9
+ EXT_PATTERN = /md|txt|rdoc/i.freeze
10
10
 
11
11
  module BundleUpdateInteractive
12
12
  class ChangelogLocator
13
- # TODO: refactor
14
- def find_changelog_uri(name:, version: nil) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
15
- if version
16
- response = Faraday.get("https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json")
17
- version = nil unless response.success?
13
+ class GitHubRepo
14
+ def self.from_uris(*uris)
15
+ uris.flatten.each do |uri|
16
+ return new(Regexp.last_match(1)) if uri&.match(GITHUB_PATTERN)
17
+ end
18
+ nil
18
19
  end
19
20
 
20
- response = Faraday.get("https://rubygems.org/api/v1/gems/#{name}.json") if version.nil?
21
+ attr_reader :path
21
22
 
22
- return nil unless response.success?
23
+ def initialize(path)
24
+ @path = path
25
+ end
23
26
 
24
- data = JSON.parse(response.body)
27
+ def discover_changelog_uri(version)
28
+ repo_html = fetch_repo_html(follow_redirect: true)
29
+ return if repo_html.nil?
25
30
 
26
- version ||= data["version"]
27
- changelog_uri = data["changelog_uri"]
28
- github_repo = guess_github_repo(data)
31
+ changelog_path = repo_html[%r{/(#{path}/blob/[^/]+/#{FILE_PATTERN}(?:\.#{EXT_PATTERN})?)"}i, 1]
32
+ return "https://github.com/#{changelog_path}" if changelog_path
29
33
 
30
- if changelog_uri.nil? && github_repo
31
- file_list = Faraday.get("https://github.com/#{github_repo}")
32
- if file_list.status == 301
33
- github_repo = file_list.headers["Location"][GITHUB_PATTERN, 1]
34
- file_list = Faraday.get(file_list.headers["Location"])
35
- end
36
- match = file_list.body.match(%r{/(#{github_repo}/blob/[^/]+/#{FILE_PATTERN}(?:\.#{EXT_PATTERN})?)"}i)
37
- changelog_uri = "https://github.com/#{match[1]}" if match
34
+ releases_url = "https://github.com/#{path}/releases"
35
+ releases_url if Faraday.head("#{releases_url}/tag/v#{version}").success?
38
36
  end
39
37
 
40
- if changelog_uri.nil? && github_repo
41
- releases_uri = "https://github.com/#{github_repo}/releases"
42
- changelog_uri = releases_uri if Faraday.head("#{releases_uri}/tag/v#{version}").success?
38
+ private
39
+
40
+ def fetch_repo_html(follow_redirect:)
41
+ response = Faraday.get("https://github.com/#{path}")
42
+
43
+ if response.status == 301 && follow_redirect
44
+ @path = response.headers["Location"][GITHUB_PATTERN, 1]
45
+ return fetch_repo_html(follow_redirect: false)
46
+ end
47
+
48
+ response.success? ? response.body : nil
43
49
  end
50
+ end
51
+
52
+ def find_changelog_uri(name:, version: nil)
53
+ data = fetch_rubygems_data(name, version)
54
+ return if data.nil?
44
55
 
45
- changelog_uri
56
+ if (rubygems_changelog_uri = data["changelog_uri"])
57
+ rubygems_changelog_uri
58
+ elsif (github_repo = GitHubRepo.from_uris(data.values_at(*URI_KEYS)))
59
+ github_repo.discover_changelog_uri(data["version"])
60
+ end
46
61
  end
47
62
 
48
63
  private
49
64
 
50
- def guess_github_repo(data)
51
- data.values_at(*URI_KEYS).each do |uri|
52
- return Regexp.last_match(1) if uri&.match(GITHUB_PATTERN)
53
- end
54
- nil
65
+ def fetch_rubygems_data(name, version)
66
+ api_url = if version.nil?
67
+ "https://rubygems.org/api/v1/gems/#{name}.json"
68
+ else
69
+ "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
70
+ end
71
+
72
+ response = Faraday.get(api_url)
73
+
74
+ # Try again without the version in case the version does not exist at rubygems for some reason.
75
+ # This can happen when using a pre-release Ruby that has a bundled gem newer than the published version.
76
+ return fetch_rubygems_data(name, nil) if !response.success? && !version.nil?
77
+
78
+ response.success? ? JSON.parse(response.body) : nil
55
79
  end
56
80
  end
57
81
  end
@@ -35,8 +35,8 @@ module BundleUpdateInteractive
35
35
  return @changelog_uri if defined?(@changelog_uri)
36
36
 
37
37
  @changelog_uri =
38
- if git_version_changed?
39
- "https://github.com/#{github_repo}/compare/#{current_git_version}...#{updated_git_version}"
38
+ if (diff_url = build_git_diff_url)
39
+ diff_url
40
40
  elsif rubygems_source?
41
41
  changelog_locator.find_changelog_uri(name: name, version: updated_version.to_s)
42
42
  else
@@ -56,10 +56,34 @@ module BundleUpdateInteractive
56
56
 
57
57
  attr_reader :changelog_locator
58
58
 
59
+ def build_git_diff_url
60
+ return nil unless git_version_changed?
61
+
62
+ if github_repo
63
+ "https://github.com/#{github_repo}/compare/#{current_git_version}...#{updated_git_version}"
64
+ elsif gitlab_repo
65
+ "https://gitlab.com/os85/httpx/-/compare/#{current_git_version}...#{updated_git_version}"
66
+ elsif bitbucket_cloud_repo
67
+ "https://bitbucket.org/#{bitbucket_cloud_repo}/branches/compare/#{updated_git_version}..#{current_git_version}"
68
+ end
69
+ end
70
+
59
71
  def github_repo
60
72
  return nil unless updated_git_version
61
73
 
62
74
  git_source_uri.to_s[%r{^(?:git@github.com:|https://github.com/)([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
63
75
  end
76
+
77
+ def gitlab_repo
78
+ return nil unless updated_git_version
79
+
80
+ git_source_uri.to_s[%r{^(?:git@gitlab.com:|https://gitlab.com/)([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
81
+ end
82
+
83
+ def bitbucket_cloud_repo
84
+ return nil unless updated_git_version
85
+
86
+ git_source_uri.to_s[%r{(?:@|://)bitbucket.org[:/]([^/]+/[^/]+?)(:?\.git)?(?:$|/)}i, 1]
87
+ end
64
88
  end
65
89
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BundleUpdateInteractive
4
- VERSION = "0.2.0"
4
+ VERSION = "0.3.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundle_update_interactive
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Brictson
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-07-14 00:00:00.000000000 Z
11
+ date: 2024-07-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler