dependanot 0.1.0 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/dependabot.gemspec +4 -2
  4. data/lib/dependabot/bundler/update.rb +2 -2
  5. data/lib/dependabot/cli/scan.rb +26 -13
  6. data/lib/dependabot/cli.rb +0 -1
  7. data/lib/dependabot/git.rb +45 -0
  8. data/lib/dependabot/version.rb +1 -1
  9. data/lib/dependabot.rb +20 -1
  10. data/lib/github.rb +38 -0
  11. metadata +37 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 903577dd56009cdee245614d973c80cced1d51989293b5d32d0d2c3f4c7fb44a
4
- data.tar.gz: 1c7fcc29caf4195e7e6987ca829e64469388de8220011a94e9dad59e8a194e65
3
+ metadata.gz: 53cce6d2d8b3c96ccdb354fc9016430582edb927c88d378d2435d7124740c14f
4
+ data.tar.gz: 377486bb6cc1f981601b078f0963158fa0179c10d284b7f5d3eda7e2584897b4
5
5
  SHA512:
6
- metadata.gz: 9ad22a5b055398e49eecca1fa2e5756a725da82ea733d1fd15d0693a087e0e4130320389e964032106112b0701cb42b021016c276d9d25e4e94095f259e82705
7
- data.tar.gz: 04e15bdb15a22cac8106b278f6909e23ed937d1bbceb7ccadc8dc75cfb7618f62c497edf7cfb6bdb635541b6be20eecf7e19e52a3adf0c46f4ca1ac3cf3e576f
6
+ metadata.gz: e343e2f4588671e2b40f40bf1c606e0bb45a6c7cfd64447b311092188fa5ace12de92e77bb90a6a3f0c66c2b8aad434ca481be249f252a7d28eea84b7e32fb9e
7
+ data.tar.gz: e1f282d4000ae6a3acd8a595dee0d36b0be50005603cab945e460438d08a733c4c50f79ca8667ea67ddd533b548f082df08e4d46582d8c5b44a0ae9000543503
data/README.md CHANGED
@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
32
32
 
33
33
  ## Contributing
34
34
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/xlgmokha/dependabot.
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/dependanot/cli.
36
36
 
37
37
  ## License
38
38
 
data/dependabot.gemspec CHANGED
@@ -7,9 +7,9 @@ Gem::Specification.new do |spec|
7
7
  spec.bindir = "exe"
8
8
  spec.description = "The Dependabot CLI"
9
9
  spec.email = ["xlgmokha@github.com"]
10
- spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
10
+ spec.executables = ["dependabot"]
11
11
  spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
12
- spec.homepage = "https://github.com/dependanot/dependanot"
12
+ spec.homepage = "https://github.com/dependanot/cli"
13
13
  spec.license = "MIT"
14
14
  spec.metadata["homepage_uri"] = spec.homepage
15
15
  spec.name = "dependanot"
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
17
17
  spec.required_ruby_version = ">= 3.0.0"
18
18
  spec.summary = "The Dependabot CLI"
19
19
  spec.version = Dependabot::VERSION
20
+ spec.add_dependency "octokit", "~> 4.0"
21
+ spec.add_dependency "rugged", "~> 1.2"
20
22
  spec.add_dependency "spandx", "~> 0.1"
21
23
  spec.add_dependency "thor", "~> 1.1"
22
24
  end
data/lib/dependabot/bundler/update.rb CHANGED
@@ -2,13 +2,13 @@
2
2
 
3
3
  module Dependabot
4
4
  module Bundler
5
- class Update < Spandx::Core::Plugin
5
+ class Update < ::Spandx::Core::Plugin
6
6
  def enhance(dependency)
7
7
  return unless dependency.package_manager == :rubygems
8
8
 
