gergich 1.1.1 → 2.0.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gergich
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Jon Jensen
-autorequire: 
-bindir: bin
+autorequire:
+bindir: exe
 cert_chain: []
-date: 2020-01-07 00:00:00.000000000 Z
+date: 2021-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -16,84 +16,126 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.17'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '0.17'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.49'
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.49'
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.0
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.0
+        version: 0.21.2
 description: Gergich is a little command-line tool for wiring up linters to Gerrit
   so you can get nice inline comments right on the review
 email: jon@instructure.com
@@ -103,12 +145,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- LICENSE
-- README.md
-- bin/check_coverage
-- bin/gergich
-- bin/master_bouncer
-- bin/run_tests.sh
+- exe/gergich
+- exe/master_bouncer
 - lib/gergich.rb
 - lib/gergich/capture.rb
 - lib/gergich/capture/androidlint_capture.rb
@@ -120,28 +158,15 @@ files:
 - lib/gergich/capture/shellcheck_capture.rb
 - lib/gergich/capture/stylelint_capture.rb
 - lib/gergich/capture/swiftlint_capture.rb
+- lib/gergich/capture/yamllint_capture.rb
 - lib/gergich/cli.rb
 - lib/gergich/cli/gergich.rb
 - lib/gergich/cli/master_bouncer.rb
-- spec/gergich/capture/androidlint_capture_spec.rb
-- spec/gergich/capture/brakeman_capture_spec.rb
-- spec/gergich/capture/custom_capture_spec.rb
-- spec/gergich/capture/eslint_capture_spec.rb
-- spec/gergich/capture/flake8_capture_spec.rb
-- spec/gergich/capture/i18nliner_capture_spec.rb
-- spec/gergich/capture/rubocop_capture_spec.rb
-- spec/gergich/capture/shellcheck_capture_spec.rb
-- spec/gergich/capture/stylelint_capture_spec.rb
-- spec/gergich/capture/swiftlint_capture_spec.rb
-- spec/gergich/capture_spec.rb
-- spec/gergich_spec.rb
-- spec/spec_helper.rb
-- spec/support/capture_shared_examples.rb
 homepage: https://github.com/instructure/gergich
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -149,16 +174,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14.4
-signing_key: 
+rubygems_version: 3.2.24
+signing_key:
 specification_version: 4
 summary: Command-line tool for adding Gerrit comments
 test_files: []

