danger-spm_version_updates 0.2.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f0dbb2a2025a65d4be1bb5cdd4c33acaae489103521d4e852adfbafc64c23a8
-  data.tar.gz: fa927bb32b7e55f60614122acf9dd13d6c5c487934049d566916bbc434d994ca
+  metadata.gz: 61b370bdf3ace482bdb37078ee355f35ee039c4ba8cf713d9d1d4f205f27fdcc
+  data.tar.gz: dd50d0ce76d7c4f3978c5c3a2a1a9b3fdb72174846a9da9e900f82a072f3fa6b
 SHA512:
-  metadata.gz: 78248f949dc1bbcc7cbec1242763b34bd2abf43be89fdf506944b154f03c18c833e61913e504297a763fe75642e9d5dd3f3be7ece7240bd30bafb1b150348fc1
-  data.tar.gz: 16f2aeebb6402dbbacbc06ee4d5bb3859fa2b4265318e66ce9a68e99a3d8d17a529d84eb3dae264d7498be90526318eb86e333d61fe6cd0c7c8acb333825a6bf
+  metadata.gz: 3363cb64593cbc9d94c154fc85383c3ec336cd776c97ed2e32175fd2861e60e586832d056eaaed4bc7be50aa396bf434362801b8fa7f9041ffbaa72a6f487e94
+  data.tar.gz: a57ff261b848a382f0677b963c5cd712c01729a6cfb54b8976f3cb0e765d49fb9cfb20a25bbdd7d45d456672ba754006f3c84a3e1ee193dc1f69398306d751c5

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2023 Harold Martin <harold.martin@gmail.com>
+Copyright (c) 2023-2024 Harold Martin <harold.martin@gmail.com>
 
 MIT License
 

data/README.md

@@ -1,25 +1,20 @@
 # danger-spm_version_updates
 
-[![CI](https://github.com/hbmartin/danger-spm_version_updates/actions/workflows/lint_and_test.yml/badge.svg)](https://github.com/hbmartin/danger-spm_version_updates/actions/workflows/lint_and_test.yml)
-[![CodeFactor](https://www.codefactor.io/repository/github/hbmartin/danger-spm_version_updates/badge/main)](https://www.codefactor.io/repository/github/hbmartin/danger-spm_version_updates/overview/main)
-[![Gem Version](https://img.shields.io/gem/v/danger-spm_version_updates?color=D86149)](https://rubygems.org/gems/danger-spm_version_updates)
-[![codecov](https://codecov.io/gh/hbmartin/danger-spm_version_updates/graph/badge.svg?token=eXgUoWlvP7)](https://codecov.io/gh/hbmartin/danger-spm_version_updates)
-[![Documentation](https://img.shields.io/badge/Docs-3d3d41?logo=RubyGems)](https://hbmartin.github.io/danger-spm_version_updates/Danger/DangerSpmVersionUpdates.html)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-
-A [Danger](https://danger.systems/ruby/) plugin to detect if there are any updates to your Swift Package Manager dependencies.
-
-It's fast, lightweight, and does not require swift to be installed on the CI where it is run.
-
-Note that version 0.1.0 is the last version to support Ruby 2.7
+A [Danger](https://danger.systems/ruby/) plugin to detect if there are any
+updates to your Swift Package Manager dependencies. It supports both source
+modes — Xcode projects and `Package.swift` manifests — and requires
+Ruby >= 3.2.
+
+The version-checking logic lives in the
+[`spm_version_updates`](https://rubygems.org/gems/spm_version_updates) core
+gem; this plugin is a thin Danger wrapper around it. The same checker also
+powers the
+[Swift Package Version Updates GitHub Action](https://github.com/hbmartin/github-action-spm_version_updates),
+if you'd rather run dependency checks as a standalone action.
 
 ## Installation
 
-```sh
-gem install danger-spm_version_updates
-```
-
-or add the following to your Gemfile:
+Add it to your Gemfile:
 
 ```ruby
 gem "danger-spm_version_updates"
@@ -27,63 +22,34 @@ gem "danger-spm_version_updates"
 
 ## Usage
 
-Just add this to your Dangerfile! Note that it is required to pass the path to your Xcode project.
