RubyGems - chelsea - Versions diffs - 0.0.19 → 0.0.24 - Mend

chelsea 0.0.19 → 0.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.circleci/circleci-readme.md +28 -0
data/.gitignore +3 -0
data/Jenkinsfile +2 -2
data/README.md +36 -45
data/bin/chelsea +2 -1
data/lib/chelsea/cli.rb +2 -1
data/lib/chelsea/iq_client.rb +3 -2
data/lib/chelsea/version.rb +1 -1
metadata +3 -4
data/bin/setup +0 -24

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a44baa47f70b877e0f6b8051962bf0c66eae508bb0fa148d47056b7d5dfdf6bb
-  data.tar.gz: 5565acd13beccaab790612682ae19d50a8b9c4427f83692476ffcbe6ddd5425c
+  metadata.gz: 1f51bc9ebee4f9d00b5c0ddda4c45c692864946b5adde386871f1d5bdbd90782
+  data.tar.gz: ed391b804442208428439d285009b0344215d71789bc71d6e55685c08356bb5a
 SHA512:
-  metadata.gz: 50c1634dae11bd146bbf734706abc60b3c06bb6cab1bb177cbf5e98c528c4d1dd25a0a9fd4d47719b3887dc4aaf9ce7a5f42126d7973b1008eac4c87c99cdd7b
-  data.tar.gz: f8db897e7a16e5f87b8a3f3f0f7a8ae98541d058922c54d4d580fbe36763e128f3b30f9f8cde5f138b410af172208d3948025ee9342858113ab31ea1fe1ac51c
+  metadata.gz: e1bbc05ec99c96ed359aa98a704338f7351780d170f74f09a8e1d4a3b61fb68fc7ba217534ebd8fc56ee05e194820add3601d13eed74cc42f2b6d4c90ba70cb7
+  data.tar.gz: c0c8025f8cc54425e31ff9cd703c743f8b4a7b3c10c023a3da04ad4d6d7b3b38092cf061dd8239e49410ba10ea8707bf28151ae9d52e23459146821838edc054

data/.circleci/circleci-readme.md ADDED

@@ -0,0 +1,28 @@
+CI Debug Notes
+================
+To validate some circleci stuff, I was able to run a “build locally” using the steps below.
+The local build runs in a docker container.
+  * (Once) Install circleci client (`brew install circleci`)
+  * Convert the “real” config.yml into a self contained (non-workspace) config via:
+        circleci config process .circleci/config.yml > .circleci/local-config.yml
+  * Run a local build with the following command:
+        circleci local execute -c .circleci/local-config.yml --job 'build'
+    Typically both commands are run together:
+        circleci config process .circleci/config.yml > .circleci/local-config.yml && circleci local execute -c .circleci/local-config.yml --job 'build'
+    With the above command, operations that cannot occur during a local build will show an error like this:
+      ```
+      ... Error: FAILED with error not supported
+      ```
+      However, the build will proceed and can complete “successfully”, which allows you to verify scripts in your config, etc.
+      If the build does complete successfully, you should see a happy yellow `Success!` message.

data/.gitignore CHANGED

@@ -12,3 +12,6 @@
 .rspec_status
 .byebug_history
 .ruby-version
+# ci config for local ci build
+.circleci/local-config.yml

data/Jenkinsfile CHANGED

@@ -32,12 +32,12 @@ dockerizedBuildPipeline(
         sh '''
         gem build chelsea.gemspec
         gem install ./chelsea-*.gem
-        chelsea --file Gemfile.lock -b -a chelsea -iu $IQ_USERNAME -it $IQ_PASSWORD -i https://policy.ci.sonatype.dev
+        chelsea --file Gemfile.lock -b -a chelsea -iu $IQ_USERNAME -it $IQ_PASSWORD -i https://policy.ci.sonatype.dev --stage stage-release
         '''
       }
     })
   },
-  testResults: [ 'test-results/rspec.xml' ],
+  testResults: [ 'test_results/rspec.xml' ],
   onSuccess: {
     githubStatusUpdate('success')
   },

