dependanot 0.1.1 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/dependabot.gemspec +6 -2
  4. data/lib/dependabot/bundler/update.rb +2 -2
  5. data/lib/dependabot/cli/scan.rb +28 -13
  6. data/lib/dependabot/cli.rb +0 -1
  7. data/lib/dependabot/git.rb +40 -0
  8. data/lib/dependabot/version.rb +1 -1
  9. data/lib/dependabot.rb +21 -1
  10. data/lib/github.rb +38 -0
  11. metadata +53 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 436c082d545f649568439d264ab36e9bcfc1d2e37ba74b13f72ed5eb88a2e0b0
4
- data.tar.gz: b6b628364667ba048051d06db4ba23a42ae18985b49130de860a8447b6ae6ae1
3
+ metadata.gz: 76575ad77b236ed9f2b0c556c057e519aaeb95724be3b1ac2ab8207a6183950c
4
+ data.tar.gz: e96055f60fcd2f9af0c2989a95b273147043560492446f8b51a05ca817692525
5
5
  SHA512:
6
- metadata.gz: d3adc978d1d605d48aab96fddff3d7f78796037e227f9e97813a5f4d4e0b91d7ed1ae056dc36070c59d5795166519bbeffa51d3facd12bed0c8baa1b17245cdc
7
- data.tar.gz: 9a0129873cd12fa85da8ab0a63ab67c8969337ef185fb15df947a287c162b6e6d45e5da0e6ec552d0a9e5abe076d4c885ed1afcefdd0f109d992853f9a066574
6
+ metadata.gz: 9c3c3eea1d0389ab02b1bc847cd6411d0d8fbf0a7a9b15d0b1a38f546a199f7598100dbda8a83b1af6a3028e70acf23a3726c29d45cc6c84106f1c65b61d1612
7
+ data.tar.gz: 9b5b19f79b7c7be095747d20a9e5b260587193c75a5adfd963b4aa5d1e4b8f3790d685defc13956cc56b11e010458689613ccd17d1026f609b794bb1b217b603
data/README.md CHANGED
@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
32
32
 
33
33
  ## Contributing
34
34
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/xlgmokha/dependabot.
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/dependanot/cli.
36
36
 
37
37
  ## License
38
38
 
data/dependabot.gemspec CHANGED
@@ -9,14 +9,18 @@ Gem::Specification.new do |spec|
9
9
  spec.email = ["xlgmokha@github.com"]
10
10
  spec.executables = ["dependabot"]
11
11
  spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
12
- spec.homepage = "https://github.com/dependanot/dependanot"
12
+ spec.homepage = "https://github.com/dependanot/cli"
13
13
  spec.license = "MIT"
14
14
  spec.metadata["homepage_uri"] = spec.homepage
15
+ spec.metadata["rubygems_mfa_required"] = "true"
15
16
  spec.name = "dependanot"
16
17
  spec.require_paths = ["lib"]
17
18
  spec.required_ruby_version = ">= 3.0.0"
18
19
  spec.summary = "The Dependabot CLI"
19
20
  spec.version = Dependabot::VERSION
20
- spec.add_dependency "spandx", "~> 0.1"
21
+ spec.add_dependency "bundler", "~> 2.0"
22
+ spec.add_dependency "octokit", "~> 4.0"
23
+ spec.add_dependency "rugged", "~> 1.2"
24
+ spec.add_dependency "spandx", ">= 0.18.3"
21
25
  spec.add_dependency "thor", "~> 1.1"
22
26
  end
data/lib/dependabot/bundler/update.rb CHANGED
@@ -2,13 +2,13 @@
2
2
 
3
3
  module Dependabot
4
4
  module Bundler
5
- class Update < Spandx::Core::Plugin
5
+ class Update < ::Spandx::Core::Plugin
6
6
  def enhance(dependency)
7
7
  return unless dependency.package_manager == :rubygems
8
8
 
9
9
  Dir.chdir(dependency.path.parent) do
10
10
  ::Bundler.with_unbundled_env do
11
- system "bundle update #{dependency.name} --conservative --quiet --full-index"
11
+ system "bundle update #{dependency.name} --conservative --quiet"
12
12
  end
13
13
  end
14
14
  end
data/lib/dependabot/cli/scan.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
-
5
4
  module CLI
6
5
  class Scan
7
6
  attr_reader :path
@@ -13,30 +12,46 @@ module Dependabot
13
12
 
14
13
  def run
15
14
  each_dependency do |dependency|
16
- Dir.chdir(dependency.path.parent) do
17
- puts "Updating... #{dependency.name}"
18
- ::Spandx::Core::Plugin.enhance(dependency)
19
- system "git diff --patch --no-color"
20
- system "git checkout ."
21
- end
15
+ update!(dependency)
22
16
  end
23
17
  end
24
18
 
25
19
  private
26
20
 
27
- def each_file
21
+ def each_file(&block)
28
22
  ::Spandx::Core::PathTraversal
29
23
  .new(path, recursive: false)
30
- .each { |file| yield file }
24
+ .each(&block)
31
25
  end
32
26
 
33
- def each_dependency
27
+ def each_dependency(&block)
34
28
  each_file do |file|
35
- ::Spandx::Core::Parser.parse(file).each do |dependency|
36
- yield dependency
37
- end
29
+ ::Spandx::Core::Parser.parse(file).each(&block)
30
+ end
31
+ end
32
+
33
+ def update!(dependency)
34
+ puts "Updating #{dependency.name}..."
35
+ git_for(dependency) do |git|
36
+ ::Spandx::Core::Plugin.enhance(dependency)
37
+ puts git.patch
38
+ git.commit(all: true, message: "Updating #{dependency.name}")
38
39
  end
39
40
  end
41
+
42
+ def branch_name_for(dependency)
43
+ "dependanot/#{dependency.package_manager}/#{dependency.name}"
44
+ end
45
+
46
+ def git_for(dependency, branch_name: branch_name_for(dependency))
47
+ git = ::Dependabot::Git.new(dependency.path.parent)
48
+ default_branch = git.repo.head.name
49
+ git.checkout(branch: branch_name)
50
+ yield git
51
+ ensure
52
+ git.repo.checkout_head(strategy: :force)
53
+ git.repo.checkout(default_branch)
54
+ end
40
55
  end
41
56
  end
42
57
  end
data/lib/dependabot/cli.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "thor"
4
- require "spandx"
5
4
  require "dependabot"
6
5
  require "dependabot/cli/scan"
7
6
 
data/lib/dependabot/git.rb ADDED
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ class Git
5
+ attr_reader :repo
6
+
7
+ def initialize(path)
8
+ @path = path
9
+ @repo = Rugged::Repository.discover(path)
10
+ end
11
+
12
+ def checkout(branch:)
13
+ repo.create_branch(branch, repo.head.name)
14
+ repo.checkout(branch)
15
+ end
16
+
17
+ def patch
18
+ repo.index.diff.patch
19
+ end
20
+
21
+ def commit(message:, all: false)
22
+ repo.status { |path, status| stage(path) if status.include?(:worktree_modified) } if all
23
+
24
+ Rugged::Commit.create(repo, {
25
+ message: message,
26
+ parents: repo.empty? ? [] : [repo.head.target].compact,
27
+ tree: repo.index.write_tree(repo),
28
+ update_ref: "HEAD",
29
+ author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
30
+ committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
31
+ })
32
+ end
33
+
34
+ private
35
+
36
+ def stage(path)
37
+ repo.index.add(path)
38
+ end
39
+ end
40
+ end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.1.1"
4
+ VERSION = "0.1.5"
5
5
  end
data/lib/dependabot.rb CHANGED
@@ -1,8 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "bundler"
4
+ require "github"
3
5
  require "logger"
6
+ require "octokit"
7
+ require "rugged"
8
+ require "spandx"
4
9
 
