denmark 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6380ca654ddd088c98333d7138d04aaa373ca55c6b9daa36b444f7e4989789c5
+  data.tar.gz: df1b592c399613a81d12b5a6737d86dca9c4ac82cf51474fd6f39a3488996805
+SHA512:
+  metadata.gz: a15992e3393807a833f289729d83abcb71cee333aebd06292fde936e82bcb7e52ff65e10522d3726864c024beada6de74509ffac1c0141e8aedb82c6769e07bc
+  data.tar.gz: f8f892945406e0b74a6d3b21c4ed004779a5278302e468271cd33c3167a1ab089a6eacd30a8524fe412bdf70f886a4da9d5dd7caf7ef48c96dd189f6de23f74f

data/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,182 @@
+# Denmark
+
+> Something is rotten in the state of Denmark.<br />
+> -- *Horatio* in Shakespeare's Hamlet
+
+I'm sure you've had the experience of evaluating modules on the Puppet Forge. Maybe
+you were comparing a handful that all claimed to meet your needs, or maybe you were
+just determining whether a specific module met your standards for deploying into
+your production environment.
+
+How did you go about it? You probably
+
+* Skimmed the module's README for signs of the author's diligence.
+* Poked through the issue list and pull requests on the repository hosting the module
+  source to see how responsive the maintainers were to community collaboration.
+* Checked the changelog for consistency.
+* Maybe you even checked the commit history to see if there were unreleased fixes, or
+  compared tags against the published version(s).
+
+Wouldn't it be nice to automate some of this due diligence? That's what `denmark` does.
+The Shakespeare quote refers to corruption at the top of a political hierarchy making
+its way down through the entire state. In the context of this tool, it means that often
+we can detect concerns with a project by sniffing around the edges and seeing if anything
+rolling downhill stinks.
+
+⚠️⚠️⚠️ ***Warning:** This is a very early release. It will be some time before the smell checks
+it does are actually representative of the things you should be concerned about.*
+
+
+## Overview
+
+Denmark takes the name of a module, then extracts information from the Forge and from
+the repository server hosting the module's source. This means that it relies on the
+module to have an accurate `source` or `project_page` key set in its `metadata.json`.
+Denmark currently supports both GitHub and GitLab source repositories.
+
+Running Denmark will generate a report on your terminal of things you should look into.
+Of course, if you'd like to integrate it into other tooling, it's also got JSON output.
+
+```
+$ denmark smell binford2k-node_encrypt --detail
+
+[RED] alerts:
+  The version released on the Forge does not match the version in the repository.
+    > Validate that the Forge release is not compromised and is the latest released version.
+
+[YELLOW] alerts:
+  60% of the issues in this module's repository are more than 3 years old.
+    > Many very old issues may indicate that the maintainer is not responding to community feedback.
+  The version released on the Forge does not match the latest tag in the repo.
+    > This sometimes just indicates sloppy release practices, but could indicate a compromised Forge release.
+  The module was not published to the Forge on the same day that the latest release was tagged.
+    > This sometimes just indicates sloppy release practices, but could indicate a compromised Forge release.
+
+[GREEN] alerts:
+  There was a gap of at least a year between the last two releases.
+    > A large gap between releases often shows sporadic maintenance. This is not always bad.
+```
+
+As you can see, I've got some sloppiness issues on my module that I should go clean up!
+Turns out that I'd built and published the module locally, but forgot to push and tag my
+changes.
+
+
+## Installation
+
+Denmark is shipped as a standard RubyGem.
+
+```
+$ gem install denmark
+```
+
+
+## Configuration
+
+GitHub allows anonymous rate-limited access to its API. If you're just evaluating a single
+module, you can just use this tool, as long as the module source is on GitHub. If you're
+evaluating many modules or any modules with their source on GitLab, you'll need tokens:
+
+### `~/.config/denmark.yaml`
+``` yaml
+---
+:gitlab:
+  :token: <token>
+:github:
+  :token: <token>
+```
+
+See these pages for instructions on generating tokens:
+
+* [GitHub](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line)
+* [GitLab](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
+
+
+## Contributing
+
+Denmark keeps individual smell tests in plugin files in the `lib/denmark/plugins/` directory.
+See the existing plugins for examples of the existing tests.
+
+Start by copying the skeleton file below into a new plugin source file. This
+should be a Ruby file that lives in `lib/denmark/plugins/` and defines a single
+class named after its filename. For example, if you wanted to write a plugin to
+analyze the readability of the README file, you might create the class
+`Dropsonde::Metrics::Readme` in the Ruby file named `lib/denmark/plugins/readme.rb`.
+
+Hooks are defined as a series of class methods and each of them is documented
+below. Flesh each method out as needed.
+
+``` ruby
+class Denmark::Plugins::Demo
+  def self.description
+    # Return a string explaining what this smell test evaluates.
+  end
+
+  def self.setup
+    # run just before generating this metric. Seldom used.
+  end
+
+  @param mod The Puppet module object returned from the Forge API
+  @param repo An object representing the git repository. See below for abstraction details
+  @returns Array[Hash] Test outputs to be merged into the combined report.
+  def self.run(mod, repo)
+    # return an array of hashes representing the data to be merged into the combined report.
+    # See below for the API.
+  end
+
+  def self.cleanup
+    # run just after generating this metric. Seldom used.
+  end
+end
+
+```
+
+### Plugin return value
+
+Your plugin should return an array of hashes representing the smells discovered. You must
+return an array, even if it's empty. It should look like so:
+
+``` ruby
+[
+    {
+        severity: :orange,
+        message: "The warning message.",
+        explanation: "A longform explanation of why this could be a problem. This is displayed when --detail is used.",
+    },
+]
+```
+
+#### Severity levels
+
+* `:red`: The most severe level. This is almost certainly a problem and must be investigated.
+* `:orage`
+* `:yellow`
+* `:green`: The least severe level. Mostly informational, but you should know about it.
+
+#### Repository abstraction
+
+The `Denmark::Repository` object is a _very_ thin wrapper around the GitHub and GitLab APIs.
+It abstracts slight differences between the APIs and adds some helper methods to make it
+simpler to do common things like load the contents of a file. See the source of
+[lib/denmark/repository.rb](lib/denmark/repository.rb) for the methods it exposes.
+
+We've also extended the `Array` class with a `.percent_of` method. This allows you to quickly
+identify the percentage of items in an array that match a condition you specify in a block.
+For example, this snippet returns the integer percentage of the issues on a repo with no comments:
+
+``` ruby
+unanswered = repo.issues.percent_of {|i| i.comments == 0 }
+```
+
+
+## Limitations
+
+This tool is extremely early in its development and the output API is not yet formally defined.
+If you write tooling to use it, then make your tooling resilient to changes.
+
+
+Contact
+-------
+
+community@puppet.com
+

