dependanot 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 436c082d545f649568439d264ab36e9bcfc1d2e37ba74b13f72ed5eb88a2e0b0
4
- data.tar.gz: b6b628364667ba048051d06db4ba23a42ae18985b49130de860a8447b6ae6ae1
3
+ metadata.gz: e6b6b8422f1c510199070d5eaf33c8c2fef772d09430a2aaf767fa1e644ec664
4
+ data.tar.gz: 820fa64f9730ed96538df5f5ca8ca63ac5d103a87f675d825519264b68f0c884
5
5
  SHA512:
6
- metadata.gz: d3adc978d1d605d48aab96fddff3d7f78796037e227f9e97813a5f4d4e0b91d7ed1ae056dc36070c59d5795166519bbeffa51d3facd12bed0c8baa1b17245cdc
7
- data.tar.gz: 9a0129873cd12fa85da8ab0a63ab67c8969337ef185fb15df947a287c162b6e6d45e5da0e6ec552d0a9e5abe076d4c885ed1afcefdd0f109d992853f9a066574
6
+ metadata.gz: 722e4985f630ee173803ae22f4b00a84139ba13a4473f29f4852e85418da742c1a153e59ed6eeaa0930e32bbcdcf0e21628f83081015c4c78ab21afd41461dfb
7
+ data.tar.gz: eb9127f744df240a387439f6a35703a7a9191c08eb2f530a82448ddf2ea2ab89184f8726f9f70ef9c0f758cfbb8a29a119ea986413071e0bb92b114cf35ec02f
data/dependabot.gemspec CHANGED
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
9
9
  spec.email = ["xlgmokha@github.com"]
10
10
  spec.executables = ["dependabot"]
11
11
  spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
12
- spec.homepage = "https://github.com/dependanot/dependanot"
12
+ spec.homepage = "https://github.com/dependanot/cli"
13
13
  spec.license = "MIT"
14
14
  spec.metadata["homepage_uri"] = spec.homepage
15
15
  spec.name = "dependanot"
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
17
17
  spec.required_ruby_version = ">= 3.0.0"
18
18
  spec.summary = "The Dependabot CLI"
19
19
  spec.version = Dependabot::VERSION
20
+ spec.add_dependency "octokit", "~> 4.0"
21
+ spec.add_dependency "rugged", "~> 1.2"
20
22
  spec.add_dependency "spandx", "~> 0.1"
21
23
  spec.add_dependency "thor", "~> 1.1"
22
24
  end
@@ -2,13 +2,13 @@
2
2
 
3
3
  module Dependabot
4
4
  module Bundler
5
- class Update < Spandx::Core::Plugin
5
+ class Update < ::Spandx::Core::Plugin
6
6
  def enhance(dependency)
7
7
  return unless dependency.package_manager == :rubygems
8
8
 
9
9
  Dir.chdir(dependency.path.parent) do
10
10
  ::Bundler.with_unbundled_env do
11
- system "bundle update #{dependency.name} --conservative --quiet --full-index"
11
+ system "bundle update #{dependency.name} --conservative --quiet"
12
12
  end
13
13
  end
14
14
  end
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
-
5
4
  module CLI
6
5
  class Scan
7
6
  attr_reader :path
@@ -13,28 +12,42 @@ module Dependabot
13
12
 
14
13
  def run
15
14
  each_dependency do |dependency|
16
- Dir.chdir(dependency.path.parent) do
17
- puts "Updating... #{dependency.name}"
18
- ::Spandx::Core::Plugin.enhance(dependency)
19
- system "git diff --patch --no-color"
20
- system "git checkout ."
21
- end
15
+ update!(dependency)
22
16
  end
23
17
  end
24
18
 
25
19
  private
26
20
 
27
- def each_file
21
+ def each_file(&block)
28
22
  ::Spandx::Core::PathTraversal
29
23
  .new(path, recursive: false)
30
- .each { |file| yield file }
24
+ .each(&block)
31
25
  end
32
26
 
33
- def each_dependency
27
+ def each_dependency(&block)
34
28
  each_file do |file|
35
- ::Spandx::Core::Parser.parse(file).each do |dependency|
36
- yield dependency
29
+ ::Spandx::Core::Parser.parse(file).each(&block)
30
+ end
31
+ end
32
+
33
+ def update!(dependency)
34
+ Dir.chdir(dependency.path.parent) do |path|
35
+ puts "Updating #{dependency.name}..."
36
+ branch_name = "dependanot/#{dependency.package_manager}/#{dependency.name}"
37
+
38
+ repo = Rugged::Repository.discover(dependency.path.parent)
39
+ branch = repo.create_branch(branch_name, repo.head.name)
40
+
41
+ ::Spandx::Core::Plugin.enhance(dependency)
42
+
43
+ repo.status do |file, status|
44
+ puts "#{file} has status: #{status.inspect}"
37
45
  end
46
+ puts repo.index.diff.patch
47
+ puts
48
+
49
+ repo.branches.delete(branch_name)
50
+ repo.checkout_head(strategy: :force)
38
51
  end
39
52
  end
40
53
  end
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "thor"
4
- require "spandx"
5
4
  require "dependabot"
6
5
  require "dependabot/cli/scan"
7
6
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.1.1"
4
+ VERSION = "0.1.2"
5
5
  end
data/lib/dependabot.rb CHANGED
@@ -1,6 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "github"
3
4
  require "logger"
5
+ require "octokit"
6
+ require "rugged"
7
+ require "spandx"
4
8
 
5
9
  require_relative "dependabot/bundler/update"
6
10
  require_relative "dependabot/tracer"
@@ -10,10 +14,24 @@ module Dependabot
10
14
  class Error < StandardError; end
11
15
 
12
16
  def self.logger
13
- @logger ||= Logger.new(&stdout)
17
+ @logger ||= Logger.new($stderr)
14
18
  end
15
19
 
16
20
  def self.tracer
17
21
  @tracer ||= Tracer.new(logger)
18
22
  end
23
+
24
+ def self.octokit
25
+ @octokit ||= Octokit::Client.new.tap do |client|
26
+ client.access_token = github.token
27
+ client.api_endpoint = github.api_url
28
+ client.auto_paginate = true
29
+ client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
30
+ client.web_endpoint = github.server_url
31
+ end
32
+ end
33
+
34
+ def self.github
35
+ @github ||= GitHub.new
36
+ end
19
37
  end
data/lib/github.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ # https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
4
+ class GitHub
5
+ attr_reader :api_url, :repository, :server_url, :token, :workspace
6
+
7
+ def initialize(
8
+ api_url: default_api_url,
9
+ repository: ENV["GITHUB_REPOSITORY"],
10
+ server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
11
+ token: default_token,
12
+ workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
13
+ )
14
+ @api_url = api_url
15
+ @repository = repository
16
+ @server_url = server_url
17
+ @token = token
18
+ @workspace = workspace
19
+ end
20
+
21
+ private
22
+
23
+ def default_api_url
24
+ ENV.fetch("GITHUB_API_URL", "https://api.github.com")
25
+ end
26
+
27
+ def default_token
28
+ ENV.fetch("GITHUB_TOKEN") do |_name|
29
+ file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
30
+ if file.exist?
31
+ YAML
32
+ .safe_load(file.read)
33
+ &.fetch("github.com")
34
+ &.fetch("oauth_token")
35
+ end
36
+ end
37
+ end
38
+ end
metadata CHANGED
@@ -1,15 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependanot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-12-13 00:00:00.000000000 Z
11
+ date: 2021-12-17 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: octokit
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '4.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '4.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rugged
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.2'
13
41
  - !ruby/object:Gem::Dependency
14
42
  name: spandx
15
43
  requirement: !ruby/object:Gem::Requirement
@@ -56,11 +84,12 @@ files:
56
84
  - lib/dependabot/cli/scan.rb
57
85
  - lib/dependabot/tracer.rb
58
86
  - lib/dependabot/version.rb
59
- homepage: https://github.com/dependanot/dependanot
87
+ - lib/github.rb
88
+ homepage: https://github.com/dependanot/cli
60
89
  licenses:
61
90
  - MIT
62
91
  metadata:
63
- homepage_uri: https://github.com/dependanot/dependanot
92
+ homepage_uri: https://github.com/dependanot/cli
64
93
  post_install_message:
65
94
  rdoc_options: []
66
95
  require_paths: