dependanot 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76575ad77b236ed9f2b0c556c057e519aaeb95724be3b1ac2ab8207a6183950c
-  data.tar.gz: e96055f60fcd2f9af0c2989a95b273147043560492446f8b51a05ca817692525
+  metadata.gz: 17784d154fbeddc3386710cab5b82326ec7e92bc0900afae82616019a58f41ea
+  data.tar.gz: 97c7cf19c1db2fca7259bfecf4eebc5aa627a05456b402c5c075f0b9e39b7399
 SHA512:
-  metadata.gz: 9c3c3eea1d0389ab02b1bc847cd6411d0d8fbf0a7a9b15d0b1a38f546a199f7598100dbda8a83b1af6a3028e70acf23a3726c29d45cc6c84106f1c65b61d1612
-  data.tar.gz: 9b5b19f79b7c7be095747d20a9e5b260587193c75a5adfd963b4aa5d1e4b8f3790d685defc13956cc56b11e010458689613ccd17d1026f609b794bb1b217b603
+  metadata.gz: f2ef3acea6d7f6109c40095abdf26de5ea6d5f2ee2e2f23275a95391889d40570cb100caec1dc4009d8b274c13f4981f14af614e17d6bdfc16a736e38da3276e
+  data.tar.gz: f0767ac6caf6346191384fffa7dca32a160a2dcbd5da5241705b447e4b2bc786132d785ca599a99ab9990d455c0d15f14d71081e49beea1ba455447526ed83ea

data/dependabot.gemspec

@@ -23,4 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rugged", "~> 1.2"
   spec.add_dependency "spandx", ">= 0.18.3"
   spec.add_dependency "thor", "~> 1.1"
+  spec.add_development_dependency "debug", "~> 1.4"
 end

data/lib/dependabot/bundler/update.rb

@@ -8,7 +8,7 @@ module Dependabot
 
         Dir.chdir(dependency.path.parent) do
           ::Bundler.with_unbundled_env do
-            system "bundle update #{dependency.name} --conservative --quiet"
+            system({ "RUBYOPT" => "-W0" }, "bundle update #{dependency.name} --conservative --quiet")
           end
         end
       end

data/lib/dependabot/cli/scan.rb

@@ -3,7 +3,7 @@
 module Dependabot
   module CLI
     class Scan
-      attr_reader :path
+      attr_reader :path, :options
 
       def initialize(path, options)
         @path = ::Pathname.new(path)
@@ -12,7 +12,7 @@ module Dependabot
 
       def run
         each_dependency do |dependency|
-          update!(dependency)
+          publish_update_for(dependency)
         end
       end
 
@@ -20,7 +20,7 @@ module Dependabot
 
       def each_file(&block)
         ::Spandx::Core::PathTraversal
-          .new(path, recursive: false)
+          .new(path, recursive: options[:recursive])
           .each(&block)
       end
 
@@ -30,27 +30,9 @@ module Dependabot
         end
       end
 
-      def update!(dependency)
-        puts "Updating #{dependency.name}..."
-        git_for(dependency) do |git|
-          ::Spandx::Core::Plugin.enhance(dependency)
-          puts git.patch
-          git.commit(all: true, message: "Updating #{dependency.name}")
-        end
-      end
-
-      def branch_name_for(dependency)
-        "dependanot/#{dependency.package_manager}/#{dependency.name}"
-      end
-
-      def git_for(dependency, branch_name: branch_name_for(dependency))
-        git = ::Dependabot::Git.new(dependency.path.parent)
-        default_branch = git.repo.head.name
-        git.checkout(branch: branch_name)
-        yield git
-      ensure
-        git.repo.checkout_head(strategy: :force)
-        git.repo.checkout(default_branch)
+      def publish_update_for(dependency)
+        ::Dependabot.logger.debug("Updating #{dependency.name}…")
+        ::Dependabot::Publish.new(dependency).update!(push: options[:push])
       end
     end
   end

data/lib/dependabot/cli.rb

@@ -7,7 +7,9 @@ require "dependabot/cli/scan"
 module Dependabot
   module CLI
     class Application < Thor
-      desc "scan [DIRECTORY]", "Scan a directory"
+      desc "scan [DIRECTORY | FILE]", "Scan a directory or file for dependencies to update"
+      method_option :push, aliases: "-p", type: :boolean, desc: "Push the update as a pull request. Default: --no-push", default: false
+      method_option :recursive, aliases: "-r", type: :boolean, desc: "Perform a recursive. Default: --no-recursive", default: false
       def scan(path = Pathname.pwd)
         ::Dependabot::CLI::Scan.new(path, options).run
       end