data/bin/denmark

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+require 'gli'
+require 'denmark'
+require 'denmark/version'
+
+class Denmark
+  extend GLI::App
+
+  program_desc 'A simple tool for checking Puppet Forge modules for maintenance smells'
+  version      Denmark::VERSION
+
+  pre do |global, command, options, args|
+    Denmark.config = YAML.load_file("#{Dir.home}/.config/denmark.yaml") rescue {}
+  end
+
+  desc 'Verbose output'
+  switch [:verbose, :v]
+
+  desc 'List all available tests'
+  command :list do |c|
+    c.action do |global, options, args|
+      Denmark.list(options)
+    end
+  end
+
+  desc 'Show info about a module'
+  command :info do |c|
+    c.action do |global, options, args|
+      Denmark.info args[0]
+    end
+  end
+
+  desc 'Smell test a module using all enabled tests'
+  command :smell do |c|
+    c.desc 'Lists of tests to enable'
+    c.flag [:enable, :e], :type => Array
+
+    c.desc 'List of tests to omit'
+    c.flag [:disable, :d], :type => Array
+
+    c.desc 'The output format to use'
+    c.flag [:format], :default_value => 'human'
+
+    c.desc 'Include alert details'
+    c.switch [:detail, :D]
+
+    c.action do |global, options, args|
+      Denmark.evaluate(args.first, options)
+    end
+  end
+
+  desc "Commands useful for developers"
+  command :dev do |t|
+    t.desc 'Open a Pry shell for debugging'
+    t.command :shell do |c|
+      c.action do |global, options, args|
+        require 'pry'
+        binding.pry
+      end
+    end
+
+  end
+
+end
+
+exit Denmark.run(ARGV)

data/lib/denmark/monkeypatches.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Array
+  def percent_of(digits = nil)
+    raise "Select the items you want to count using a block that returns a boolean" unless block_given?
+
+    count = self.size
+    match = 0
+    self.each do |elem|
+      match += 1 if yield(elem)
+    end
+
+    if digits
+      ((match.to_f / count.to_f) * 100).round(digits)
+    else
+      ((match.to_f / count.to_f) * 100).to_i
+    end
+  end
+end

data/lib/denmark/plugins/issues.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# environments plugin
+class Denmark::Plugins::Issues
+  def self.description
+    # This is a Ruby squiggle heredoc; just a multi-line string with indentation removed
+    <<~DESCRIPTION
+      This smell test infers trends about the responsiveness of a module's maintainer(s)
+      based on patterns in its repository issues.
+    DESCRIPTION
+  end
+  def self.setup
+    # run just before evaluating this plugin
+  end
+
+  def self.run(mod, repo)
+    # return an array of hashes representing any smells discovered
+    response = Array.new
+
+    today = Date.today
+    unanswered = repo.issues.percent_of {|i| i.comments == 0 }
+    ancient    = repo.issues.percent_of {|i| (today - i.created_at.to_date).to_i > 1095 } # more than 3 years old
+
+    if unanswered > 25
+      response << {
+        severity: :orange,
+        message: "#{unanswered}% of the issues in this module's repository have no responses.",
+        explanation: "Sometimes when issues are not responded to, it means that the project is no longer being maintained. You might consider contacting the maintainer to determine the status of the project.",
+      }
+    end
+
+    if ancient > 50
+      response << {
+        severity: :yellow,
+        message: "#{ancient}% of the issues in this module's repository are more than 3 years old.",
+        explanation: "Many very old issues may indicate that the maintainer is not responding to community feedback.",
+      }
+    end
+
+    response
+  end
+
+  def self.cleanup
+    # run just after evaluating this plugin
+  end
+end