data/README.md CHANGED

@@ -38,21 +38,10 @@ $ gem install chelsea
 ```
 ```
-$ chelsea
- _____  _            _
-/  __ \| |          | |
-| /  \/| |__    ___ | | ___   ___   __ _
-| |    | '_ \  / _ \| |/ __| / _ \ / _` |
-| \__/\| | | ||  __/| |\__ \|  __/| (_| |
- \____/|_| |_| \___||_||___/ \___| \__,_|
-Version: 0.0.11
-usage: chelsea [options] ...
-Options:
+$ chelsea --help
+usage: /usr/local/bin/chelsea [options]
     -f, --file         Path to your Gemfile.lock
+    -x, --clear        Clear OSS Index cache
     -c, --config       Set persistent config for OSS Index
     -u, --user         Specify OSS Index Username
     -p, --token        Specify OSS Index API Token
@@ -61,9 +50,10 @@ Options:
     -iu, --iquser      Specify the IQ username
     -it, --iqpass      Specify the IQ auth token
     -w, --whitelist    Set path to vulnerability whitelist file
-    -q, --quiet        Make chelsea only output vulnerable third party dependencies for text output (default: false)
+    -v, --verbose      For text format, list dependencies, their reverse dependencies (what brought them in to your project), and if they are vulnerable. (default: false)
     -t, --format       Choose what type of format you want your report in (default: text) (options: text, json, xml)
     -b, --iq           Use Nexus IQ Server to audit your project
+    -s, --stage        Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)
     --version          Print the version
     -h, --help         Show usage
 ```
@@ -96,35 +86,6 @@ Audit Results
 Audit Results will show a list of your third party dependencies, their reverse dependencies (so what brought them in to your project), and if they are vulnerable or not.
-### Quiet usage
-Running with `--quiet` will only output any vulnerable dependencies found, similar to:
-```
- _____  _            _
-/  __ \| |          | |
-| /  \/| |__    ___ | | ___   ___   __ _
-| |    | '_ \  / _ \| |/ __| / _ \ / _` |
-| \__/\| | | ||  __/| |\__ \|  __/| (_| |
- \____/|_| |_| \___||_||___/ \___| \__,_|
-Version: 0.0.11
-[15/31] - pkg:gem/rake@10.5.0 Vulnerable.
-        Required by: domain_name-0.5.20190701
-        Required by: equatable-0.6.1
-        Required by: pastel-0.7.3
-        Required by: public_suffix-4.0.3
-        Required by: rspec_junit_formatter-0.4.1
-        Required by: slop-4.8.1
-        Required by: slop-4.8.0
-        Required by: unf-0.1.4
-        Required by: unf_ext-0.0.7.7
-        Required by: unf_ext-0.0.7.6
-```
-This can be useful if you are only interested in seeing your vulnerable dependencies, and not the whole list.
 ### Usage with Formatters
 Chelsea can be run with a number of different formatters:
@@ -174,7 +135,37 @@ Report URL: http://localhost:8070/ui/links/application/testapp/report/0e0f469269
 ## Development
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+We suggest using [rbenv](https://github.com/rbenv/rbenv) to setup a reliable ruby development environment.
+Follow the [installation steps](https://github.com/rbenv/rbenv#installation).
+For macos (10.15.7), there was a problem with step 2, with: `$ rbenv init`. The command
+printed suggested editing `~/.bashrc`; however, this did not work in our case (even after an OS reboot),
+and we had to instead edit `~/bash_profile`. To sanity check your installation, you should see the
+`.rbenv` directory early in your PATH, e.g.:
+```
+$ echo $PATH
+/Users/<username>/.rbenv/shims:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:...
+```
+We are using ruby version 2.6.6, but newer versions should also work.
+```
+rbenv install 2.6.6
+```
+Install `bundler`:
+```
+gem install bundler
+```
+Install dependencies:
+```
+bundle install
+```
+Run tests:
+```
+bundle exec rspec
+```
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/bin/chelsea CHANGED

@@ -31,9 +31,10 @@ opts =
       o.string '-iu', '--iquser', 'Specify the IQ username', default: 'admin'
       o.string '-it', '--iqpass', 'Specify the IQ auth token', default: 'admin123'
       o.string '-w', '--whitelist', 'Set path to vulnerability whitelist file'
-      o.bool '-v', '--verbose', 'Make chelsea only output vulnerable third party dependencies for text output (default: true)', default: false
+      o.bool '-v', '--verbose', 'For text format, list dependencies, their reverse dependencies (what brought them in to your project), and if they are vulnerable. (default: false)', default: false
       o.string '-t', '--format', 'Choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
       o.bool '-b', '--iq', 'Use Nexus IQ Server to audit your project'
+      o.string '-s', '--stage', 'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)', default: 'build'
       o.on '--version', 'Print the version' do
           puts Chelsea::VERSION
           exit

data/lib/chelsea/cli.rb CHANGED

@@ -63,7 +63,8 @@ module Chelsea
           public_application_id: @opts[:application],
           server_url: @opts[:server],
           username: @opts[:iquser],
-          auth_token: @opts[:iqpass]
+          auth_token: @opts[:iqpass],
+          stage: @opts[:stage]
         }
       )
       bom = Chelsea::Bom.new(gems.deps.dependencies).collect

data/lib/chelsea/iq_client.rb CHANGED

@@ -28,7 +28,8 @@ module Chelsea
       server_url: 'http://localhost:8070',
       username: 'admin',
       auth_token: 'admin123',
-      internal_application_id: ''
+      internal_application_id: '',
+      stage: 'build'
     }
     def initialize(options: DEFAULT_OPTIONS)
       @options = options
@@ -149,7 +150,7 @@ module Chelsea
     end
     def _api_url
-      "#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea"
+      "#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea?stageId=#{@options[:stage]}"
     end
     def _internal_application_id_api_url

data/lib/chelsea/version.rb CHANGED

@@ -15,5 +15,5 @@
 #
 module Chelsea
-  VERSION = '0.0.19'.freeze
+  VERSION = '0.0.24'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chelsea
 version: !ruby/object:Gem::Version
-  version: 0.0.19
+  version: 0.0.24
 platform: ruby
 authors:
 - Allister Beharry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-11 00:00:00.000000000 Z
+date: 2020-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tty-font
@@ -218,10 +218,10 @@ email:
 executables:
 - chelsea
 - console
-- setup
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/circleci-readme.md"
 - ".circleci/config.yml"
 - ".circleci/setup-rubygems.sh"
 - ".github/CONTRIBUTING.md"
@@ -243,7 +243,6 @@ files:
 - Rakefile
 - bin/chelsea
 - bin/console
-- bin/setup
 - chelsea
 - chelsea.gemspec
 - docs/images/chelsea.png

data/bin/setup DELETED

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright 2019-Present Sonatype Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-bundle install
-# Do any other automated setup that you need to do here