5
10
  require_relative "dependabot/bundler/update"
11
+ require_relative "dependabot/git"
6
12
  require_relative "dependabot/tracer"
7
13
  require_relative "dependabot/version"
8
14
 
@@ -10,10 +16,24 @@ module Dependabot
10
16
  class Error < StandardError; end
11
17
 
12
18
  def self.logger
13
- @logger ||= Logger.new(&stdout)
19
+ @logger ||= Logger.new($stderr)
14
20
  end
15
21
 
16
22
  def self.tracer
17
23
  @tracer ||= Tracer.new(logger)
18
24
  end
25
+
26
+ def self.octokit
27
+ @octokit ||= Octokit::Client.new.tap do |client|
28
+ client.access_token = github.token
29
+ client.api_endpoint = github.api_url
30
+ client.auto_paginate = true
31
+ client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
32
+ client.web_endpoint = github.server_url
33
+ end
34
+ end
35
+
36
+ def self.github
37
+ @github ||= GitHub.new
38
+ end
19
39
  end
data/lib/github.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ # https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
4
+ class GitHub
5
+ attr_reader :api_url, :repository, :server_url, :token, :workspace
6
+
7
+ def initialize(
8
+ api_url: default_api_url,
9
+ repository: ENV["GITHUB_REPOSITORY"],
10
+ server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
11
+ token: default_token,
12
+ workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
13
+ )
14
+ @api_url = api_url
15
+ @repository = repository
16
+ @server_url = server_url
17
+ @token = token
18
+ @workspace = workspace
19
+ end
20
+
21
+ private
22
+
23
+ def default_api_url
24
+ ENV.fetch("GITHUB_API_URL", "https://api.github.com")
25
+ end
26
+
27
+ def default_token
28
+ ENV.fetch("GITHUB_TOKEN") do |_name|
29
+ file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
30
+ if file.exist?
31
+ YAML
32
+ .safe_load(file.read)
33
+ &.fetch("github.com")
34
+ &.fetch("oauth_token")
35
+ end
36
+ end
37
+ end
38
+ end
metadata CHANGED
@@ -1,29 +1,71 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependanot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-12-13 00:00:00.000000000 Z
11
+ date: 2021-12-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: spandx
14
+ name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0.1'
19
+ version: '2.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0.1'
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: octokit
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '4.0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '4.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rugged
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.2'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.2'
55
+ - !ruby/object:Gem::Dependency
56
+ name: spandx
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: 0.18.3
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: 0.18.3
27
69
  - !ruby/object:Gem::Dependency
28
70
  name: thor
29
71
  requirement: !ruby/object:Gem::Requirement
@@ -54,13 +96,16 @@ files:
54
96
  - lib/dependabot/bundler/update.rb
55
97
  - lib/dependabot/cli.rb
56
98
  - lib/dependabot/cli/scan.rb
99
+ - lib/dependabot/git.rb
57
100
  - lib/dependabot/tracer.rb
58
101
  - lib/dependabot/version.rb
59
- homepage: https://github.com/dependanot/dependanot
102
+ - lib/github.rb
103
+ homepage: https://github.com/dependanot/cli
60
104
  licenses:
61
105
  - MIT
62
106
  metadata:
63
- homepage_uri: https://github.com/dependanot/dependanot
107
+ homepage_uri: https://github.com/dependanot/cli
108
+ rubygems_mfa_required: 'true'
64
109
  post_install_message:
65
110
  rdoc_options: []
66
111
  require_paths:
@@ -76,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
76
121
  - !ruby/object:Gem::Version
77
122
  version: '0'
78
123
  requirements: []
79
- rubygems_version: 3.2.33
124
+ rubygems_version: 3.2.32
80
125
  signing_key:
81
126
  specification_version: 4
82
127
  summary: The Dependabot CLI