dependanot 0.1.3 → 0.1.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/dependabot.gemspec +4 -1
  3. data/lib/dependabot/bundler/update.rb +1 -1
  4. data/lib/dependabot/cli/scan.rb +8 -20
  5. data/lib/dependabot/cli.rb +4 -1
  6. data/lib/dependabot/git.rb +18 -6
  7. data/lib/dependabot/publish.rb +63 -0
  8. data/lib/dependabot/version.rb +1 -1
  9. data/lib/dependabot.rb +7 -1
  10. data/lib/github.rb +8 -0
  11. metadata +36 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6c42ad297f803bdccb1d62233bfe82e202c4427afe4a11466e1fd726f3b52d6
4
- data.tar.gz: a28ae84f166c0ce446660fe28f01f3f55c776398236816719254ca22cf2eee8f
3
+ metadata.gz: 2107d2fc9ef2ce61680a0a62bbb248548e91dea25ac4c05e2c426197fb0aebc6
4
+ data.tar.gz: 965595379cb72610d767afcbab36a51891aa1f0a4be7ae83b9e6437a802f36b4
5
5
  SHA512:
6
- metadata.gz: 8fe7d3235412ccced81df898d4d12b7f248bdac24a6d5a7d56e1161b3b1beb57f6e04a735deeb6468af1e174b2cecee0977b8ec186542f4bf48061cbf53402f1
7
- data.tar.gz: 5e2d053a77a7bfdeda8d151d849f1ee51fb74a5a2f875b49249da24b54342f950e42ceade96f69f09d17c7fde6eebdf5fff32b5f07bbe1351e840f4d70c3641c
6
+ metadata.gz: 2ea7a9dac327b8ff470db6392f6734bef39e71b41665d1f1d350bcdb0adb3093627ed0ad1d5e1cc16fd08745ab088fe9e2f7f9b7098e825ac7abc47dbfba2c5d
7
+ data.tar.gz: 6a29693a707725fcec357cc453a9f33bf9a329ec9947e23ba893f87f0acd8aad5ca41221a805d83b8f957393129ef33e0a4c0db38d84a9d26f6e245361cf2de3
data/dependabot.gemspec CHANGED
@@ -12,13 +12,16 @@ Gem::Specification.new do |spec|
12
12
  spec.homepage = "https://github.com/dependanot/cli"
13
13
  spec.license = "MIT"
14
14
  spec.metadata["homepage_uri"] = spec.homepage
15
+ spec.metadata["rubygems_mfa_required"] = "true"
15
16
  spec.name = "dependanot"
16
17
  spec.require_paths = ["lib"]
17
18
  spec.required_ruby_version = ">= 3.0.0"
18
19
  spec.summary = "The Dependabot CLI"
19
20
  spec.version = Dependabot::VERSION
21
+ spec.add_dependency "bundler", "~> 2.0"
20
22
  spec.add_dependency "octokit", "~> 4.0"
21
23
  spec.add_dependency "rugged", "~> 1.2"
22
- spec.add_dependency "spandx", "~> 0.1"
24
+ spec.add_dependency "spandx", ">= 0.18.3"
23
25
  spec.add_dependency "thor", "~> 1.1"
26
+ spec.add_development_dependency "debug", "~> 1.4"
24
27
  end
data/lib/dependabot/bundler/update.rb CHANGED
@@ -8,7 +8,7 @@ module Dependabot
8
8
 
9
9
  Dir.chdir(dependency.path.parent) do
10
10
  ::Bundler.with_unbundled_env do
11
- system "bundle update #{dependency.name} --conservative --quiet"
11
+ system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
12
12
  end
13
13
  end
14
14
  end
data/lib/dependabot/cli/scan.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Dependabot
4
4
  module CLI
5
5
  class Scan
6
- attr_reader :path
6
+ attr_reader :path, :options
7
7
 
8
8
  def initialize(path, options)
9
9
  @path = ::Pathname.new(path)
@@ -12,7 +12,7 @@ module Dependabot
12
12
 
13
13
  def run
14
14
  each_dependency do |dependency|
15
- update!(dependency)
15
+ update(dependency) if match?(dependency)
16
16
  end
17
17
  end
18
18
 
@@ -20,7 +20,7 @@ module Dependabot
20
20
 
21
21
  def each_file(&block)
22
22
  ::Spandx::Core::PathTraversal
23
- .new(path, recursive: false)
23
+ .new(path, recursive: options[:recursive])
24
24
  .each(&block)
25
25
  end
26
26
 
@@ -30,25 +30,13 @@ module Dependabot
30
30
  end
31
31
  end
32
32
 
33
- def update!(dependency)
34
- puts "Updating #{dependency.name}..."
35
- git_for(dependency) do |git|
36
- ::Spandx::Core::Plugin.enhance(dependency)
37
- puts git.patch
38
- git.commit(all: true, message: "Updating #{dependency.name}")
39
- end
40
- end
41
-
42
- def branch_name_for(dependency)
43
- "dependanot/#{dependency.package_manager}/#{dependency.name}"
33
+ def update(dependency)
34
+ ::Dependabot.logger.debug("Updating #{dependency.name}")
35
+ ::Dependabot::Publish.new(dependency).update!(push: options[:push])
44
36
  end
45
37
 
46
- def git_for(dependency, branch_name: branch_name_for(dependency))
47
- git = ::Dependabot::Git.new(dependency.path.parent)
48
- git.checkout(branch: branch_name)
49
- yield git
50
- ensure
51
- git.repo.checkout_head(strategy: :force)
38
+ def match?(dependency)
39
+ options[:dependency].nil? || options[:dependency] == dependency.name
52
40
  end
53
41
  end
54
42
  end
data/lib/dependabot/cli.rb CHANGED
@@ -7,7 +7,10 @@ require "dependabot/cli/scan"
7
7
  module Dependabot
8
8
  module CLI
9
9
  class Application < Thor
10
- desc "scan [DIRECTORY]", "Scan a directory"
10
+ desc "scan [OPTION]... [FILE]", "Scan a directory or file for dependencies to update"
11
+ method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
12
+ method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
13
+ method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
11
14
  def scan(path = Pathname.pwd)
12
15
  ::Dependabot::CLI::Scan.new(path, options).run
13
16
  end
data/lib/dependabot/git.rb CHANGED
@@ -14,6 +14,10 @@ module Dependabot
14
14
  repo.checkout(branch)
15
15
  end
16
16
 
17
+ def push(remote: "origin", branch: "HEAD")
18
+ repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
19
+ end
20
+
17
21
  def patch
18
22
  repo.index.diff.patch
19
23
  end
@@ -27,18 +31,26 @@ module Dependabot
27
31
  tree: repo.index.write_tree(repo),
28
32
  update_ref: "HEAD",
29
33
  author: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
34
+ committer: { email: "dependabot[bot]@users.noreply.github.com", name: "dependabot[bot]" },
30
35
  })
31
36
  end
32
37
 
33
38
  private
34
39
 
35
40
  def stage(path)
36
- repo.index.read_tree(repo.head.target.tree)
37
- repo.index.add(
38
- path: path,
39
- oid: repo.write(File.binread(path), :blob),
40
- mode: File.stat(path).mode
41
- )
41
+ repo.index.add(path)
42
+ end
43
+
44
+ def credentials_for(remote)
45
+ if ssh?(repo.remotes[remote].url)
46
+ Rugged::Credentials::SshKeyFromAgent.new(username: "git")
47
+ else
48
+ Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
49
+ end
50
+ end
51
+
52
+ def ssh?(url)
53
+ url.include?("git@github.com:")
42
54
  end
43
55
  end
44
56
  end
data/lib/dependabot/publish.rb ADDED
@@ -0,0 +1,63 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ class Publish
5
+ attr_reader :dependency
6
+
7
+ def initialize(dependency)
8
+ @dependency = dependency
9
+ end
10
+
11
+ def update!(push: false)
12
+ git_for(dependency, push: push) do |git|
13
+ ::Spandx::Core::Plugin.enhance(dependency)
14
+ Dependabot.logger.debug(git.patch) unless git.patch.empty?
15
+ end
16
+ end
17
+
18
+ private
19
+
20
+ def branch_name_for(dependency)
21
+ "dependanot/#{dependency.package_manager}/#{dependency.name}"
22
+ end
23
+
24
+ def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
25
+ git = ::Dependabot::Git.new(dependency.path.parent)
26
+ default_branch = git.repo.head.name
27
+ git.checkout(branch: branch_name)
28
+ yield git
29
+ publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
30
+ ensure
31
+ git.repo.checkout_head(strategy: :force)
32
+ git.repo.checkout(default_branch)
33
+ end
34
+
35
+ def description_for(dependency)
36
+ <<~MARKDOWN
37
+ Bumps [#{dependency.name}](#)
38
+
39
+ <details>
40
+ <summary>Changelog</summary>
41
+ </details>
42
+
43
+ <details>
44
+ <summary>Commits</summary>
45
+ </details>
46
+ MARKDOWN
47
+ end
48
+
49
+ def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
50
+ git.commit(all: true, message: "chore: Update #{dependency.name}")
51
+ return unless push
52
+
53
+ git.push(remote: "origin", branch: branch_name)
54
+ Dependabot.octokit.create_pull_request(
55
+ GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
56
+ default_branch,
57
+ branch_name,
58
+ "chore(deps): bump #{dependency}",
59
+ description_for(dependency)
60
+ )
61
+ end
62
+ end
63
+ end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.1.3"
4
+ VERSION = "0.1.7"
5
5
  end
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "bundler"
3
4
  require "github"
4
5
  require "logger"
5
6
  require "octokit"
@@ -8,6 +9,7 @@ require "spandx"
8
9
 
9
10
  require_relative "dependabot/bundler/update"
10
11
  require_relative "dependabot/git"
12
+ require_relative "dependabot/publish"
11
13
  require_relative "dependabot/tracer"
12
14
  require_relative "dependabot/version"
13
15
 
@@ -15,7 +17,11 @@ module Dependabot
15
17
  class Error < StandardError; end
16
18
 
17
19
  def self.logger
18
- @logger ||= Logger.new($stderr)
20
+ @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::WARN)).tap do |x|
21
+ x.formatter = proc do |_severity, _datetime, _progname, message|
22
+ "[v#{VERSION}] #{message}\n"
23
+ end
24
+ end
19
25
  end
20
26
 
21
27
  def self.tracer
data/lib/github.rb CHANGED
@@ -18,6 +18,14 @@ class GitHub
18
18
  @workspace = workspace
19
19
  end
20
20
 
21
+ class << self
22
+ def name_with_owner_from(url)
23
+ regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
24
+ match = url.match(regex)
25
+ match && match["nwo"]
26
+ end
27
+ end
28
+
21
29
  private
22
30
 
23
31
  def default_api_url
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependanot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-12-20 00:00:00.000000000 Z
11
+ date: 2021-12-21 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: octokit
15
29
  requirement: !ruby/object:Gem::Requirement
@@ -42,16 +56,16 @@ dependencies:
42
56
  name: spandx
43
57
  requirement: !ruby/object:Gem::Requirement
44
58
  requirements:
45
- - - "~>"
59
+ - - ">="
46
60
  - !ruby/object:Gem::Version
47
- version: '0.1'
61
+ version: 0.18.3
48
62
  type: :runtime
49
63
  prerelease: false
50
64
  version_requirements: !ruby/object:Gem::Requirement
51
65
  requirements:
52
- - - "~>"
66
+ - - ">="
53
67
  - !ruby/object:Gem::Version
54
- version: '0.1'
68
+ version: 0.18.3
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: thor
57
71
  requirement: !ruby/object:Gem::Requirement
@@ -66,6 +80,20 @@ dependencies:
66
80
  - - "~>"
67
81
  - !ruby/object:Gem::Version
68
82
  version: '1.1'
83
+ - !ruby/object:Gem::Dependency
84
+ name: debug
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.4'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.4'
69
97
  description: The Dependabot CLI
70
98
  email:
71
99
  - xlgmokha@github.com
@@ -83,6 +111,7 @@ files:
83
111
  - lib/dependabot/cli.rb
84
112
  - lib/dependabot/cli/scan.rb
85
113
  - lib/dependabot/git.rb
114
+ - lib/dependabot/publish.rb
86
115
  - lib/dependabot/tracer.rb
87
116
  - lib/dependabot/version.rb
88
117
  - lib/github.rb
@@ -91,6 +120,7 @@ licenses:
91
120
  - MIT
92
121
  metadata:
93
122
  homepage_uri: https://github.com/dependanot/cli
123
+ rubygems_mfa_required: 'true'
94
124
  post_install_message:
95
125
  rdoc_options: []
96
126
  require_paths: