dependanot 0.1.2 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/dependabot.gemspec +4 -1
- data/lib/dependabot/bundler/update.rb +1 -1
- data/lib/dependabot/cli/scan.rb +6 -22
- data/lib/dependabot/cli.rb +3 -1
- data/lib/dependabot/git.rb +52 -0
- data/lib/dependabot/publish.rb +85 -0
- data/lib/dependabot/version.rb +1 -1
- data/lib/dependabot.rb +8 -1
- data/lib/github.rb +8 -0
- metadata +38 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17784d154fbeddc3386710cab5b82326ec7e92bc0900afae82616019a58f41ea
|
4
|
+
data.tar.gz: 97c7cf19c1db2fca7259bfecf4eebc5aa627a05456b402c5c075f0b9e39b7399
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f2ef3acea6d7f6109c40095abdf26de5ea6d5f2ee2e2f23275a95391889d40570cb100caec1dc4009d8b274c13f4981f14af614e17d6bdfc16a736e38da3276e
|
7
|
+
data.tar.gz: f0767ac6caf6346191384fffa7dca32a160a2dcbd5da5241705b447e4b2bc786132d785ca599a99ab9990d455c0d15f14d71081e49beea1ba455447526ed83ea
|
data/README.md
CHANGED
@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
32
|
|
33
33
|
## Contributing
|
34
34
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
35
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/dependanot/cli.
|
36
36
|
|
37
37
|
## License
|
38
38
|
|
data/dependabot.gemspec
CHANGED
@@ -12,13 +12,16 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.homepage = "https://github.com/dependanot/cli"
|
13
13
|
spec.license = "MIT"
|
14
14
|
spec.metadata["homepage_uri"] = spec.homepage
|
15
|
+
spec.metadata["rubygems_mfa_required"] = "true"
|
15
16
|
spec.name = "dependanot"
|
16
17
|
spec.require_paths = ["lib"]
|
17
18
|
spec.required_ruby_version = ">= 3.0.0"
|
18
19
|
spec.summary = "The Dependabot CLI"
|
19
20
|
spec.version = Dependabot::VERSION
|
21
|
+
spec.add_dependency "bundler", "~> 2.0"
|
20
22
|
spec.add_dependency "octokit", "~> 4.0"
|
21
23
|
spec.add_dependency "rugged", "~> 1.2"
|
22
|
-
spec.add_dependency "spandx", "
|
24
|
+
spec.add_dependency "spandx", ">= 0.18.3"
|
23
25
|
spec.add_dependency "thor", "~> 1.1"
|
26
|
+
spec.add_development_dependency "debug", "~> 1.4"
|
24
27
|
end
|
@@ -8,7 +8,7 @@ module Dependabot
|
|
8
8
|
|
9
9
|
Dir.chdir(dependency.path.parent) do
|
10
10
|
::Bundler.with_unbundled_env do
|
11
|
-
system "bundle update #{dependency.name} --conservative --quiet"
|
11
|
+
system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
|
12
12
|
end
|
13
13
|
end
|
14
14
|
end
|
data/lib/dependabot/cli/scan.rb
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module CLI
|
5
5
|
class Scan
|
6
|
-
attr_reader :path
|
6
|
+
attr_reader :path, :options
|
7
7
|
|
8
8
|
def initialize(path, options)
|
9
9
|
@path = ::Pathname.new(path)
|
@@ -12,7 +12,7 @@ module Dependabot
|
|
12
12
|
|
13
13
|
def run
|
14
14
|
each_dependency do |dependency|
|
15
|
-
|
15
|
+
publish_update_for(dependency)
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
@@ -20,7 +20,7 @@ module Dependabot
|
|
20
20
|
|
21
21
|
def each_file(&block)
|
22
22
|
::Spandx::Core::PathTraversal
|
23
|
-
.new(path, recursive:
|
23
|
+
.new(path, recursive: options[:recursive])
|
24
24
|
.each(&block)
|
25
25
|
end
|
26
26
|
|
@@ -30,25 +30,9 @@ module Dependabot
|
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
-
def
|
34
|
-
|
35
|
-
|
36
|
-
branch_name = "dependanot/#{dependency.package_manager}/#{dependency.name}"
|
37
|
-
|
38
|
-
repo = Rugged::Repository.discover(dependency.path.parent)
|
39
|
-
branch = repo.create_branch(branch_name, repo.head.name)
|
40
|
-
|
41
|
-
::Spandx::Core::Plugin.enhance(dependency)
|
42
|
-
|
43
|
-
repo.status do |file, status|
|
44
|
-
puts "#{file} has status: #{status.inspect}"
|
45
|
-
end
|
46
|
-
puts repo.index.diff.patch
|
47
|
-
puts
|
48
|
-
|
49
|
-
repo.branches.delete(branch_name)
|
50
|
-
repo.checkout_head(strategy: :force)
|
51
|
-
end
|
33
|
+
def publish_update_for(dependency)
|
34
|
+
::Dependabot.logger.debug("Updating #{dependency.name}…")
|
35
|
+
::Dependabot::Publish.new(dependency).update!(push: options[:push])
|
52
36
|
end
|
53
37
|
end
|
54
38
|
end
|
data/lib/dependabot/cli.rb
CHANGED
