dependanot 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/dependabot.gemspec +3 -1
- data/lib/dependabot/bundler/update.rb +2 -2
- data/lib/dependabot/cli/scan.rb +25 -12
- data/lib/dependabot/cli.rb +0 -1
- data/lib/dependabot/version.rb +1 -1
- data/lib/dependabot.rb +19 -1
- data/lib/github.rb +38 -0
- metadata +33 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e6b6b8422f1c510199070d5eaf33c8c2fef772d09430a2aaf767fa1e644ec664
|
|
4
|
+
data.tar.gz: 820fa64f9730ed96538df5f5ca8ca63ac5d103a87f675d825519264b68f0c884
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 722e4985f630ee173803ae22f4b00a84139ba13a4473f29f4852e85418da742c1a153e59ed6eeaa0930e32bbcdcf0e21628f83081015c4c78ab21afd41461dfb
|
|
7
|
+
data.tar.gz: eb9127f744df240a387439f6a35703a7a9191c08eb2f530a82448ddf2ea2ab89184f8726f9f70ef9c0f758cfbb8a29a119ea986413071e0bb92b114cf35ec02f
|
data/dependabot.gemspec
CHANGED
|
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
|
|
|
9
9
|
spec.email = ["xlgmokha@github.com"]
|
|
10
10
|
spec.executables = ["dependabot"]
|
|
11
11
|
spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
|
|
12
|
-
spec.homepage = "https://github.com/dependanot/
|
|
12
|
+
spec.homepage = "https://github.com/dependanot/cli"
|
|
13
13
|
spec.license = "MIT"
|
|
14
14
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
15
15
|
spec.name = "dependanot"
|
|
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.required_ruby_version = ">= 3.0.0"
|
|
18
18
|
spec.summary = "The Dependabot CLI"
|
|
19
19
|
spec.version = Dependabot::VERSION
|
|
20
|
+
spec.add_dependency "octokit", "~> 4.0"
|
|
21
|
+
spec.add_dependency "rugged", "~> 1.2"
|
|
20
22
|
spec.add_dependency "spandx", "~> 0.1"
|
|
21
23
|
spec.add_dependency "thor", "~> 1.1"
|
|
22
24
|
end
|
|
@@ -2,13 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
module Dependabot
|
|
4
4
|
module Bundler
|
|
5
|
-
class Update < Spandx::Core::Plugin
|
|
5
|
+
class Update < ::Spandx::Core::Plugin
|
|
6
6
|
def enhance(dependency)
|
|
7
7
|
return unless dependency.package_manager == :rubygems
|
|
8
8
|
|
|
9
9
|
Dir.chdir(dependency.path.parent) do
|
|
10
10
|
::Bundler.with_unbundled_env do
|
|
11
|
-
system "bundle update #{dependency.name} --conservative --quiet
|
|
11
|
+
system "bundle update #{dependency.name} --conservative --quiet"
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
end
|
data/lib/dependabot/cli/scan.rb
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module Dependabot
|
|
4
|
-
|
|
5
4
|
module CLI
|
|
6
5
|
class Scan
|
|
7
6
|
attr_reader :path
|
|
@@ -13,28 +12,42 @@ module Dependabot
|
|
|
13
12
|
|
|
14
13
|
def run
|
|
15
14
|
each_dependency do |dependency|
|
|
16
|
-
|
|
17
|
-
puts "Updating... #{dependency.name}"
|
|
18
|
-
::Spandx::Core::Plugin.enhance(dependency)
|
|
19
|
-
system "git diff --patch --no-color"
|
|
20
|
-
system "git checkout ."
|
|
21
|
-
end
|
|
15
|
+
update!(dependency)
|
|
22
16
|
end
|
|
23
17
|
end
|
|
24
18
|
|
|
25
19
|
private
|
|
26
20
|
|
|
27
|
-
def each_file
|
|
21
|
+
def each_file(&block)
|
|
28
22
|
::Spandx::Core::PathTraversal
|
|
29
23
|
.new(path, recursive: false)
|
|
30
|
-
.each
|
|
24
|
+
.each(&block)
|
|
31
25
|
end
|
|
32
26
|
|
|
33
|
-
def each_dependency
|
|
27
|
+
def each_dependency(&block)
|
|
34
28
|
each_file do |file|
|
|
35
|
-
::Spandx::Core::Parser.parse(file).each
|
|
36
|
-
|
|
29
|
+
::Spandx::Core::Parser.parse(file).each(&block)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def update!(dependency)
|
|
34
|
+
Dir.chdir(dependency.path.parent) do |path|
|
|
35
|
+
puts "Updating #{dependency.name}..."
|
|
36
|
+
branch_name = "dependanot/#{dependency.package_manager}/#{dependency.name}"
|
|
37
|
+
|
|
38
|
+
repo = Rugged::Repository.discover(dependency.path.parent)
|
|
39
|
+
branch = repo.create_branch(branch_name, repo.head.name)
|
|
40
|
+
|
|
41
|
+
::Spandx::Core::Plugin.enhance(dependency)
|
|
42
|
+
|
|
43
|
+
repo.status do |file, status|
|
|
44
|
+
puts "#{file} has status: #{status.inspect}"
|
|
37
45
|
end
|
|
46
|
+
puts repo.index.diff.patch
|
|
47
|
+
puts
|
|
48
|
+
|
|
49
|
+
repo.branches.delete(branch_name)
|
|
50
|
+
repo.checkout_head(strategy: :force)
|
|
38
51
|
end
|
|
39
52
|
end
|
|
40
53
|
end
|
data/lib/dependabot/cli.rb
CHANGED
data/lib/dependabot/version.rb
CHANGED
data/lib/dependabot.rb
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "github"
|
|
3
4
|
require "logger"
|
|
5
|
+
require "octokit"
|
|
6
|
+
require "rugged"
|
|
7
|
+
require "spandx"
|
|
4
8
|
|
|
5
9
|
require_relative "dependabot/bundler/update"
|
|
6
10
|
require_relative "dependabot/tracer"
|
|
@@ -10,10 +14,24 @@ module Dependabot
|
|
|
10
14
|
class Error < StandardError; end
|
|
11
15
|
|
|
12
16
|
def self.logger
|
|
13
|
-
@logger ||= Logger.new(
|
|
17
|
+
@logger ||= Logger.new($stderr)
|
|
14
18
|
end
|
|
15
19
|
|
|
16
20
|
def self.tracer
|
|
17
21
|
@tracer ||= Tracer.new(logger)
|
|
18
22
|
end
|
|
23
|
+
|
|
24
|
+
def self.octokit
|
|
25
|
+
@octokit ||= Octokit::Client.new.tap do |client|
|
|
26
|
+
client.access_token = github.token
|
|
27
|
+
client.api_endpoint = github.api_url
|
|
28
|
+
client.auto_paginate = true
|
|
29
|
+
client.connection_options = { request: { open_timeout: 5, timeout: 5 } }
|
|
30
|
+
client.web_endpoint = github.server_url
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def self.github
|
|
35
|
+
@github ||= GitHub.new
|
|
36
|
+
end
|
|
19
37
|
end
|
data/lib/github.rb
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
|
|
4
|
+
class GitHub
|
|
5
|
+
attr_reader :api_url, :repository, :server_url, :token, :workspace
|
|
6
|
+
|
|
7
|
+
def initialize(
|
|
8
|
+
api_url: default_api_url,
|
|
9
|
+
repository: ENV["GITHUB_REPOSITORY"],
|
|
10
|
+
server_url: ENV.fetch("GITHUB_SERVER_URL", "https://github.com"),
|
|
11
|
+
token: default_token,
|
|
12
|
+
workspace: ENV.fetch("GITHUB_WORKSPACE", Dir.pwd)
|
|
13
|
+
)
|
|
14
|
+
@api_url = api_url
|
|
15
|
+
@repository = repository
|
|
16
|
+
@server_url = server_url
|
|
17
|
+
@token = token
|
|
18
|
+
@workspace = workspace
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
private
|
|
22
|
+
|
|
23
|
+
def default_api_url
|
|
24
|
+
ENV.fetch("GITHUB_API_URL", "https://api.github.com")
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def default_token
|
|
28
|
+
ENV.fetch("GITHUB_TOKEN") do |_name|
|
|
29
|
+
file = Pathname.new(Dir.home).join(".config/gh/hosts.yml")
|
|
30
|
+
if file.exist?
|
|
31
|
+
YAML
|
|
32
|
+
.safe_load(file.read)
|
|
33
|
+
&.fetch("github.com")
|
|
34
|
+
&.fetch("oauth_token")
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
metadata
CHANGED
|
@@ -1,15 +1,43 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependanot
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mo khan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: octokit
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '4.0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '4.0'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rugged
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '1.2'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '1.2'
|
|
13
41
|
- !ruby/object:Gem::Dependency
|
|
14
42
|
name: spandx
|
|
15
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -56,11 +84,12 @@ files:
|
|
|
56
84
|
- lib/dependabot/cli/scan.rb
|
|
57
85
|
- lib/dependabot/tracer.rb
|
|
58
86
|
- lib/dependabot/version.rb
|
|
59
|
-
|
|
87
|
+
- lib/github.rb
|
|
88
|
+
homepage: https://github.com/dependanot/cli
|
|
60
89
|
licenses:
|
|
61
90
|
- MIT
|
|
62
91
|
metadata:
|
|
63
|
-
homepage_uri: https://github.com/dependanot/
|
|
92
|
+
homepage_uri: https://github.com/dependanot/cli
|
|
64
93
|
post_install_message:
|
|
65
94
|
rdoc_options: []
|
|
66
95
|
require_paths:
|