dependanot 0.1.4 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53cce6d2d8b3c96ccdb354fc9016430582edb927c88d378d2435d7124740c14f
-  data.tar.gz: 377486bb6cc1f981601b078f0963158fa0179c10d284b7f5d3eda7e2584897b4
+  metadata.gz: be037e679b83203c393bc46caa305527117b537d328ccbee885db63c02bc36da
+  data.tar.gz: cf1ad286d01c682b2f5d4a6f3ed5914220d10fef35053ce2c09c4f2b2c845296
 SHA512:
-  metadata.gz: e343e2f4588671e2b40f40bf1c606e0bb45a6c7cfd64447b311092188fa5ace12de92e77bb90a6a3f0c66c2b8aad434ca481be249f252a7d28eea84b7e32fb9e
-  data.tar.gz: e1f282d4000ae6a3acd8a595dee0d36b0be50005603cab945e460438d08a733c4c50f79ca8667ea67ddd533b548f082df08e4d46582d8c5b44a0ae9000543503
+  metadata.gz: 174ff5b97891e0b2888ba0b2de5bed6b5d3690f9547d0fc87452fa5eb3c822eb82293857af4cac8b0d638fb3ddbed7b8cd00fe20d5211fa72bf5827639b30f3e
+  data.tar.gz: e184234e28d33d1c1fbdb06693dfa175745c9a864cb80ac7a987aa1a2b3d2ac25d8aea96a9f79e7c74b0c10b3a17df2e8424bb80ca61f1b6d1be127f911a3151

data/dependabot.gemspec

@@ -12,13 +12,16 @@ Gem::Specification.new do |spec|
   spec.homepage = "https://github.com/dependanot/cli"
   spec.license = "MIT"
   spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["rubygems_mfa_required"] = "true"
   spec.name = "dependanot"
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 3.0.0"
   spec.summary = "The Dependabot CLI"
   spec.version = Dependabot::VERSION
+  spec.add_dependency "bundler", "~> 2.0"
   spec.add_dependency "octokit", "~> 4.0"
   spec.add_dependency "rugged", "~> 1.2"
-  spec.add_dependency "spandx", "~> 0.1"
+  spec.add_dependency "spandx", ">= 0.18.3"
   spec.add_dependency "thor", "~> 1.1"
+  spec.add_development_dependency "debug", "~> 1.4"
 end

data/lib/dependabot/bundler/update.rb

@@ -8,7 +8,7 @@ module Dependabot
 
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
-            system "bundle update #{dependency.name} --conservative --quiet"
+            system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
           end
         end
       end

data/lib/dependabot/cli/scan.rb

@@ -3,7 +3,7 @@
 module Dependabot
   module CLI
     class Scan
-      attr_reader :path
+      attr_reader :path, :options
 
       def initialize(path, options)
         @path = ::Pathname.new(path)
@@ -12,7 +12,7 @@ module Dependabot
 
       def run
         each_dependency do |dependency|
-          update!(dependency)
+          update(dependency) if match?(dependency)
         end
       end
 
@@ -20,7 +20,7 @@ module Dependabot
 
       def each_file(&block)
         ::Spandx::Core::PathTraversal
-          .new(path, recursive: false)
+          .new(path, recursive: options[:recursive])
           .each(&block)
       end
 
@@ -30,25 +30,13 @@ module Dependabot
         end
       end
 
-      def update!(dependency)
-        puts "Updating #{dependency.name}..."
-        git_for(dependency) do |git|
-          ::Spandx::Core::Plugin.enhance(dependency)
-          puts git.patch
-          git.commit(all: true, message: "Updating #{dependency.name}")
-        end
-      end
-
-      def branch_name_for(dependency)
-        "dependanot/#{dependency.package_manager}/#{dependency.name}"
+      def update(dependency)
+        ::Dependabot.logger.debug("Updating #{dependency.name}…")
+        ::Dependabot::Publish.new(dependency).update!(push: options[:push])
       end
 
-      def git_for(dependency, branch_name: branch_name_for(dependency))
-        git = ::Dependabot::Git.new(dependency.path.parent)
-        git.checkout(branch: branch_name)
-        yield git
-      ensure
-        git.repo.checkout_head(strategy: :force)
+      def match?(dependency)
+        options[:dependency].nil? || options[:dependency] == dependency.name
       end
     end
   end

data/lib/dependabot/cli.rb

@@ -7,7 +7,10 @@ require "dependabot/cli/scan"
 module Dependabot
   module CLI
     class Application < Thor
-      desc "scan [DIRECTORY]", "Scan a directory"
+      desc "scan [OPTION]... [FILE]", "Scan a directory or file for dependencies to update"
+      method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
+      method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
+      method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
       def scan(path = Pathname.pwd)
         ::Dependabot::CLI::Scan.new(path, options).run
       end

data/lib/dependabot/git.rb

@@ -5,7 +5,6 @@ module Dependabot
     attr_reader :repo
 
     def initialize(path)
-      @path = path
       @repo = Rugged::Repository.discover(path)
     end
 
@@ -14,6 +13,14 @@ module Dependabot
       repo.checkout(branch)
     end
 
+    def push(remote: "origin", branch: "HEAD")
+      repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
+    rescue StandardError
+      Dir.chdir(File.dirname(repo.path)) do
+        system("git push #{remote} #{branch}", exception: true)
+      end
+    end
+
     def patch
       repo.index.diff.patch
     end
@@ -34,12 +41,20 @@ module Dependabot
     private
 
     def stage(path)
-      repo.index.read_tree(repo.head.target.tree)
-      repo.index.add(
-        path: path,
-        oid: repo.write(File.binread(path), :blob),
-        mode: File.stat(path).mode
-      )
+      repo.index.add(path)
+    end
+
+    def credentials_for(remote)
+      Dependabot.logger.debug(repo.remotes[remote].url)
+      if ssh?(repo.remotes[remote].url)
+        Rugged::Credentials::SshKeyFromAgent.new(username: "git")
+      else
+        Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
+      end
+    end
+
+    def ssh?(url)
+      url.include?("git@github.com:")
     end
   end
 end

data/lib/dependabot/publish.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class Publish
+    attr_reader :dependency
+
+    def initialize(dependency)
+      @dependency = dependency
+    end
+
+    def update!(push: false)
+      git_for(dependency, push: push) do |git|
+        ::Spandx::Core::Plugin.enhance(dependency)
+        Dependabot.logger.debug(git.patch) unless git.patch.empty?
+      end
+    end
+
+    private
+
+    def branch_name_for(dependency)
+      "dependanot/#{dependency.package_manager}/#{dependency.name}"
+    end
+
+    def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
+      git = ::Dependabot::Git.new(dependency.path.parent)
+      default_branch = git.repo.head.name
+      git.checkout(branch: branch_name)
+      yield git
+      publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
+    ensure
+      git.repo.checkout_head(strategy: :force)
+      git.repo.checkout(default_branch)
+    end
+
+    def description_for(dependency)
+      <<~MARKDOWN
+        Bumps [#{dependency.name}](#)
+
+        <details>
+        <summary>Changelog</summary>
+        </details>
+
+        <details>
+        <summary>Commits</summary>
+        </details>
+      MARKDOWN
+    end
+
+    def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
+      git.commit(all: true, message: "chore: Update #{dependency.name}")
+      return unless push
+
+      git.push(remote: "origin", branch: branch_name)
+      Dependabot.octokit.create_pull_request(
+        GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+        default_branch,
+        branch_name,
+        "chore(deps): bump #{dependency.name} from #{dependency.version}",
+        description_for(dependency)
+      )
+    end
+  end
+end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.1.4"
+  VERSION = "0.1.8"
 end

data/lib/dependabot.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "bundler"
 require "github"
 require "logger"
 require "octokit"
@@ -8,6 +9,7 @@ require "spandx"
 
 require_relative "dependabot/bundler/update"
 require_relative "dependabot/git"
+require_relative "dependabot/publish"
 require_relative "dependabot/tracer"
 require_relative "dependabot/version"
 
@@ -15,7 +17,11 @@ module Dependabot
   class Error < StandardError; end
 
   def self.logger
-    @logger ||= Logger.new($stderr)
+    @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::WARN)).tap do |x|
+      x.formatter = proc do |_severity, _datetime, _progname, message|
+        "[v#{VERSION}] #{message}\n"
+      end
+    end
   end
 
   def self.tracer

data/lib/github.rb

@@ -18,6 +18,14 @@ class GitHub
     @workspace = workspace
   end
 
+  class << self
+    def name_with_owner_from(url)
+      regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
+      match = url.match(regex)
+      match && match["nwo"]
+    end
+  end
+
   private
 
   def default_api_url

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.8
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-20 00:00:00.000000000 Z
+date: 2021-12-21 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: octokit
   requirement: !ruby/object:Gem::Requirement
@@ -42,16 +56,16 @@ dependencies:
   name: spandx
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 0.18.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 0.18.3
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
 description: The Dependabot CLI
 email:
 - xlgmokha@github.com
@@ -83,6 +111,7 @@ files:
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/git.rb
+- lib/dependabot/publish.rb
 - lib/dependabot/tracer.rb
 - lib/dependabot/version.rb
 - lib/github.rb
@@ -91,6 +120,7 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/dependanot/cli
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths: