dependanot 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 436c082d545f649568439d264ab36e9bcfc1d2e37ba74b13f72ed5eb88a2e0b0
-  data.tar.gz: b6b628364667ba048051d06db4ba23a42ae18985b49130de860a8447b6ae6ae1
+  metadata.gz: e6b6b8422f1c510199070d5eaf33c8c2fef772d09430a2aaf767fa1e644ec664
+  data.tar.gz: 820fa64f9730ed96538df5f5ca8ca63ac5d103a87f675d825519264b68f0c884
 SHA512:
-  metadata.gz: d3adc978d1d605d48aab96fddff3d7f78796037e227f9e97813a5f4d4e0b91d7ed1ae056dc36070c59d5795166519bbeffa51d3facd12bed0c8baa1b17245cdc
-  data.tar.gz: 9a0129873cd12fa85da8ab0a63ab67c8969337ef185fb15df947a287c162b6e6d45e5da0e6ec552d0a9e5abe076d4c885ed1afcefdd0f109d992853f9a066574
+  metadata.gz: 722e4985f630ee173803ae22f4b00a84139ba13a4473f29f4852e85418da742c1a153e59ed6eeaa0930e32bbcdcf0e21628f83081015c4c78ab21afd41461dfb
+  data.tar.gz: eb9127f744df240a387439f6a35703a7a9191c08eb2f530a82448ddf2ea2ab89184f8726f9f70ef9c0f758cfbb8a29a119ea986413071e0bb92b114cf35ec02f

data/dependabot.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.email = ["xlgmokha@github.com"]
   spec.executables = ["dependabot"]
   spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
-  spec.homepage = "https://github.com/dependanot/dependanot"
+  spec.homepage = "https://github.com/dependanot/cli"
   spec.license = "MIT"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.name = "dependanot"
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 3.0.0"
   spec.summary = "The Dependabot CLI"
   spec.version = Dependabot::VERSION
+  spec.add_dependency "octokit", "~> 4.0"
+  spec.add_dependency "rugged", "~> 1.2"
   spec.add_dependency "spandx", "~> 0.1"
   spec.add_dependency "thor", "~> 1.1"
 end

data/lib/dependabot/bundler/update.rb

@@ -2,13 +2,13 @@
 
 module Dependabot
   module Bundler
-    class Update < Spandx::Core::Plugin
+    class Update < ::Spandx::Core::Plugin
       def enhance(dependency)
         return unless dependency.package_manager == :rubygems
 
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
-            system "bundle update #{dependency.name} --conservative --quiet --full-index"
+            system "bundle update #{dependency.name} --conservative --quiet"
           end
         end
       end

data/lib/dependabot/cli/scan.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 module Dependabot
-
   module CLI
     class Scan
       attr_reader :path
@@ -13,28 +12,42 @@ module Dependabot
 
       def run
         each_dependency do |dependency|
-          Dir.chdir(dependency.path.parent) do
-            puts "Updating... #{dependency.name}"
-            ::Spandx::Core::Plugin.enhance(dependency)
-            system "git diff --patch --no-color"
-            system "git checkout ."
-          end
+          update!(dependency)
         end
       end
 
       private
 
-      def each_file
+      def each_file(&block)
         ::Spandx::Core::PathTraversal
           .new(path, recursive: false)
-          .each { |file| yield file }
+          .each(&block)
       end
 
-      def each_dependency
+      def each_dependency(&block)
         each_file do |file|
-          ::Spandx::Core::Parser.parse(file).each do |dependency|
-            yield dependency
+          ::Spandx::Core::Parser.parse(file).each(&block)
+        end
+      end
+
+      def update!(dependency)
+        Dir.chdir(dependency.path.parent) do |path|
+          puts "Updating #{dependency.name}..."
+          branch_name = "dependanot/#{dependency.package_manager}/#{dependency.name}"
+
+          repo = Rugged::Repository.discover(dependency.path.parent)
+          branch = repo.create_branch(branch_name, repo.head.name)
+
+          ::Spandx::Core::Plugin.enhance(dependency)
+
+          repo.status do |file, status|
+            puts "#{file} has status: #{status.inspect}"
           end
+          puts repo.index.diff.patch
+          puts
+
+          repo.branches.delete(branch_name)
+          repo.checkout_head(strategy: :force)
         end
       end
     end

data/lib/dependabot/cli.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "thor"
-require "spandx"
 require "dependabot"
 require "dependabot/cli/scan"
 

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/dependabot.rb

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 
+require "github"
 require "logger"
+require "octokit"
+require "rugged"
+require "spandx"
 
 require_relative "dependabot/bundler/update"
 require_relative "dependabot/tracer"
@@ -10,10 +14,24 @@ module Dependabot
   class Error < StandardError; end
 
   def self.logger
-    @logger ||= Logger.new(&stdout)
+    @logger ||= Logger.new($stderr)
   end
 
   def self.tracer
     @tracer ||= Tracer.new(logger)
   end
+
+  def self.octokit
+    @octokit ||= Octokit::Client.new.tap do |client|
+      client.access_token = github.token
+      client.api_endpoint = github.api_url
+      client.auto_paginate = true
+      client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
+      client.web_endpoint = github.server_url
+    end
+  end
+
+  def self.github
+    @github ||= GitHub.new
+  end
 end

data/lib/github.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+class GitHub
+  attr_reader :api_url, :repository, :server_url, :token, :workspace
+
+  def initialize(
+    api_url: default_api_url,
+    repository: ENV["GITHUB_REPOSITORY"],
+    server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
+    token: default_token,
+    workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
+  )
+    @api_url = api_url
+    @repository = repository
+    @server_url = server_url
+    @token = token
+    @workspace = workspace
+  end
+
+  private
+
+  def default_api_url
+    ENV.fetch("GITHUB_API_URL", "https://api.github.com")
+  end
+
+  def default_token
+    ENV.fetch("GITHUB_TOKEN") do |_name|
+      file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
+      if file.exist?
+        YAML
+          .safe_load(file.read)
+          &.fetch("github.com")
+          &.fetch("oauth_token")
+      end
+    end
+  end
+end

metadata

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-13 00:00:00.000000000 Z
+date: 2021-12-17 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: rugged
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: spandx
   requirement: !ruby/object:Gem::Requirement
@@ -56,11 +84,12 @@ files:
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/tracer.rb
 - lib/dependabot/version.rb
-homepage: https://github.com/dependanot/dependanot
+- lib/github.rb
+homepage: https://github.com/dependanot/cli
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/dependanot/dependanot
+  homepage_uri: https://github.com/dependanot/cli
 post_install_message:
 rdoc_options: []
 require_paths: