RubyGems - dependanot - Versions diffs - 0.1.6 → 0.1.7 - Mend

dependanot 0.1.6 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17784d154fbeddc3386710cab5b82326ec7e92bc0900afae82616019a58f41ea
-  data.tar.gz: 97c7cf19c1db2fca7259bfecf4eebc5aa627a05456b402c5c075f0b9e39b7399
+  metadata.gz: 2107d2fc9ef2ce61680a0a62bbb248548e91dea25ac4c05e2c426197fb0aebc6
+  data.tar.gz: 965595379cb72610d767afcbab36a51891aa1f0a4be7ae83b9e6437a802f36b4
 SHA512:
-  metadata.gz: f2ef3acea6d7f6109c40095abdf26de5ea6d5f2ee2e2f23275a95391889d40570cb100caec1dc4009d8b274c13f4981f14af614e17d6bdfc16a736e38da3276e
-  data.tar.gz: f0767ac6caf6346191384fffa7dca32a160a2dcbd5da5241705b447e4b2bc786132d785ca599a99ab9990d455c0d15f14d71081e49beea1ba455447526ed83ea
+  metadata.gz: 2ea7a9dac327b8ff470db6392f6734bef39e71b41665d1f1d350bcdb0adb3093627ed0ad1d5e1cc16fd08745ab088fe9e2f7f9b7098e825ac7abc47dbfba2c5d
+  data.tar.gz: 6a29693a707725fcec357cc453a9f33bf9a329ec9947e23ba893f87f0acd8aad5ca41221a805d83b8f957393129ef33e0a4c0db38d84a9d26f6e245361cf2de3

data/lib/dependabot/cli/scan.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Dependabot
       def run
         each_dependency do |dependency|
-          publish_update_for(dependency)
+          update(dependency) if match?(dependency)
         end
       end
@@ -30,10 +30,14 @@ module Dependabot
         end
       end
-      def publish_update_for(dependency)
+      def update(dependency)
         ::Dependabot.logger.debug("Updating #{dependency.name}…")
         ::Dependabot::Publish.new(dependency).update!(push: options[:push])
       end
+      def match?(dependency)
+        options[:dependency].nil? || options[:dependency] == dependency.name
+      end
     end
   end
 end

data/lib/dependabot/cli.rb CHANGED Viewed

@@ -7,7 +7,8 @@ require "dependabot/cli/scan"
 module Dependabot
   module CLI
     class Application < Thor
-      desc "scan [DIRECTORY | FILE]", "Scan a directory or file for dependencies to update"
+      desc "scan [OPTION]... [FILE]", "Scan a directory or file for dependencies to update"
+      method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
       method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
       method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
       def scan(path = Pathname.pwd)

data/lib/dependabot/git.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Dependabot
     end
     def push(remote: "origin", branch: "HEAD")
-      repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials)
+      repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
     end
     def patch
@@ -41,12 +41,16 @@ module Dependabot
       repo.index.add(path)
     end
-    def credentials
-      if ENV["CI"]
-        Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
-      else
+    def credentials_for(remote)
+      if ssh?(repo.remotes[remote].url)
         Rugged::Credentials::SshKeyFromAgent.new(username: "git")
+      else
+        Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
       end
     end
+    def ssh?(url)
+      url.include?("git@github.com:")
+    end
   end
 end

data/lib/dependabot/publish.rb CHANGED Viewed

@@ -43,28 +43,6 @@ module Dependabot
         <details>
         <summary>Commits</summary>
         </details>
-        <br />
-        Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
-        ---
-        <details>
-        <summary>Dependabot commands and options</summary>
-        <br />
-        You can trigger Dependabot actions by commenting on this PR:
-        - `@dependabot rebase` will rebase this PR
-        - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
-        - `@dependabot merge` will merge this PR after your CI passes on it
-        - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
-        - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
-        - `@dependabot reopen` will reopen this PR if it is closed
-        - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
-        - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
-        - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
-        - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
-        </details>
       MARKDOWN
     end

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.1.6"
+  VERSION = "0.1.7"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.7
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-20 00:00:00.000000000 Z
+date: 2021-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler