RubyGems - dependanot - Versions diffs - 0.1.4 → 0.1.8 - Mend

dependanot 0.1.4 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/dependabot.gemspec +4 -1
data/lib/dependabot/bundler/update.rb +1 -1
data/lib/dependabot/cli/scan.rb +8 -20
data/lib/dependabot/cli.rb +4 -1
data/lib/dependabot/git.rb +22 -7
data/lib/dependabot/publish.rb +63 -0
data/lib/dependabot/version.rb +1 -1
data/lib/dependabot.rb +7 -1
data/lib/github.rb +8 -0
metadata +36 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53cce6d2d8b3c96ccdb354fc9016430582edb927c88d378d2435d7124740c14f
-  data.tar.gz: 377486bb6cc1f981601b078f0963158fa0179c10d284b7f5d3eda7e2584897b4
+  metadata.gz: be037e679b83203c393bc46caa305527117b537d328ccbee885db63c02bc36da
+  data.tar.gz: cf1ad286d01c682b2f5d4a6f3ed5914220d10fef35053ce2c09c4f2b2c845296
 SHA512:
-  metadata.gz: e343e2f4588671e2b40f40bf1c606e0bb45a6c7cfd64447b311092188fa5ace12de92e77bb90a6a3f0c66c2b8aad434ca481be249f252a7d28eea84b7e32fb9e
-  data.tar.gz: e1f282d4000ae6a3acd8a595dee0d36b0be50005603cab945e460438d08a733c4c50f79ca8667ea67ddd533b548f082df08e4d46582d8c5b44a0ae9000543503
+  metadata.gz: 174ff5b97891e0b2888ba0b2de5bed6b5d3690f9547d0fc87452fa5eb3c822eb82293857af4cac8b0d638fb3ddbed7b8cd00fe20d5211fa72bf5827639b30f3e
+  data.tar.gz: e184234e28d33d1c1fbdb06693dfa175745c9a864cb80ac7a987aa1a2b3d2ac25d8aea96a9f79e7c74b0c10b3a17df2e8424bb80ca61f1b6d1be127f911a3151

data/dependabot.gemspec CHANGED Viewed

@@ -12,13 +12,16 @@ Gem::Specification.new do |spec|
   spec.homepage = "https://github.com/dependanot/cli"
   spec.license = "MIT"
   spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["rubygems_mfa_required"] = "true"
   spec.name = "dependanot"
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 3.0.0"
   spec.summary = "The Dependabot CLI"
   spec.version = Dependabot::VERSION
+  spec.add_dependency "bundler", "~> 2.0"
   spec.add_dependency "octokit", "~> 4.0"
   spec.add_dependency "rugged", "~> 1.2"
-  spec.add_dependency "spandx", "~> 0.1"
+  spec.add_dependency "spandx", ">= 0.18.3"
   spec.add_dependency "thor", "~> 1.1"
+  spec.add_development_dependency "debug", "~> 1.4"
 end

data/lib/dependabot/bundler/update.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dependabot
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
-            system "bundle update #{dependency.name} --conservative --quiet"
+            system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
           end
         end
       end

data/lib/dependabot/cli/scan.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Dependabot
   module CLI
     class Scan
-      attr_reader :path
+      attr_reader :path, :options
       def initialize(path, options)
         @path = ::Pathname.new(path)
@@ -12,7 +12,7 @@ module Dependabot
       def run
         each_dependency do |dependency|
-          update!(dependency)
+          update(dependency) if match?(dependency)
         end
       end
@@ -20,7 +20,7 @@ module Dependabot
       def each_file(&block)
         ::Spandx::Core::PathTraversal
-          .new(path, recursive: false)
+          .new(path, recursive: options[:recursive])
           .each(&block)
       end
@@ -30,25 +30,13 @@ module Dependabot
         end
       end
-      def update!(dependency)
-        puts "Updating #{dependency.name}..."
-        git_for(dependency) do |git|
-          ::Spandx::Core::Plugin.enhance(dependency)
-          puts git.patch
-          git.commit(all: true, message: "Updating #{dependency.name}")
-        end
-      end
-      def branch_name_for(dependency)
-        "dependanot/#{dependency.package_manager}/#{dependency.name}"
+      def update(dependency)
+        ::Dependabot.logger.debug("Updating #{dependency.name}…")
+        ::Dependabot::Publish.new(dependency).update!(push: options[:push])
       end
-      def git_for(dependency, branch_name: branch_name_for(dependency))
-        git = ::Dependabot::Git.new(dependency.path.parent)
-        git.checkout(branch: branch_name)
-        yield git
-      ensure
-        git.repo.checkout_head(strategy: :force)
+      def match?(dependency)
+        options[:dependency].nil? || options[:dependency] == dependency.name
       end
     end
   end

data/lib/dependabot/cli.rb CHANGED Viewed

@@ -7,7 +7,10 @@ require "dependabot/cli/scan"
 module Dependabot
   module CLI
     class Application < Thor
-      desc "scan [DIRECTORY]", "Scan a directory"
+      desc "scan [OPTION]... [FILE]", "Scan a directory or file for dependencies to update"
+      method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
+      method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
+      method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
       def scan(path = Pathname.pwd)
         ::Dependabot::CLI::Scan.new(path, options).run
       end

data/lib/dependabot/git.rb CHANGED Viewed

@@ -5,7 +5,6 @@ module Dependabot
     attr_reader :repo
     def initialize(path)
-      @path = path
       @repo = Rugged::Repository.discover(path)
     end
@@ -14,6 +13,14 @@ module Dependabot
       repo.checkout(branch)
     end
+    def push(remote: "origin", branch: "HEAD")
+      repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
+    rescue StandardError
+      Dir.chdir(File.dirname(repo.path)) do
+        system("git push #{remote} #{branch}", exception: true)
+      end
+    end
     def patch
       repo.index.diff.patch
     end
@@ -34,12 +41,20 @@ module Dependabot
     private
     def stage(path)
-      repo.index.read_tree(repo.head.target.tree)
-      repo.index.add(
-        path: path,
-        oid: repo.write(File.binread(path), :blob),
-        mode: File.stat(path).mode
-      )
+      repo.index.add(path)
+    end
+    def credentials_for(remote)
+      Dependabot.logger.debug(repo.remotes[remote].url)
+      if ssh?(repo.remotes[remote].url)
+        Rugged::Credentials::SshKeyFromAgent.new(username: "git")
+      else
+        Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
+      end
+    end
+    def ssh?(url)
+      url.include?("git@github.com:")
     end
   end
 end

data/lib/dependabot/publish.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+module Dependabot
+  class Publish
+    attr_reader :dependency
+    def initialize(dependency)
+      @dependency = dependency
+    end
+    def update!(push: false)
+      git_for(dependency, push: push) do |git|
+        ::Spandx::Core::Plugin.enhance(dependency)
+        Dependabot.logger.debug(git.patch) unless git.patch.empty?
+      end
+    end
+    private
+    def branch_name_for(dependency)
+      "dependanot/#{dependency.package_manager}/#{dependency.name}"
+    end
+    def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
+      git = ::Dependabot::Git.new(dependency.path.parent)
+      default_branch = git.repo.head.name
+      git.checkout(branch: branch_name)
+      yield git
+      publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
+    ensure
+      git.repo.checkout_head(strategy: :force)
+      git.repo.checkout(default_branch)
+    end
+    def description_for(dependency)
+      <<~MARKDOWN
+        Bumps [#{dependency.name}](#)
+        <details>
+        <summary>Changelog</summary>
+        </details>
+        <details>
+        <summary>Commits</summary>
+        </details>
+      MARKDOWN
+    end
+    def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
+      git.commit(all: true, message: "chore: Update #{dependency.name}")
+      return unless push
+      git.push(remote: "origin", branch: branch_name)
+      Dependabot.octokit.create_pull_request(
+        GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+        default_branch,
+        branch_name,
+        "chore(deps): bump #{dependency.name} from #{dependency.version}",
+        description_for(dependency)
+      )
+    end
+  end
+end

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.1.4"
+  VERSION = "0.1.8"
 end

data/lib/dependabot.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require "bundler"
 require "github"
 require "logger"
 require "octokit"
@@ -8,6 +9,7 @@ require "spandx"
 require_relative "dependabot/bundler/update"
 require_relative "dependabot/git"
+require_relative "dependabot/publish"
 require_relative "dependabot/tracer"
 require_relative "dependabot/version"
@@ -15,7 +17,11 @@ module Dependabot
   class Error < StandardError; end
   def self.logger
-    @logger ||= Logger.new($stderr)
+    @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::WARN)).tap do |x|
+      x.formatter = proc do |_severity, _datetime, _progname, message|
+        "[v#{VERSION}] #{message}\n"
+      end
+    end
   end
   def self.tracer

data/lib/github.rb CHANGED Viewed

@@ -18,6 +18,14 @@ class GitHub
     @workspace = workspace
   end
+  class << self
+    def name_with_owner_from(url)
+      regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
+      match = url.match(regex)
+      match && match["nwo"]
+    end
+  end
   private
   def default_api_url

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.8
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-20 00:00:00.000000000 Z
+date: 2021-12-21 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: octokit
   requirement: !ruby/object:Gem::Requirement
@@ -42,16 +56,16 @@ dependencies:
   name: spandx
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 0.18.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 0.18.3
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
 description: The Dependabot CLI
 email:
 - xlgmokha@github.com
@@ -83,6 +111,7 @@ files:
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/git.rb
+- lib/dependabot/publish.rb
 - lib/dependabot/tracer.rb
 - lib/dependabot/version.rb
 - lib/github.rb
@@ -91,6 +120,7 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/dependanot/cli
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths: