end_of_life 0.4.1 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8e0689d1cdf6da1fa737f8d699a060a8544184dfb345d6af4093e6e5e000c13
-  data.tar.gz: 608169452246f72b9351b07ae4f243d4ce74c3416c451a5fdf600b97dbc3f529
+  metadata.gz: 19209199d1886b9a553b2ce566a075a162fc0f877073aad2c63739f99d32f0ee
+  data.tar.gz: 9ef0fbd8ef557d73c0a6739b29fa4f40edb3dbba4e6b306f4e132ae160ed815e
 SHA512:
-  metadata.gz: 57c0401637ca7d60d59d27ab35f4bee948f09bf188df6189a41be14ceb906c50ee77059a550076122f14a3b118c9e6fdd2f10dd520d19b562670c8fe229cf5df
-  data.tar.gz: 8cf1db7f6007559d3066696e1f3820fdaae1b055654456d47d48d67b6828530315992aae95ac9ea2ecf3927b3a39b80f84df7a762d24cc6c4f073bc2956d648e
+  metadata.gz: 66fe59b2626bf7656eed917b4fa8e196b15e81dd327f19636af914359956b318648e334f8655d249a979f8d50c94ece93fde880ac241fc497985ba06f18ab55f
+  data.tar.gz: 924eed863de214be0a8ac4a91fccfa964f1349efa13631acec507a6b59a481811885f9dbdc6ff3cd4473e6d460f42a1cffb4400bf6f1297707d83b23b422ffda

data/.tool-versions

@@ -1 +1 @@
-ruby 3.4.2
+ruby 3.4.5

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 ## [Unreleased]
 
+## [0.5.1] - 2025-09-10
+
+- [BUGFIX] Handle when Gemfile pulls version from a file and the file is missing
+- [BUGFIX] Handle running end_of_life outside of a bundler project
+
+## [0.5.0] - 2025-09-07
+
+- 🎉 Add support for scanning EOL Rails versions!
+  - Use the `--product=rails` option to scan for Rails instead of Ruby.
+  - End of Life looks for an exact Rails version on the `Gemfile` file or `Gemfile.lock`.
+
 ## [0.4.1] - 2025-05-23
 
 - [BUGFIX] Handle empty/invalid version files
@@ -161,7 +172,8 @@ $ end_of_life --user=matz # searches on matz's repositories
 
 - Initial release
 
-[unreleased]: https://github.com/MatheusRich/end_of_life/compare/v0.4.1...HEAD
+[unreleased]: https://github.com/MatheusRich/end_of_life/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.5.0
 [0.4.1]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.4.1
 [0.4.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.4.0
 [0.3.0]: https://github.com/MatheusRich/end_of_life/releases/tag/v0.3.0

data/Gemfile

@@ -10,6 +10,6 @@ gem "rake", "~> 13.0"
 gem "rspec", "~> 3.10"
 gem "rspec-mocks", "~> 3.10"
 gem "simplecov", "~> 0.22.0"
-gem "standard", "~> 1.26"
+gem "standard", github: "testdouble/standard"
 gem "vcr", "~> 6.0"
 gem "webmock", "~> 3.13"

data/Gemfile.lock

@@ -1,31 +1,44 @@
+GIT
+  remote: https://github.com/testdouble/standard.git
+  revision: 2a0584ed57122065d0972fe5a55eb83aec150b54
+  specs:
+    standard (1.50.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.75.5)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.8)
+
 PATH
   remote: .
   specs:
-    end_of_life (0.4.1)
+    end_of_life (0.5.1)
       async
+      bundler (>= 2.3.0, < 3)
       dry-monads (~> 1.3)
       octokit (~> 9.0)
       pastel (~> 0.8.0)
       tty-spinner (~> 0.9.0)
       tty-table (~> 0.12.0)
+      zeitwerk (~> 2.7)
 
 GEM
   remote: https://rubygems.org/
   specs:
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
-    ast (2.4.2)
-    async (2.24.0)
+    ast (2.4.3)
+    async (2.31.0)
       console (~> 1.29)
       fiber-annotation
-      io-event (~> 1.9)
+      io-event (~> 1.11)
       metrics (~> 0.12)
-      traces (~> 0.15)
+      traces (~> 0.18)
     base64 (0.2.0)
     bigdecimal (3.1.9)
     climate_control (1.2.0)
     concurrent-ruby (1.3.5)
-    console (1.30.2)
+    console (1.34.0)
       fiber-annotation
       fiber-local (~> 1.1)
       json
@@ -38,43 +51,44 @@ GEM
       concurrent-ruby (~> 1.0)
       logger
       zeitwerk (~> 2.6)
-    dry-monads (1.8.3)
+    dry-monads (1.9.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.1)
       zeitwerk (~> 2.6)
-    faraday (2.13.1)
+    faraday (2.13.4)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.0)
+    faraday-net_http (3.4.1)
       net-http (>= 0.5.0)
     fiber-annotation (0.2.0)
     fiber-local (1.1.0)
       fiber-storage
     fiber-storage (1.0.1)
     hashdiff (1.1.2)
-    io-event (1.10.1)
+    io-event (1.14.0)
     json (2.9.1)
-    language_server-protocol (3.17.0.3)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
     logger (1.7.0)
-    metrics (0.12.2)
+    metrics (0.15.0)
     net-http (0.6.0)
       uri
     octokit (9.2.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    parallel (1.26.3)
-    parser (3.3.6.0)
+    parallel (1.27.0)
+    parser (3.3.9.0)
       ast (~> 2.4.1)
       racc
     pastel (0.8.0)
       tty-color (~> 0.5)
+    prism (1.4.0)
     public_suffix (6.0.1)
     racc (1.8.1)
     rainbow (3.1.1)
     rake (13.2.1)
-    regexp_parser (2.10.0)
+    regexp_parser (2.11.2)
     rexml (3.4.0)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
@@ -89,21 +103,24 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
-    rubocop (1.69.2)
+    rubocop (1.75.8)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.36.2, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.37.0)
-      parser (>= 3.3.1.0)
-    rubocop-performance (1.23.0)
-      rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-ast (1.46.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.25.0)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
     ruby-progressbar (1.13.0)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
@@ -114,24 +131,18 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    standard (1.43.0)
-      language_server-protocol (~> 3.17.0.2)
-      lint_roller (~> 1.0)
-      rubocop (~> 1.69.1)
-      standard-custom (~> 1.0.0)
-      standard-performance (~> 1.6)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.6.0)
+    standard-performance (1.8.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.23.0)
+      rubocop-performance (~> 1.25.0)
     strings (0.2.1)
       strings-ansi (~> 0.2)
       unicode-display_width (>= 1.5, < 3.0)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
-    traces (0.15.2)
+    traces (0.18.2)
     tty-color (0.6.0)
     tty-cursor (0.7.1)
     tty-screen (0.8.2)
@@ -162,7 +173,7 @@ DEPENDENCIES
   rspec (~> 3.10)
   rspec-mocks (~> 3.10)
   simplecov (~> 0.22.0)
-  standard (~> 1.26)
+  standard!
   vcr (~> 6.0)
   webmock (~> 3.13)
 

data/README.md

@@ -1,6 +1,7 @@
 # End of Life
 
-This gem lists GitHub repositories using end-of-life Ruby versions.
+This gem lists GitHub repositories using end-of-life versions of various
+products.
 
 ![End of Life Demo](demo.gif)
 
@@ -14,18 +15,20 @@ gem install end_of_life
 
 1. Set up a [GitHub access token][] (we recommend using a read-only token);
 
-[github access token]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-token
+[github access token]:
+    https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-token
 
-2. Export the `GITHUB_TOKEN` environment variable or set it when calling `end_of_life`;
+2. Export the `GITHUB_TOKEN` environment variable or set it when calling
+   `end_of_life`;
 
 3. Use the `end_of_life` command to list the repositories:
 
 ```sh
 $ GITHUB_TOKEN=something end_of_life # if your platform supports symlinks, you can use the `eol` command instead
-[✔] Fetching repositories...
+[✔] Searching repositories with Ruby...
 [✔] Searching for EOL Ruby in repositories...
 
-Found 2 repositories using EOL Ruby (<= 2.7.8):
+Found 2 repositories using EOL Ruby (<= 3.1.7):
 ┌───┬──────────────────────────────────────────────┬──────────────┐
 │   │ Repository                                   │ Ruby version │
 ├───┼──────────────────────────────────────────────┼──────────────┤
@@ -40,6 +43,7 @@ There are some options to help you filter down the results:
 
 ```
 Usage: end_of_life [options]
+    -p, --product NAME                 Sets the product to scan for (default: ruby). Supported products are: ruby, rails.
         --exclude=NAME,NAME2           Exclude repositories containing a certain word in its name. You can specify up to five words.
         --public-only                  Searches only public repositories
         --private-only                 Searches only private repositories
@@ -54,17 +58,19 @@ Usage: end_of_life [options]
 
