dependanot 0.1.9 → 0.1.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +33 -17
- data/dependabot.gemspec +11 -4
- data/lib/dependabot/bundler/update.rb +6 -1
- data/lib/dependabot/callback.rb +13 -0
- data/lib/dependabot/git.rb +4 -0
- data/lib/dependabot/publish.rb +30 -38
- data/lib/dependabot/pull_request.rb +48 -0
- data/lib/dependabot/templates/pull.md.erb +9 -0
- data/lib/dependabot/version.rb +1 -1
- data/lib/dependabot.rb +15 -11
- data/lib/github.rb +4 -0
- metadata +13 -11
- data/lib/dependabot/tracer.rb +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0471f5a768b50b41aa35cb8c9d174cb03ea1c33df18876bd09bbba5c6b42e993
|
4
|
+
data.tar.gz: 9c855417ea4ab1d5f9f3cee0cb0967becb5b15b2567bddb50f72b1d0aed7ada3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4c26a3edfcf2a09c9a98b554d4b6c6312030996c9f3a8b76f80b696b6b30c18cb3760bce57372b4b3b19456b2a0b440ed125c17e86a40c3e60078e4673c4c057
|
7
|
+
data.tar.gz: 5ec531ad6b506b93e560bbe08950c10a8049cfddc2e588ead9240d57b92c13c802c752ae5e71643424071c5cf8535cb42d068e91910421cdd3e4c2fa3d546c0e
|
data/README.md
CHANGED
@@ -1,28 +1,41 @@
|
|
1
|
-
#
|
1
|
+
# Dependanot
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
3
|
+
Dependanot is definitely not [Dependabot](https://github.com/dependabot).
|
6
4
|
|
7
5
|
## Installation
|
8
6
|
|
9
|
-
|
10
|
-
|
11
|
-
```ruby
|
12
|
-
gem 'dependabot'
|
13
|
-
```
|
14
|
-
|
15
|
-
And then execute:
|
16
|
-
|
17
|
-
$ bundle install
|
7
|
+
Install `dependanot` from https://rubygems.org.
|
18
8
|
|
19
|
-
|
20
|
-
|
21
|
-
$ gem install dependabot
|
9
|
+
$ gem install dependanot
|
22
10
|
|
23
11
|
## Usage
|
24
12
|
|
25
|
-
|
13
|
+
`dependanot` is a CLI that can be invoked via `$ dependabot`. However, it's
|
14
|
+
meant to be used from a GitHub Action.
|
15
|
+
|
16
|
+
This following example can be added to your repo as `.github/workflows/dependanot.yml`.
|
17
|
+
|
18
|
+
```yaml
|
19
|
+
name: dependanot
|
20
|
+
on:
|
21
|
+
schedule:
|
22
|
+
- cron: '42 * * * *'
|
23
|
+
jobs:
|
24
|
+
bundler:
|
25
|
+
runs-on: ubuntu-latest
|
26
|
+
steps:
|
27
|
+
- uses: actions/checkout@v2
|
28
|
+
- uses: ruby/setup-ruby@v1
|
29
|
+
with:
|
30
|
+
ruby-version: 3.0
|
31
|
+
- run: gem install dependanot
|
32
|
+
- run: dependabot scan --recursive --push $GITHUB_WORKSPACE
|
33
|
+
env:
|
34
|
+
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
35
|
+
```
|
36
|
+
|
37
|
+
That's it! Consult the [GitHub Actions Documentation][1] to customize the
|
38
|
+
workflow or check out the [Examples repo][2].