+Call it from your `Dangerfile`:
 
 ```ruby
-spm_version_updates.check_for_updates("Example.xcodeproj")
+spm_version_updates.check_when_exact = false
+spm_version_updates.report_above_maximum = false
+spm_version_updates.report_pre_releases = false
+spm_version_updates.ignore_repos = ["https://github.com/pointfreeco/swift-snapshot-testing"]
+spm_version_updates.repo_rules_path = ".github/spm-version-rules.yml"
+spm_version_updates.check_for_updates("MyApp.xcodeproj")
 ```
 
-You can also configure custom behaviors:
+Or, for SwiftPM-first repos, check `Package.swift` manifests directly:
 
 ```ruby
-# Whether to check when dependencies are exact versions or commits, default false
-spm_version_updates.check_when_exact = true
-
-# Whether to report versions above the maximum version range, default false
-spm_version_updates.report_above_maximum = true
-
-# Whether to report pre-release versions, default false
-spm_version_updates.report_pre_releases = true
-
-# A list of repository URLs for packages to ignore entirely
-spm_version_updates.ignore_repos = ["https://github.com/pointfreeco/swift-snapshot-testing"]
+spm_version_updates.check_manifests(["Modules/Package.swift", "BuildTools/Package.swift"])
 ```
 
-## Development
-
-1. Clone this repo
-2. Run `bundle install` to setup dependencies.
-3. Run `bundle exec rake spec` to run the tests.
-4. Use `bundle exec guard` to automatically have tests run as you make changes.
-5. Make your changes.
-
-## Authors
-
-- [Harold Martin](https://www.linkedin.com/in/harold-martin-98526971/) - harold.martin at gmail
-
-## Legal
-
-Swift and the Swift logo are trademarks of Apple Inc.
-
-Copyright (c) 2023 Harold Martin
-
-MIT License
+`check_manifests` accepts a single path or a list, and an optional second
+argument with explicit `Package.resolved` paths (by default a
+`Package.resolved` next to each manifest is used). Each available update is
+reported as a Danger `warn` that includes Compare/Releases links for supported
+hosts, the originating manifest, and a ready-to-run `swift package update`
+command in manifest mode.
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+The configurable accessors are: `check_when_exact`, `check_branches`,
+`check_revisions`, `report_above_maximum`, `report_pre_releases`,
+`ignore_repos`, and `repo_rules_path`.
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+## License
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+MIT — see [LICENSE.txt](LICENSE.txt).

data/danger-spm_version_updates.gemspec

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "spm_version_updates/gem_version"
+# This sibling-directory require only resolves inside the repository checkout.
+# `gem build` serializes the literal version into the packaged metadata, so
+# the shipped .gemspec is not meant to be evaluated standalone.
+require_relative "../spm_version_updates/lib/spm_version_updates/version"
 
 Gem::Specification.new do |spec|
   spec.name          = "danger-spm_version_updates"
@@ -13,48 +14,33 @@ Gem::Specification.new do |spec|
   spec.summary       = "A Danger plugin to detect if there are any updates to your Swift Package Manager dependencies."
   spec.homepage      = "https://github.com/hbmartin/danger-spm_version_updates"
   spec.license       = "MIT"
-  spec.required_ruby_version = ">= 3.0"
-
-  spec.files         = Dir['lib/*'] + Dir['lib/**/*'] + Dir['*']
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.required_ruby_version = ">= 3.2"
+
+  release_paths = [
+    "LICENSE.txt",
+    "README.md",
+    "danger-spm_version_updates.gemspec",
+  ]
+  spec.files = begin
+    git_files = begin
+      IO.popen(
+        ["git", "-C", __dir__, "ls-files", "-z", "lib", *release_paths],
+        err: File::NULL,
+        &:read
+      )
+        .split("\x0")
+        .reject(&:empty?)
+    rescue Errno::ENOENT
+      []
+    end
+    fallback_files = Dir.glob(["lib/**/*", *release_paths], base: __dir__)
+      .select { |path| File.file?(File.join(__dir__, path)) }
+    (git_files.empty? ? fallback_files : git_files).sort
+  end
   spec.require_paths = ["lib"]
   spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.add_runtime_dependency("danger-plugin-api", "~> 1.0")
-  spec.add_runtime_dependency("semantic", "~> 1.6")
+  spec.add_runtime_dependency("spm_version_updates", "~> #{SpmVersionUpdates::VERSION}")
   spec.add_runtime_dependency("xcodeproj", "~> 1.24")
-
-  # General ruby development
-  spec.add_development_dependency("bundler", "~> 2.0")
-  spec.add_development_dependency("rake", "~> 13.0")
-
-  # Testing support
-  spec.add_development_dependency("rspec", "~> 3.9")
-  spec.add_development_dependency("simplecov", "~> 0.22")
-  spec.add_development_dependency("simplecov-cobertura", "~> 2.1")
-
-  # Linting code and docs
-  spec.add_development_dependency("reek")
-  spec.add_development_dependency("rubocop", "~> 1.62")
-  spec.add_development_dependency("rubocop-performance")
-  spec.add_development_dependency("rubocop-rake")
-  spec.add_development_dependency("rubocop-rspec")
-  spec.add_development_dependency("yard", "~> 0.9.36")
-
-  # Makes testing easy via `bundle exec guard`
-  spec.add_development_dependency("guard", "~> 2.16")
-  spec.add_development_dependency("guard-rspec", "~> 4.7")
-  spec.add_development_dependency("guard-rubocop", "~> 1.2")
-
-  # If you want to work on older builds of ruby
-  spec.add_development_dependency("listen", "3.0.7")
-
-  # This gives you the chance to run a REPL inside your tests
-  # via:
-  #
-  #    require 'pry'
-  #    binding.pry
-  #
-  # This will stop test execution and let you inspect the results
-  spec.add_development_dependency("pry")
 end

data/lib/danger_spm_version_updates.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require "spm_version_updates/gem_version"
+require "spm_version_updates/version"

data/lib/spm_version_updates/gem_version.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
-module SpmVersionUpdates
-  VERSION = "0.2.0"
-end
+# Compatibility shim: the version constant now lives in the spm_version_updates
+# core gem. Existing `require "spm_version_updates/gem_version"` callers keep
+# working through this file.
+require "spm_version_updates/version"

data/lib/spm_version_updates/git.rb

@@ -1,44 +1,38 @@
 # frozen_string_literal: true
 
+require "spm_version_updates/git_operations"
+require "spm_version_updates/semver"
+
+# Legacy git helper used by the Danger plugin API. Delegates to GitOperations,
+# so lookups gain its retry behavior and raise GitOperations::LsRemoteError
+# instead of masking failures as empty results.
+# @deprecated Use {GitOperations} from the +spm_version_updates+ core gem
+#   instead. This shim exists only for backward compatibility with Dangerfiles
+#   written against +v0.2.0+.
 module Git
+  ALLOWED_PROTOCOLS = GitOperations::ALLOWED_PROTOCOLS
+
   # Removes protocol and trailing .git from a repo URL
   # @param   [String] repo_url
   #          The URL of the repository
   # @return [String]
   def self.trim_repo_url(repo_url)
-    repo_url.split("://").last.gsub(/\.git$/, "")
+    GitOperations.trim_repo_url(repo_url)
   end
 
   # Extract a readable name for the repo given the url, generally org/repo
   # @return [String]
   def self.repo_name(repo_url)
-    match = repo_url.match(%r{([\w-]+/[\w-]+)(.git)?$})
-
-    if match
-      match[1] || match[0]
-    else
-      repo_url
-    end
+    GitOperations.repo_name(repo_url)
   end
 
   # Call git to list tags
   # @param   [String] repo_url
   #          The URL of the dependency's repository
-  # @return [Array<Semantic::Version>]
+  # @raise [GitOperations::LsRemoteError] if the lookup fails after retries
+  # @return [Array<SpmVersionUpdates::Semver>]
   def self.version_tags(repo_url)
-    versions = `git ls-remote -t #{repo_url}`
-      .split("\n")
-      .map { |line| line.split("/tags/").last }
-      .filter_map { |line|
-        begin
-          Semantic::Version.new(line)
-        rescue ArgumentError
-          nil
-        end
-      }
-    versions.sort!