 ## How it works
 
-This gem fetches all your GitHub repositories that contain Ruby code, then
-searches for files that may have a Ruby version. Currently, those files are:
-`.ruby-version`, `Gemfile`, `Gemfile.lock`, and `.tool-version`. We parse these
-files and extract the minimum Ruby version used in the repository.
+This gem fetches all your GitHub repositories that contain code for the
+specified product, then searches for files that may contain version information.
+For Ruby, those files are: `.ruby-version`, `Gemfile`, `Gemfile.lock`, and
+`.tool-version`. End of Life parses these files and extracts the minimum version
+used in the repository.
 
-The EOL Ruby version is provided by https://endoflife.date/, with a file
+The EOL version information is provided by https://endoflife.date/, with a file
 [fallback].
 
-> **IMPORTANT:** To parse Gemfiles, we need to execute the code inside it. **Be
-> careful** because this may be a security risk. We plan to add a secure parser
-> for Gemfiles in the future.
+> [!ATTENTION]
+> To parse Gemfiles, we need to execute the code inside them.
+> **Be careful** because this may be a security risk. We plan to add secure
+> parsers for these files in the future.
 
 Some other limitations are listed on the [issues page].
 
@@ -86,7 +92,10 @@ git commits and the created tag, and push the `.gem` file to
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at
-https://github.com/MatheusRich/end_of_life.
+https://github.com/MatheusRich/end_of_life. If you want to add a new product,
+[check out this commit for reference].
+
+[check out this commit for reference]: ba9a92a690e0d61ea09e508c1cd76b8309fb89df
 
 ## License
 

data/end_of_life.gemspec

@@ -8,9 +8,11 @@ Gem::Specification.new do |spec|
   spec.authors = ["Matheus Richard"]
   spec.email = ["matheusrichardt@gmail.com"]
 
-  spec.summary = "Lists repositories using end-of-life Ruby versions."
-  spec.description = "Searches your GitHub repositores and lists the ones using end-of-life, i.e. " \
-                     "unmaintained, Ruby versions."
+  spec.summary = "Lists repositories using end-of-life software"
+  spec.description = <<~TEXT
+    Searches your GitHub repositores and lists the ones using end-of-life, i.e.
+    unmaintained, software.
+  TEXT
   spec.homepage = "https://github.com/MatheusRich/end_of_life"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 3.2.0"
@@ -33,11 +35,13 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "async"
+  spec.add_dependency "bundler", ">= 2.3.0", "< 3"
   spec.add_dependency "dry-monads", "~> 1.3"
   spec.add_dependency "octokit", "~> 9.0"
   spec.add_dependency "pastel", "~> 0.8.0"
   spec.add_dependency "tty-spinner", "~> 0.9.0"
   spec.add_dependency "tty-table", "~> 0.12.0"
+  spec.add_dependency "zeitwerk", "~> 2.7"
 
   # For more information and examples about making a new gem, check out our
   # guide at: https://bundler.io/guides/creating_gem.html

data/lib/end_of_life/api.rb

@@ -0,0 +1,17 @@
+module EndOfLife
+  module API
+    extend self
+
+    BASE_URL = "https://endoflife.date/api/v1/"
+
+    def fetch_product(product) = get("products/#{product}")
+
+    private
+
+    def get(path)
+      response = Net::HTTP.get(URI("#{BASE_URL}#{path}"))
+
+      JSON.parse(response, symbolize_names: true)
+    end
+  end
+end

data/lib/end_of_life/cli.rb

@@ -1,6 +1,6 @@
 module EndOfLife
   class CLI
-    include TerminalHelper
+    include Helpers::Terminal
 