9
9
  Dir.chdir(dependency.path.parent) do
10
10
  ::Bundler.with_unbundled_env do
11
- system "bundle update #{dependency.name} --conservative --quiet --full-index"
11
+ system "bundle update #{dependency.name} --conservative --quiet"
12
12
  end
13
13
  end
14
14
  end
data/lib/dependabot/cli/scan.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
-
5
4
  module CLI
6
5
  class Scan
7
6
  attr_reader :path
@@ -13,30 +12,44 @@ module Dependabot
13
12
 
14
13
  def run
15
14
  each_dependency do |dependency|
16
- Dir.chdir(dependency.path.parent) do
17
- puts "Updating... #{dependency.name}"
18
- ::Spandx::Core::Plugin.enhance(dependency)
19
- system "git diff --patch --no-color"
20
- system "git checkout ."
21
- end
15
+ update!(dependency)
22
16
  end
23
17
  end
24
18
 
25
19
  private
26
20
 
27
- def each_file
21
+ def each_file(&block)
28
22
  ::Spandx::Core::PathTraversal
29
23
  .new(path, recursive: false)
30
- .each { |file| yield file }
24
+ .each(&block)
31
25
  end
32
26
 
33
- def each_dependency
27
+ def each_dependency(&block)
34
28
  each_file do |file|
35
- ::Spandx::Core::Parser.parse(file).each do |dependency|
36
- yield dependency
37
- end
29
+ ::Spandx::Core::Parser.parse(file).each(&block)
30
+ end
31
+ end
32
+
33
+ def update!(dependency)
34
+ puts "Updating #{dependency.name}..."
35
+ git_for(dependency) do |git|
36
+ ::Spandx::Core::Plugin.enhance(dependency)
37
+ puts git.patch
38
+ git.commit(all: true, message: "Updating #{dependency.name}")
38
39
  end
39
40
  end
41
+
42
+ def branch_name_for(dependency)
43
+ "dependanot/#{dependency.package_manager}/#{dependency.name}"
44
+ end
45
+
46
+ def git_for(dependency, branch_name: branch_name_for(dependency))
47
+ git = ::Dependabot::Git.new(dependency.path.parent)
48
+ git.checkout(branch: branch_name)
49
+ yield git
50
+ ensure
51
+ git.repo.checkout_head(strategy: :force)
52
+ end
40
53
  end
41
54
  end
42
55
  end
data/lib/dependabot/cli.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "thor"
4
- require "spandx"
5
4
  require "dependabot"
6
5
  require "dependabot/cli/scan"
7
6
 
data/lib/dependabot/git.rb ADDED
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ class Git
5
+ attr_reader :repo
6
+
7
+ def initialize(path)
8
+ @path = path
9
+ @repo = Rugged::Repository.discover(path)
10
+ end
11
+
12
+ def checkout(branch:)
13
+ repo.create_branch(branch, repo.head.name)
14
+ repo.checkout(branch)
15
+ end
16
+
17
+ def patch
18
+ repo.index.diff.patch
19
+ end
20
+
21
+ def commit(message:, all: false)
22
+ repo.status { |path, status| stage(path) if status.include?(:worktree_modified) } if all
23
+
24
+ Rugged::Commit.create(repo, {
25
+ message: message,
26
+ parents: repo.empty? ? [] : [repo.head.target].compact,
27
+ tree: repo.index.write_tree(repo),
28
+ update_ref: "HEAD",
29
+ author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
30
+ committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
31
+ })
32
+ end
33
+
34
+ private
35
+
36
+ def stage(path)
37
+ repo.index.read_tree(repo.head.target.tree)
38
+ repo.index.add(
39
+ path: path,
40
+ oid: repo.write(File.binread(path), :blob),
41
+ mode: File.stat(path).mode
42
+ )
43
+ end
44
+ end
45
+ end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.4"
5
5
  end
data/lib/dependabot.rb CHANGED
@@ -1,8 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "github"
3
4
  require "logger"
5
+ require "octokit"
6
+ require "rugged"
7
+ require "spandx"
4
8
 
