gurney_client 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 64bb60a1de5168633f0f1fd0605030edffe46440472dfdf64bbb56862f40f3d4
+  data.tar.gz: 3a95353020d09220c0dd989c59f8d4ff84579b2da7795a2fef630e5ca42d688e
+SHA512:
+  metadata.gz: 1967532e08ba47400be443ce8bdbd65b1690fc6dc75d1f35d6e5121dcd02b5948ff97c870cd60395c5b83288c432bc25db2f1bb9732286cb6e3da629ca2139a0
+  data.tar.gz: b44ded67b9c21e227ba567722ca27546319590b6c5c895d2b1950455704ac45f34a843402b003f7618af348f298483cf861887697ec7cd8023f95ddbfeb0d349

data/.gitignore

@@ -0,0 +1,4 @@
+.idea/
+*.gem
+.byebug_history
+gurney.yml

data/.rspec

@@ -0,0 +1 @@
+--require spec_helper

data/.ruby-version

@@ -0,0 +1 @@
+2.6.1

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+gem 'colorize'
+gem 'httparty'
+gem 'rspec'
+gem 'byebug'
+gem 'bundler'
+gem 'git'

data/Gemfile.lock

@@ -0,0 +1,41 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    byebug (11.0.1)
+    colorize (0.8.1)
+    diff-lcs (1.3)
+    git (1.5.0)
+    httparty (0.17.1)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    mime-types (3.3)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.1009)
+    multi_xml (0.6.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-expectations (3.9.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  byebug
+  colorize
+  git
+  httparty
+  rspec
+
+BUNDLED WITH
+   1.17.2

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Martin Schaflitzl
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,36 @@
+## Gurney
+
+Gurney is a small tool to extract dependencies from project files and report them to a web api.
+It can either run locally or as a git post-receive hook in gitlab.
+
+When run as a git hook, the project gets cloned on the git server and gurney then looks for a `gurney.yml` within the project files. 
+If its present gurney looks at the pushed branches and analyses the ones specified in the config for dependencies. 
+It then reports them to the web api also specified in the config.
+
+#### Usage:
+```
+Usage: gurney [options]
+        --api-url [API URL]
+                                     Url for web api call, can have parameters for <project_id> and <branch>
+                                     example: --api-url "http://example.com/project/<project_id>/branch/<branch>"
+        --api-token [API TOKEN]
+                                     Token to be send to the api in the X-AuthToken header
+    -c, --config [CONFIG FILE]       Config file to use
+    -h, --hook                       Run as a git post-receive hook
+    -p, --project-id [PROJECT ID]    Specify project id for api
+        --help
+                                     Prints this help
+```
+
+#### Sample Config:
+```yaml
+project_id: 1
+branches:
+  - master
+  - production
+api_url: http://example.com/dep_reporter/project/<project_id>/branch/<branch>
+api_token: 1234567890
+```
+
+##### Running as a global git hook
+To run as a global git hook in your gitlab see https://docs.gitlab.com/ee/administration/custom_hooks.html#set-a-global-git-hook-for-all-repositories

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/exe/gurney

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'gurney'
+
+Gurney::CLI.run(ARGV)

data/git_hook_sample

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+gurney --hook

data/gurney.gemspec

@@ -0,0 +1,25 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "gurney/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "gurney_client"
+  spec.version       = Gurney::VERSION
+  spec.authors       = ["Martin Schaflitzl"]
+  spec.email         = ["martin.schaflitzl@makandra.de"]
+
+  spec.summary       = 'Gurney is a small tool to extract yarn and RubyGems dependencies from project files and report them to a web api.'
+  spec.homepage      = "https://github.com/makandra/gurney"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split("\n").reject { |f| f.match(%r{^(test|spec|features|bin)/}) }
+  spec.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'colorize', '~> 0.8'
+  spec.add_runtime_dependency 'httparty', '~> 0.17.1'
+  spec.add_runtime_dependency 'bundler', '< 3'
+  spec.add_runtime_dependency 'git', '~> 1.5'
+end

data/gurney.yml.sample

@@ -0,0 +1,6 @@
+project_id: 1
+branches:
+  - master
+  - production
+api_url: http://example.com/dep_reporter/project/<project_id>/branch/<branch>
+api_token: 1234567890

data/lib/gurney/api.rb

@@ -0,0 +1,45 @@
+require 'httparty'
+require 'cgi'
+
+module Gurney
+  class Api
+
+    def initialize(base_url:, token:)
+      @base_url = base_url
+      @token = token
+    end
+
+    def post_dependencies(dependencies:, branch:, project_id:)
+      data = {
+          dependencies: dependencies
+      }
+      url = base_url
+      url.gsub! '<project_id>', CGI.escape(project_id)
+      url.gsub! '<branch>', CGI.escape(branch)
+      post_json(url, data.to_json)
+    end
+
+    private
+
+    attr_reader :base_url, :token
+
+    def post_json(url, json)
+      response = HTTParty.post(url,
+        body: json,
+        headers: { 'X-AuthToken' => @token,
+          'Content-Type': 'application/json'},
+      )
+      unless response.success?
+        if response.code == 404
+          raise ApiError.new("#{response.code} api url is probably wrong")
+        else
+          raise ApiError.new("#{response.code} #{response.body}")
+        end
+      end
+    end
+
+  end
+
+  class ApiError < Exception
+  end
+end

data/lib/gurney/cli/option_parser.rb

@@ -0,0 +1,51 @@
+require 'optparse'
+require 'ostruct'
+
+module Gurney
+  class CLI
+    class OptionParser
+
+      def self.parse(args)
+        options = OpenStruct.new
+        options.hook = false
+        options.config_file = 'gurney.yml'
+
+        option_parser = ::OptionParser.new do |opts|
+          opts.banner = "Usage: gurney [options]"
+
+          opts.on('',
+                  '--api-url [API URL]',
+                  "Url for web api call, can have parameters for <project_id> and <branch>" ,
+                  "example: --api-url \"http://example.com/project/<project_id>/branch/<branch>\"") do |api_url|
+            options.api_url = api_url
+          end
+
+          opts.on('', '--api-token [API TOKEN]', 'Token to be send to api in the X-AuthToken header') do |api_token|
+            options.api_token = api_token
+          end
+
+          opts.on('-c', '--config [CONFIG FILE]', 'Config file to use') do |config_file|
+             options.config_file = config_file
+           end
+
+          opts.on('-h', '--hook', 'Run as a git post-receive hook') do |hook|
+            options.hook = hook
+          end
+
+          opts.on('-p', '--project-id [PROJECT ID]', 'Specify project id for api') do |project_id|
+            options.project_id = project_id
+          end
+
+          opts.on_tail('', '--help', 'Prints this help') do
+            puts opts
+            exit
+          end
+        end
+
+        option_parser.parse!(args)
+        options
+      end
+
+    end
+  end
+end

data/lib/gurney/cli.rb

@@ -0,0 +1,112 @@
+require 'optparse'
+require 'securerandom'
+require 'colorize'
+require 'open3'
+require 'git'
+require 'fileutils'
+require 'byebug'
+
+module Gurney
+  class CLI
+
+    HOOK_STDIN_REGEX = /(?<old>[0-9a-f]{40}) (?<new>[0-9a-f]{40}) refs\/heads\/(?<ref>\w+)/m
+
+    def self.run(cmd_parameter=[])
+      options = Gurney::CLI::OptionParser.parse(cmd_parameter)
+
+      begin
+        if options.hook
+          g = Git.bare(ENV['GIT_DIR'])
+        else
+          unless Dir.exists? './.git'
+            raise Gurney::Error.new('Must be run within a git repository')
+          end
+          g = Git.open('.')
+        end
+        config_file = read_file(g, options.hook, 'master', options.config_file)
+        if !config_file && options.hook
+          # dont run as a hook with no config
+          exit 0
+        end
+        config_file ||= '---'
+        config = Gurney::Config.from_yaml(config_file)
+
+        options.branches ||= config&.branches
+        options.api_token ||= config&.api_token
+        options.api_url ||= config&.api_url
+        options.project_id ||= config&.project_id
+
+        if [options.project_id, options.branches, options.api_url, options.api_token].any?(&:nil?)
+          raise Gurney::Error.new("Either provide in a config file or set the flags for project id, branches, api url and api token")
+        end
+
+        branches = []
+        if options.hook
+          # we get passed changed branches and refs via stdin
+          $stdin.each_line do |line|
+            matches = line.match(HOOK_STDIN_REGEX)
+            unless matches[:new] == '0' * 40
+              if options.branches.include? matches[:ref]
+                branches << matches[:ref]
+              end
+            end
+          end
+
+        else
+          current_branch = g.current_branch
+          unless options.branches.nil? || options.branches.include?(current_branch)
+            raise Gurney::Error.new('The current branch is not specified in the config.')
+          end
+          branches << current_branch
+        end
+
+        branches.each do |branch|
+          dependencies = []
+
+          yarn_source = Gurney::Source::Yarn.new(yarn_lock: read_file(g, options.hook, branch, 'yarn.lock'))
+          dependencies.concat yarn_source.dependencies || []
+
+          bundler_source = Gurney::Source::Bundler.new(gemfile_lock: read_file(g, options.hook, branch, 'Gemfile.lock'))
+          dependencies.concat bundler_source.dependencies || []
+
+          dependencies.compact!
+
+          api = Gurney::Api.new(base_url: options.api_url, token: options.api_token)
+          api.post_dependencies(dependencies: dependencies, branch: branch, project_id: options.project_id)
+
+          dependency_counts = dependencies.group_by(&:ecosystem).map{|ecosystem, dependencies| "#{ecosystem}: #{dependencies.count}" }.join(', ')
+          puts "Gurney: reported dependencies (#{dependency_counts})"
+        end
+
+      rescue SystemExit
+      rescue Gurney::ApiError => e
+        puts "Gurney: api error".red
+        puts e.message.red
+      rescue Gurney::Error => e
+        puts "Gurney: error".red
+        puts e.message.red
+      rescue Exception => e
+        puts "Gurney: an unexpected error occurred".red
+        puts "#{e.full_message}"
+      end
+    end
+
+    private
+
+    def self.read_file(git, from_git, branch, filename)
+      if from_git
+        if git.ls_tree(branch)['blob'].key?(filename)
+          return git.show("#{branch}:#{filename}")
+        end
+      else
+        if File.exists? filename
+          return File.read filename
+        end
+      end
+    end
+
+  end
+
+  class Error < Exception
+  end
+end

data/lib/gurney/config.rb

@@ -0,0 +1,21 @@
+require 'yaml'
+
+module Gurney
+  class Config
+
+    attr_accessor :branches, :api_url, :api_token, :project_id
+
+    def initialize(branches: nil, api_url: nil, api_token: nil, project_id: nil)
+      @branches = branches
+      @api_url = api_url
+      @api_token = api_token&.to_s
+      @project_id = project_id&.to_s
+    end
+
+    def self.from_yaml(yaml)
+        config = YAML.load(yaml)&.map{|(k,v)| [k.to_sym,v]}.to_h
+        new(**config)
+    end
+
+  end
+end

data/lib/gurney/dependency.rb

@@ -0,0 +1,28 @@
+module Gurney
+  class Dependency
+
+    attr_reader :ecosystem, :name, :version
+
+    def initialize(ecosystem:, name:, version:)
+      @ecosystem = ecosystem
+      @name = name
+      @version = version
+    end
+
+    def to_json(*args)
+      {
+        ecosystem: @ecosystem,
+        name: @name,
+        version: @version,
+      }.to_json(*args)
+    end
+
+    def ==(other)
+      other.class == self.class &&
+      other.ecosystem == ecosystem &&
+      other.name == name &&
+      other.version == version
+    end
+
+  end
+end

data/lib/gurney/source/base.rb

@@ -0,0 +1,15 @@
+module Gurney
+  module Source
+     class Base
+
+       def present?
+         raise NotImplementedError
+       end
+
+       def dependencies
+         raise NotImplementedError
+       end
+
+     end
+  end
+end

data/lib/gurney/source/bundler.rb

@@ -0,0 +1,33 @@
+require 'bundler'
+
+module Gurney
+  module Source
+    class Bundler < Base
+
+    def initialize(gemfile_lock:)
+      @gemfile_lock = gemfile_lock
+    end
+
+    def present?
+      !@gemfile_lock.nil?
+    end
+
+    def dependencies
+      if present?
+        Dir.mktmpdir do |dir|
+          Dir.chdir dir do
+            File.write('Gemfile', '') # LockfileParser requires a Gemfile to be present, can be empty
+            lockfile = ::Bundler::LockfileParser.new(@gemfile_lock)
+            lockfile.specs.map { |spec| Dependency.new(ecosystem: 'rubygems', name: spec.name, version: spec.version.to_s) }
+          end
+        end
+      end
+    end
+
+    private
+
+    attr_reader :gemfile_lock
+
+    end
+  end
+end

data/lib/gurney/source/yarn.rb

@@ -0,0 +1,28 @@
+module Gurney
+  module Source
+    class Yarn < Base
+
+     YARN_LOCK_REGEX = /^"?(?<name>\S*)@.+?"?:\n\s{2}version "(?<version>.+?)"$/m
+
+     def initialize(yarn_lock:)
+       @yarn_lock = yarn_lock
+     end
+
+     def present?
+       !@yarn_lock.nil?
+     end
+
+     def dependencies
+       if present?
+         dependencies = @yarn_lock.scan(YARN_LOCK_REGEX).map{|match| { name: match[0], version: match[1] } }
+         dependencies.map { |dependency| Dependency.new(ecosystem: 'npm', **dependency) }
+       end
+     end
+
+     private
+
+     attr_reader :yarn_lock
+
+    end
+  end
+end

data/lib/gurney/version.rb

@@ -0,0 +1,3 @@
+module Gurney
+  VERSION = "0.1.1"
+end

data/lib/gurney.rb

@@ -0,0 +1,9 @@
+require_relative 'gurney/version'
+require_relative 'gurney/config'
+require_relative 'gurney/dependency'
+require_relative 'gurney/source/base'
+require_relative 'gurney/source/yarn'
+require_relative 'gurney/source/bundler'
+require_relative 'gurney/api'
+require_relative 'gurney/cli/option_parser'
+require_relative 'gurney/cli'

metadata

@@ -0,0 +1,123 @@
+--- !ruby/object:Gem::Specification
+name: gurney_client
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Martin Schaflitzl
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-11-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+description: 
+email:
+- martin.schaflitzl@makandra.de
+executables:
+- gurney
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/gurney
+- git_hook_sample
+- gurney.gemspec
+- gurney.yml.sample
+- lib/gurney.rb
+- lib/gurney/api.rb
+- lib/gurney/cli.rb
+- lib/gurney/cli/option_parser.rb
+- lib/gurney/config.rb
+- lib/gurney/dependency.rb
+- lib/gurney/source/base.rb
+- lib/gurney/source/bundler.rb
+- lib/gurney/source/yarn.rb
+- lib/gurney/version.rb
+homepage: https://github.com/makandra/gurney
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.1
+signing_key: 
+specification_version: 4
+summary: Gurney is a small tool to extract yarn and RubyGems dependencies from project
+  files and report them to a web api.
+test_files: []