dependabot-hex 0.118.13 → 0.119.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/install-dir/hex/deps/jason/.fetch +0 -0
- data/helpers/install-dir/hex/deps/jason/.hex +0 -0
- data/helpers/install-dir/hex/deps/jason/CHANGELOG.md +88 -0
- data/helpers/install-dir/hex/deps/jason/LICENSE +13 -0
- data/helpers/install-dir/hex/deps/jason/README.md +141 -0
- data/helpers/install-dir/hex/deps/jason/hex_metadata.config +20 -0
- data/helpers/install-dir/hex/deps/jason/lib/codegen.ex +138 -0
- data/helpers/install-dir/hex/deps/jason/lib/decoder.ex +657 -0
- data/helpers/install-dir/hex/deps/jason/lib/encode.ex +634 -0
- data/helpers/install-dir/hex/deps/jason/lib/encoder.ex +216 -0
- data/helpers/install-dir/hex/deps/jason/lib/formatter.ex +253 -0
- data/helpers/install-dir/hex/deps/jason/lib/fragment.ex +11 -0
- data/helpers/install-dir/hex/deps/jason/lib/helpers.ex +98 -0
- data/helpers/install-dir/hex/deps/jason/lib/jason.ex +228 -0
- data/helpers/install-dir/hex/deps/jason/mix.exs +76 -0
- data/helpers/install-dir/hex/lib/check_update.exs +92 -0
- data/helpers/install-dir/hex/lib/do_update.exs +39 -0
- data/helpers/install-dir/hex/lib/parse_deps.exs +104 -0
- data/helpers/install-dir/hex/lib/run.exs +76 -0
- data/helpers/install-dir/hex/mix.exs +21 -0
- data/helpers/install-dir/hex/mix.lock +3 -0
- metadata +29 -8
@@ -0,0 +1,39 @@
|
|
1
|
+
[dependency_name | credentials] = System.argv()
|
2
|
+
|
3
|
+
grouped_creds = Enum.reduce credentials, [], fn cred, acc ->
|
4
|
+
if List.last(acc) == nil || List.last(acc)[:token] do
|
5
|
+
List.insert_at(acc, -1, %{ organization: cred })
|
6
|
+
else
|
7
|
+
{ item, acc } = List.pop_at(acc, -1)
|
8
|
+
item = Map.put(item, :token, cred)
|
9
|
+
List.insert_at(acc, -1, item)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
Enum.each grouped_creds, fn cred ->
|
14
|
+
hexpm = Hex.Repo.get_repo("hexpm")
|
15
|
+
repo = %{
|
16
|
+
url: hexpm.url <> "/repos/#{cred.organization}",
|
17
|
+
public_key: nil,
|
18
|
+
auth_key: cred.token
|
19
|
+
}
|
20
|
+
|
21
|
+
Hex.Config.read()
|
22
|
+
|> Hex.Config.read_repos()
|
23
|
+
|> Map.put("hexpm:#{cred.organization}", repo)
|
24
|
+
|> Hex.Config.update_repos()
|
25
|
+
end
|
26
|
+
|
27
|
+
# dependency atom
|
28
|
+
dependency = String.to_atom(dependency_name)
|
29
|
+
|
30
|
+
# Fetch dependencies that needs updating
|
31
|
+
{dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
|
32
|
+
Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
|
33
|
+
|
34
|
+
lockfile_content =
|
35
|
+
"mix.lock"
|
36
|
+
|> File.read()
|
37
|
+
|> :erlang.term_to_binary()
|
38
|
+
|
39
|
+
IO.write(:stdio, lockfile_content)
|
@@ -0,0 +1,104 @@
|
|
1
|
+
defmodule Parser do
|
2
|
+
def run do
|
3
|
+
Mix.Dep.load_on_environment([])
|
4
|
+
|> Enum.flat_map(&parse_dep/1)
|
5
|
+
|> Enum.map(&build_dependency(&1.opts[:lock], &1))
|
6
|
+
end
|
7
|
+
|
8
|
+
defp build_dependency(nil, dep) do
|
9
|
+
%{
|
10
|
+
name: dep.app,
|
11
|
+
from: Path.relative_to_cwd(dep.from),
|
12
|
+
groups: [],
|
13
|
+
requirement: normalise_requirement(dep.requirement),
|
14
|
+
top_level: dep.top_level || umbrella_top_level_dep?(dep)
|
15
|
+
}
|
16
|
+
end
|
17
|
+
|
18
|
+
defp build_dependency(lock, dep) do
|
19
|
+
{version, checksum, source} = parse_lock(lock)
|
20
|
+
groups = parse_groups(dep.opts[:only])
|
21
|
+
|
22
|
+
%{
|
23
|
+
name: dep.app,
|
24
|
+
from: Path.relative_to_cwd(dep.from),
|
25
|
+
version: version,
|
26
|
+
groups: groups,
|
27
|
+
checksum: checksum,
|
28
|
+
requirement: normalise_requirement(dep.requirement),
|
29
|
+
source: source,
|
30
|
+
top_level: dep.top_level || umbrella_top_level_dep?(dep)
|
31
|
+
}
|
32
|
+
end
|
33
|
+
|
34
|
+
defp parse_groups(nil), do: []
|
35
|
+
defp parse_groups(only) when is_list(only), do: only
|
36
|
+
defp parse_groups(only), do: [only]
|
37
|
+
|
38
|
+
# path dependency
|
39
|
+
defp parse_dep(%{scm: Mix.SCM.Path, opts: opts} = dep) do
|
40
|
+
cond do
|
41
|
+
# umbrella dependency - ignore
|
42
|
+
opts[:in_umbrella] ->
|
43
|
+
[]
|
44
|
+
|
45
|
+
# umbrella application
|
46
|
+
opts[:from_umbrella] ->
|
47
|
+
Enum.reject(dep.deps, fn dep -> dep.opts[:in_umbrella] end)
|
48
|
+
|
49
|
+
true ->
|
50
|
+
[]
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
# hex, git dependency
|
55
|
+
defp parse_dep(%{scm: scm} = dep) when scm in [Hex.SCM, Mix.SCM.Git], do: [dep]
|
56
|
+
|
57
|
+
# unsupported
|
58
|
+
defp parse_dep(_dep), do: []
|
59
|
+
|
60
|
+
defp umbrella_top_level_dep?(dep) do
|
61
|
+
if Mix.Project.umbrella?() do
|
62
|
+
apps_paths = Path.expand(Mix.Project.config()[:apps_path], File.cwd!())
|
63
|
+
String.contains?(Path.dirname(Path.dirname(dep.from)), apps_paths)
|
64
|
+
else
|
65
|
+
false
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
defp parse_lock({:git, repo_url, checksum, opts}),
|
70
|
+
do: {nil, checksum, git_source(repo_url, opts)}
|
71
|
+
|
72
|
+
defp parse_lock(tuple) when elem(tuple, 0) == :hex do
|
73
|
+
destructure [:hex, _app, version, _old_checksum, _managers, _deps, _repo, checksum],
|
74
|
+
Tuple.to_list(tuple)
|
75
|
+
|
76
|
+
{version, checksum, nil}
|
77
|
+
end
|
78
|
+
|
79
|
+
defp normalise_requirement(req) do
|
80
|
+
req
|
81
|
+
|> maybe_regex_to_str()
|
82
|
+
|> empty_str_to_nil()
|
83
|
+
end
|
84
|
+
|
85
|
+
defp maybe_regex_to_str(s), do: if Regex.regex?(s), do: Regex.source(s), else: s
|
86
|
+
defp empty_str_to_nil(""), do: nil
|
87
|
+
defp empty_str_to_nil(s), do: s
|
88
|
+
|
89
|
+
def git_source(repo_url, opts) do
|
90
|
+
ref = opts[:ref] || opts[:tag]
|
91
|
+
ref = if is_list(ref), do: to_string(ref), else: ref
|
92
|
+
|
93
|
+
%{
|
94
|
+
type: "git",
|
95
|
+
url: repo_url,
|
96
|
+
branch: opts[:branch] || "master",
|
97
|
+
ref: ref
|
98
|
+
}
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
dependencies = :erlang.term_to_binary({:ok, Parser.run()})
|
103
|
+
|
104
|
+
IO.write(:stdio, dependencies)
|
@@ -0,0 +1,76 @@
|
|
1
|
+
defmodule DependencyHelper do
|
2
|
+
def main() do
|
3
|
+
IO.read(:stdio, :all)
|
4
|
+
|> Jason.decode!()
|
5
|
+
|> run()
|
6
|
+
|> case do
|
7
|
+
{output, 0} ->
|
8
|
+
if output =~ "No authenticated organization found" do
|
9
|
+
{:error, output}
|
10
|
+
else
|
11
|
+
{:ok, :erlang.binary_to_term(output)}
|
12
|
+
end
|
13
|
+
|
14
|
+
{error, 1} -> {:error, error}
|
15
|
+
end
|
16
|
+
|> handle_result()
|
17
|
+
end
|
18
|
+
|
19
|
+
defp handle_result({:ok, {:ok, result}}) do
|
20
|
+
encode_and_write(%{"result" => result})
|
21
|
+
end
|
22
|
+
|
23
|
+
defp handle_result({:ok, {:error, reason}}) do
|
24
|
+
encode_and_write(%{"error" => reason})
|
25
|
+
System.halt(1)
|
26
|
+
end
|
27
|
+
|
28
|
+
defp handle_result({:error, reason}) do
|
29
|
+
encode_and_write(%{"error" => reason})
|
30
|
+
System.halt(1)
|
31
|
+
end
|
32
|
+
|
33
|
+
defp encode_and_write(content) do
|
34
|
+
content
|
35
|
+
|> Jason.encode!()
|
36
|
+
|> IO.write()
|
37
|
+
end
|
38
|
+
|
39
|
+
defp run(%{"function" => "parse", "args" => [dir]}) do
|
40
|
+
run_script("parse_deps.exs", dir)
|
41
|
+
end
|
42
|
+
|
43
|
+
defp run(%{"function" => "get_latest_resolvable_version", "args" => [dir, dependency_name, credentials]}) do
|
44
|
+
run_script("check_update.exs", dir, [dependency_name] ++ credentials)
|
45
|
+
end
|
46
|
+
|
47
|
+
defp run(%{"function" => "get_updated_lockfile", "args" => [dir, dependency_name, credentials]}) do
|
48
|
+
run_script("do_update.exs", dir, [dependency_name] ++ credentials)
|
49
|
+
end
|
50
|
+
|
51
|
+
defp run_script(script, dir, args \\ []) do
|
52
|
+
args = [
|
53
|
+
"run",
|
54
|
+
"--no-deps-check",
|
55
|
+
"--no-start",
|
56
|
+
"--no-compile",
|
57
|
+
"--no-elixir-version-check",
|
58
|
+
script
|
59
|
+
] ++ args
|
60
|
+
|
61
|
+
System.cmd(
|
62
|
+
"mix",
|
63
|
+
args,
|
64
|
+
[
|
65
|
+
cd: dir,
|
66
|
+
env: %{
|
67
|
+
"MIX_EXS" => nil,
|
68
|
+
"MIX_LOCK" => nil,
|
69
|
+
"MIX_DEPS" => nil
|
70
|
+
}
|
71
|
+
]
|
72
|
+
)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
DependencyHelper.main()
|
@@ -0,0 +1,21 @@
|
|
1
|
+
defmodule DependabotCore.Mixfile do
|
2
|
+
use Mix.Project
|
3
|
+
|
4
|
+
def project do
|
5
|
+
[app: :dependabot_core,
|
6
|
+
version: "0.1.0",
|
7
|
+
elixir: "~> 1.5",
|
8
|
+
start_permanent: Mix.env == :prod,