     def call(argv)
       parse_options(argv)
@@ -9,6 +9,10 @@ module EndOfLife
 
     private
 
+    def parse_options(argv)
+      Options.from(argv)
+    end
+
     def execute_command(options)
       case options[:command]
       when :help
@@ -16,65 +20,10 @@ module EndOfLife
       when :version
         puts "end_of_life v#{EndOfLife::VERSION}"
       when :print_error
-        puts error_msg(options[:error])
-        exit(-1)
+        abort error_msg(options[:error])
       else
-        check_eol_ruby_on_repositories(options)
+        Scanner.scan(options)
       end
     end
-
-    def check_eol_ruby_on_repositories(options)
-      fetch_repositories(options)
-        .fmap { |repositories| filter_repositories_with_end_of_life(repositories, max_eol_date: options[:max_eol_date]) }
-        .fmap { |repositories| print_diagnose_for(repositories, max_eol_date: options[:max_eol_date]) }
-        .or { |error| puts "\n#{error_msg(error)}" }
-    end
-
-    def parse_options(argv)
-      Options.from(argv)
-    end
-
-    def fetch_repositories(options)
-      with_loading_spinner("Fetching repositories...") do |spinner|
-        result = Repository.fetch(options)
-
-        spinner.error if result.failure?
-
-        result
-      end
-    end
-
-    def filter_repositories_with_end_of_life(repositories, max_eol_date:)
-      with_loading_spinner("Searching for EOL Ruby in repositories...") do
-        Sync do
-          repositories
-            .tap { |repos| repos.map { |repo| Async { repo.ruby_version } }.map(&:wait) }
-            .filter { |repo| repo.eol_ruby?(at: max_eol_date) }
-        end
-      end
-    end
-
-    def print_diagnose_for(repositories, max_eol_date:)
-      puts
-
-      if repositories.empty?
-        puts "No repositories using EOL Ruby."
-        return
-      end
-
-      word = (repositories.size == 1) ? "repository" : "repositories"
-      puts "Found #{repositories.size} #{word} using EOL Ruby (<= #{RubyVersion.latest_eol(at: max_eol_date)}):"
-      puts end_of_life_table(repositories)
-      exit(-1)
-    end
-
-    def end_of_life_table(repositories)
-      headers = ["", "Repository", "Ruby version"]
-      rows = repositories.map.with_index(1) do |repo, i|
-        [i, repo.url, repo.ruby_version]
-      end
-
-      table(headers, rows)
-    end
   end
 end

data/lib/end_of_life/helpers/silent_bundler.rb

@@ -0,0 +1,18 @@
+require "bundler"
+
+module EndOfLife
+  module Helpers
+    module SilentBundler
+      extend self
+
+      def silence_bundler
+        previous_ui = Bundler.ui
+        Bundler.ui = Bundler::UI::Silent.new
+
+        yield
+      ensure
+        Bundler.ui = previous_ui
+      end
+    end
+  end
+end

data/lib/end_of_life/{terminal_helper.rb → helpers/terminal.rb}

@@ -3,7 +3,7 @@ require "tty-spinner"
 require "tty-table"
 
 module EndOfLife
-  module TerminalHelper
+  module Helpers::Terminal
     def error_msg(message, label: "[ERROR]")
       label = paint.red("#{label} ")
 

data/lib/end_of_life/in_memory_file.rb

@@ -0,0 +1,3 @@
+module EndOfLife
+  InMemoryFile = Data.define(:path, :read)
+end

data/lib/end_of_life/options.rb

@@ -3,50 +3,54 @@ require "optparse"
 module EndOfLife
   module Options
     def self.from(argv)
-      options = {max_eol_date: Date.today, skip_archived: true}
+      options = {product: Product.find("ruby"), max_eol_date: Date.today, skip_archived: true}
+      OptionParser.new do |parser|
+        options[:parser] = parser
 
-      OptionParser.new do |opts|
-        options[:parser] = opts
+        parser.banner = "Usage: end_of_life [options]"
 
-        opts.banner = "Usage: end_of_life [options]"
+        product_names = EndOfLife.products.map(&:name)
+        parser.on("-p NAME", "--product NAME", /#{product_names.join("|")}/i, "Sets the product to scan for (default: ruby). Supported products are: #{product_names.join(", ")}.") do |name|
+          options[:product] = Product.find(name)
+        end
 
-        opts.on("--exclude=NAME,NAME2", Array, "Exclude repositories containing a certain word in its name. You can specify up to five words.") do |excludes|
+        parser.on("--exclude=NAME,NAME2", Array, "Exclude repositories containing a certain word in its name. You can specify up to five words.") do |excludes|
           options[:excludes] = excludes.first(5)
         end
 
-        opts.on("--public-only", "Searches only public repositories") do
+        parser.on("--public-only", "Searches only public repositories") do
           options[:visibility] = :public
         end
 
-        opts.on("--private-only", "Searches only private repositories") do
+        parser.on("--private-only", "Searches only private repositories") do
           options[:visibility] = :private
         end
 
-        opts.on("--repo=USER/REPO", "--repository=USER/REPO", "Searches a specific repository") do |repository|
+        parser.on("--repo=USER/REPO", "--repository=USER/REPO", "Searches a specific repository") do |repository|
           options[:repository] = repository
         end
 
-        opts.on("--org=ORG,ORG2...", "--organization=ORG,ORG2", Array, "Searches within specific organizations") do |organizations|
+        parser.on("--org=ORG,ORG2...", "--organization=ORG,ORG2", Array, "Searches within specific organizations") do |organizations|
           options[:organizations] = organizations
         end
 
-        opts.on("-u NAME", "--user=NAME", "Sets the user used on the repository search") do |user|
+        parser.on("-u NAME", "--user=NAME", "Sets the user used on the repository search") do |user|
           options[:user] = user
         end
 
-        opts.on("--max-eol-days-away NUMBER", "Sets the maximum number of days away a version can be from EOL. It defaults to 0.") do |days|
+        parser.on("--max-eol-days-away NUMBER", "Sets the maximum number of days away a version can be from EOL. It defaults to 0.") do |days|
           options[:max_eol_date] = Date.today + days.to_i.abs
         end
 
-        opts.on("--include-archived", "Includes archived repositories on the search") do
+        parser.on("--include-archived", "Includes archived repositories on the search") do
           options[:skip_archived] = false
         end
 
-        opts.on("-v", "--version", "Displays end_of_life version") do
+        parser.on("-v", "--version", "Displays end_of_life version") do
           options[:command] = :version
         end
 
-        opts.on("-h", "--help", "Displays this help") do
+        parser.on("-h", "--help", "Displays this help") do
           options[:command] = :help
         end
       end.parse!(argv)

data/lib/end_of_life/parsers/gemfile.rb

@@ -0,0 +1,31 @@
+module EndOfLife
+  module Parsers
+    module Gemfile
+      extend Helpers::SilentBundler
+      extend self
+
+      def parse(file_content)
+        with_temp_gemfile(file_content) do |gemfile|
+          silence_bundler do
+            # This is security problem, since it runs the code inside the file
+            Bundler::Definition.build(gemfile.path, nil, {})
+          end
+        end
+      end
+
+      private
+
+      def with_temp_gemfile(contents)
+        # Bundler requires a file to parse, so we need to create a temporary file
+        Tempfile.create("tempGemfile") do |tempfile|
+          tempfile.write(contents)
+          tempfile.rewind
+
+          yield(tempfile)
+        rescue Bundler::BundlerError, Errno::ENOENT # Bundler tries to read the version file, and in some versions it raises this error
+          nil # NOTE: maybe a Null object would be cleaner
+        end
+      end
+    end
+  end
+end

data/lib/end_of_life/parsers/gemfile_lock.rb

@@ -0,0 +1,16 @@
+module EndOfLife
+  module Parsers
+    module GemfileLock
+      extend Helpers::SilentBundler
+      extend self
+
+      def parse(file_content)
+        silence_bundler do
+          Bundler::LockfileParser.new(file_content)
+        end
+      rescue Bundler::BundlerError # outside a bundler project
+        nil
+      end
+    end
+  end
+end

data/lib/end_of_life/parsers/ruby_version.rb

@@ -0,0 +1,11 @@
+module EndOfLife
+  module Parsers
+    module RubyVersion
+      extend self
+
+      def parse(file_content)
+        Gem::Version.new(file_content.strip.delete_prefix("ruby-"))
+      end
+    end
+  end
+end

data/lib/end_of_life/parsers/tool_versions.rb

@@ -0,0 +1,23 @@
+module EndOfLife
+  module Parsers
+    module ToolVersions
+      extend self
+
+      def parse(file_content)
+        file_content
+          .lines
+          .filter_map { |line|
+            line = line.strip
+            next if line.start_with?("#") || line.empty?
+
+            tool, version, * = line.split
+
+            next if version == "latest"
+
+            [tool, Gem::Version.new(version)]
+          }
+          .to_h
+      end
+    end
+  end
+end

data/lib/end_of_life/product/registry.rb

@@ -0,0 +1,23 @@
+module EndOfLife
+  module Product::Registry
+    def scans_for(product_name, search_query:)
+      product_registry[product_name.to_sym.downcase] = Product.new(
+        product_name,
+        search_query,
+        version_detector_for(product_name)
+      )
+    end
+
+    def find_product(name) = product_registry.fetch(name.to_sym.downcase)
+
+    def products = product_registry.values
+
+    private
+
+    def product_registry
+      @product_registry ||= {}
+    end
+
+    def version_detector_for(product) = VersionDetectors.for_product(product)
+  end
+end