dependanot 0.1.5 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76575ad77b236ed9f2b0c556c057e519aaeb95724be3b1ac2ab8207a6183950c
-  data.tar.gz: e96055f60fcd2f9af0c2989a95b273147043560492446f8b51a05ca817692525
+  metadata.gz: e34d7bc44fc32487ee5bf6d9c7582282fd2af8c365b9a8e02bf3a00c82587218
+  data.tar.gz: 4c3af4d15049a52d8767f3d9a204b7ce3e54ab507d8cf735749a9c6c234a2528
 SHA512:
-  metadata.gz: 9c3c3eea1d0389ab02b1bc847cd6411d0d8fbf0a7a9b15d0b1a38f546a199f7598100dbda8a83b1af6a3028e70acf23a3726c29d45cc6c84106f1c65b61d1612
-  data.tar.gz: 9b5b19f79b7c7be095747d20a9e5b260587193c75a5adfd963b4aa5d1e4b8f3790d685defc13956cc56b11e010458689613ccd17d1026f609b794bb1b217b603
+  metadata.gz: 1914dc7d10d63356e17d7ee4ab551b219d3c482107a3c072b94dad414129ab5d3adec217f88d810419d3320dd3d087198fa122c89212fd74e93c3ad56aff65fa
+  data.tar.gz: 034c3507b26657718121ab7ebf3049408c65d96ca94696031f248e5b80996ab2ffaa736f75bad4012cd9ca762c63a50d202c8ae6fb2fe1f40d72883c699cfd5f

data/dependabot.gemspec

@@ -23,4 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rugged", "~> 1.2"
   spec.add_dependency "spandx", ">= 0.18.3"
   spec.add_dependency "thor", "~> 1.1"
+  spec.add_development_dependency "debug", "~> 1.4"
 end

data/lib/dependabot/bundler/update.rb

@@ -8,7 +8,7 @@ module Dependabot
 
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
-            system "bundle update #{dependency.name} --conservative --quiet"
+            system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
           end
         end
       end

data/lib/dependabot/cli/scan.rb

@@ -3,7 +3,7 @@
 module Dependabot
   module CLI
     class Scan
-      attr_reader :path
+      attr_reader :path, :options
 
       def initialize(path, options)
         @path = ::Pathname.new(path)
@@ -12,7 +12,7 @@ module Dependabot
 
       def run
         each_dependency do |dependency|
-          update!(dependency)
+          update(dependency) if match?(dependency)
         end
       end
 
@@ -20,7 +20,7 @@ module Dependabot
 
       def each_file(&block)
         ::Spandx::Core::PathTraversal
-          .new(path, recursive: false)
+          .new(path, recursive: options[:recursive])
           .each(&block)
       end
 
@@ -30,27 +30,16 @@ module Dependabot
         end
       end
 
-      def update!(dependency)
-        puts "Updating #{dependency.name}..."
-        git_for(dependency) do |git|
-          ::Spandx::Core::Plugin.enhance(dependency)
-          puts git.patch
-          git.commit(all: true, message: "Updating #{dependency.name}")
-        end
-      end
-
-      def branch_name_for(dependency)
-        "dependanot/#{dependency.package_manager}/#{dependency.name}"
+      def update(dependency)
+        ::Dependabot.logger.info("Updating #{dependency.name}…")
+        ::Dependabot::Publish.new(dependency).update!(push: options[:push])
+      rescue StandardError => boom
+        Dependabot.logger.error(boom)
+        boom.backtrace.each { |x| Dependabot.logger.debug(x) }
       end
 
-      def git_for(dependency, branch_name: branch_name_for(dependency))
-        git = ::Dependabot::Git.new(dependency.path.parent)
-        default_branch = git.repo.head.name
-        git.checkout(branch: branch_name)
-        yield git
-      ensure
-        git.repo.checkout_head(strategy: :force)
-        git.repo.checkout(default_branch)
+      def match?(dependency)
+        options[:dependency].nil? || options[:dependency] == dependency.name
       end
     end
   end

data/lib/dependabot/cli.rb

@@ -7,7 +7,10 @@ require "dependabot/cli/scan"
 module Dependabot
   module CLI
     class Application < Thor
-      desc "scan [DIRECTORY]", "Scan a directory"
+      desc "scan [OPTION]... [FILE]", "Scan a directory or file for dependencies to update"
+      method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
+      method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
+      method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
       def scan(path = Pathname.pwd)
         ::Dependabot::CLI::Scan.new(path, options).run
       end

data/lib/dependabot/git.rb

@@ -5,7 +5,6 @@ module Dependabot
     attr_reader :repo
 
     def initialize(path)
-      @path = path
       @repo = Rugged::Repository.discover(path)
     end
 
@@ -14,6 +13,14 @@ module Dependabot
       repo.checkout(branch)
     end
 
+    def push(remote: "origin", branch: "HEAD")
+      repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
+    rescue StandardError
+      Dir.chdir(File.dirname(repo.path)) do
+        system("git push #{remote} #{branch}", exception: true)
+      end
+    end
+
     def patch
       repo.index.diff.patch
     end
@@ -36,5 +43,18 @@ module Dependabot
     def stage(path)
       repo.index.add(path)
     end
+
+    def credentials_for(remote)
+      Dependabot.logger.debug(repo.remotes[remote].url)
+      if ssh?(repo.remotes[remote].url)
+        Rugged::Credentials::SshKeyFromAgent.new(username: "git")
+      else
+        Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
+      end
+    end
+
+    def ssh?(url)
+      url.include?("git@github.com:")
+    end
   end
 end

data/lib/dependabot/publish.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class Publish
+    attr_reader :dependency
+
+    def initialize(dependency)
+      @dependency = dependency
+    end
+
+    def update!(push: false)
+      git_for(dependency, push: push) do |git|
+        ::Spandx::Core::Plugin.enhance(dependency)
+        Dependabot.logger.debug(git.patch) unless git.patch.empty?
+      end
+    end
+
+    private
+
+    def branch_name_for(dependency)
+      "dependanot/#{dependency.package_manager}/#{dependency.name}"
+    end
+
+    def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
+      git = ::Dependabot::Git.new(dependency.path.parent)
+      default_branch = git.repo.head.name
+      git.checkout(branch: branch_name)
+      yield git
+      publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
+    ensure
+      git.repo.checkout_head(strategy: :force)
+      git.repo.checkout(default_branch)
+    end
+
+    def description_for(dependency)
+      <<~MARKDOWN
+        Bumps [#{dependency.name}](#)
+
+        <details>
+        <summary>Changelog</summary>
+        </details>
+
+        <details>
+        <summary>Commits</summary>
+        </details>
+      MARKDOWN
+    end
+
+    def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
+      git.commit(all: true, message: "chore: Update #{dependency.name}")
+      return unless push
+
+      git.push(remote: "origin", branch: branch_name)
+      Dependabot.octokit.create_pull_request(
+        GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+        default_branch,
+        branch_name,
+        "chore(deps): bump #{dependency.name} from #{dependency.version}",
+        description_for(dependency)
+      )
+    end
+  end
+end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.1.5"
+  VERSION = "0.1.9"
 end

data/lib/dependabot.rb

@@ -9,6 +9,7 @@ require "spandx"
 
 require_relative "dependabot/bundler/update"
 require_relative "dependabot/git"
+require_relative "dependabot/publish"
 require_relative "dependabot/tracer"
 require_relative "dependabot/version"
 
@@ -16,7 +17,11 @@ module Dependabot
   class Error < StandardError; end
 
   def self.logger
-    @logger ||= Logger.new($stderr)
+    @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::INFO)).tap do |x|
+      x.formatter = proc do |_severity, _datetime, _progname, message|
+        "[v#{VERSION}] #{message}\n"
+      end
+    end
   end
 
   def self.tracer

data/lib/github.rb

@@ -18,6 +18,14 @@ class GitHub
     @workspace = workspace
   end
 
+  class << self
+    def name_with_owner_from(url)
+      regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
+      match = url.match(regex)
+      match && match["nwo"]
+    end
+  end
+
   private
 
   def default_api_url

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.9
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-20 00:00:00.000000000 Z
+date: 2021-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
 description: The Dependabot CLI
 email:
 - xlgmokha@github.com
@@ -97,6 +111,7 @@ files:
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/git.rb
+- lib/dependabot/publish.rb
 - lib/dependabot/tracer.rb
 - lib/dependabot/version.rb
 - lib/github.rb