data/lib/denmark/plugins/metadata.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+# environments plugin
+class Denmark::Plugins::Metadata
+  def self.description
+    # This is a Ruby squiggle heredoc; just a multi-line string with indentation removed
+    <<~DESCRIPTION
+      This smell test inspects the module's metadata for signs of something fishy. It will also compare
+      that metadata to what exists in the module's git repository.
+    DESCRIPTION
+  end
+  def self.setup
+    # run just before evaluating this plugin
+  end
+
+  def self.run(mod, repo)
+    # return an array of hashes representing any smells discovered
+    response = Array.new
+
+    release_date = Date.parse(mod.releases.first.updated_at).to_date
+    prev_release = Date.parse(mod.releases[1].updated_at).to_date
+    version      = mod.releases.first.version
+    changelog    = mod.releases.first.changelog
+
+    repo_metadata   = JSON.parse(repo.file_content('metadata.json'))
+    repo_changelog  = repo.file_content('CHANGELOG.md') || repo.file_content('CHANGELOG')
+    latest_tag      = repo.tags.first.name
+    latest_tag_date = repo.commit_date(repo.tags.first.commit.sha)
+
+    if (Date.today - release_date) > 365
+      response << {
+        severity: :yellow,
+        message: "The most current module release is more than a year old.",
+        explanation: "Sometimes when issues are not responded to, it means that the project is no longer being maintained. You might consider contacting the maintainer to determine the status of the project.",
+      }
+    end
+
+    if version != repo_metadata[:version]
+      response << {
+        severity: :red,
+        message: "The version released on the Forge does not match the version in the repository.",
+        explanation: "Validate that the Forge release is not compromised and is the latest released version.",
+      }
+    end
+
+    if changelog != repo_changelog
+      response << {
+        severity: :green,
+        message: "The module changelog on the Forge does not match what's in the repository.",
+        explanation: "This is not necessarily a problem. Some developers choose to update the changelog iteratively as they merge pull requests instead of all at release time. Still, it's worth double checking.",
+      }
+    end
+
+    if version != latest_tag
+      response << {
+        severity: :yellow,
+        message: "The version released on the Forge does not match the latest tag in the repo.",
+        explanation: "This sometimes just indicates sloppy release practices, but could indicate a compromised Forge release.",
+      }
+    end
+
+    if release_date != latest_tag_date
+      response << {
+        severity: :yellow,
+        message: "The module was not published to the Forge on the same day that the latest release was tagged.",
+        explanation: "This sometimes just indicates sloppy release practices, but could indicate a compromised Forge release.",
+      }
+    end
+
+    if (release_date - prev_release) > 365
+      response << {
+        severity: :green,
+        message: "There was a gap of at least a year between the last two releases.",
+        explanation: "A large gap between releases often shows sporadic maintenance. This is not always bad.",
+      }
+    end
+
+    response
+  end
+
+  def self.cleanup
+    # run just after evaluating this plugin
+  end
+end

data/lib/denmark/plugins/pull_requests.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# environments plugin
+class Denmark::Plugins::PullRequests
+  def self.description
+    # This is a Ruby squiggle heredoc; just a multi-line string with indentation removed
+    <<~DESCRIPTION
+      This smell test infers trends about the responsiveness of a module's maintainer(s)
+      based on patterns in its repository pull requests.
+    DESCRIPTION
+  end
+  def self.setup
+    # run just before evaluating this plugin
+  end
+
+  def self.run(mod, repo)
+    # return an array of hashes representing any smells discovered
+    response = Array.new
+
+    today = Date.today
+    unanswered = repo.pull_requests.percent_of {|i| i.comments == 0 }
+    ancient    = repo.pull_requests.percent_of {|i| (today - i.created_at.to_date).to_i > 1095 } # more than 3 years old
+
+    if unanswered > 10
+      response << {
+        severity: :orange,
+        message: "#{unanswered}% of the pull requests in this module's repository have not been reviewed.",
+        explanation: "Sometimes when pull requests are not reviewed, it means that the project is no longer being maintained. You might consider contacting the maintainer to determine the status of the project.",
+      }
+    end
+
+    if ancient > 50
+      response << {
+        severity: :yellow,
+        message: "#{ancient}% of the pull requests in this module's repository are more than 3 years old.",
+        explanation: "Many very old pull requests may indicate that the maintainer is not merging community contributions.",
+      }
+    end
+
+    response
+  end
+
+  def self.cleanup
+    # run just after evaluating this plugin
+  end
+end

data/lib/denmark/plugins.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'little-plugger'
+
+# metrics class
+class Denmark::Plugins
+  extend LittlePlugger(path: 'denmark/plugins', module: Denmark::Plugins)
+
+  def initialize(options)
+    if options[:enable]
+      disable = Denmark::Plugins.plugins.keys - options[:enable].map(&:to_sym)
+      options[:disable] ||= Array.new
+      options[:disable].concat disable
+    end
+    Denmark::Plugins.disregard_plugins(*options[:disable])
+    Denmark::Plugins.initialize_plugins
+  end
+
+  def list
+    str = "                    Available smell test plugins\n"
+    str += "                 ===============================\n\n"
+    Denmark::Plugins.plugins.each do |name, plugin|
+      str += name.to_s
+      str += "\n--------\n"
+      str += plugin.description.strip
+      str += "\n\n"
+    end
+    str
+  end
+
+  def run(mod, repo)
+    results = []
+    Denmark::Plugins.plugins.each do |_name, plugin|
+      plugin.setup
+      results.concat plugin.run(mod, repo)
+      plugin.cleanup
+    end
+    results
+  end
+end