data/LICENSE

@@ -1,20 +0,0 @@
-Copyright (c) 2015-2016 Instructure, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,178 +0,0 @@
-# Gergich
-
-[![Gem Version](https://badge.fury.io/rb/gergich.svg)](https://rubygems.org/gems/gergich)
-[![Dependency Status](https://gemnasium.com/badges/a2946a7849cd94f5ec0f4c3173a968f4.svg)](https://gemnasium.com/cc6fb44edee9fcf855cec82d3b6aed0f)
-[![Build Status](https://travis-ci.org/instructure/gergich.svg?branch=master)](https://travis-ci.org/instructure/gergich)
-
-Gergich is a command-line tool (and ruby lib) for easily posting comments
-on a [Gerrit](https://www.gerritcodereview.com/) review from a CI
-environment. It can be wired up to linters (rubocop, eslint, etc.) so that
-you can get nice inline comments right on the Gerrit review. That way
-developers don't have to go digging through CI logs to see why their
-builds failed.
-
-## How does it work?
-
-Gergich maintains a little sqlite db of any draft comments/labels/etc.
-for the current patchset (defined by revision+ChangeId). This way
-different processes can all contribute to the review. For example,
-various linters add inline comments, and when the CI build finishes,
-Gergich publishes the review to Gerrit.
-
-## Limitations
-
-Because everything is synchronized/stored in a local sqlite db, you
-should only call Gergich from a single box/build per patchset unless you
-have a unique `GERGICH_COMMENT_PREFIX` set for each box/build per patchset.
-Gergich does a check when publishing to ensure he hasn't already posted on
-this patchset before (w/ the same `GERGICH_COMMENT_PREFIX`); if he has,
-publish will be a no-op. This protects against reposts (say, on a retrigger),
-but it does mean that you shouldn't have completely different builds posting
-Gergich comments on the same revision, unless you set up different
-credentials for each.
-
-## Installation
-
-Add the following to your Gemfile (perhaps in your `:test` group?):
-
-```ruby
-gem "gergich"
-```
-
-To use Gergich, you'll need a Gerrit user whose credentials it'll use
-(ideally not your own). With your shiny new username and password in hand,
-set `GERGICH_USER` and `GERGICH_KEY` accordingly in your CI environment.
-
-Additionally, Gergich needs to know where your Gerrit installation
-lives, so be sure to set `GERRIT_BASE_URL` (e.g.
-`https://gerrit.example.com`) or `GERRIT_HOST` (e.g. `gerrit.example.com`).
-
-Lastly, if you have no .git directory in CI land (say if you are building
-in docker and want to keep your images small), you also need to set
-`GERRIT_CHANGE_ID` and `GERRIT_PATCHSET_REVISION`. If you use Jenkins and
-the gerrit-trigger plugin, typcially all `GERRIT_*` vars will already be
-set, it's just a matter of plumbing them down to docker.
-
-## Usage
-
-Run `gergich help` for detailed information about all supported commands.
-In your build scripts, you'll typically be using `gergich comment`,
-`gergich capture` and `gergich publish`. Comments are stored locally in a
-sqlite database until you publish. This way you can queue up comments from
-many disparate processes. Comments are published to `HEAD`'s corresponding
-patchset in Gerrit (based on Change-Id + `<sha>`)
-
-### `gergich comment <comment_data>`
-
-`<comment_data>` is a JSON object (or array of objects). Each comment
-object should have the following properties:
-
-* **path** - the relative file path, e.g. "app/models/user.rb"
-* **position** - either a number (line) or an object (range). If an object,
-  must have the following numeric properties:
-  * start_line
-  * start_character
-  * end_line
-  * end_character
-* **message** - the text of the comment
-* **severity** - `"info"|"warn"|"error"` - this will automatically prefix
-  the comment (e.g. `"[ERROR] message here"`), and the most severe comment
-  will be used to determine the overall `Code-Review` score (0, -1, or -2
-  respectively)
-
-Note that a cover message and `Code-Review` score will be inferred from the
-most severe comment.
-
-#### Examples
-
-```bash
-gergich comment '{"path":"foo.rb","position":3,"severity":"error",
-                  "message":"ಠ_ಠ"}'
-gergich comment '{"path":"bar.rb","severity":"warn",
-                  "position":{"start_line":3,"start_character":5,...},
-                  "message":"¯\_(ツ)_/¯"}'
-gergich comment '[{"path":"baz.rb",...}, {...}, {...}]'
-```
-
-### `gergich capture <format> <command>`
-
-For common linting formats, `gergich capture` can be used to automatically
-do `gergich comment` calls so you don't have to wire it up yourself.
-
-`<format>` - One of the following:
-
-* `brakeman`
-* `rubocop`
-* `eslint`
-* `i18nliner`
-* `flake8`
-* `stylelint`
-* `shellcheck` - shellcheck json output
-* `custom:<path>:<class_name>` - file path and ruby class_name of a custom
-  formatter.
-
-`<command>` - The command to run whose output conforms to `<format>`.
-Output from the command will still go to STDOUT, and Gergich will
-preserve its exit status. If command is "-", Gergich will simply read
-from STDIN and the exit status will always be 0.
-
-#### Custom formatters:
-
-To create a custom formatter, create a class that implements a `run`
-method that takes a string of command output and returns an array of
-comment hashes (see `gergich comment`'s `<comment_data>` format), e.g.
-
-```ruby
-class MyFormatter
-  def run(output)
-    output.scan(/^Oh noes! (.+?):(\d+): (.*)$/).map do |file, line, error|
-      { path: file, message: error, position: line.to_i, severity: "error" }
-    end
-  end
-end
-```
-
-#### Examples:
-
-```bash
-gergich capture rubocop "bundle exec rubocop"
-
-gergich capture eslint eslint
-
-gergich capture i18nliner "rake i18nliner:check"
-
-gergich capture shellcheck "shellcheck --format json build.sh"
-
-gergich capture custom:./gergich/xss:Gergich::XSS "node script/xsslint"
-
-docker-compose run --rm web eslint | gergich capture eslint -
-# you might be interested in $PIPESTATUS[0]
-```
-
-### `gergich publish`
-
-Publish all draft comments/labels/messages for this patchset. no-op if
-there are none.
-
-The cover message and `Code-Review` label (e.g. -2) are inferred from the
-comments, but labels and messages may be manually set (via `gergich
-message` and `gergich labels`)
-
-## How do I test my changes?
-
-Write tests of course, but also be sure to test it end-to-end via the
-CLI... Run `gergich` for a list of commands, as well as help for each
-command. There's also a `citest` thing that we run on our Jenkins that
-ensures each CLI command succeeds, but it doesn't test all branches for
-each command.
-
-After running a given command, you can run `gergich status` to see the
-current draft of the review (what will be sent to Gerrit when you do
-`gergich publish`).
-
-You can even do a test `publish` to Gerrit, if you have valid Gerrit
-credentials in `GERGICH_USER` / `GERGICH_KEY`. It infers the Gerrit patchset
-from the working directory, which may or may not correspond to something
-actually in Gerrit, so YMMV. That means you can post to a Gergich commit
-in Gerrit, or if you run it from another project's directory, you can post
-to its Gerrit revision.

data/bin/check_coverage

@@ -1,8 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require "simplecov"
-
-SimpleCov.command_name "check_coverage"
-SimpleCov.minimum_coverage 85
-SimpleCov.at_exit { SimpleCov.result.format! }

data/bin/run_tests.sh

@@ -1,52 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function run_command {
-  echo -e "\n[$@] STARTING $(date)"
-  last_status=0
-  "$@" || last_status=$?
-  if [[ $last_status == 0 ]]; then
-    echo -e "[$@] \033[32mOK\033[0m"
-  else
-    echo -e "[$@] \033[31mFAILED!\033[0m"
-  fi
-  echo -e "[$@] FINISHED $(date)\n"
-
-  [[ $last_status == 0 ]] || clean_up_and_exit
-}
-
-function clean_up_and_exit {
-  end_timestamp=$(date +%s)
-  duration=$((end_timestamp-start_timestamp))
-
-  if [[ $last_status != 0 ]]; then
-    echo -e "\033[31mBUILD FAILED\033[0m in $duration seconds\n"
-  else
-    echo "BUILD PASSED in $duration seconds"
-  fi
-  exit $last_status
-}
-
-start_timestamp=$(date +%s)
-
-run_command bundle exec rubocop
-
-export COVERAGE=1
-
-run_command bundle exec rspec
-
-# these actually hit gerrit; only run them in CI land (you can do it
-# locally if you set all the docker-compose env vars)
-if [[ "$GERRIT_PATCHSET_REVISION" ]]; then
-  run_command bin/gergich citest
-  run_command bin/master_bouncer check
-  DRY_RUN=1 run_command bin/master_bouncer check_all
-  # ensure gergich works without .git directories
-  rm -rf .git
-  run_command bin/gergich status
-fi
-
-run_command bin/check_coverage
-
-clean_up_and_exit

data/spec/gergich/capture/androidlint_capture_spec.rb

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "../../support/capture_shared_examples"
-
-RSpec.describe Gergich::Capture::AndroidlintCapture do
-  # rubocop:disable Metrics/LineLength
-  let(:rtl_hardcoded) { 'Consider adding android:drawableStart="@drawable/a_media" to better support right-to-left layouts [RtlHardcoded]' }
-  let(:rtl_enabled) { "The project references RTL attributes, but does not explicitly enable or disable RTL support with android:supportsRtl in the manifest [RtlEnabled]" }
-  let(:lint_error) { 'No .class files were found in project "0.0.2", so none of the classfile based checks could be run. Does the project need to be built first? [LintError]' }
-  let(:unused_quantity) { 'For language "fr" (French) the following quantities are not relevant: few, zero [UnusedQuantity]' }
-  # rubocop:enable Metrics/LineLength
-  let(:output) do
-    <<~OUTPUT
-      /path/to/some.xml:27: Warning: #{rtl_hardcoded}
-          android:drawableLeft="@drawable/ic_cv_media"/>
-          ~~~~~~~~~~~~~~~~~~~~
-
-      /path/to/AndroidManifest.xml: Warning: #{rtl_enabled}
-
-      /path/to/library/0.0.2: Error: #{lint_error}
-
-      /path/to/values.xml:5: Warning: #{unused_quantity}
-          <plurals name="number">
-          ^
-
-    OUTPUT
-  end
-
-  let(:comments) do
-    [
-      {
-        path: "/path/to/some.xml",
-        position: 27,
-        # rubocop:disable Metrics/LineLength
-        message: "[androidlint] #{rtl_hardcoded}\n\n    android:drawableLeft=\"@drawable/ic_cv_media\"/>\n    ~~~~~~~~~~~~~~~~~~~~",
-        # rubocop:enable Metrics/LineLength
-        severity: "warn"
-      },
-      {
-        path: "/path/to/AndroidManifest.xml",
-        position: 0,
-        message: "[androidlint] #{rtl_enabled}",
-        severity: "warn"
-      },
-      {
-        path: "/path/to/library/0.0.2",
-        position: 0,
-        message: "[androidlint] #{lint_error}",
-        severity: "error"
-      },
-      {
-        path: "/path/to/values.xml",
-        position: 5,
-        message: "[androidlint] #{unused_quantity}\n\n    <plurals name=\"number\">\n    ^",
-        severity: "warn"
-      }
-    ]
-  end
-
-  it_behaves_like "a captor"
-end

data/spec/gergich/capture/brakeman_capture_spec.rb

@@ -1,91 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "../../support/capture_shared_examples"
-
-RSpec.describe Gergich::Capture::BrakemanCapture do
-  let(:output) do
-    File.read(
-      File.expand_path(File.dirname(__FILE__) + "/brakeman_example.json")
-    )
-  end
-
-  let(:comments) do
-    [
-      {
-        path: "app/models/custom_data.rb",
-        position: 36,
-        message: <<~MESSAGE.strip,
-          [brakeman] Attribute Restriction: attr_accessible is recommended over attr_protected
-            See: http://brakemanscanner.org/docs/warning_types/attribute_restriction/
-        MESSAGE
-        severity: "warn"
-      },
-      {
-        path: "app/models/submission_comment.rb",
-        position: 0,
-        message: <<~MESSAGE.strip,
-          [brakeman] Mass Assignment: Potentially dangerous attribute available for mass assignment
-            Code: :context_id
-            See: http://brakemanscanner.org/docs/warning_types/mass_assignment/
-        MESSAGE
-        severity: "warn"
-      },
-      {
-        path: "app/controllers/context_controller.rb",
-        position: 60,
-        message: <<~MESSAGE.strip,
-          [brakeman] Redirect: Possible unprotected redirect
-            Code: redirect_to(CanvasKaltura::ClientV3.new.assetSwfUrl(params[:id]))
-            User Input: params[:id]
-            See: http://brakemanscanner.org/docs/warning_types/redirect/
-        MESSAGE
-        severity: "warn"
-      },
-      {
-        path: "app/views/context/object_snippet.html.erb",
-        position: 6,
-        message: <<~MESSAGE.strip,
-          [brakeman] Cross Site Scripting: Unescaped parameter value
-            Code: Base64.decode64((params[:object_data] or ""))
-            User Input: params[:object_data]
-            See: http://brakemanscanner.org/docs/warning_types/cross_site_scripting
-        MESSAGE
-        severity: "warn"
-      },
-      {
-        path: "app/models/account.rb",
-        position: 795,
-        message: <<~MESSAGE.strip,
-          [brakeman] SQL Injection: Possible SQL injection
-            Code: Account.find_by_sql(Account.sub_account_ids_recursive_sql(parent_account_id))
-            User Input: Account.sub_account_ids_recursive_sql(parent_account_id)
-            See: http://brakemanscanner.org/docs/warning_types/sql_injection/
-        MESSAGE
-        severity: "error"
-      },
-      {
-        path: "lib/cc/importer/blti_converter.rb",
-        position: 145,
-        message: <<~MESSAGE.strip,
-          [brakeman] SSL Verification Bypass: SSL certificate verification was bypassed
-            Code: Net::HTTP.new(URI.parse(url).host, URI.parse(url).port).verify_mode = OpenSSL::SSL::VERIFY_NONE
-            See: http://brakemanscanner.org/docs/warning_types/ssl_verification_bypass/
-        MESSAGE
-        severity: "error"
-      },
-      {
-        path: "lib/cc/importer/canvas/quiz_converter.rb",
-        position: 44,
-        message: <<~MESSAGE.strip,
-          [brakeman] Command Injection: Possible command injection
-            Code: `\#{Qti.get_conversion_command(File.join(qti_folder, "qti_2_1"), qti_folder)}`
-            User Input: Qti.get_conversion_command(File.join(qti_folder, "qti_2_1"), qti_folder)
-            See: http://brakemanscanner.org/docs/warning_types/command_injection/
-        MESSAGE
-        severity: "warn"
-      }
-    ]
-  end
-
-  it_behaves_like "a captor"
-end

data/spec/gergich/capture/custom_capture_spec.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "../../../lib/gergich/capture"
-
-RSpec.describe "CustomCaptor" do
-  class CustomCaptor
-    def run(output)
-      output.scan(/^(.+?):(\d+): (.*)$/).map do |file, line, error|
-        { path: file, message: error, position: line.to_i, severity: "error" }
-      end
-    end
-  end
-
-  let(:described_class) { CustomCaptor }
-  let(:capture_format) { "custom:sqlite3:CustomCaptor" }
-  let(:output) do
-    <<~OUTPUT
-      foo.rb:1: you done screwed up
-    OUTPUT
-  end
-  let(:comments) do
-    [
-      {
-        path: "foo.rb",
-        position: 1,
-        message: "you done screwed up",
-        severity: "error"
-      }
-    ]
-  end
-
-  it "loads" do
-    captor = Gergich::Capture.load_captor(capture_format)
-    expect(captor).to eq(described_class)
-  end
-
-  it "catches errors" do
-    comments = subject.run(output)
-    expect(comments).to match_array(comments)
-  end
-end