dependanot 0.1.9 → 0.1.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e34d7bc44fc32487ee5bf6d9c7582282fd2af8c365b9a8e02bf3a00c82587218
-  data.tar.gz: 4c3af4d15049a52d8767f3d9a204b7ce3e54ab507d8cf735749a9c6c234a2528
+  metadata.gz: 0471f5a768b50b41aa35cb8c9d174cb03ea1c33df18876bd09bbba5c6b42e993
+  data.tar.gz: 9c855417ea4ab1d5f9f3cee0cb0967becb5b15b2567bddb50f72b1d0aed7ada3
 SHA512:
-  metadata.gz: 1914dc7d10d63356e17d7ee4ab551b219d3c482107a3c072b94dad414129ab5d3adec217f88d810419d3320dd3d087198fa122c89212fd74e93c3ad56aff65fa
-  data.tar.gz: 034c3507b26657718121ab7ebf3049408c65d96ca94696031f248e5b80996ab2ffaa736f75bad4012cd9ca762c63a50d202c8ae6fb2fe1f40d72883c699cfd5f
+  metadata.gz: 4c26a3edfcf2a09c9a98b554d4b6c6312030996c9f3a8b76f80b696b6b30c18cb3760bce57372b4b3b19456b2a0b440ed125c17e86a40c3e60078e4673c4c057
+  data.tar.gz: 5ec531ad6b506b93e560bbe08950c10a8049cfddc2e588ead9240d57b92c13c802c752ae5e71643424071c5cf8535cb42d068e91910421cdd3e4c2fa3d546c0e

data/README.md

@@ -1,28 +1,41 @@
-# Dependabot
+# Dependanot
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/dependabot`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+Dependanot is definitely not [Dependabot](https://github.com/dependabot).
 
 ## Installation
 
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'dependabot'
-```
-
-And then execute:
-
-    $ bundle install
+Install `dependanot` from https://rubygems.org.
 
-Or install it yourself as:
-
-    $ gem install dependabot
+    $ gem install dependanot
 
 ## Usage
 
-TODO: Write usage instructions here
+`dependanot` is a CLI that can be invoked via `$ dependabot`. However, it's
+meant to be used from a GitHub Action.
+
+This following example can be added to your repo as `.github/workflows/dependanot.yml`.
+
+```yaml
+name: dependanot
+on:
+  schedule:
+    - cron: '42 * * * *'
+jobs:
+  bundler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - run: gem install dependanot
+      - run: dependabot scan --recursive --push $GITHUB_WORKSPACE
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+```
+
+That's it! Consult the [GitHub Actions Documentation][1] to customize the
+workflow or check out the [Examples repo][2].
 
 ## Development
 
@@ -37,3 +50,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/depend
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+[1]: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+[2]: https://github.com/dependanot/examples

data/dependabot.gemspec

@@ -5,10 +5,17 @@ require_relative "lib/dependabot/version"
 Gem::Specification.new do |spec|
   spec.authors = ["mo khan"]
   spec.bindir = "exe"
-  spec.description = "The Dependabot CLI"
+  spec.description = "Definitely not Dependabot"
   spec.email = ["xlgmokha@github.com"]
   spec.executables = ["dependabot"]
-  spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
+  spec.files = Dir.glob([
+    "*.gemspec",
+    "LICENSE.txt",
+    "README.md",
+    "exe/*",
+    "lib/**/*.erb",
+    "lib/**/*.rb",
+  ])
   spec.homepage = "https://github.com/dependanot/cli"
   spec.license = "MIT"
   spec.metadata["homepage_uri"] = spec.homepage
@@ -16,12 +23,12 @@ Gem::Specification.new do |spec|
   spec.name = "dependanot"
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 3.0.0"
-  spec.summary = "The Dependabot CLI"
+  spec.summary = "Definitely not Dependabot"
   spec.version = Dependabot::VERSION
   spec.add_dependency "bundler", "~> 2.0"
   spec.add_dependency "octokit", "~> 4.0"
   spec.add_dependency "rugged", "~> 1.2"
   spec.add_dependency "spandx", ">= 0.18.3"
+  spec.add_dependency "straw", "~> 0.1"
   spec.add_dependency "thor", "~> 1.1"
-  spec.add_development_dependency "debug", "~> 1.4"
 end

data/lib/dependabot/bundler/update.rb

@@ -3,14 +3,19 @@
 module Dependabot
   module Bundler
     class Update < ::Spandx::Core::Plugin
+      def match?(dependency)
+        dependency.package_manager == :rubygems
+      end
+
       def enhance(dependency)
-        return unless dependency.package_manager == :rubygems
+        return dependency unless match?(dependency)
 
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
             system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
           end
         end
+        dependency
       end
     end
   end

data/lib/dependabot/callback.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class Callback
+    def initialize(&block)
+      @block = block
+    end
+
+    def call
+      @block.call
+    end
+  end
+end

data/lib/dependabot/git.rb

@@ -8,6 +8,10 @@ module Dependabot
       @repo = Rugged::Repository.discover(path)
     end
 
+    def self.for(dependency)
+      new(dependency.path.parent)
+    end
+
     def checkout(branch:)
       repo.create_branch(branch, repo.head.name)
       repo.checkout(branch)

data/lib/dependabot/publish.rb

@@ -2,62 +2,54 @@
 
 module Dependabot
   class Publish
-    attr_reader :dependency
+    attr_reader :dependency, :git, :pull_request
 
-    def initialize(dependency)
+    def initialize(dependency, git: Dependabot::Git.for(dependency))
       @dependency = dependency
+      @git = git
+      @pull_request = PullRequest.new(
+        nwo: GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+        base: git.repo.head.name,
+        head: "dependanot/#{dependency.package_manager}/#{dependency.name}",
+        dependency: dependency
+      )
     end
 
     def update!(push: false)
-      git_for(dependency, push: push) do |git|
+      transaction(push: push) do |after_commit|
         ::Spandx::Core::Plugin.enhance(dependency)
-        Dependabot.logger.debug(git.patch) unless git.patch.empty?
+        after_commit.new do
+          Dependabot.logger.debug(git.patch)
+          Dependabot.github.create(pull_request)
+        end
       end
     end
 
     private
 
-    def branch_name_for(dependency)
-      "dependanot/#{dependency.package_manager}/#{dependency.name}"
-    end
+    def transaction(push:)
+      git.checkout(branch: pull_request.head)
+      callback = yield Callback
+      return if no_changes? || !push
 
-    def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
-      git = ::Dependabot::Git.new(dependency.path.parent)
-      default_branch = git.repo.head.name
-      git.checkout(branch: branch_name)
-      yield git
-      publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
+      commit_and_push
+      callback.call
     ensure
-      git.repo.checkout_head(strategy: :force)
-      git.repo.checkout(default_branch)
+      reset
     end
 
-    def description_for(dependency)
-      <<~MARKDOWN
-        Bumps [#{dependency.name}](#)
-
-        <details>
-        <summary>Changelog</summary>
-        </details>
+    def reset
+      git.repo.checkout_head(strategy: :force)
+      git.repo.checkout(pull_request.base)
+    end
 
-        <details>
-        <summary>Commits</summary>
-        </details>
-      MARKDOWN
+    def no_changes?
+      git.patch.empty?
     end
 
-    def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
-      git.commit(all: true, message: "chore: Update #{dependency.name}")
-      return unless push
-
-      git.push(remote: "origin", branch: branch_name)
-      Dependabot.octokit.create_pull_request(
-        GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
-        default_branch,
-        branch_name,
-        "chore(deps): bump #{dependency.name} from #{dependency.version}",
-        description_for(dependency)
-      )
+    def commit_and_push
+      git.commit(all: true, message: pull_request.commit_message)
+      git.push(remote: "origin", branch: pull_request.head)
     end
   end
 end

data/lib/dependabot/pull_request.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class PullRequest
+    include ::Straw::Memoizable
+
+    attr_reader :base, :head
+
+    def initialize(nwo:, base:, head:, dependency:)
+      @nwo = nwo
+      @base = base
+      @head = head
+      @dependency = dependency
+    end
+
+    def commit_message
+      memoize(:commit_message) do
+        <<~COMMIT
+          #{title}
+
+          #{description}
+        COMMIT
+      end
+    end
+
+    def run_against(api)
+      api.create_pull_request(nwo, base, head, title, description)
+    end
+
+    private
+
+    attr_reader :nwo, :dependency
+
+    def title
+      memoize(:title) do
+        "chore(deps): bump #{dependency.name} from #{dependency.version}"
+      end
+    end
+
+    def description
+      memoize(:description) do
+        ERB
+          .new(File.read(File.join(__dir__, "templates/pull.md.erb")))
+          .result(binding)
+      end
+    end
+  end
+end

data/lib/dependabot/templates/pull.md.erb

@@ -0,0 +1,9 @@
+Bumps [<%= dependency.name %>](#) to <%= dependency.version %>
+
+<details>
+<summary>Changelog</summary>
+</details>
+
+<details>
+<summary>Commits</summary>
+</details>

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.1.9"
+  VERSION = "0.1.10"
 end

data/lib/dependabot.rb

@@ -1,31 +1,25 @@
 # frozen_string_literal: true
 
 require "bundler"
+require "erb"
 require "github"
-require "logger"
 require "octokit"
 require "rugged"
 require "spandx"
+require "straw"
 
 require_relative "dependabot/bundler/update"
+require_relative "dependabot/callback"
 require_relative "dependabot/git"
 require_relative "dependabot/publish"
-require_relative "dependabot/tracer"
+require_relative "dependabot/pull_request"
 require_relative "dependabot/version"
 
 module Dependabot
   class Error < StandardError; end
 
   def self.logger
-    @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::INFO)).tap do |x|
-      x.formatter = proc do |_severity, _datetime, _progname, message|
-        "[v#{VERSION}] #{message}\n"
-      end
-    end
-  end
-
-  def self.tracer
-    @tracer ||= Tracer.new(logger)
+    ::Straw.logger
   end
 
   def self.octokit
@@ -42,3 +36,13 @@ module Dependabot
     @github ||= GitHub.new
   end
 end
+
+module Spandx
+  module Core
+    class LicensePlugin
+      def enhance(dependency)
+        dependency
+      end
+    end
+  end
+end

data/lib/github.rb

@@ -18,6 +18,10 @@ class GitHub
     @workspace = workspace
   end
 
+  def create(action)
+    action.run_against(Dependabot.octokit)
+  end
+
   class << self
     def name_with_owner_from(url)
       regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.1.10
 platform: ruby
 authors:
 - mo khan
@@ -67,34 +67,34 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.18.3
 - !ruby/object:Gem::Dependency
-  name: thor
+  name: straw
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
-  name: debug
+  name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
-  type: :development
+        version: '1.1'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
-description: The Dependabot CLI
+        version: '1.1'
+description: Definitely not Dependabot
 email:
 - xlgmokha@github.com
 executables:
@@ -108,11 +108,13 @@ files:
 - exe/dependabot
 - lib/dependabot.rb
 - lib/dependabot/bundler/update.rb
+- lib/dependabot/callback.rb
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/git.rb
 - lib/dependabot/publish.rb
-- lib/dependabot/tracer.rb
+- lib/dependabot/pull_request.rb
+- lib/dependabot/templates/pull.md.erb
 - lib/dependabot/version.rb
 - lib/github.rb
 homepage: https://github.com/dependanot/cli
@@ -139,5 +141,5 @@ requirements: []
 rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
-summary: The Dependabot CLI
+summary: Definitely not Dependabot
 test_files: []

data/lib/dependabot/tracer.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-module Dependabot
-  class Tracer
-    def initialize(logger)
-      @logger = logger
-    end
-
-    def trace(defaults = {})
-      tracer = TracePoint.new(:call) do |x|
-        @logger.debug(defaults.merge({ path: x.path, lineno: x.lineno, clazz: x.defined_class, method: x.method_id, args: args_from(x), locals: locals_from(x) }))
-      rescue StandardError => boom
-        @logger.error(defaults.merge({ message: boom.message, stacktrace: boom.backtrace }))
-      end
-      tracer.enable
-      yield
-    ensure
-      tracer.disable
-    end
-
-    private
-
-    def args_from(trace)
-      trace.parameters.map(&:last).map { |x| [x, trace.binding.eval(x.to_s)] }.to_h
-    end
-
-    def locals_from(trace)
-      trace.binding.local_variables.map { |x| [x, trace.binding.local_variable_get(x)] }.to_h
-    end
-  end
-end