dependanot 0.1.7 → 0.1.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2107d2fc9ef2ce61680a0a62bbb248548e91dea25ac4c05e2c426197fb0aebc6
-  data.tar.gz: 965595379cb72610d767afcbab36a51891aa1f0a4be7ae83b9e6437a802f36b4
+  metadata.gz: e5badfc35fefa1a5209ee7e9495d8051990d5c64c379a1653aeb4e1075c3bce6
+  data.tar.gz: 85c462d293de42633139a913aa28e73e13460745ccd421cd0ba02898749b2be7
 SHA512:
-  metadata.gz: 2ea7a9dac327b8ff470db6392f6734bef39e71b41665d1f1d350bcdb0adb3093627ed0ad1d5e1cc16fd08745ab088fe9e2f7f9b7098e825ac7abc47dbfba2c5d
-  data.tar.gz: 6a29693a707725fcec357cc453a9f33bf9a329ec9947e23ba893f87f0acd8aad5ca41221a805d83b8f957393129ef33e0a4c0db38d84a9d26f6e245361cf2de3
+  metadata.gz: a9189f9292c94bac7e08ab53c6039e7a305d03f4fe631f13558807ec27703446e3c55b636c5e97f9e34a10b1cb0de83abeabd0576c49f2ddcac6e33257f3f9f1
+  data.tar.gz: b172ac7a995ad36e83c480db71d5046a95e97b2f66aa872046bf3b5045f77d0de62b9aa6490c32dafead65530aee7a200d1cb7e245742bd8fe233316323381f2

data/README.md

@@ -1,28 +1,41 @@
-# Dependabot
+# Dependanot
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/dependabot`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+Dependanot is definitely not [Dependabot](https://github.com/dependabot).
 
 ## Installation
 
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'dependabot'
-```
-
-And then execute:
-
-    $ bundle install
+Install `dependanot` from https://rubygems.org.
 
-Or install it yourself as:
-
-    $ gem install dependabot
+    $ gem install dependanot
 
 ## Usage
 
-TODO: Write usage instructions here
+`dependanot` is a CLI that can be invoked via `$ dependabot`. However, it's
+meant to be used from a GitHub Action.
+
+This following example can be added to your repo as `.github/workflows/dependanot.yml`.
+
+```yaml
+name: dependanot
+on:
+  schedule:
+    - cron: '42 * * * *'
+jobs:
+  bundler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - run: gem install dependanot
+      - run: dependabot scan --recursive --push $GITHUB_WORKSPACE
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+```
+
+That's it! Consult the [GitHub Actions Documentation][1] to customize the
+workflow or check out the [Examples repo][2].
 
 ## Development
 
@@ -37,3 +50,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/depend
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+[1]: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+[2]: https://github.com/dependanot/examples

data/dependabot.gemspec

@@ -5,10 +5,17 @@ require_relative "lib/dependabot/version"
 Gem::Specification.new do |spec|
   spec.authors = ["mo khan"]
   spec.bindir = "exe"
-  spec.description = "The Dependabot CLI"
+  spec.description = "Definitely not Dependabot"
   spec.email = ["xlgmokha@github.com"]
   spec.executables = ["dependabot"]
-  spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
+  spec.files = Dir.glob([
+    "*.gemspec",
+    "LICENSE.txt",
+    "README.md",
+    "exe/*",
+    "lib/**/*.erb",
+    "lib/**/*.rb",
+  ])
   spec.homepage = "https://github.com/dependanot/cli"
   spec.license = "MIT"
   spec.metadata["homepage_uri"] = spec.homepage
@@ -16,12 +23,12 @@ Gem::Specification.new do |spec|
   spec.name = "dependanot"
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 3.0.0"
-  spec.summary = "The Dependabot CLI"
+  spec.summary = "Definitely not Dependabot"
   spec.version = Dependabot::VERSION
   spec.add_dependency "bundler", "~> 2.0"
   spec.add_dependency "octokit", "~> 4.0"
   spec.add_dependency "rugged", "~> 1.2"
   spec.add_dependency "spandx", ">= 0.18.3"
+  spec.add_dependency "straw", "~> 0.1"
   spec.add_dependency "thor", "~> 1.1"
-  spec.add_development_dependency "debug", "~> 1.4"
 end

data/lib/dependabot/bundler/update.rb

@@ -3,14 +3,19 @@
 module Dependabot
   module Bundler
     class Update < ::Spandx::Core::Plugin
+      def match?(dependency)
+        dependency.package_manager == :rubygems
+      end
+
       def enhance(dependency)
-        return unless dependency.package_manager == :rubygems
+        return dependency unless match?(dependency)
 
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
             system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
           end
         end
+        dependency
       end
     end
   end

data/lib/dependabot/callback.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class Callback
+    def initialize(&block)
+      @block = block
+    end
+
+    def call
+      @block.call
+    end
+  end
+end

data/lib/dependabot/cli/scan.rb

@@ -31,8 +31,11 @@ module Dependabot
       end
 
       def update(dependency)
-        ::Dependabot.logger.debug("Updating #{dependency.name}…")
+        ::Dependabot.logger.info("Updating #{dependency.name}…")
         ::Dependabot::Publish.new(dependency).update!(push: options[:push])
+      rescue StandardError => boom
+        Dependabot.logger.error(boom)
+        boom.backtrace.each { |x| Dependabot.logger.debug(x) }
       end
 
       def match?(dependency)

data/lib/dependabot/cli.rb

@@ -11,7 +11,9 @@ module Dependabot
       method_option :dependency, aliases: "-d", type: :string, desc: "Update a specific dependency", default: nil
       method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
       method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
+      method_option :verbose, aliases: "-v", type: :boolean, desc: "Increase verbosity. Default: --no-verbose", default: false
       def scan(path = Pathname.pwd)
+        Dependabot.logger.level = :debug if options[:verbose]
         ::Dependabot::CLI::Scan.new(path, options).run
       end
 

data/lib/dependabot/git.rb

@@ -5,17 +5,24 @@ module Dependabot
     attr_reader :repo
 
     def initialize(path)
-      @path = path
       @repo = Rugged::Repository.discover(path)
     end
 
+    def self.for(dependency)
+      new(dependency.path.parent)
+    end
+
     def checkout(branch:)
-      repo.create_branch(branch, repo.head.name)
+      repo.create_branch(branch, repo.head.name) unless repo.branches[branch]
       repo.checkout(branch)
     end
 
     def push(remote: "origin", branch: "HEAD")
       repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials_for(remote))
+    rescue StandardError
+      Dir.chdir(File.dirname(repo.path)) do
+        system("git push #{remote} #{branch}", exception: true)
+      end
     end
 
     def patch
@@ -42,6 +49,7 @@ module Dependabot
     end
 
     def credentials_for(remote)
+      Dependabot.logger.debug(repo.remotes[remote].url)
       if ssh?(repo.remotes[remote].url)
         Rugged::Credentials::SshKeyFromAgent.new(username: "git")
       else

data/lib/dependabot/npm/update.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Npm
+    class Update < ::Spandx::Core::Plugin
+      def match?(dependency)
+        dependency.package_manager == :npm
+      end
+
+      def enhance(dependency)
+        return dependency unless match?(dependency)
+
+        Dir.chdir(dependency.path.parent) do
+          system("rm -fr node_modules/#{dependency.name}")
+          system("npm update #{dependency.name}")
+        end
+        dependency
+      end
+    end
+  end
+end

data/lib/dependabot/publish.rb

@@ -2,62 +2,52 @@
 
 module Dependabot
   class Publish
-    attr_reader :dependency
+    attr_reader :dependency, :git, :pull_request
 
-    def initialize(dependency)
+    def initialize(dependency, git: Dependabot::Git.for(dependency))
       @dependency = dependency
+      @git = git
+      @pull_request = PullRequest.new(
+        nwo: GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+        base: git.repo.head.name,
+        head: "dependanot/#{dependency.package_manager}/#{dependency.name}",
+        dependency: dependency
+      )
     end
 
     def update!(push: false)
-      git_for(dependency, push: push) do |git|
+      transaction(push: push) do |after_commit|
         ::Spandx::Core::Plugin.enhance(dependency)
-        Dependabot.logger.debug(git.patch) unless git.patch.empty?
+        after_commit.new do
+          Dependabot.logger.debug(git.patch)
+          Dependabot.github.create(pull_request)
+        end
       end
     end
 
     private
 
-    def branch_name_for(dependency)
-      "dependanot/#{dependency.package_manager}/#{dependency.name}"
-    end
+    def transaction(push:)
+      git.checkout(branch: pull_request.head)
+      callback = yield Callback
+      return if no_changes?
+
+      git.commit(all: true, message: pull_request.commit_message)
+      return unless push
 
-    def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
-      git = ::Dependabot::Git.new(dependency.path.parent)
-      default_branch = git.repo.head.name
-      git.checkout(branch: branch_name)
-      yield git
-      publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
+      git.push(remote: "origin", branch: pull_request.head)
+      callback.call
     ensure
-      git.repo.checkout_head(strategy: :force)
-      git.repo.checkout(default_branch)
+      reset
     end
 
-    def description_for(dependency)
-      <<~MARKDOWN
-        Bumps [#{dependency.name}](#)
-
-        <details>
-        <summary>Changelog</summary>
-        </details>
-
-        <details>
-        <summary>Commits</summary>
-        </details>
-      MARKDOWN
+    def reset
+      git.repo.checkout_head(strategy: :force)
+      git.repo.checkout(pull_request.base)
     end
 
