dependanot 0.1.1 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/dependabot.gemspec +6 -2
- data/lib/dependabot/bundler/update.rb +2 -2
- data/lib/dependabot/cli/scan.rb +28 -13
- data/lib/dependabot/cli.rb +0 -1
- data/lib/dependabot/git.rb +40 -0
- data/lib/dependabot/version.rb +1 -1
- data/lib/dependabot.rb +21 -1
- data/lib/github.rb +38 -0
- metadata +53 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 76575ad77b236ed9f2b0c556c057e519aaeb95724be3b1ac2ab8207a6183950c
|
4
|
+
data.tar.gz: e96055f60fcd2f9af0c2989a95b273147043560492446f8b51a05ca817692525
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9c3c3eea1d0389ab02b1bc847cd6411d0d8fbf0a7a9b15d0b1a38f546a199f7598100dbda8a83b1af6a3028e70acf23a3726c29d45cc6c84106f1c65b61d1612
|
7
|
+
data.tar.gz: 9b5b19f79b7c7be095747d20a9e5b260587193c75a5adfd963b4aa5d1e4b8f3790d685defc13956cc56b11e010458689613ccd17d1026f609b794bb1b217b603
|
data/README.md
CHANGED
@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
32
|
|
33
33
|
## Contributing
|
34
34
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
35
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/dependanot/cli.
|
36
36
|
|
37
37
|
## License
|
38
38
|
|
data/dependabot.gemspec
CHANGED
@@ -9,14 +9,18 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.email = ["xlgmokha@github.com"]
|
10
10
|
spec.executables = ["dependabot"]
|
11
11
|
spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
|
12
|
-
spec.homepage = "https://github.com/dependanot/
|
12
|
+
spec.homepage = "https://github.com/dependanot/cli"
|
13
13
|
spec.license = "MIT"
|
14
14
|
spec.metadata["homepage_uri"] = spec.homepage
|
15
|
+
spec.metadata["rubygems_mfa_required"] = "true"
|
15
16
|
spec.name = "dependanot"
|
16
17
|
spec.require_paths = ["lib"]
|
17
18
|
spec.required_ruby_version = ">= 3.0.0"
|
18
19
|
spec.summary = "The Dependabot CLI"
|
19
20
|
spec.version = Dependabot::VERSION
|
20
|
-
spec.add_dependency "
|
21
|
+
spec.add_dependency "bundler", "~> 2.0"
|
22
|
+
spec.add_dependency "octokit", "~> 4.0"
|
23
|
+
spec.add_dependency "rugged", "~> 1.2"
|
24
|
+
spec.add_dependency "spandx", ">= 0.18.3"
|
21
25
|
spec.add_dependency "thor", "~> 1.1"
|
22
26
|
end
|
@@ -2,13 +2,13 @@
|
|
2
2
|
|
3
3
|
module Dependabot
|
4
4
|
module Bundler
|
5
|
-
class Update < Spandx::Core::Plugin
|
5
|
+
class Update < ::Spandx::Core::Plugin
|
6
6
|
def enhance(dependency)
|
7
7
|
return unless dependency.package_manager == :rubygems
|
8
8
|
|
9
9
|
Dir.chdir(dependency.path.parent) do
|
10
10
|
::Bundler.with_unbundled_env do
|
11
|
-
system "bundle update #{dependency.name} --conservative --quiet
|
11
|
+
system "bundle update #{dependency.name} --conservative --quiet"
|
12
12
|
end
|
13
13
|
end
|
14
14
|
end
|
data/lib/dependabot/cli/scan.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Dependabot
|
4
|
-
|
5
4
|
module CLI
|
6
5
|
class Scan
|
7
6
|
attr_reader :path
|
@@ -13,30 +12,46 @@ module Dependabot
|
|
13
12
|
|
14
13
|
def run
|
15
14
|
each_dependency do |dependency|
|
16
|
-
|
17
|
-
puts "Updating... #{dependency.name}"
|
18
|
-
::Spandx::Core::Plugin.enhance(dependency)
|
19
|
-
system "git diff --patch --no-color"
|
20
|
-
system "git checkout ."
|
21
|
-
end
|
15
|
+
update!(dependency)
|
22
16
|
end
|
23
17
|
end
|
24
18
|
|
25
19
|
private
|
26
20
|
|
27
|
-
def each_file
|
21
|
+
def each_file(&block)
|
28
22
|
::Spandx::Core::PathTraversal
|
29
23
|
.new(path, recursive: false)
|
30
|
-
.each
|
24
|
+
.each(&block)
|
31
25
|
end
|
32
26
|
|
33
|
-
def each_dependency
|
27
|
+
def each_dependency(&block)
|
34
28
|
each_file do |file|
|
35
|
-
::Spandx::Core::Parser.parse(file).each
|
36
|
-
|
37
|
-
|
29
|
+
::Spandx::Core::Parser.parse(file).each(&block)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def update!(dependency)
|
34
|
+
puts "Updating #{dependency.name}..."
|
35
|
+
git_for(dependency) do |git|
|
36
|
+
::Spandx::Core::Plugin.enhance(dependency)
|
37
|
+
puts git.patch
|
38
|
+
git.commit(all: true, message: "Updating #{dependency.name}")
|
38
39
|
end
|
39
40
|
end
|
41
|
+
|
42
|
+
def branch_name_for(dependency)
|
43
|
+
"dependanot/#{dependency.package_manager}/#{dependency.name}"
|
44
|
+
end
|
45
|
+
|
46
|
+
def git_for(dependency, branch_name: branch_name_for(dependency))
|
47
|
+
git = ::Dependabot::Git.new(dependency.path.parent)
|
48
|
+
default_branch = git.repo.head.name
|
49
|
+
git.checkout(branch: branch_name)
|
50
|
+
yield git
|
51
|
+
ensure
|
52
|
+
git.repo.checkout_head(strategy: :force)
|
53
|
+
git.repo.checkout(default_branch)
|
54
|
+
end
|
40
55
|
end
|
41
56
|
end
|
42
57
|
end
|
data/lib/dependabot/cli.rb
CHANGED
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
class Git
|
5
|
+
attr_reader :repo
|
6
|
+
|
7
|
+
def initialize(path)
|
8
|
+
@path = path
|
9
|
+
@repo = Rugged::Repository.discover(path)
|
10
|
+
end
|
11
|
+
|
12
|
+
def checkout(branch:)
|
13
|
+
repo.create_branch(branch, repo.head.name)
|
14
|
+
repo.checkout(branch)
|
15
|
+
end
|
16
|
+
|
17
|
+
def patch
|
18
|
+
repo.index.diff.patch
|
19
|
+
end
|
20
|
+
|
21
|
+
def commit(message:, all: false)
|
22
|
+
repo.status { |path, status| stage(path) if status.include?(:worktree_modified) } if all
|
23
|
+
|
24
|
+
Rugged::Commit.create(repo, {
|
25
|
+
message: message,
|
26
|
+
parents: repo.empty? ? [] : [repo.head.target].compact,
|
27
|
+
tree: repo.index.write_tree(repo),
|
28
|
+
update_ref: "HEAD",
|
29
|
+
author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
|
30
|
+
committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
|
31
|
+
})
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def stage(path)
|
37
|
+
repo.index.add(path)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/dependabot/version.rb
CHANGED
data/lib/dependabot.rb
CHANGED
@@ -1,8 +1,14 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "bundler"
|
4
|
+
require "github"
|
3
5
|
require "logger"
|
6
|
+
require "octokit"
|
7
|
+
require "rugged"
|
8
|
+
require "spandx"
|
4
9
|
|
5
10
|
require_relative "dependabot/bundler/update"
|
11
|
+
require_relative "dependabot/git"
|
6
12
|
require_relative "dependabot/tracer"
|
7
13
|
require_relative "dependabot/version"
|
8
14
|
|
@@ -10,10 +16,24 @@ module Dependabot
|
|
10
16
|
class Error < StandardError; end
|
11
17
|
|
12
18
|
def self.logger
|
13
|
-
@logger ||= Logger.new(
|
19
|
+
@logger ||= Logger.new($stderr)
|
14
20
|
end
|
15
21
|
|
16
22
|
def self.tracer
|
17
23
|
@tracer ||= Tracer.new(logger)
|
18
24
|
end
|
25
|
+
|
26
|
+
def self.octokit
|
27
|
+
@octokit ||= Octokit::Client.new.tap do |client|
|
28
|
