dependanot 0.1.0 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/dependabot.gemspec +4 -2
  4. data/lib/dependabot/bundler/update.rb +2 -2
  5. data/lib/dependabot/cli/scan.rb +26 -13
  6. data/lib/dependabot/cli.rb +0 -1
  7. data/lib/dependabot/git.rb +45 -0
  8. data/lib/dependabot/version.rb +1 -1
  9. data/lib/dependabot.rb +20 -1
  10. data/lib/github.rb +38 -0
  11. metadata +37 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 903577dd56009cdee245614d973c80cced1d51989293b5d32d0d2c3f4c7fb44a
4
- data.tar.gz: 1c7fcc29caf4195e7e6987ca829e64469388de8220011a94e9dad59e8a194e65
3
+ metadata.gz: 53cce6d2d8b3c96ccdb354fc9016430582edb927c88d378d2435d7124740c14f
4
+ data.tar.gz: 377486bb6cc1f981601b078f0963158fa0179c10d284b7f5d3eda7e2584897b4
5
5
  SHA512:
6
- metadata.gz: 9ad22a5b055398e49eecca1fa2e5756a725da82ea733d1fd15d0693a087e0e4130320389e964032106112b0701cb42b021016c276d9d25e4e94095f259e82705
7
- data.tar.gz: 04e15bdb15a22cac8106b278f6909e23ed937d1bbceb7ccadc8dc75cfb7618f62c497edf7cfb6bdb635541b6be20eecf7e19e52a3adf0c46f4ca1ac3cf3e576f
6
+ metadata.gz: e343e2f4588671e2b40f40bf1c606e0bb45a6c7cfd64447b311092188fa5ace12de92e77bb90a6a3f0c66c2b8aad434ca481be249f252a7d28eea84b7e32fb9e
7
+ data.tar.gz: e1f282d4000ae6a3acd8a595dee0d36b0be50005603cab945e460438d08a733c4c50f79ca8667ea67ddd533b548f082df08e4d46582d8c5b44a0ae9000543503
data/README.md CHANGED
@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
32
32
 
33
33
  ## Contributing
34
34
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/xlgmokha/dependabot.
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/dependanot/cli.
36
36
 
37
37
  ## License
38
38
 
data/dependabot.gemspec CHANGED
@@ -7,9 +7,9 @@ Gem::Specification.new do |spec|
7
7
  spec.bindir = "exe"
8
8
  spec.description = "The Dependabot CLI"
9
9
  spec.email = ["xlgmokha@github.com"]
10
- spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
10
+ spec.executables = ["dependabot"]
11
11
  spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
12
- spec.homepage = "https://github.com/dependanot/dependanot"
12
+ spec.homepage = "https://github.com/dependanot/cli"
13
13
  spec.license = "MIT"
14
14
  spec.metadata["homepage_uri"] = spec.homepage
15
15
  spec.name = "dependanot"
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
17
17
  spec.required_ruby_version = ">= 3.0.0"
18
18
  spec.summary = "The Dependabot CLI"
19
19
  spec.version = Dependabot::VERSION
20
+ spec.add_dependency "octokit", "~> 4.0"
21
+ spec.add_dependency "rugged", "~> 1.2"
20
22
  spec.add_dependency "spandx", "~> 0.1"
21
23
  spec.add_dependency "thor", "~> 1.1"
22
24
  end
data/lib/dependabot/bundler/update.rb CHANGED
@@ -2,13 +2,13 @@
2
2
 
3
3
  module Dependabot
4
4
  module Bundler
5
- class Update < Spandx::Core::Plugin
5
+ class Update < ::Spandx::Core::Plugin
6
6
  def enhance(dependency)
7
7
  return unless dependency.package_manager == :rubygems
8
8
 
9
9
  Dir.chdir(dependency.path.parent) do
10
10
  ::Bundler.with_unbundled_env do
11
- system "bundle update #{dependency.name} --conservative --quiet --full-index"
11
+ system "bundle update #{dependency.name} --conservative --quiet"
12
12
  end
13
13
  end
14
14
  end
data/lib/dependabot/cli/scan.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
-
5
4
  module CLI
6
5
  class Scan
7
6
  attr_reader :path
@@ -13,30 +12,44 @@ module Dependabot
13
12
 
14
13
  def run
15
14
  each_dependency do |dependency|
16
- Dir.chdir(dependency.path.parent) do
17
- puts "Updating... #{dependency.name}"
18
- ::Spandx::Core::Plugin.enhance(dependency)
19
- system "git diff --patch --no-color"
20
- system "git checkout ."
21
- end
15
+ update!(dependency)
22
16
  end
23
17
  end
24
18
 
25
19
  private
26
20
 
27
- def each_file
21
+ def each_file(&block)
28
22
  ::Spandx::Core::PathTraversal
29
23
  .new(path, recursive: false)
30
- .each { |file| yield file }
24
+ .each(&block)
31
25
  end
32
26
 
33
- def each_dependency
27
+ def each_dependency(&block)
34
28
  each_file do |file|
35
- ::Spandx::Core::Parser.parse(file).each do |dependency|
36
- yield dependency
37
- end
29
+ ::Spandx::Core::Parser.parse(file).each(&block)
30
+ end
31
+ end
32
+
33
+ def update!(dependency)
34
+ puts "Updating #{dependency.name}..."
35
+ git_for(dependency) do |git|
36
+ ::Spandx::Core::Plugin.enhance(dependency)
37
+ puts git.patch
38
+ git.commit(all: true, message: "Updating #{dependency.name}")
38
39
  end
39
40
  end
41
+
42
+ def branch_name_for(dependency)
43
+ "dependanot/#{dependency.package_manager}/#{dependency.name}"
44
+ end
45
+
46
+ def git_for(dependency, branch_name: branch_name_for(dependency))
47
+ git = ::Dependabot::Git.new(dependency.path.parent)
48
+ git.checkout(branch: branch_name)
49
+ yield git
50
+ ensure
51
+ git.repo.checkout_head(strategy: :force)
52
+ end
40
53
  end
41
54
  end
42
55
  end
data/lib/dependabot/cli.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "thor"
4
- require "spandx"
5
4
  require "dependabot"
6
5
  require "dependabot/cli/scan"
7
6
 
data/lib/dependabot/git.rb ADDED
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ class Git
5
+ attr_reader :repo
6
+
7
+ def initialize(path)
8
+ @path = path
9
+ @repo = Rugged::Repository.discover(path)
10
+ end
11
+
12
+ def checkout(branch:)
13
+ repo.create_branch(branch, repo.head.name)
14
+ repo.checkout(branch)
15
+ end
16
+
17
+ def patch
18
+ repo.index.diff.patch
19
+ end
20
+
21
+ def commit(message:, all: false)
22
+ repo.status { |path, status| stage(path) if status.include?(:worktree_modified) } if all
23
+
24
+ Rugged::Commit.create(repo, {
25
+ message: message,
26
+ parents: repo.empty? ? [] : [repo.head.target].compact,
27
+ tree: repo.index.write_tree(repo),
28
+ update_ref: "HEAD",
29
+ author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
30
+ committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
31
+ })
32
+ end
33
+
34
+ private
35
+
36
+ def stage(path)
37
+ repo.index.read_tree(repo.head.target.tree)
38
+ repo.index.add(
39
+ path: path,
40
+ oid: repo.write(File.binread(path), :blob),
41
+ mode: File.stat(path).mode
42
+ )
43
+ end
44
+ end
45
+ end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.4"
5
5
  end
data/lib/dependabot.rb CHANGED
@@ -1,8 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "github"
3
4
  require "logger"
5
+ require "octokit"
6
+ require "rugged"
7
+ require "spandx"
4
8
 
5
9
  require_relative "dependabot/bundler/update"
10
+ require_relative "dependabot/git"
6
11
  require_relative "dependabot/tracer"
7
12
  require_relative "dependabot/version"
8
13
 
@@ -10,10 +15,24 @@ module Dependabot
10
15
  class Error < StandardError; end
11
16
 
12
17
  def self.logger
13
- @logger ||= Logger.new(&stdout)
18
+ @logger ||= Logger.new($stderr)
14
19
  end
15
20
 
16
21
  def self.tracer
17
22
  @tracer ||= Tracer.new(logger)
18
23
  end
24
+
25
+ def self.octokit
26
+ @octokit ||= Octokit::Client.new.tap do |client|
27
+ client.access_token = github.token
28
+ client.api_endpoint = github.api_url
29
+ client.auto_paginate = true
30
+ client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
31
+ client.web_endpoint = github.server_url
32
+ end
33
+ end
34
+
35
+ def self.github
36
+ @github ||= GitHub.new
37
+ end
19
38
  end
data/lib/github.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ # https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
4
+ class GitHub
5
+ attr_reader :api_url, :repository, :server_url, :token, :workspace
6
+
7
+ def initialize(
8
+ api_url: default_api_url,
9
+ repository: ENV["GITHUB_REPOSITORY"],
10
+ server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
11
+ token: default_token,
12
+ workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
13
+ )
14
+ @api_url = api_url
15
+ @repository = repository
16
+ @server_url = server_url
17
+ @token = token
18
+ @workspace = workspace
19
+ end
20
+
21
+ private
22
+
23
+ def default_api_url
24
+ ENV.fetch("GITHUB_API_URL", "https://api.github.com")
25
+ end
26
+
27
+ def default_token
28
+ ENV.fetch("GITHUB_TOKEN") do |_name|
29
+ file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
30
+ if file.exist?
31
+ YAML
32
+ .safe_load(file.read)
33
+ &.fetch("github.com")
34
+ &.fetch("oauth_token")
35
+ end
36
+ end
37
+ end
38
+ end
metadata CHANGED
@@ -1,15 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependanot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-12-13 00:00:00.000000000 Z
11
+ date: 2021-12-20 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: octokit
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '4.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '4.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rugged
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.2'
13
41
  - !ruby/object:Gem::Dependency
14
42
  name: spandx
15
43
  requirement: !ruby/object:Gem::Requirement
@@ -41,7 +69,8 @@ dependencies:
41
69
  description: The Dependabot CLI
42
70
  email:
43
71
  - xlgmokha@github.com
44
- executables: []
72
+ executables:
73
+ - dependabot
45
74
  extensions: []
46
75
  extra_rdoc_files: []
47
76
  files:
@@ -53,13 +82,15 @@ files:
53
82
  - lib/dependabot/bundler/update.rb
54
83
  - lib/dependabot/cli.rb
55
84
  - lib/dependabot/cli/scan.rb
85
+ - lib/dependabot/git.rb
56
86
  - lib/dependabot/tracer.rb
57
87
  - lib/dependabot/version.rb
58
- homepage: https://github.com/dependanot/dependanot
88
+ - lib/github.rb
89
+ homepage: https://github.com/dependanot/cli
59
90
  licenses:
60
91
  - MIT
61
92
  metadata:
62
- homepage_uri: https://github.com/dependanot/dependanot
93
+ homepage_uri: https://github.com/dependanot/cli
63
94
  post_install_message:
64
95
  rdoc_options: []
65
96
  require_paths:
@@ -75,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
75
106
  - !ruby/object:Gem::Version
76
107
  version: '0'
77
108
  requirements: []
78
- rubygems_version: 3.2.33
109
+ rubygems_version: 3.2.32
79
110
  signing_key:
80
111
  specification_version: 4
81
112
  summary: The Dependabot CLI