-    def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
-      git.commit(all: true, message: "chore: Update #{dependency.name}")
-      return unless push
-
-      git.push(remote: "origin", branch: branch_name)
-      Dependabot.octokit.create_pull_request(
-        GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
-        default_branch,
-        branch_name,
-        "chore(deps): bump #{dependency}",
-        description_for(dependency)
-      )
+    def no_changes?
+      git.patch.empty?
     end
   end
 end

data/lib/dependabot/pull_request.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class PullRequest
+    include ::Straw::Memoizable
+
+    attr_reader :base, :head
+
+    def initialize(nwo:, base:, head:, dependency:)
+      @nwo = nwo
+      @base = base
+      @head = head
+      @dependency = dependency
+    end
+
+    def commit_message
+      memoize(:commit_message) do
+        <<~COMMIT
+          #{title}
+
+          #{description}
+        COMMIT
+      end
+    end
+
+    def run_against(api)
+      api.create_pull_request(nwo, base, head, title, description)
+    end
+
+    private
+
+    attr_reader :nwo, :dependency
+
+    def title
+      memoize(:title) do
+        "chore(deps): bump #{dependency.name} from #{dependency.version}"
+      end
+    end
+
+    def description
+      memoize(:description) do
+        ERB
+          .new(File.read(File.join(__dir__, "templates/pull.md.erb")))
+          .result(binding)
+      end
+    end
+  end
+end

data/lib/dependabot/templates/pull.md.erb

@@ -0,0 +1,9 @@
+Bumps [<%= dependency.name %>](#) to <%= dependency.version %>
+
+<details>
+<summary>Changelog</summary>
+</details>
+
+<details>
+<summary>Commits</summary>
+</details>

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.1.7"
+  VERSION = "0.1.11"
 end

data/lib/dependabot.rb

@@ -1,31 +1,26 @@
 # frozen_string_literal: true
 
 require "bundler"
+require "erb"
 require "github"
-require "logger"
 require "octokit"
 require "rugged"
 require "spandx"
+require "straw"
 
 require_relative "dependabot/bundler/update"
+require_relative "dependabot/npm/update"
+require_relative "dependabot/callback"
 require_relative "dependabot/git"
 require_relative "dependabot/publish"
-require_relative "dependabot/tracer"
+require_relative "dependabot/pull_request"
 require_relative "dependabot/version"
 
 module Dependabot
   class Error < StandardError; end
 
   def self.logger
-    @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::WARN)).tap do |x|
-      x.formatter = proc do |_severity, _datetime, _progname, message|
-        "[v#{VERSION}] #{message}\n"
-      end
-    end
-  end
-
-  def self.tracer
-    @tracer ||= Tracer.new(logger)
+    ::Straw.logger
   end
 
   def self.octokit
@@ -42,3 +37,13 @@ module Dependabot
     @github ||= GitHub.new
   end
 end
+
+module Spandx
+  module Core
+    class LicensePlugin
+      def enhance(dependency)
+        dependency
+      end
+    end
+  end
+end

data/lib/github.rb

@@ -18,6 +18,10 @@ class GitHub
     @workspace = workspace
   end
 
+  def create(action)
+    action.run_against(Dependabot.octokit)
+  end
+
   class << self
     def name_with_owner_from(url)
       regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.11
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2021-12-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -67,34 +67,34 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.18.3
 - !ruby/object:Gem::Dependency
-  name: thor
+  name: straw
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
-  name: debug
+  name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
-  type: :development
+        version: '1.1'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
-description: The Dependabot CLI
+        version: '1.1'
+description: Definitely not Dependabot
 email:
 - xlgmokha@github.com
 executables:
@@ -108,11 +108,14 @@ files:
 - exe/dependabot
 - lib/dependabot.rb
 - lib/dependabot/bundler/update.rb
+- lib/dependabot/callback.rb
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/git.rb
+- lib/dependabot/npm/update.rb
 - lib/dependabot/publish.rb
-- lib/dependabot/tracer.rb
+- lib/dependabot/pull_request.rb
+- lib/dependabot/templates/pull.md.erb
 - lib/dependabot/version.rb
 - lib/github.rb
 homepage: https://github.com/dependanot/cli
@@ -136,8 +139,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
-summary: The Dependabot CLI
+summary: Definitely not Dependabot
 test_files: []

data/lib/dependabot/tracer.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-module Dependabot
-  class Tracer
-    def initialize(logger)
-      @logger = logger
-    end
-
-    def trace(defaults = {})
-      tracer = TracePoint.new(:call) do |x|
-        @logger.debug(defaults.merge({ path: x.path, lineno: x.lineno, clazz: x.defined_class, method: x.method_id, args: args_from(x), locals: locals_from(x) }))
-      rescue StandardError => boom
-        @logger.error(defaults.merge({ message: boom.message, stacktrace: boom.backtrace }))
-      end
-      tracer.enable
-      yield
-    ensure
-      tracer.disable
-    end
-
-    private
-
-    def args_from(trace)
-      trace.parameters.map(&:last).map { |x| [x, trace.binding.eval(x.to_s)] }.to_h
-    end
-
-    def locals_from(trace)
-      trace.binding.local_variables.map { |x| [x, trace.binding.local_variable_get(x)] }.to_h
-    end
-  end
-end