|
26
39
|
|
27
40
|
## Development
|
28
41
|
|
@@ -37,3 +50,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/depend
|
|
37
50
|
## License
|
38
51
|
|
39
52
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
53
|
+
|
54
|
+
[1]: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
|
55
|
+
[2]: https://github.com/dependanot/examples
|
data/dependabot.gemspec
CHANGED
@@ -5,10 +5,17 @@ require_relative "lib/dependabot/version"
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.authors = ["mo khan"]
|
7
7
|
spec.bindir = "exe"
|
8
|
-
spec.description = "
|
8
|
+
spec.description = "Definitely not Dependabot"
|
9
9
|
spec.email = ["xlgmokha@github.com"]
|
10
10
|
spec.executables = ["dependabot"]
|
11
|
-
spec.files = Dir.glob(
|
11
|
+
spec.files = Dir.glob([
|
12
|
+
"*.gemspec",
|
13
|
+
"LICENSE.txt",
|
14
|
+
"README.md",
|
15
|
+
"exe/*",
|
16
|
+
"lib/**/*.erb",
|
17
|
+
"lib/**/*.rb",
|
18
|
+
])
|
12
19
|
spec.homepage = "https://github.com/dependanot/cli"
|
13
20
|
spec.license = "MIT"
|
14
21
|
spec.metadata["homepage_uri"] = spec.homepage
|
@@ -16,12 +23,12 @@ Gem::Specification.new do |spec|
|
|
16
23
|
spec.name = "dependanot"
|
17
24
|
spec.require_paths = ["lib"]
|
18
25
|
spec.required_ruby_version = ">= 3.0.0"
|
19
|
-
spec.summary = "
|
26
|
+
spec.summary = "Definitely not Dependabot"
|
20
27
|
spec.version = Dependabot::VERSION
|
21
28
|
spec.add_dependency "bundler", "~> 2.0"
|
22
29
|
spec.add_dependency "octokit", "~> 4.0"
|
23
30
|
spec.add_dependency "rugged", "~> 1.2"
|
24
31
|
spec.add_dependency "spandx", ">= 0.18.3"
|
32
|
+
spec.add_dependency "straw", "~> 0.1"
|
25
33
|
spec.add_dependency "thor", "~> 1.1"
|
26
|
-
spec.add_development_dependency "debug", "~> 1.4"
|
27
34
|
end
|
@@ -3,14 +3,19 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module Bundler
|
5
5
|
class Update < ::Spandx::Core::Plugin
|
6
|
+
def match?(dependency)
|
7
|
+
dependency.package_manager == :rubygems
|
8
|
+
end
|
9
|
+
|
6
10
|
def enhance(dependency)
|
7
|
-
return unless dependency
|
11
|
+
return dependency unless match?(dependency)
|
8
12
|
|
9
13
|
Dir.chdir(dependency.path.parent) do
|
10
14
|
::Bundler.with_unbundled_env do
|
11
15
|
system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
|
12
16
|
end
|
13
17
|
end
|
18
|
+
dependency
|
14
19
|
end
|
15
20
|
end
|
16
21
|
end
|
data/lib/dependabot/git.rb
CHANGED
data/lib/dependabot/publish.rb
CHANGED
@@ -2,62 +2,54 @@
|
|
2
2
|
|
3
3
|
module Dependabot
|
4
4
|
class Publish
|
5
|
-
attr_reader :dependency
|
5
|
+
attr_reader :dependency, :git, :pull_request
|
6
6
|
|
7
|
-
def initialize(dependency)
|
7
|
+
def initialize(dependency, git: Dependabot::Git.for(dependency))
|
8
8
|
@dependency = dependency
|
9
|
+
@git = git
|
10
|
+
@pull_request = PullRequest.new(
|
11
|
+
nwo: GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
|
12
|
+
base: git.repo.head.name,
|
13
|
+
head: "dependanot/#{dependency.package_manager}/#{dependency.name}",
|
14
|
+
dependency: dependency
|
15
|
+
)
|
9
16
|
end
|
10
17
|
|
11
18
|
def update!(push: false)
|
12
|
-
|
19
|
+
transaction(push: push) do |after_commit|
|
13
20
|
::Spandx::Core::Plugin.enhance(dependency)
|
14
|
-
|
21
|
+
after_commit.new do
|
22
|
+
Dependabot.logger.debug(git.patch)
|
23
|
+
Dependabot.github.create(pull_request)
|
24
|
+
end
|
15
25
|
end
|
16
26
|
end
|
17
27
|
|
18
28
|
private
|
19
29
|
|
20
|
-
def
|
21
|
-
|
22
|
-
|
30
|
+
def transaction(push:)
|
31
|
+
git.checkout(branch: pull_request.head)
|
32
|
+
callback = yield Callback
|
33
|
+
return if no_changes? || !push
|
23
34
|
|
24
|
-
|
25
|
-
|
26
|
-
default_branch = git.repo.head.name
|
27
|
-
git.checkout(branch: branch_name)
|
28
|
-
yield git
|
29
|
-
publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
|
35
|
+
commit_and_push
|
36
|
+
callback.call
|
30
37
|
ensure
|
31
|
-
|
32
|
-
git.repo.checkout(default_branch)
|
38
|
+
reset
|
33
39
|
end
|
34
40
|
|
35
|
-
def
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
<details>
|
40
|
-
<summary>Changelog</summary>
|
41
|
-
</details>
|
41
|
+
def reset
|
42
|
+
git.repo.checkout_head(strategy: :force)
|
43
|
+
git.repo.checkout(pull_request.base)
|
44
|
+
end
|
42
45
|
|
43
|
-
|
44
|
-
|
45
|
-
</details>
|
46
|
-
MARKDOWN
|
46
|
+
def no_changes?
|
47
|
+
git.patch.empty?
|
47
48
|
end
|
48
49
|
|
49
|
-
def
|
50
|
-
git.commit(all: true, message:
|
51
|
-
|
52
|
-
|
53
|
-
git.push(remote: "origin", branch: branch_name)
|
54
|
-
Dependabot.octokit.create_pull_request(
|
55
|
-
GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
|
56
|
-
default_branch,
|
57
|
-
branch_name,
|
58
|
-
"chore(deps): bump #{dependency.name} from #{dependency.version}",
|
59
|
-
description_for(dependency)
|
60
|
-
)
|
50
|
+
def commit_and_push
|
51
|
+
git.commit(all: true, message: pull_request.commit_message)
|
52
|
+
git.push(remote: "origin", branch: pull_request.head)
|
61
53
|
end
|
62
54
|
end
|
63
55
|
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
class PullRequest
|
5
|
+
include ::Straw::Memoizable
|
6
|
+
|
7
|
+
attr_reader :base, :head
|
8
|
+
|
9
|
+
def initialize(nwo:, base:, head:, dependency:)
|
10
|
+
@nwo = nwo
|
11
|
+
@base = base
|
12
|
+
@head = head
|
13
|
+
@dependency = dependency
|
14
|
+
end
|
15
|
+
|
16
|
+
def commit_message
|
17
|
+
memoize(:commit_message) do
|
18
|
+
<<~COMMIT
|
19
|
+
#{title}
|
20
|
+
|
21
|
+
#{description}
|
22
|
+
COMMIT
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def run_against(api)
|
27
|
+
api.create_pull_request(nwo, base, head, title, description)
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
attr_reader :nwo, :dependency
|
33
|
+
|
34
|
+
def title
|
35
|
+
memoize(:title) do
|
36
|
+
"chore(deps): bump #{dependency.name} from #{dependency.version}"
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def description
|
41
|
+
memoize(:description) do
|
42
|
+
ERB
|
43
|
+
.new(File.read(File.join(__dir__, "templates/pull.md.erb")))
|
44
|
+
.result(binding)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
data/lib/dependabot/version.rb
CHANGED
data/lib/dependabot.rb
CHANGED
@@ -1,31 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "bundler"
|
4
|
+
require "erb"
|
4
5
|
require "github"
|
5
|
-
require "logger"
|
6
6
|
require "octokit"
|
7
7
|
require "rugged"
|
8
8
|
require "spandx"
|
9
|
+
require "straw"
|
9
10
|
|
10
11
|
require_relative "dependabot/bundler/update"
|
12
|
+
require_relative "dependabot/callback"
|
11
13
|
require_relative "dependabot/git"
|
12
14
|
require_relative "dependabot/publish"
|
13
|
-
require_relative "dependabot/
|
15
|
+
require_relative "dependabot/pull_request"
|
14
16
|
require_relative "dependabot/version"
|
15
17
|
|
16
18
|
module Dependabot
|
17
19
|
class Error < StandardError; end
|
18
20
|
|
19
21
|
def self.logger
|
20
|
-
|
21
|
-
x.formatter = proc do |_severity, _datetime, _progname, message|
|
22
|
-
"[v#{VERSION}] #{message}\n"
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
def self.tracer
|
28
|
-
@tracer ||= Tracer.new(logger)
|
22
|
+
::Straw.logger
|
29
23
|
end
|
30
24
|
|
31
25
|
def self.octokit
|
@@ -42,3 +36,13 @@ module Dependabot
|
|
42
36
|
@github ||= GitHub.new
|
43
37
|
end
|
44
38
|
end
|
39
|
+
|
40
|
+
module Spandx
|
41
|
+
module Core
|
42
|
+
class LicensePlugin
|
43
|
+
def enhance(dependency)
|
44
|
+
dependency