data/lib/denmark/repository.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+class Denmark::Repository
+  def initialize(url)
+    # This tool only makes sense for public repos, so don't bother to be too smart.
+    case url
+    when /github\.com/
+      require 'octokit'
+      @flavor = :github
+      @client = Octokit::Client.new(:access_token => Denmark.config(:github, :token))
+      @repo   = Octokit::Repository.from_url(url).slug
+
+    when /gitlab\.com/
+      require 'gitlab'
+      @flavor = :gitlab
+      @client = Gitlab.client(
+                  endpoint:      'https://gitlab.com/api/v4',
+                  private_token: Denmark.config(:gitlab, :token),
+                )
+      @repo   = URI.parse(url).path[1..-1]
+
+    else
+      raise "Unsupported git source: '#{url}'"
+    end
+  end
+
+  def client
+    @client
+  end
+
+  def pull_requests
+    case @flavor
+    when :github
+      @client.issues(@repo).select {|i| i[:pull_request] }
+    when :gitlab
+      @client.merge_requests(@repo)
+    else
+      Array.new
+    end
+  end
+
+  def merge_requests
+    pull_requests
+  end
+
+  def issues
+    case @flavor
+    when :github
+      @client.issues(@repo).reject {|i| i[:pull_request] }
+    when :gitlab
+      @client.issues(@repo)
+    else
+      Array.new
+    end
+  end
+
+  def tags
+    case @flavor
+    when :github, :gitlab
+      @client.tags(@repo)
+    else
+      Array.new
+    end
+  end
+
+  def file_content(path)
+    case @flavor
+    when :github
+      Base64.decode64(client.contents(@repo, :path => path).content) rescue nil
+    when :gitlab
+      client.file_contents(@repo, path)
+    else
+      ''
+    end
+  end
+
+  def commit(sha)
+    case @flavor
+    when :github, :gitlab
+      @client.commit(@repo, sha)
+    else
+      Array.new
+    end
+  end
+
+  def commits
+    case @flavor
+    when :github, :gitlab
+      @client.commits(@repo)
+    else
+      Array.new
+    end
+  end
+
+  def commit_date(sha)
+    case @flavor
+    when :github
+      @client.commit(@repo, sha).commit.committer.date.to_date
+    when :gitlab
+      @client.commit(@repo, sha).commit.created_at.to_date
+    else
+      Array.new
+    end
+
+
+  end
+
+  def commits_since_tag(tag = nil)
+    tag ||= tags[0]
+
+    case @flavor
+    when :github
+      @client.commits_since(@repo, tag.commit.committer.date)
+    when :gitlab
+      @client.commits(@repo, since: tag.commit.created_at)
+    else
+      Array.new
+    end
+  end
+
+  def commits_to_file(path)
+    case @flavor
+    when :github, :gitlab
+      @client.commits(@repo, path: path)
+    else
+      Array.new
+    end
+  end
+
+end

data/lib/denmark/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class Denmark
+  VERSION = '0.0.1'
+end

data/lib/denmark.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'colorize'
+require 'httpclient'
+require 'puppet_forge'
+require 'denmark/plugins'
+require 'denmark/repository'
+require 'denmark/monkeypatches'
+
+class Denmark
+  PuppetForge.user_agent = "Denmark Module Smell Checker/#{Denmark::VERSION}"
+
+  def self.config=(arg)
+    raise "Requires a Hash to set config, not a #{arg.class}" unless arg.is_a? Hash
+    @config = arg
+  end
+  def self.config(*args)
+    if args.empty?
+      @config
+    else
+      @config.dig(*args)
+    end
+  end
+
+
+  def self.list(options)
+    puts
+    puts Denmark::Plugins.new(options).list
+  end
+
+  def self.evaluate(slug, options)
+    @options = options
+    slug.sub!('/', '-')
+    begin
+      mod = PuppetForge::Module.find(slug)
+    rescue Faraday::BadRequestError, Faraday::ResourceNotFound
+      raise "The module `#{slug}` was not found on the Puppet Forge."
+    end
+
+    repo = Denmark::Repository.new(mod.homepage_url)
+    data = Denmark::Plugins.new(options).run(mod, repo)
+
+    case options[:format]
+    when 'json'
+      puts JSON.pretty_generate(data)
+    when 'human'
+      generate_report(data)
+    else
+      raise 'unknown format'
+    end
+  end
+
+  def self.generate_report(data)
+    if data.empty?
+      puts "Congrats, no smells discovered"
+    else
+      puts
+      [:red, :orange, :yellow, :green].each do |severity|
+        alerts = data.select {|i| i[:severity] == severity}
+        next unless alerts.size > 0
+
+        puts "[#{severity.upcase}] alerts:".colorize(severity)
+        alerts.each do |alert|
+          puts "  #{alert[:message]}"
+          puts "    > #{alert[:explanation]}" if @options[:detail]
+        end
+        puts
+      end
+    end
+  end
+
+
+  def self.info(slug)
+    mod = PuppetForge::Module.find(slug)
+
+    puts mod.owner.username
+    puts mod.owner.display_name
+    puts mod.current_release.version
+    puts mod.current_release.created_at
+    puts mod.current_release.changelog
+    puts mod.current_release.reference
+    puts mod.current_release.license
+    puts mod.homepage_url
+    puts mod.current_release.metadata['project_page']
+    puts mod.current_release.metadata['source']
+    puts mod.issues_url
+
+    client = Octokit::Client.new
+    repo   = Octokit::Repository.from_url(mod.homepage_url, options)
+
+require 'pry'
+binding.pry
+
+    puts client.pull_requests(repo)
+    puts client.list_issues(repo)
+  end
+
+
+  def github_client
+    @token ||= ENV['GITHUB_TOKEN'] || `git config --global github.token`.chomp
+
+    if @token.empty?
+      puts "You need to generate a GitHub token:"
+      puts "\t * https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line"
+      puts "\t * git config --global github.token <token>"
+      puts
+      puts "Export that as the `GITHUB_TOKEN` environment variable or put it in your ~/.gitconfig."
+      exit 1
+    end
+
+    begin
+      client = Octokit::Client.new(:access_token => @token)
+    rescue => e
+      puts "Github login error: #{e.message}"
+      exit 1
+    end
+
+    client
+  end
+
+end
+

metadata

@@ -0,0 +1,183 @@
+--- !ruby/object:Gem::Specification
+name: denmark
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ben Ford
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-02-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: little-plugger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: puppet_forge
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: semantic_puppet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: gitlab
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+description: |
+  Denmark will check a Puppet module for things you should be concerned about, like signs of an
+  unmaintained module. It uses the Puppet Forge API and GitHub/GitLab APIs to discover information
+  about the module.
+email: ben.ford@puppet.com
+executables:
+- denmark
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- bin/denmark
+- lib/denmark.rb
+- lib/denmark/monkeypatches.rb
+- lib/denmark/plugins.rb
+- lib/denmark/plugins/issues.rb
+- lib/denmark/plugins/metadata.rb
+- lib/denmark/plugins/pull_requests.rb
+- lib/denmark/repository.rb
+- lib/denmark/version.rb
+homepage: https://github.com/binford2k/denmark
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: A quick smell test for Puppet modules to help identify concerns.
+test_files: []