end_of_life 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 613932e8ff35287b6f1cfd47f892ec07842432a48a86de9586daafe7c7fe2e4a
-  data.tar.gz: a8d47ebdc3838394b2dae1c86b39f02e0eb59c727fd878e956d849873ff7f1f0
+  metadata.gz: 6b96d774296476963033c1a52121ce717a47a3f20e6463294729b852eb9c9504
+  data.tar.gz: 63e2e455e67bae56b2dfe58a848785604f5d88662f317dc11e2e40e4783d4b4e
 SHA512:
-  metadata.gz: 3919afb9fce45df1d650605e05cd401fd1281f7d17bf4df56e8bc33245df04e70184ed834ba7f09d25cb88f3b6c62448170dfd40d9b38cb3e09b048417aecc4f
-  data.tar.gz: 792c5b7483671ea6b0a952ad3736c52046c95bf8b8d030082ff5270a0c0bf9a3af0f6937b02f015c63c32881bd8a9b8d4e0fe97e3ee29d8868299344cd3f7d99
+  metadata.gz: 7ebbccd62beca6dfd89b4e91ecbaf14c043c7a65d6cb8818018834e439db6212ca62834b414614e1db57872d305e82af8219afdb7cfbdf1bf8c95571cf801be9
+  data.tar.gz: 4e9750c6f5e880db427baac01d8d06d1e08dd3afb666249ba19174315d1ae9b0f402e60848fa792bb562ff7fbcb7040a48a03efa2dda0a6344d8a68938edb553

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 ## [Unreleased]
 
+- 🎉 Add support for scanning EOL Rails versions!
+  - Use the `--product=rails` option to scan for Rails instead of Ruby.
+  - End of Life looks for an exact Rails version on the `Gemfile` file or `Gemfile.lock`.
+
+## [0.4.1] - 2025-05-23
+
+- [BUGFIX] Handle empty/invalid version files
+  - if a file like `.ruby-version` was empty, we would parse it it's version as
+    `0` which would take precedence over any other file when comparing versions.
+  - We now ignore those files and any file which version parses to `0`.
+
 ## [0.4.0] - 2025-05-23
 
 - Skip archived repos (by default)
@@ -154,7 +165,9 @@ $ end_of_life --user=matz # searches on matz's repositories
 
 - Initial release
 
-[unreleased]: https://github.com/MatheusRich/end_of_life/compare/v0.3.0...HEAD
+[unreleased]: https://github.com/MatheusRich/end_of_life/compare/v0.4.1...HEAD
+[0.4.1]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.4.1
+[0.4.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.4.0
 [0.3.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.3.0
 [0.2.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.2.0
 [0.1.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.1.0

data/Gemfile

@@ -10,6 +10,6 @@ gem "rake", "~> 13.0"
 gem "rspec", "~> 3.10"
 gem "rspec-mocks", "~> 3.10"
 gem "simplecov", "~> 0.22.0"
-gem "standard", "~> 1.26"
+gem "standard", github: "testdouble/standard"
 gem "vcr", "~> 6.0"
 gem "webmock", "~> 3.13"

data/Gemfile.lock

@@ -1,31 +1,43 @@
+GIT
+  remote: https://github.com/testdouble/standard.git
+  revision: 2a0584ed57122065d0972fe5a55eb83aec150b54
+  specs:
+    standard (1.50.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.75.5)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.8)
+
 PATH
   remote: .
   specs:
-    end_of_life (0.4.0)
+    end_of_life (0.5.0)
       async
       dry-monads (~> 1.3)
       octokit (~> 9.0)
       pastel (~> 0.8.0)
       tty-spinner (~> 0.9.0)
       tty-table (~> 0.12.0)
+      zeitwerk (~> 2.7)
 
 GEM
   remote: https://rubygems.org/
   specs:
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
-    ast (2.4.2)
-    async (2.24.0)
+    ast (2.4.3)
+    async (2.30.0)
       console (~> 1.29)
       fiber-annotation
-      io-event (~> 1.9)
+      io-event (~> 1.11)
       metrics (~> 0.12)
-      traces (~> 0.15)
+      traces (~> 0.18)
     base64 (0.2.0)
     bigdecimal (3.1.9)
     climate_control (1.2.0)
     concurrent-ruby (1.3.5)
-    console (1.30.2)
+    console (1.34.0)
       fiber-annotation
       fiber-local (~> 1.1)
       json
@@ -38,43 +50,44 @@ GEM
       concurrent-ruby (~> 1.0)
       logger
       zeitwerk (~> 2.6)
-    dry-monads (1.8.3)
+    dry-monads (1.9.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.1)
       zeitwerk (~> 2.6)
-    faraday (2.13.1)
+    faraday (2.13.4)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.0)
+    faraday-net_http (3.4.1)
       net-http (>= 0.5.0)
     fiber-annotation (0.2.0)
     fiber-local (1.1.0)
       fiber-storage
     fiber-storage (1.0.1)
     hashdiff (1.1.2)
-    io-event (1.10.1)
+    io-event (1.14.0)
     json (2.9.1)
-    language_server-protocol (3.17.0.3)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
     logger (1.7.0)
-    metrics (0.12.2)
+    metrics (0.14.0)
     net-http (0.6.0)
       uri
     octokit (9.2.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    parallel (1.26.3)
-    parser (3.3.6.0)
+    parallel (1.27.0)
+    parser (3.3.9.0)
       ast (~> 2.4.1)
       racc
     pastel (0.8.0)
       tty-color (~> 0.5)
+    prism (1.4.0)
     public_suffix (6.0.1)
     racc (1.8.1)
     rainbow (3.1.1)
     rake (13.2.1)
-    regexp_parser (2.10.0)
+    regexp_parser (2.11.2)
     rexml (3.4.0)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
@@ -89,21 +102,24 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
-    rubocop (1.69.2)
+    rubocop (1.75.8)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.36.2, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.37.0)
-      parser (>= 3.3.1.0)
-    rubocop-performance (1.23.0)
-      rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-ast (1.46.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.25.0)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
     ruby-progressbar (1.13.0)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
@@ -114,24 +130,18 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    standard (1.43.0)
-      language_server-protocol (~> 3.17.0.2)
-      lint_roller (~> 1.0)
-      rubocop (~> 1.69.1)
-      standard-custom (~> 1.0.0)
-      standard-performance (~> 1.6)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.6.0)
+    standard-performance (1.8.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.23.0)
+      rubocop-performance (~> 1.25.0)
     strings (0.2.1)
       strings-ansi (~> 0.2)
       unicode-display_width (>= 1.5, < 3.0)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
-    traces (0.15.2)
+    traces (0.18.1)
     tty-color (0.6.0)
     tty-cursor (0.7.1)
     tty-screen (0.8.2)
@@ -162,7 +172,7 @@ DEPENDENCIES
   rspec (~> 3.10)
   rspec-mocks (~> 3.10)
   simplecov (~> 0.22.0)
-  standard (~> 1.26)
+  standard!
   vcr (~> 6.0)
   webmock (~> 3.13)
 

data/README.md

@@ -1,6 +1,7 @@
 # End of Life
 
-This gem lists GitHub repositories using end-of-life Ruby versions.
+This gem lists GitHub repositories using end-of-life versions of various
+products.
 
 ![End of Life Demo](demo.gif)
 
@@ -14,18 +15,20 @@ gem install end_of_life
 
 1. Set up a [GitHub access token][] (we recommend using a read-only token);
 
-[github access token]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-token
+[github access token]:
+    https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-token
 
-2. Export the `GITHUB_TOKEN` environment variable or set it when calling `end_of_life`;
+2. Export the `GITHUB_TOKEN` environment variable or set it when calling
+   `end_of_life`;
 
 3. Use the `end_of_life` command to list the repositories:
 
 ```sh
 $ GITHUB_TOKEN=something end_of_life # if your platform supports symlinks, you can use the `eol` command instead
-[✔] Fetching repositories...
+[✔] Searching repositories with Ruby...
 [✔] Searching for EOL Ruby in repositories...
 
-Found 2 repositories using EOL Ruby (<= 2.7.8):
+Found 2 repositories using EOL Ruby (<= 3.1.7):
 ┌───┬──────────────────────────────────────────────┬──────────────┐
 │   │ Repository                                   │ Ruby version │
 ├───┼──────────────────────────────────────────────┼──────────────┤
@@ -40,10 +43,11 @@ There are some options to help you filter down the results:
 
