dependanot 0.1.6 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/cli/scan.rb +6 -2
- data/lib/dependabot/cli.rb +2 -1
- data/lib/dependabot/git.rb +9 -5
- data/lib/dependabot/publish.rb +0 -22
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2107d2fc9ef2ce61680a0a62bbb248548e91dea25ac4c05e2c426197fb0aebc6
|
|
4
|
+
data.tar.gz: 965595379cb72610d767afcbab36a51891aa1f0a4be7ae83b9e6437a802f36b4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2ea7a9dac327b8ff470db6392f6734bef39e71b41665d1f1d350bcdb0adb3093627ed0ad1d5e1cc16fd08745ab088fe9e2f7f9b7098e825ac7abc47dbfba2c5d
|
|
7
|
+
data.tar.gz: 6a29693a707725fcec357cc453a9f33bf9a329ec9947e23ba893f87f0acd8aad5ca41221a805d83b8f957393129ef33e0a4c0db38d84a9d26f6e245361cf2de3
|
data/lib/dependabot/cli/scan.rb
CHANGED
|
@@ -12,7 +12,7 @@ module Dependabot
|
|
|
12
12
|
|
|
13
13
|
def run
|
|
14
14
|
each_dependency do |dependency|
|
|
15
|
-
|
|
15
|
+
update(dependency) if match?(dependency)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
|
|
@@ -30,10 +30,14 @@ module Dependabot
|
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
def
|
|
33
|
+
def update(dependency)
|
|
34
34
|
::Dependabot.logger.debug("Updating #{dependency.name}…")
|
|
35
35
|
::Dependabot::Publish.new(dependency).update!(push: options[:push])
|
|
36
36
|
end
|
|
37
|
+
|
|
38
|
+
def match?(dependency)
|
|
39
|
+
options[:dependency].nil? || options[:dependency] == dependency.name
|
|
40
|
+
end
|
|
37
41
|
end
|
|
38
42
|
end
|
|
39
43
|
end
|
data/lib/dependabot/cli.rb
CHANGED
|
@@ -7,7 +7,8 @@ require "dependabot/cli/scan"
|
|
|
7
7
|
module Dependabot
|
|
8
8
|
module CLI
|
|
9
9
|
class Application < Thor
|
|
10
|
-
desc "scan [
|
|
10
|
+
desc "scan [OPTION]... [FILE]", "Scan a directory or file for dependencies to update"
|
|
11
|
+
method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
|
|
11
12
|
method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
|
|
12
13
|
method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
|
|
13
14
|
def scan(path = Pathname.pwd)
|
data/lib/dependabot/git.rb
CHANGED
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def push(remote: "origin", branch: "HEAD")
|
|
18
|
-
repo.push(remote, ["refs/heads/#{branch}"], credentials:
|
|
18
|
+
repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def patch
|
|
@@ -41,12 +41,16 @@ module Dependabot
|
|
|
41
41
|
repo.index.add(path)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
-
def
|
|
45
|
-
if
|
|
46
|
-
Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
|
|
47
|
-
else
|
|
44
|
+
def credentials_for(remote)
|
|
45
|
+
if ssh?(repo.remotes[remote].url)
|
|
48
46
|
Rugged::Credentials::SshKeyFromAgent.new(username: "git")
|
|
47
|
+
else
|
|
48
|
+
Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
|
+
|
|
52
|
+
def ssh?(url)
|
|
53
|
+
url.include?("git@github.com:")
|
|
54
|
+
end
|
|
51
55
|
end
|
|
52
56
|
end
|
data/lib/dependabot/publish.rb
CHANGED
|
@@ -43,28 +43,6 @@ module Dependabot
|
|
|
43
43
|
<details>
|
|
44
44
|
<summary>Commits</summary>
|
|
45
45
|
</details>
|
|
46
|
-
|
|
47
|
-
<br />
|
|
48
|
-
|
|
49
|
-
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
|
|
50
|
-
---
|
|
51
|
-
|
|
52
|
-
<details>
|
|
53
|
-
<summary>Dependabot commands and options</summary>
|
|
54
|
-
<br />
|
|
55
|
-
|
|
56
|
-
You can trigger Dependabot actions by commenting on this PR:
|
|
57
|
-
- `@dependabot rebase` will rebase this PR
|
|
58
|
-
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
|
|
59
|
-
- `@dependabot merge` will merge this PR after your CI passes on it
|
|
60
|
-
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
|
|
61
|
-
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
|
|
62
|
-
- `@dependabot reopen` will reopen this PR if it is closed
|
|
63
|
-
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
|
|
64
|
-
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
|
|
65
|
-
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
|
|
66
|
-
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
|
|
67
|
-
</details>
|
|
68
46
|
MARKDOWN
|
|
69
47
|
end
|
|
70
48
|
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependanot
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mo khan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|