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
data/lib/github.rb
CHANGED
@@ -18,6 +18,10 @@ class GitHub
|
|
18
18
|
@workspace = workspace
|
19
19
|
end
|
20
20
|
|
21
|
+
def create(action)
|
22
|
+
action.run_against(Dependabot.octokit)
|
23
|
+
end
|
24
|
+
|
21
25
|
class << self
|
22
26
|
def name_with_owner_from(url)
|
23
27
|
regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependanot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
@@ -67,34 +67,34 @@ dependencies:
|
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: 0.18.3
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
|
-
name:
|
70
|
+
name: straw
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
75
|
+
version: '0.1'
|
76
76
|
type: :runtime
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
82
|
+
version: '0.1'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
84
|
+
name: thor
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '1.
|
90
|
-
type: :
|
89
|
+
version: '1.1'
|
90
|
+
type: :runtime
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '1.
|
97
|
-
description:
|
96
|
+
version: '1.1'
|
97
|
+
description: Definitely not Dependabot
|
98
98
|
email:
|
99
99
|
- xlgmokha@github.com
|
100
100
|
executables:
|
@@ -108,11 +108,13 @@ files:
|
|
108
108
|
- exe/dependabot
|
109
109
|
- lib/dependabot.rb
|
110
110
|
- lib/dependabot/bundler/update.rb
|
111
|
+
- lib/dependabot/callback.rb
|
111
112
|
- lib/dependabot/cli.rb
|
112
113
|
- lib/dependabot/cli/scan.rb
|
113
114
|
- lib/dependabot/git.rb
|
114
115
|
- lib/dependabot/publish.rb
|
115
|
-
- lib/dependabot/
|
116
|
+
- lib/dependabot/pull_request.rb
|
117
|
+
- lib/dependabot/templates/pull.md.erb
|
116
118
|
- lib/dependabot/version.rb
|
117
119
|
- lib/github.rb
|
118
120
|
homepage: https://github.com/dependanot/cli
|
@@ -139,5 +141,5 @@ requirements: []
|
|
139
141
|
rubygems_version: 3.2.32
|
140
142
|
signing_key:
|
141
143
|
specification_version: 4
|
142
|
-
summary:
|
144
|
+
summary: Definitely not Dependabot
|
143
145
|
test_files: []
|
data/lib/dependabot/tracer.rb
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Dependabot
|
4
|
-
class Tracer
|
5
|
-
def initialize(logger)
|
6
|
-
@logger = logger
|
7
|
-
end
|
8
|
-
|
9
|
-
def trace(defaults = {})
|
10
|
-
tracer = TracePoint.new(:call) do |x|
|
11
|
-
@logger.debug(defaults.merge({ path: x.path, lineno: x.lineno, clazz: x.defined_class, method: x.method_id, args: args_from(x), locals: locals_from(x) }))
|
12
|
-
rescue StandardError => boom
|
13
|
-
@logger.error(defaults.merge({ message: boom.message, stacktrace: boom.backtrace }))
|
14
|
-
end
|
15
|
-
tracer.enable
|
16
|
-
yield
|
17
|
-
ensure
|
18
|
-
tracer.disable
|
19
|
-
end
|
20
|
-
|
21
|
-
private
|
22
|
-
|
23
|
-
def args_from(trace)
|
24
|
-
trace.parameters.map(&:last).map { |x| [x, trace.binding.eval(x.to_s)] }.to_h
|
25
|
-
end
|
26
|
-
|
27
|
-
def locals_from(trace)
|
28
|
-
trace.binding.local_variables.map { |x| [x, trace.binding.local_variable_get(x)] }.to_h
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|