 ```
 Usage: end_of_life [options]
+    -p, --product NAME                 Sets the product to scan for (default: ruby). Supported products are: ruby, rails.
         --exclude=NAME,NAME2           Exclude repositories containing a certain word in its name. You can specify up to five words.
-        --public-only                  Searches only public repostories
-        --private-only                 Searches only private repostories
-        --repo, --repository=USER/REPO Searches a specific repostory
+        --public-only                  Searches only public repositories
+        --private-only                 Searches only private repositories
+        --repo, --repository=USER/REPO Searches a specific repository
         --org, --organization=ORG,ORG2 Searches within specific organizations
     -u, --user=NAME                    Sets the user used on the repository search
         --max-eol-days-away NUMBER     Sets the maximum number of days away a version can be from EOL. It defaults to 0.
@@ -54,17 +58,19 @@ Usage: end_of_life [options]
 
 ## How it works
 
-This gem fetches all your GitHub repositories that contain Ruby code, then
-searches for files that may have a Ruby version. Currently, those files are:
-`.ruby-version`, `Gemfile`, `Gemfile.lock`, and `.tool-version`. We parse these
-files and extract the minimum Ruby version used in the repository.
+This gem fetches all your GitHub repositories that contain code for the
+specified product, then searches for files that may contain version information.
+For Ruby, those files are: `.ruby-version`, `Gemfile`, `Gemfile.lock`, and
+`.tool-version`. End of Life parses these files and extracts the minimum version
+used in the repository.
 
-The EOL Ruby version is provided by https://endoflife.date/, with a file
+The EOL version information is provided by https://endoflife.date/, with a file
 [fallback].
 
-> **IMPORTANT:** To parse Gemfiles, we need to execute the code inside it. **Be
-> careful** because this may be a security risk. We plan to add a secure parser
-> for Gemfiles in the future.
+> [!ATTENTION]
+> To parse Gemfiles, we need to execute the code inside them.
+> **Be careful** because this may be a security risk. We plan to add secure
+> parsers for these files in the future.
 
 Some other limitations are listed on the [issues page].
 
@@ -86,7 +92,10 @@ git commits and the created tag, and push the `.gem` file to
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at
-https://github.com/MatheusRich/end_of_life.
+https://github.com/MatheusRich/end_of_life. If you want to add a new product,
+[check out this commit for reference].
+
+[check out this commit for reference]: ba9a92a690e0d61ea09e508c1cd76b8309fb89df
 
 ## License
 

data/end_of_life.gemspec

@@ -8,9 +8,9 @@ Gem::Specification.new do |spec|
   spec.authors = ["Matheus Richard"]
   spec.email = ["matheusrichardt@gmail.com"]
 
-  spec.summary = "Lists repositories using end-of-life Ruby versions."
+  spec.summary = "Lists repositories using end-of-life software"
   spec.description = "Searches your GitHub repositores and lists the ones using end-of-life, i.e. " \
-                     "unmaintained, Ruby versions."
+                     "unmaintained, software versions."
   spec.homepage = "https://github.com/MatheusRich/end_of_life"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 3.2.0"
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "pastel", "~> 0.8.0"
   spec.add_dependency "tty-spinner", "~> 0.9.0"
   spec.add_dependency "tty-table", "~> 0.12.0"
+  spec.add_dependency "zeitwerk", "~> 2.7"
 
   # For more information and examples about making a new gem, check out our
   # guide at: https://bundler.io/guides/creating_gem.html

data/lib/end_of_life/api.rb

@@ -0,0 +1,17 @@
+module EndOfLife
+  module API
+    extend self
+
+    BASE_URL = "https://endoflife.date/api/v1/"
+
+    def fetch_product(product) = get("products/#{product}")
+
+    private
+
+    def get(path)
+      response = Net::HTTP.get(URI("#{BASE_URL}#{path}"))
+
+      JSON.parse(response, symbolize_names: true)
+    end
+  end
+end

data/lib/end_of_life/cli.rb

@@ -1,6 +1,6 @@
 module EndOfLife
   class CLI
-    include TerminalHelper
+    include Helpers::Terminal
 
     def call(argv)
       parse_options(argv)
@@ -9,6 +9,10 @@ module EndOfLife
 
     private
 
+    def parse_options(argv)
+      Options.from(argv)
+    end
+
     def execute_command(options)
       case options[:command]
       when :help
@@ -16,64 +20,10 @@ module EndOfLife
       when :version
         puts "end_of_life v#{EndOfLife::VERSION}"
       when :print_error
-        puts error_msg(options[:error])
-        exit(-1)
+        abort error_msg(options[:error])
       else
-        check_eol_ruby_on_repositories(options)
+        Scanner.scan(options)
       end
     end
-
-    def check_eol_ruby_on_repositories(options)
-      fetch_repositories(options)
-        .fmap { |repositories| filter_repositories_with_end_of_life(repositories, max_eol_date: options[:max_eol_date]) }
-        .fmap { |repositories| print_diagnose_for(repositories, max_eol_date: options[:max_eol_date]) }
-        .or { |error| puts "\n#{error_msg(error)}" }
-    end
-
-    def parse_options(argv)
-      Options.from(argv)
-    end
-
-    def fetch_repositories(options)
-      with_loading_spinner("Fetching repositories...") do |spinner|
-        result = Repository.fetch(options)
-
-        spinner.error if result.failure?
-
-        result
-      end
-    end
-
-    def filter_repositories_with_end_of_life(repositories, max_eol_date:)
-      with_loading_spinner("Searching for EOL Ruby in repositories...") do
-        Sync do
-          repositories
-            .tap { |repos| repos.map { |repo| Async { repo.ruby_version } }.map(&:wait) }
-            .filter { |repo| repo.eol_ruby?(at: max_eol_date) }
-        end
-      end
-    end
-
-    def print_diagnose_for(repositories, max_eol_date:)
-      puts
-
-      if repositories.empty?
-        puts "No repositories using EOL Ruby."
-        return
-      end
-
-      puts "Found #{repositories.size} repositories using EOL Ruby (<= #{RubyVersion.latest_eol(at: max_eol_date)}):"
-      puts end_of_life_table(repositories)
-      exit(-1)
-    end
-
-    def end_of_life_table(repositories)
-      headers = ["", "Repository", "Ruby version"]
-      rows = repositories.map.with_index(1) do |repo, i|
-        [i, repo.url, repo.ruby_version]
-      end
-
-      table(headers, rows)
-    end
   end
 end

data/lib/end_of_life/helpers/silent_bundler.rb

@@ -0,0 +1,18 @@
+require "bundler"
+
+module EndOfLife
+  module Helpers
+    module SilentBundler
+      extend self
+
+      def silence_bundler
+        previous_ui = Bundler.ui
+        Bundler.ui = Bundler::UI::Silent.new
+
+        yield
+      ensure
+        Bundler.ui = previous_ui
+      end
+    end
+  end
+end

data/lib/end_of_life/{terminal_helper.rb → helpers/terminal.rb}

@@ -3,7 +3,7 @@ require "tty-spinner"
 require "tty-table"
 
 module EndOfLife
-  module TerminalHelper
+  module Helpers::Terminal
     def error_msg(message, label: "[ERROR]")
       label = paint.red("#{label} ")
 

data/lib/end_of_life/in_memory_file.rb

@@ -0,0 +1,3 @@
+module EndOfLife
+  InMemoryFile = Data.define(:path, :read)
+end

data/lib/end_of_life/options.rb

@@ -3,50 +3,54 @@ require "optparse"
 module EndOfLife
   module Options
     def self.from(argv)
-      options = {max_eol_date: Date.today, skip_archived: true}
+      options = {product: Product.find("ruby"), max_eol_date: Date.today, skip_archived: true}
+      OptionParser.new do |parser|
+        options[:parser] = parser
 
-      OptionParser.new do |opts|
-        options[:parser] = opts
+        parser.banner = "Usage: end_of_life [options]"
 
-        opts.banner = "Usage: end_of_life [options]"
+        product_names = EndOfLife.products.map(&:name)
+        parser.on("-p NAME", "--product NAME", /#{product_names.join("|")}/i, "Sets the product to scan for (default: ruby). Supported products are: #{product_names.join(", ")}.") do |name|
+          options[:product] = Product.find(name)
+        end
 
-        opts.on("--exclude=NAME,NAME2", Array, "Exclude repositories containing a certain word in its name. You can specify up to five words.") do |excludes|
+        parser.on("--exclude=NAME,NAME2", Array, "Exclude repositories containing a certain word in its name. You can specify up to five words.") do |excludes|
           options[:excludes] = excludes.first(5)
         end
 
-        opts.on("--public-only", "Searches only public repostories") do
+        parser.on("--public-only", "Searches only public repositories") do
           options[:visibility] = :public
         end
 
-        opts.on("--private-only", "Searches only private repostories") do
+        parser.on("--private-only", "Searches only private repositories") do
           options[:visibility] = :private
         end
 