5
9
  require_relative "dependabot/bundler/update"
10
+ require_relative "dependabot/git"
6
11
  require_relative "dependabot/tracer"
7
12
  require_relative "dependabot/version"
8
13
 
@@ -10,10 +15,24 @@ module Dependabot
10
15
  class Error < StandardError; end
11
16
 
12
17
  def self.logger
13
- @logger ||= Logger.new(&stdout)
18
+ @logger ||= Logger.new($stderr)
14
19
  end
15
20
 
16
21
  def self.tracer
17
22
  @tracer ||= Tracer.new(logger)
18
23
  end
24
+
25
+ def self.octokit
26
+ @octokit ||= Octokit::Client.new.tap do |client|
27
+ client.access_token = github.token
28
+ client.api_endpoint = github.api_url
29
+ client.auto_paginate = true
30
+ client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
31
+ client.web_endpoint = github.server_url
32
+ end
33
+ end
34
+
35
+ def self.github
36
+ @github ||= GitHub.new
37
+ end
19
38
  end
data/lib/github.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ # https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
4
+ class GitHub
5
+ attr_reader :api_url, :repository, :server_url, :token, :workspace
6
+
7
+ def initialize(
8
+ api_url: default_api_url,
9
+ repository: ENV["GITHUB_REPOSITORY"],
10
+ server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
11
+ token: default_token,
12
+ workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
13
+ )
14
+ @api_url = api_url
15
+ @repository = repository
16
+ @server_url = server_url
17
+ @token = token
18
+ @workspace = workspace
19
+ end
20
+
21
+ private
22
+
23
+ def default_api_url
24
+ ENV.fetch("GITHUB_API_URL", "https://api.github.com")
25
+ end
26
+
27
+ def default_token
28
+ ENV.fetch("GITHUB_TOKEN") do |_name|
29
+ file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
30
+ if file.exist?
31
+ YAML
32
+ .safe_load(file.read)
33
+ &.fetch("github.com")
34
+ &.fetch("oauth_token")
35
+ end
36
+ end
37
+ end
38
+ end
metadata CHANGED
@@ -1,15 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependanot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-12-13 00:00:00.000000000 Z
11
+ date: 2021-12-20 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: octokit
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '4.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '4.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rugged
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.2'
13
41
  - !ruby/object:Gem::Dependency
14
42
  name: spandx
15
43
  requirement: !ruby/object:Gem::Requirement
@@ -41,7 +69,8 @@ dependencies:
41
69
  description: The Dependabot CLI
42
70
  email:
43
71
  - xlgmokha@github.com
44
- executables: []
72
+ executables:
73
+ - dependabot
45
74
  extensions: []
46
75
  extra_rdoc_files: []
47
76
  files:
@@ -53,13 +82,15 @@ files:
53
82
  - lib/dependabot/bundler/update.rb
54
83
  - lib/dependabot/cli.rb
55
84
  - lib/dependabot/cli/scan.rb
85
+ - lib/dependabot/git.rb
56
86
  - lib/dependabot/tracer.rb
57
87
  - lib/dependabot/version.rb
58
- homepage: https://github.com/dependanot/dependanot
88
+ - lib/github.rb
89
+ homepage: https://github.com/dependanot/cli
59
90
  licenses:
60
91
  - MIT
61
92
  metadata:
62
- homepage_uri: https://github.com/dependanot/dependanot
93
+ homepage_uri: https://github.com/dependanot/cli
63
94
  post_install_message:
64
95
  rdoc_options: []
65
96
  require_paths:
@@ -75,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
75
106
  - !ruby/object:Gem::Version
76
107
  version: '0'
77
108
  requirements: []
78
- rubygems_version: 3.2.33
109
+ rubygems_version: 3.2.32
79
110
  signing_key:
80
111
  specification_version: 4
81
112
  summary: The Dependabot CLI