+
client.access_token = github.token
|
29
|
+
client.api_endpoint = github.api_url
|
30
|
+
client.auto_paginate = true
|
31
|
+
client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
|
32
|
+
client.web_endpoint = github.server_url
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def self.github
|
37
|
+
@github ||= GitHub.new
|
38
|
+
end
|
19
39
|
end
|
data/lib/github.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
|
4
|
+
class GitHub
|
5
|
+
attr_reader :api_url, :repository, :server_url, :token, :workspace
|
6
|
+
|
7
|
+
def initialize(
|
8
|
+
api_url: default_api_url,
|
9
|
+
repository: ENV["GITHUB_REPOSITORY"],
|
10
|
+
server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
|
11
|
+
token: default_token,
|
12
|
+
workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
|
13
|
+
)
|
14
|
+
@api_url = api_url
|
15
|
+
@repository = repository
|
16
|
+
@server_url = server_url
|
17
|
+
@token = token
|
18
|
+
@workspace = workspace
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def default_api_url
|
24
|
+
ENV.fetch("GITHUB_API_URL", "https://api.github.com")
|
25
|
+
end
|
26
|
+
|
27
|
+
def default_token
|
28
|
+
ENV.fetch("GITHUB_TOKEN") do |_name|
|
29
|
+
file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
|
30
|
+
if file.exist?
|
31
|
+
YAML
|
32
|
+
.safe_load(file.read)
|
33
|
+
&.fetch("github.com")
|
34
|
+
&.fetch("oauth_token")
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
metadata
CHANGED
@@ -1,29 +1,71 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependanot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-12-
|
11
|
+
date: 2021-12-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0
|
19
|
+
version: '2.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '0
|
26
|
+
version: '2.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: octokit
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '4.0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '4.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rugged
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.2'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.2'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: spandx
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 0.18.3
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 0.18.3
|
27
69
|
- !ruby/object:Gem::Dependency
|
28
70
|
name: thor
|
29
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -54,13 +96,16 @@ files:
|
|
54
96
|
- lib/dependabot/bundler/update.rb
|
55
97
|
- lib/dependabot/cli.rb
|
56
98
|
- lib/dependabot/cli/scan.rb
|
99
|
+
- lib/dependabot/git.rb
|
57
100
|
- lib/dependabot/tracer.rb
|
58
101
|
- lib/dependabot/version.rb
|
59
|
-
|
102
|
+
- lib/github.rb
|
103
|
+
homepage: https://github.com/dependanot/cli
|
60
104
|
licenses:
|
61
105
|
- MIT
|
62
106
|
metadata:
|
63
|
-
homepage_uri: https://github.com/dependanot/
|
107
|
+
homepage_uri: https://github.com/dependanot/cli
|
108
|
+
rubygems_mfa_required: 'true'
|
64
109
|
post_install_message:
|
65
110
|
rdoc_options: []
|
66
111
|
require_paths:
|
@@ -76,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
76
121
|
- !ruby/object:Gem::Version
|
77
122
|
version: '0'
|
78
123
|
requirements: []
|
79
|
-
rubygems_version: 3.2.
|
124
|
+
rubygems_version: 3.2.32
|
80
125
|
signing_key:
|
81
126
|
specification_version: 4
|
82
127
|
summary: The Dependabot CLI
|