-        opts.on("--repo=USER/REPO", "--repository=USER/REPO", "Searches a specific repostory") do |repository|
+        parser.on("--repo=USER/REPO", "--repository=USER/REPO", "Searches a specific repository") do |repository|
           options[:repository] = repository
         end
 
-        opts.on("--org=ORG,ORG2...", "--organization=ORG,ORG2", Array, "Searches within specific organizations") do |organizations|
+        parser.on("--org=ORG,ORG2...", "--organization=ORG,ORG2", Array, "Searches within specific organizations") do |organizations|
           options[:organizations] = organizations
         end
 
-        opts.on("-u NAME", "--user=NAME", "Sets the user used on the repository search") do |user|
+        parser.on("-u NAME", "--user=NAME", "Sets the user used on the repository search") do |user|
           options[:user] = user
         end
 
-        opts.on("--max-eol-days-away NUMBER", "Sets the maximum number of days away a version can be from EOL. It defaults to 0.") do |days|
+        parser.on("--max-eol-days-away NUMBER", "Sets the maximum number of days away a version can be from EOL. It defaults to 0.") do |days|
           options[:max_eol_date] = Date.today + days.to_i.abs
         end
 
-        opts.on("--include-archived", "Includes archived repositories on the search") do
+        parser.on("--include-archived", "Includes archived repositories on the search") do
           options[:skip_archived] = false
         end
 
-        opts.on("-v", "--version", "Displays end_of_life version") do
+        parser.on("-v", "--version", "Displays end_of_life version") do
           options[:command] = :version
         end
 
-        opts.on("-h", "--help", "Displays this help") do
+        parser.on("-h", "--help", "Displays this help") do
           options[:command] = :help
         end
       end.parse!(argv)

data/lib/end_of_life/parsers/gemfile.rb

@@ -0,0 +1,31 @@
+module EndOfLife
+  module Parsers
+    module Gemfile
+      extend Helpers::SilentBundler
+      extend self
+
+      def parse(file_content)
+        with_temp_gemfile(file_content) do |gemfile|
+          silence_bundler do
+            # This is security problem, since it runs the code inside the file
+            Bundler::Definition.build(gemfile.path, nil, {})
+          end
+        end
+      end
+
+      private
+
+      def with_temp_gemfile(contents)
+        # Bundler requires a file to parse, so we need to create a temporary file
+        Tempfile.create("tempGemfile") do |tempfile|
+          tempfile.write(contents)
+          tempfile.rewind
+
+          yield(tempfile)
+        rescue Bundler::BundlerError
+          nil # NOTE: maybe a Null object would be cleaner
+        end
+      end
+    end
+  end
+end

data/lib/end_of_life/parsers/gemfile_lock.rb

@@ -0,0 +1,14 @@
+module EndOfLife
+  module Parsers
+    module GemfileLock
+      extend Helpers::SilentBundler
+      extend self
+
+      def parse(file_content)
+        silence_bundler do
+          Bundler::LockfileParser.new(file_content)
+        end
+      end
+    end
+  end
+end

data/lib/end_of_life/parsers/ruby_version.rb

@@ -0,0 +1,11 @@
+module EndOfLife
+  module Parsers
+    module RubyVersion
+      extend self
+
+      def parse(file_content)
+        Gem::Version.new(file_content.strip.delete_prefix("ruby-"))
+      end
+    end
+  end
+end

data/lib/end_of_life/parsers/tool_versions.rb

@@ -0,0 +1,23 @@
+module EndOfLife
+  module Parsers
+    module ToolVersions
+      extend self
+
+      def parse(file_content)
+        file_content
+          .lines
+          .filter_map { |line|
+            line = line.strip
+            next if line.start_with?("#") || line.empty?
+
+            tool, version, * = line.split
+
+            next if version == "latest"
+
+            [tool, Gem::Version.new(version)]
+          }
+          .to_h
+      end
+    end
+  end
+end

data/lib/end_of_life/product/registry.rb

@@ -0,0 +1,23 @@
+module EndOfLife
+  module Product::Registry
+    def scans_for(product_name, search_query:)
+      product_registry[product_name.to_sym.downcase] = Product.new(
+        product_name,
+        search_query,
+        version_detector_for(product_name)
+      )
+    end
+
+    def find_product(name) = product_registry.fetch(name.to_sym.downcase)
+
+    def products = product_registry.values
+
+    private
+
+    def product_registry
+      @@product_registry ||= {}
+    end
+
+    def version_detector_for(product) = VersionDetectors.for_product(product)
+  end
+end