@@ -7,7 +7,9 @@ require "dependabot/cli/scan"
|
|
7
7
|
module Dependabot
|
8
8
|
module CLI
|
9
9
|
class Application < Thor
|
10
|
-
desc "scan [DIRECTORY]", "Scan a directory"
|
10
|
+
desc "scan [DIRECTORY | FILE]", "Scan a directory or file for dependencies to update"
|
11
|
+
method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
|
12
|
+
method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
|
11
13
|
def scan(path = Pathname.pwd)
|
12
14
|
::Dependabot::CLI::Scan.new(path, options).run
|
13
15
|
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
class Git
|
5
|
+
attr_reader :repo
|
6
|
+
|
7
|
+
def initialize(path)
|
8
|
+
@path = path
|
9
|
+
@repo = Rugged::Repository.discover(path)
|
10
|
+
end
|
11
|
+
|
12
|
+
def checkout(branch:)
|
13
|
+
repo.create_branch(branch, repo.head.name)
|
14
|
+
repo.checkout(branch)
|
15
|
+
end
|
16
|
+
|
17
|
+
def push(remote: "origin", branch: "HEAD")
|
18
|
+
repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials)
|
19
|
+
end
|
20
|
+
|
21
|
+
def patch
|
22
|
+
repo.index.diff.patch
|
23
|
+
end
|
24
|
+
|
25
|
+
def commit(message:, all: false)
|
26
|
+
repo.status { |path, status| stage(path) if status.include?(:worktree_modified) } if all
|
27
|
+
|
28
|
+
Rugged::Commit.create(repo, {
|
29
|
+
message: message,
|
30
|
+
parents: repo.empty? ? [] : [repo.head.target].compact,
|
31
|
+
tree: repo.index.write_tree(repo),
|
32
|
+
update_ref: "HEAD",
|
33
|
+
author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
|
34
|
+
committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
|
35
|
+
})
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def stage(path)
|
41
|
+
repo.index.add(path)
|
42
|
+
end
|
43
|
+
|
44
|
+
def credentials
|
45
|
+
if ENV["CI"]
|
46
|
+
Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
|
47
|
+
else
|
48
|
+
Rugged::Credentials::SshKeyFromAgent.new(username: "git")
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,85 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
class Publish
|
5
|
+
attr_reader :dependency
|
6
|
+
|
7
|
+
def initialize(dependency)
|
8
|
+
@dependency = dependency
|
9
|
+
end
|
10
|
+
|
11
|
+
def update!(push: false)
|
12
|
+
git_for(dependency, push: push) do |git|
|
13
|
+
::Spandx::Core::Plugin.enhance(dependency)
|
14
|
+
Dependabot.logger.debug(git.patch) unless git.patch.empty?
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def branch_name_for(dependency)
|
21
|
+
"dependanot/#{dependency.package_manager}/#{dependency.name}"
|
22
|
+
end
|
23
|
+
|
24
|
+
def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
|
25
|
+
git = ::Dependabot::Git.new(dependency.path.parent)
|
26
|
+
default_branch = git.repo.head.name
|
27
|
+
git.checkout(branch: branch_name)
|
28
|
+
yield git
|
29
|
+
publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
|
30
|
+
ensure
|
31
|
+
git.repo.checkout_head(strategy: :force)
|
32
|
+
git.repo.checkout(default_branch)
|
33
|
+
end
|
34
|
+
|
35
|
+
def description_for(dependency)
|
36
|
+
<<~MARKDOWN
|
37
|
+
Bumps [#{dependency.name}](#)
|
38
|
+
|
39
|
+
<details>
|
40
|
+
<summary>Changelog</summary>
|
41
|
+
</details>
|
42
|
+
|
43
|
+
<details>
|
44
|
+
<summary>Commits</summary>
|
45
|
+
</details>
|
46
|
+
|
47
|
+
<br />
|
48
|
+
|
49
|
+
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
|
50
|
+
---
|
51
|
+
|
52
|
+
<details>
|
53
|
+
<summary>Dependabot commands and options</summary>
|
54
|
+
<br />
|
55
|
+
|
56
|
+
You can trigger Dependabot actions by commenting on this PR:
|
57
|
+
- `@dependabot rebase` will rebase this PR
|
58
|
+
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
|
59
|
+
- `@dependabot merge` will merge this PR after your CI passes on it
|
60
|
+
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
|
61
|
+
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
|
62
|
+
- `@dependabot reopen` will reopen this PR if it is closed
|
63
|
+
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
|
64
|
+
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
|
65
|
+
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
|
66
|
+
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
|
67
|
+
</details>
|
68
|
+
MARKDOWN
|
69
|
+
end
|
70
|
+
|
71
|
+
def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
|
72
|
+
git.commit(all: true, message: "chore: Update #{dependency.name}")
|
73
|
+
return unless push
|
74
|
+
|
75
|
+
git.push(remote: "origin", branch: branch_name)
|
76
|
+
Dependabot.octokit.create_pull_request(
|
77
|
+
GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
|
78
|
+
default_branch,
|
79
|
+
branch_name,
|
80
|
+
"chore(deps): bump #{dependency}",
|
81
|
+
description_for(dependency)
|
82
|
+
)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
data/lib/dependabot/version.rb
CHANGED
data/lib/dependabot.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "bundler"
|
3
4
|
require "github"
|
4
5
|
require "logger"
|
5
6
|
require "octokit"
|
@@ -7,6 +8,8 @@ require "rugged"
|
|
7
8
|
require "spandx"
|
8
9
|
|
9
10
|
require_relative "dependabot/bundler/update"
|
11
|
+
require_relative "dependabot/git"
|
12
|
+
require_relative "dependabot/publish"
|
10
13
|
require_relative "dependabot/tracer"
|
11
14
|
require_relative "dependabot/version"
|
12
15
|
|
@@ -14,7 +17,11 @@ module Dependabot
|
|
14
17
|
class Error < StandardError; end
|
15
18
|
|
16
19
|
def self.logger
|
17
|
-
@logger ||= Logger.new($stderr)
|
20
|
+
@logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::WARN)).tap do |x|
|
21
|
+
x.formatter = proc do |_severity, _datetime, _progname, message|
|
22
|
+
"[v#{VERSION}] #{message}\n"
|
23
|
+
end
|
24
|
+
end
|
18
25
|
end
|
19
26
|
|
20
27
|
def self.tracer
|
data/lib/github.rb
CHANGED
@@ -18,6 +18,14 @@ class GitHub
|
|
18
18
|
@workspace = workspace
|
19
19
|
end
|
20
20
|
|
21
|
+
class << self
|
22
|
+
def name_with_owner_from(url)
|
23
|
+
regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
|
24
|
+
match = url.match(regex)
|
25
|
+
match && match["nwo"]
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
21
29
|
private
|
22
30
|
|
23
31
|
def default_api_url
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependanot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-12-
|
11
|
+
date: 2021-12-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: octokit
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -42,16 +56,16 @@ dependencies:
|
|
42
56
|
name: spandx
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
|
-
- - "
|
59
|
+
- - ">="
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
61
|
+
version: 0.18.3
|
48
62
|
type: :runtime
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
|
-
- - "
|
66
|
+
- - ">="
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
68
|
+
version: 0.18.3
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
70
|
name: thor
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -66,6 +80,20 @@ dependencies:
|
|
66
80
|
- - "~>"
|
67
81
|
- !ruby/object:Gem::Version
|
68
82
|
version: '1.1'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: debug
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '1.4'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '1.4'
|
69
97
|
description: The Dependabot CLI
|
70
98
|
email:
|
71
99
|
- xlgmokha@github.com
|
@@ -82,6 +110,8 @@ files:
|
|
82
110
|
- lib/dependabot/bundler/update.rb
|
83
111
|
- lib/dependabot/cli.rb
|
84
112
|
- lib/dependabot/cli/scan.rb
|
113
|
+
- lib/dependabot/git.rb
|
114
|
+
- lib/dependabot/publish.rb
|
85
115
|
- lib/dependabot/tracer.rb
|
86
116
|
- lib/dependabot/version.rb
|
87
117
|
- lib/github.rb
|
@@ -90,6 +120,7 @@ licenses:
|
|
90
120
|
- MIT
|
91
121
|
metadata:
|
92
122
|
homepage_uri: https://github.com/dependanot/cli
|
123
|
+
rubygems_mfa_required: 'true'
|
93
124
|
post_install_message:
|
94
125
|
rdoc_options: []
|
95
126
|
require_paths:
|
@@ -105,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
105
136
|
- !ruby/object:Gem::Version
|
106
137
|
version: '0'
|
107
138
|
requirements: []
|
108
|
-
rubygems_version: 3.2.
|
139
|
+
rubygems_version: 3.2.32
|
109
140
|
signing_key:
|
110
141
|
specification_version: 4
|
111
142
|
summary: The Dependabot CLI
|