RubyGems - dependanot - Versions diffs - 0.1.1 → 0.1.5 - Mend

dependanot 0.1.1 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/README.md +1 -1
data/dependabot.gemspec +6 -2
data/lib/dependabot/bundler/update.rb +2 -2
data/lib/dependabot/cli/scan.rb +28 -13
data/lib/dependabot/cli.rb +0 -1
data/lib/dependabot/git.rb +40 -0
data/lib/dependabot/version.rb +1 -1
data/lib/dependabot.rb +21 -1
data/lib/github.rb +38 -0
metadata +53 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 436c082d545f649568439d264ab36e9bcfc1d2e37ba74b13f72ed5eb88a2e0b0
-  data.tar.gz: b6b628364667ba048051d06db4ba23a42ae18985b49130de860a8447b6ae6ae1
+  metadata.gz: 76575ad77b236ed9f2b0c556c057e519aaeb95724be3b1ac2ab8207a6183950c
+  data.tar.gz: e96055f60fcd2f9af0c2989a95b273147043560492446f8b51a05ca817692525
 SHA512:
-  metadata.gz: d3adc978d1d605d48aab96fddff3d7f78796037e227f9e97813a5f4d4e0b91d7ed1ae056dc36070c59d5795166519bbeffa51d3facd12bed0c8baa1b17245cdc
-  data.tar.gz: 9a0129873cd12fa85da8ab0a63ab67c8969337ef185fb15df947a287c162b6e6d45e5da0e6ec552d0a9e5abe076d4c885ed1afcefdd0f109d992853f9a066574
+  metadata.gz: 9c3c3eea1d0389ab02b1bc847cd6411d0d8fbf0a7a9b15d0b1a38f546a199f7598100dbda8a83b1af6a3028e70acf23a3726c29d45cc6c84106f1c65b61d1612
+  data.tar.gz: 9b5b19f79b7c7be095747d20a9e5b260587193c75a5adfd963b4aa5d1e4b8f3790d685defc13956cc56b11e010458689613ccd17d1026f609b794bb1b217b603

data/README.md CHANGED Viewed

@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/xlgmokha/dependabot.
+Bug reports and pull requests are welcome on GitHub at https://github.com/dependanot/cli.
 ## License

data/dependabot.gemspec CHANGED Viewed

@@ -9,14 +9,18 @@ Gem::Specification.new do |spec|
   spec.email = ["xlgmokha@github.com"]
   spec.executables = ["dependabot"]
   spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
-  spec.homepage = "https://github.com/dependanot/dependanot"
+  spec.homepage = "https://github.com/dependanot/cli"
   spec.license = "MIT"
   spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["rubygems_mfa_required"] = "true"
   spec.name = "dependanot"
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 3.0.0"
   spec.summary = "The Dependabot CLI"
   spec.version = Dependabot::VERSION
-  spec.add_dependency "spandx", "~> 0.1"
+  spec.add_dependency "bundler", "~> 2.0"
+  spec.add_dependency "octokit", "~> 4.0"
+  spec.add_dependency "rugged", "~> 1.2"
+  spec.add_dependency "spandx", ">= 0.18.3"
   spec.add_dependency "thor", "~> 1.1"
 end

data/lib/dependabot/bundler/update.rb CHANGED Viewed

@@ -2,13 +2,13 @@
 module Dependabot
   module Bundler
-    class Update < Spandx::Core::Plugin
+    class Update < ::Spandx::Core::Plugin
       def enhance(dependency)
         return unless dependency.package_manager == :rubygems
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
-            system "bundle update #{dependency.name} --conservative --quiet --full-index"
+            system "bundle update #{dependency.name} --conservative --quiet"
           end
         end
       end

data/lib/dependabot/cli/scan.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 module Dependabot
   module CLI
     class Scan
       attr_reader :path
@@ -13,30 +12,46 @@ module Dependabot
       def run
         each_dependency do |dependency|
-          Dir.chdir(dependency.path.parent) do
-            puts "Updating... #{dependency.name}"
-            ::Spandx::Core::Plugin.enhance(dependency)
-            system "git diff --patch --no-color"
-            system "git checkout ."
-          end
+          update!(dependency)
         end
       end
       private
-      def each_file
+      def each_file(&block)
         ::Spandx::Core::PathTraversal
           .new(path, recursive: false)
-          .each { |file| yield file }
+          .each(&block)
       end
-      def each_dependency
+      def each_dependency(&block)
         each_file do |file|
-          ::Spandx::Core::Parser.parse(file).each do |dependency|
-            yield dependency
-          end
+          ::Spandx::Core::Parser.parse(file).each(&block)
+        end
+      end
+      def update!(dependency)
+        puts "Updating #{dependency.name}..."
+        git_for(dependency) do |git|
+          ::Spandx::Core::Plugin.enhance(dependency)
+          puts git.patch
+          git.commit(all: true, message: "Updating #{dependency.name}")
         end
       end
+      def branch_name_for(dependency)
+        "dependanot/#{dependency.package_manager}/#{dependency.name}"
+      end
+      def git_for(dependency, branch_name: branch_name_for(dependency))
+        git = ::Dependabot::Git.new(dependency.path.parent)
+        default_branch = git.repo.head.name
+        git.checkout(branch: branch_name)
+        yield git
+      ensure
+        git.repo.checkout_head(strategy: :force)
+        git.repo.checkout(default_branch)
+      end
     end
   end
 end

data/lib/dependabot/cli.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require "thor"
-require "spandx"
 require "dependabot"
 require "dependabot/cli/scan"

data/lib/dependabot/git.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module Dependabot
+  class Git
+    attr_reader :repo
+    def initialize(path)
+      @path = path
+      @repo = Rugged::Repository.discover(path)
+    end
+    def checkout(branch:)
+      repo.create_branch(branch, repo.head.name)
+      repo.checkout(branch)
+    end
+    def patch
+      repo.index.diff.patch
+    end
+    def commit(message:, all: false)
+      repo.status { |path, status| stage(path) if status.include?(:worktree_modified) } if all
+      Rugged::Commit.create(repo, {
+        message: message,
+        parents: repo.empty? ? [] : [repo.head.target].compact,
+        tree: repo.index.write_tree(repo),
+        update_ref: "HEAD",
+        author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
+        committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
+      })
+    end
+    private
+    def stage(path)
+      repo.index.add(path)
+    end
+  end
+end

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.1.1"
+  VERSION = "0.1.5"
 end

data/lib/dependabot.rb CHANGED Viewed

@@ -1,8 +1,14 @@
 # frozen_string_literal: true
+require "bundler"
+require "github"
 require "logger"
+require "octokit"
+require "rugged"
+require "spandx"
 require_relative "dependabot/bundler/update"
+require_relative "dependabot/git"
 require_relative "dependabot/tracer"
 require_relative "dependabot/version"
@@ -10,10 +16,24 @@ module Dependabot
   class Error < StandardError; end
   def self.logger
-    @logger ||= Logger.new(&stdout)
+    @logger ||= Logger.new($stderr)
   end
   def self.tracer
     @tracer ||= Tracer.new(logger)
   end
+  def self.octokit
+    @octokit ||= Octokit::Client.new.tap do |client|
+      client.access_token = github.token
+      client.api_endpoint = github.api_url
+      client.auto_paginate = true
+      client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
+      client.web_endpoint = github.server_url
+    end
+  end
+  def self.github
+    @github ||= GitHub.new
+  end
 end

data/lib/github.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+class GitHub
+  attr_reader :api_url, :repository, :server_url, :token, :workspace
+  def initialize(
+    api_url: default_api_url,
+    repository: ENV["GITHUB_REPOSITORY"],
+    server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
+    token: default_token,
+    workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
+  )
+    @api_url = api_url
+    @repository = repository
+    @server_url = server_url
+    @token = token
+    @workspace = workspace
+  end
+  private
+  def default_api_url
+    ENV.fetch("GITHUB_API_URL", "https://api.github.com")
+  end
+  def default_token
+    ENV.fetch("GITHUB_TOKEN") do |_name|
+      file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
+      if file.exist?
+        YAML
+          .safe_load(file.read)
+          &.fetch("github.com")
+          &.fetch("oauth_token")
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,29 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.5
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-13 00:00:00.000000000 Z
+date: 2021-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: spandx
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: rugged
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: spandx
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.18.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.18.3
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -54,13 +96,16 @@ files:
 - lib/dependabot/bundler/update.rb
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
+- lib/dependabot/git.rb
 - lib/dependabot/tracer.rb
 - lib/dependabot/version.rb
-homepage: https://github.com/dependanot/dependanot
+- lib/github.rb
+homepage: https://github.com/dependanot/cli
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/dependanot/dependanot
+  homepage_uri: https://github.com/dependanot/cli
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -76,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: The Dependabot CLI