|
9
|
+
lockfile: System.get_env("MIX_LOCK") || "mix.lock",
|
10
|
+
deps_path: System.get_env("MIX_DEPS") || "deps",
|
11
|
+
deps: deps()]
|
12
|
+
end
|
13
|
+
|
14
|
+
def application do
|
15
|
+
[extra_applications: [:logger]]
|
16
|
+
end
|
17
|
+
|
18
|
+
defp deps() do
|
19
|
+
[{:jason, "~> 1.0"}]
|
20
|
+
end
|
21
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-hex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-08-
|
11
|
+
date: 2020-08-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.119.0.beta1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.119.0.beta1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -144,6 +144,27 @@ extensions: []
|
|
144
144
|
extra_rdoc_files: []
|
145
145
|
files:
|
146
146
|
- helpers/build
|
147
|
+
- helpers/install-dir/hex/deps/jason/.fetch
|
148
|
+
- helpers/install-dir/hex/deps/jason/.hex
|
149
|
+
- helpers/install-dir/hex/deps/jason/CHANGELOG.md
|
150
|
+
- helpers/install-dir/hex/deps/jason/LICENSE
|
151
|
+
- helpers/install-dir/hex/deps/jason/README.md
|
152
|
+
- helpers/install-dir/hex/deps/jason/hex_metadata.config
|
153
|
+
- helpers/install-dir/hex/deps/jason/lib/codegen.ex
|
154
|
+
- helpers/install-dir/hex/deps/jason/lib/decoder.ex
|
155
|
+
- helpers/install-dir/hex/deps/jason/lib/encode.ex
|
156
|
+
- helpers/install-dir/hex/deps/jason/lib/encoder.ex
|
157
|
+
- helpers/install-dir/hex/deps/jason/lib/formatter.ex
|
158
|
+
- helpers/install-dir/hex/deps/jason/lib/fragment.ex
|
159
|
+
- helpers/install-dir/hex/deps/jason/lib/helpers.ex
|
160
|
+
- helpers/install-dir/hex/deps/jason/lib/jason.ex
|
161
|
+
- helpers/install-dir/hex/deps/jason/mix.exs
|
162
|
+
- helpers/install-dir/hex/lib/check_update.exs
|
163
|
+
- helpers/install-dir/hex/lib/do_update.exs
|
164
|
+
- helpers/install-dir/hex/lib/parse_deps.exs
|
165
|
+
- helpers/install-dir/hex/lib/run.exs
|
166
|
+
- helpers/install-dir/hex/mix.exs
|
167
|
+
- helpers/install-dir/hex/mix.lock
|
147
168
|
- helpers/lib/check_update.exs
|
148
169
|
- helpers/lib/do_update.exs
|
149
170
|
- helpers/lib/parse_deps.exs
|
@@ -171,7 +192,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
171
192
|
licenses:
|
172
193
|
- Nonstandard
|
173
194
|
metadata: {}
|
174
|
-
post_install_message:
|
195
|
+
post_install_message:
|
175
196
|
rdoc_options: []
|
176
197
|
require_paths:
|
177
198
|
- lib
|
@@ -186,8 +207,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
186
207
|
- !ruby/object:Gem::Version
|
187
208
|
version: 2.5.0
|
188
209
|
requirements: []
|
189
|
-
rubygems_version: 3.1.
|
190
|
-
signing_key:
|
210
|
+
rubygems_version: 3.1.4
|
211
|
+
signing_key:
|
191
212
|
specification_version: 4
|
192
213
|
summary: Elixir (Hex) support for dependabot
|
193
214
|
test_files: []
|