data/lib/dependabot/git.rb

@@ -14,6 +14,10 @@ module Dependabot
       repo.checkout(branch)
     end
 
+    def push(remote: "origin", branch: "HEAD")
+      repo.push(remote, ["refs/heads/#{branch}"], credentials: credentials)
+    end
+
     def patch
       repo.index.diff.patch
     end
@@ -36,5 +40,13 @@ module Dependabot
     def stage(path)
       repo.index.add(path)
     end
+
+    def credentials
+      if ENV["CI"]
+        Rugged::Credentials::UserPassword.new(username: "x-access-token", password: Dependabot.github.token)
+      else
+        Rugged::Credentials::SshKeyFromAgent.new(username: "git")
+      end
+    end
   end
 end

data/lib/dependabot/publish.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class Publish
+    attr_reader :dependency
+
+    def initialize(dependency)
+      @dependency = dependency
+    end
+
+    def update!(push: false)
+      git_for(dependency, push: push) do |git|
+        ::Spandx::Core::Plugin.enhance(dependency)
+        Dependabot.logger.debug(git.patch) unless git.patch.empty?
+      end
+    end
+
+    private
+
+    def branch_name_for(dependency)
+      "dependanot/#{dependency.package_manager}/#{dependency.name}"
+    end
+
+    def git_for(dependency, branch_name: branch_name_for(dependency), push: false)
+      git = ::Dependabot::Git.new(dependency.path.parent)
+      default_branch = git.repo.head.name
+      git.checkout(branch: branch_name)
+      yield git
+      publish_pull_request_for(dependency, default_branch, branch_name, git, push) unless git.patch.empty?
+    ensure
+      git.repo.checkout_head(strategy: :force)
+      git.repo.checkout(default_branch)
+    end
+
+    def description_for(dependency)
+      <<~MARKDOWN
+        Bumps [#{dependency.name}](#)
+
+        <details>
+        <summary>Changelog</summary>
+        </details>
+
+        <details>
+        <summary>Commits</summary>
+        </details>
+
+        <br />
+
+        Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
+        ---
+
+        <details>
+        <summary>Dependabot commands and options</summary>
+        <br />
+
+        You can trigger Dependabot actions by commenting on this PR:
+        - `@dependabot rebase` will rebase this PR
+        - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
+        - `@dependabot merge` will merge this PR after your CI passes on it
+        - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
+        - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
+        - `@dependabot reopen` will reopen this PR if it is closed
+        - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
+        - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
+        - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
+        - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
+        </details>
+      MARKDOWN
+    end
+
+    def publish_pull_request_for(dependency, default_branch, branch_name, git, push)
+      git.commit(all: true, message: "chore: Update #{dependency.name}")
+      return unless push
+
+      git.push(remote: "origin", branch: branch_name)
+      Dependabot.octokit.create_pull_request(
+        GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+        default_branch,
+        branch_name,
+        "chore(deps): bump #{dependency}",
+        description_for(dependency)
+      )
+    end
+  end
+end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.1.5"
+  VERSION = "0.1.6"
 end

data/lib/dependabot.rb

@@ -9,6 +9,7 @@ require "spandx"
 
 require_relative "dependabot/bundler/update"
 require_relative "dependabot/git"
+require_relative "dependabot/publish"
 require_relative "dependabot/tracer"
 require_relative "dependabot/version"
 
@@ -16,7 +17,11 @@ module Dependabot
   class Error < StandardError; end
 
   def self.logger
-    @logger ||= Logger.new($stderr)
+    @logger ||= Logger.new($stderr, level: ENV.fetch("LOG_LEVEL", Logger::WARN)).tap do |x|
+      x.formatter = proc do |_severity, _datetime, _progname, message|
+        "[v#{VERSION}] #{message}\n"
+      end
+    end
   end
 
   def self.tracer

data/lib/github.rb

@@ -18,6 +18,14 @@ class GitHub
     @workspace = workspace
   end
 
+  class << self
+    def name_with_owner_from(url)
+      regex = %r{(?<x>(?<scheme>https|ssh)://)?(?<username>git@)?github.com[:|/](?<nwo>\w+/\w+)(?<extension>\.git)?}
+      match = url.match(regex)
+      match && match["nwo"]
+    end
+  end
+
   private
 
   def default_api_url

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependanot
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - mo khan
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
 description: The Dependabot CLI
 email:
 - xlgmokha@github.com
@@ -97,6 +111,7 @@ files:
 - lib/dependabot/cli.rb
 - lib/dependabot/cli/scan.rb
 - lib/dependabot/git.rb
+- lib/dependabot/publish.rb
 - lib/dependabot/tracer.rb
 - lib/dependabot/version.rb
 - lib/github.rb