-    versions.reverse!
-    versions
+    GitOperations.version_tags(repo_url)
   end
 
   # Call git to find the last commit on a branch
@@ -46,11 +40,9 @@ module Git
   #          The URL of the dependency's repository
   # @param   [String] branch_name
   #          The name of the branch on which to find the last commit
-  # @return [String]
+  # @raise [GitOperations::LsRemoteError] if the lookup fails after retries
+  # @return [String, nil]
   def self.branch_last_commit(repo_url, branch_name)
-    `git ls-remote -h #{repo_url}`
-      .split("\n")
-      .find { |line| line.split("\trefs/heads/")[1] == branch_name }
-      .split("\trefs/heads/")[0]
+    GitOperations.branch_last_commit(repo_url, branch_name)
   end
 end

data/lib/spm_version_updates/plugin.rb

@@ -1,15 +1,17 @@
 # frozen_string_literal: true
 
-require "semantic"
-require_relative "git"
-require_relative "xcode"
+require "spm_version_updates"
 
+# Danger's plugin namespace, reopened to register {DangerSpmVersionUpdates}.
 module Danger
   # A Danger plugin for checking if there are versions upgrades available for SPM dependencies
   #
   # @example Check if MyApp's SPM dependencies are up to date
   #          spm_version_updates.check_for_updates("MyApp.xcodeproj")
   #
+  # @example Check dependencies declared in Package.swift manifests
+  #          spm_version_updates.check_manifests(["Modules/Package.swift"])
+  #
   # @see  hbmartin/danger-spm_version_updates
   # @tags swift, spm, swift package manager, xcode, xcodeproj, version, updates
   #
@@ -18,6 +20,14 @@ module Danger
     # @return   [Boolean]
     attr_accessor :check_when_exact
 
+    # Whether to check dependencies pinned to a branch for newer commits, default true
+    # @return   [Boolean]
+    attr_accessor :check_branches
+
+    # Whether to report the latest tagged version for dependencies pinned to a revision, default false
+    # @return   [Boolean]
+    attr_accessor :check_revisions
+
     # Whether to report versions above the maximum version range, default false
     # @return   [Boolean]
     attr_accessor :report_above_maximum
@@ -30,99 +40,116 @@ module Danger
     # @return   [Array<String>]
     attr_accessor :ignore_repos
 
+    # Path to a YAML file with per-repository semantic update suppression rules
+    # @return   [String]
+    attr_accessor :repo_rules_path
+
     # A method that you can call from your Dangerfile
     # @param   [String] xcodeproj_path
     #          The path to your Xcode project
-    # @raise [XcodeprojPathMustBeSet] if the xcodeproj_path is blank
+    # @raise [XcodeParser::XcodeprojPathMustBeSet] if the xcodeproj_path is blank
+    # @raise [XcodeParser::CouldNotFindResolvedFile] if no Package.resolved files were found
     # @return   [void]
     def check_for_updates(xcodeproj_path)
-      remote_packages = Xcode.get_packages(xcodeproj_path)
-      resolved_versions = Xcode.get_resolved_versions(xcodeproj_path)
-      $stderr.puts("Found resolved versions for #{resolved_versions.size} packages")
-
-      self.ignore_repos = self.ignore_repos&.map! { |repo| Git.trim_repo_url(repo) }
-
-      remote_packages.each { |repository_url, requirement|
-        next if self.ignore_repos&.include?(repository_url)
-
-        name = Git.repo_name(repository_url)
-        resolved_version = resolved_versions[repository_url]
-        kind = requirement["kind"]
-
-        if resolved_version.nil?
-          $stderr.puts("Unable to locate the current version for #{name} (#{repository_url})")
-          next
-        end
-
-        if kind == "branch"
-          branch = requirement["branch"]
-          last_commit = Git.branch_last_commit(repository_url, branch)
-          warn("Newer commit available for #{name} (#{branch}): #{last_commit}") unless last_commit == resolved_version
-          next
-        end
-
-        available_versions = Git.version_tags(repository_url)
-        next if available_versions.first.to_s == resolved_version
-
-        if kind == "exactVersion" && @check_when_exact
-          warn_for_new_versions_exact(available_versions, name, resolved_version)
-        elsif kind == "upToNextMajorVersion"
-          warn_for_new_versions(:major, available_versions, name, resolved_version)
-        elsif kind == "upToNextMinorVersion"
-          warn_for_new_versions(:minor, available_versions, name, resolved_version)
-        elsif kind == "versionRange"
-          warn_for_new_versions_range(available_versions, name, requirement, resolved_version)
-        end
-      }
+      run_checker { |checker| checker.check_for_updates(xcodeproj_path) }
+    end
+
+    # Check for updates to dependencies declared in one or more Package.swift manifests
+    # @param   [Array<String>, String] manifest_paths
+    #          One or more paths to Package.swift manifests
+    # @param   [Array<String>, String, nil] resolved_paths
+    #          Optional explicit Package.resolved paths; defaults to a
+    #          Package.resolved next to each manifest
+    # @raise [ManifestParser::ManifestPathMustBeSet] if manifest_paths is blank
+    # @raise [ManifestParser::CouldNotFindManifest] if a manifest does not exist
+    # @raise [ManifestParser::CouldNotFindResolvedFile] if an expected Package.resolved is missing
+    # @return   [void]
+    def check_manifests(manifest_paths, resolved_paths = nil)
+      paths = Array(manifest_paths).map(&:to_s).reject(&:empty?)
+      raise(ManifestParser::ManifestPathMustBeSet) if paths.empty?
+
+      run_checker { |checker| checker.check_manifests(paths, Array(resolved_paths)) }
     end
 
     private
 
-    def warn_for_new_versions_exact(available_versions, name, resolved_version)
-      newest_version = available_versions.find { |version|
-        report_pre_releases ? true : version.pre.nil?
+    def run_checker
+      checker = build_checker
+      yield(checker)
+      emit_checker_warnings(checker)
+    end
+
+    def build_checker
+      SpmChecker.new.tap { |checker|
+        copy_accessors(checker)
+        checker.repository_update_rules = repository_update_rules
+        checker.lookup_failure_handler = method(:warn_lookup_failure)
+        checker.malformed_resolved_handler = method(:warn_malformed_resolved)
       }
-      warn(
-        <<-TEXT
-Newer version of #{name}: #{newest_version} (but this package is set to exact version #{resolved_version})
-        TEXT
-      ) unless newest_version.to_s == resolved_version
     end
 
-    def warn_for_new_versions_range(available_versions, name, requirement, resolved_version)
-      max_version = Semantic::Version.new(requirement["maximumVersion"])
-      if available_versions.first < max_version
-        warn("Newer version of #{name}: #{available_versions.first}")
-      else
-        newest_meeting_reqs = available_versions.find { |version|
-          version < max_version && (report_pre_releases ? true : version.pre.nil?)
-        }
-        warn("Newer version of #{name}: #{newest_meeting_reqs}") unless newest_meeting_reqs.to_s == resolved_version
-        warn(
-          <<-TEXT
-Newest version of #{name}: #{available_versions.first} (but this package is configured up to the next #{max_version} version)
-          TEXT
-        ) if report_above_maximum
-      end
+    def copy_accessors(checker)
+      checker.check_when_exact = check_when_exact
+      checker.check_branches = check_branches != false
+      checker.check_revisions = check_revisions
+      checker.report_above_maximum = report_above_maximum
+      checker.report_pre_releases = report_pre_releases
+      checker.ignore_repos = Array(ignore_repos)
     end
 
-    def warn_for_new_versions(major_or_minor, available_versions, name, resolved_version_string)
-      resolved_version = Semantic::Version.new(resolved_version_string)
-      newest_meeting_reqs = available_versions.find { |version|
-        (version.send(major_or_minor) == resolved_version.send(major_or_minor)) && (report_pre_releases ? true : version.pre.nil?)
-      }
+    def emit_checker_warnings(checker)
+      checker.warning_details.each { |detail| warn(render_warning(detail)) }
+      checker.parse_warnings.each { |record| warn(render_parse_warning(record)) }
+    end
 
-      warn("Newer version of #{name}: #{newest_meeting_reqs}") unless newest_meeting_reqs == resolved_version
-      return unless report_above_maximum
+    # Builds the Danger warning markdown for a `.package(...)` declaration the
+    # manifest parser had to skip.
+    def render_parse_warning(record)
+      "#{record['message']} ([open an issue](#{ParseWarning.issue_link(record)}))"
+    end
 
-      newest_above_reqs = available_versions.find { |version|
-        report_pre_releases ? true : version.pre.nil?
-      }
-      warn(
-        <<-TEXT
-Newest version of #{name}: #{available_versions.first} (but this package is configured up to the next #{major_or_minor} version)
-        TEXT
-      ) unless newest_above_reqs == newest_meeting_reqs || newest_meeting_reqs.to_s == resolved_version
+    # Builds the Danger warning markdown for one structured warning detail:
+    # message, compare/release links when the host is supported, and the
+    # originating manifest. Uses <br> rather than newlines because Danger
+    # renders warnings inside a markdown table.
+    def render_warning(detail)
+      message = detail[:message]
+      links = warning_links(detail)
+      message = "#{message} (#{links})" if links
+
+      source = detail[:source]
+      message = "#{message}<br>Source: `#{source}`" if source
+
+      command = detail[:suggested_command]
+      command ? "#{message}<br>Update: `#{command}`" : message
+    end
+
+    def warning_links(detail)
+      link = RepositoryLink.from(detail[:repository_url])
+      return unless link
+
+      current, available = detail.values_at(:current_version, :available_version)
+      return unless current && available
+
+      link.markdown_links([{ current:, available: }], separator: " · ")
+    end
+
+    # Emits a Danger warning for a package whose remote lookup failed.
+    # @param package [SpmPackageContext] the package whose lookup failed
+    # @param error [GitOperations::LsRemoteError] the lookup failure
+    def warn_lookup_failure(package, error)
+      warn("Unable to check #{package.name} (#{package.normalized_url}) for updates: #{error.message}")
+    end
+
+    # Emits a Danger warning for a Package.resolved file that could not be parsed.
+    # @param resolved_path [String] the malformed file
+    # @param error [PackageResolved::MalformedFileError] the parse failure
+    def warn_malformed_resolved(resolved_path, error)
+      warn("Skipping malformed Package.resolved file #{resolved_path}: #{error.message}")
+    end
+
+    def repository_update_rules
+      repo_rules_path ? RepositoryUpdateRules.load_file(repo_rules_path) : RepositoryUpdateRules.empty
     end
   end
 end

data/lib/spm_version_updates/xcode.rb

@@ -1,7 +1,14 @@
 # frozen_string_literal: true
 
+require "spm_version_updates/package_resolved"
+require "spm_version_updates/xcode_parser"
+require "spm_version_updates/xcode_project_package_reader"
 require "xcodeproj"
 
+# Legacy Xcode project parser used by the Danger plugin API.
+# @deprecated Use {XcodeProjectPackageReader} and {XcodeParser} from the
+#   +spm_version_updates+ core gem instead. This shim exists only for backward
+#   compatibility with Dangerfiles written against +v0.2.0+.
 module Xcode
   # Find the configured SPM dependencies in the xcodeproj
   # @param   [String] xcodeproj_path
@@ -10,62 +17,53 @@ module Xcode
   def self.get_packages(xcodeproj_path)
     raise(XcodeprojPathMustBeSet) if xcodeproj_path.nil? || xcodeproj_path.empty?
 
-    project = Xcodeproj::Project.open(xcodeproj_path)
-    project.objects.select { |obj|
-      obj.kind_of?(Xcodeproj::Project::Object::XCRemoteSwiftPackageReference) &&
-        obj.requirement["kind"] != "commit"
+    XcodeProjectPackageReader.package_references(xcodeproj_path).to_h { |package|
+      repository_url = package.repository_url
+      [Git.trim_repo_url(repository_url), package.requirement]
     }
-      .to_h { |package|
-        [Git.trim_repo_url(package.repositoryURL), package.requirement]
-      }
   end
 
-  # Extracts resolved versions from Package.resolved relative to an Xcode project
+  # Extracts resolved versions from Package.resolved relative to an Xcode project.
+  # When a block is given, malformed resolved files are reported to it as
+  # `(resolved_path, error)` and skipped; without a block the error is raised.
   # @param   [String] xcodeproj_path
   #          The path to your Xcode project
   # @raise [CouldNotFindResolvedFile] if no Package.resolved files were found
+  # @raise [PackageResolved::MalformedFileError] if a resolved file is invalid JSON and no block is given
   # @return [Hash<String, String>]
   def self.get_resolved_versions(xcodeproj_path)
     resolved_paths = find_packages_resolved_file(xcodeproj_path)
     raise(CouldNotFindResolvedFile) if resolved_paths.empty?
 
-    resolved_versions = resolved_paths.map { |resolved_path|
-      contents = JSON.load_file!(resolved_path)
-      pins = contents["pins"] || contents["object"]["pins"]
-      pins.to_h { |pin|
-        [
-          Git.trim_repo_url(pin["location"] || pin["repositoryURL"]),
-          pin["state"]["version"] || pin["state"]["revision"],
-        ]
-      }
+    resolved_paths.each_with_object({}) { |resolved_path, pins|
+      begin
+        pins.merge!(PackageResolved.versions_from(resolved_path))
+      rescue PackageResolved::MalformedFileError => error
+        raise unless block_given?
+
+        yield(resolved_path, error)
+      end
     }
-    resolved_versions.reduce(:merge!)
   end
 
   # Find the Packages.resolved file
   # @return [Array<String>]
   def self.find_packages_resolved_file(xcodeproj_path)
-    locations = []
-    # First check the workspace for a resolved file
-    workspace = xcodeproj_path.sub("xcodeproj", "xcworkspace")
-    if Dir.exist?(workspace)
-      path = File.join(workspace, "xcshareddata", "swiftpm", "Package.resolved")
-      locations << path if File.exist?(path)
-    end
-
-    # Then check the project for a resolved file
-    path = File.join(xcodeproj_path, "project.xcworkspace", "xcshareddata", "swiftpm", "Package.resolved")
-    locations << path if File.exist?(path)
+    checked = XcodeProjectPackageReader.package_resolved_candidate_paths(xcodeproj_path)
+    locations = checked.select { |path| File.exist?(path) }
 
-    $stderr.puts("Searching for resolved packages in: #{locations}")
+    Kernel.warn("Checked Package.resolved paths: #{checked}")
+    Kernel.warn("Found Package.resolved paths: #{locations}")
     locations
   end
 
   private_class_method :find_packages_resolved_file
 
-  class XcodeprojPathMustBeSet < StandardError
-  end
+  # Raised when Danger plugin Xcode mode is invoked without a project path.
+  # Aliased to the core parser's class so plugin callers rescuing the legacy
+  # name keep working now that the plugin delegates to SpmChecker/XcodeParser.
+  XcodeprojPathMustBeSet = XcodeParser::XcodeprojPathMustBeSet
 
-  class CouldNotFindResolvedFile < StandardError
-  end
+  # Raised when a Danger plugin Xcode project has no Package.resolved file.
+  CouldNotFindResolvedFile = XcodeParser::CouldNotFindResolvedFile
 end