gurney_client 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6e7470d3ea652657be230f28b42b3035ee0e2c47122dc297533428831fc20b2b
-  data.tar.gz: 7e3bf5796d850cc8e600959a348f521d9d7ee10f5f7e329da391c0b125f57db0
+  metadata.gz: f97820b2ae67e568a14d65e7d5d700d97ee0cb402e755237f4bd2c3f735105d1
+  data.tar.gz: 2c6adc8f7f8c608b5d0a7b728ad1847e44e524b3e7449aee997becd70ac3178a
 SHA512:
-  metadata.gz: c04cfc2febd10dcb6be12b4b8466f5c11d308954c57a7588a0bb41100f64eabc4656867af4d97d1c2d40ee607d5a3206e8fc3c0477021d04efd471c599abd540
-  data.tar.gz: cb327dd15bfd5aea5c30a87ff271555c17c9e29c8ec35379fa9bdb4ce3fd21b935e6ba80d1a0057abdd7f75b76d263da1089b209bce7576c857ca570f0f563e8
+  metadata.gz: 55ba64f495bfc3cd10f60e4caff368b26d341075d10d89fc1742bd17dd0af044d3cc8788daeea36ca403cadc947c3a196866bd140066d3e451cffc561c891a81
+  data.tar.gz: 4054647a511f7936c6c9e1f6c18ee65d76df6bc582d35ad290fac0e79010f1696431c5c7ed130c701392d1860af012ccbdeb1ad37cc7c1dab953c351fdb8d841

data/CHANGELOG.md

@@ -1,13 +1,44 @@
-# Gurney changelog
+# Changelog
 
-## 0.4.0 (2024-11-15)
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## Unreleased
+
+### Compatible changes
+
+### Breaking changes
+
+
+## 0.6.0 2025-06-16
+
+### Compatible changes
+* Added: New option `--prefix` to specify the location of the dependency files
+  in case they are not on root level of your git repository.
+
+
+## 0.5.0 2025-03-26
+
+### Compatible changes
+* Dependencies are also parsed from package-lock.json and pnpm-lock.yaml if present.
+
+
+## 0.4.0 2024-11-15
+
+### Compatible changes
 * Added: Reporting of the repository path as identifier. Should it ever change,
   it is an indicator for an unchanged gurney.yml in a project fork, and the 
   API may respond with an error.
 
-## 0.3.0 (2024-11-14)
+
+## 0.3.0 2024-11-14
+
+### Compatible changes
 * Added: Compatibility with Ruby 3
 * Fixed: Support UTF-8 chars in branch names
 
-## 0.2.3 (2023-05-24)
+
+## 0.2.3 2023-05-24
+
+### Compatible changes
 * Added: Suppress Bundler's "the Bundler version is older than the one in the lockfile" warning.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    gurney_client (0.4.0)
+    gurney_client (0.6.0)
       bundler (< 3)
       colorize (~> 0.8)
       git (~> 1.5)

data/README.md

@@ -22,6 +22,7 @@ Usage: gurney [options]
     -h, --hook                       Run as a Git post-receive hook
         --client-hook                Run as a Git pre-push hook
     -p, --project-id [PROJECT ID]    Specify project id for API
+        --prefix [PATH]              Specify the prefix of dependency paths
         --help                       Print this help
 ```
 

data/lib/gurney/cli/option_parser.rb

@@ -41,6 +41,10 @@ module Gurney
             options.project_id = project_id
           end
 
+          opts.on('', '--prefix [PATH]', 'Specify the prefix of dependency paths') do |prefix|
+            options.prefix = prefix
+          end
+
           opts.on_tail('', '--help', 'Prints this help') do
             puts opts
             exit

data/lib/gurney/cli.rb

@@ -40,7 +40,8 @@ module Gurney
       end
 
       config_file = MAIN_BRANCHES.find do |branch|
-        file = read_file(options.hook, branch, options.config_file)
+        git_file_reader = GitFileReader.new(git, branch, read_from_git: options.hook)
+        file = git_file_reader.read(options.config_file)
         break file if file
       end
       if options.hook && !config_file
@@ -55,8 +56,9 @@ module Gurney
       options.api_token ||= config&.api_token
       options.api_url ||= config&.api_url
       options.project_id ||= config&.project_id
+      options.prefix ||= config&.prefix
 
-      missing_options = [:project_id, :branches, :api_url, :api_token].select { |option| options.send(option).nil? }
+      missing_options = [:project_id, :branches, :api_url, :api_token, :prefix].select { |option| options.send(option).nil? }
       # Use the line below in development
       # missing_options = [:project_id, :branches, :api_token].select { |option| options.send(option).nil? }
       raise Gurney::Error.new("Incomplete config - missing #{missing_options.map(&:inspect).join(', ')}.") unless missing_options.empty?
@@ -64,18 +66,8 @@ module Gurney
 
     def run
       reporting_branches.each do |branch|
-        dependencies = []
-
-        yarn_source = Gurney::Source::Yarn.new(yarn_lock: read_file(options.hook || options.client_hook, branch, 'yarn.lock'))
-        dependencies.concat yarn_source.dependencies || []
-
-        bundler_source = Gurney::Source::Bundler.new(gemfile_lock: read_file(options.hook || options.client_hook, branch, 'Gemfile.lock'))
-        dependencies.concat bundler_source.dependencies || []
-
-        ruby_version_source = Gurney::Source::RubyVersion.new(ruby_version: read_file(options.hook || options.client_hook, branch, '.ruby-version'))
-        dependencies.concat ruby_version_source.dependencies || []
-
-        dependencies.compact!
+        git_file_reader = GitFileReader.new(git, branch, read_from_git: options.hook || options.client_hook, prefix: options.prefix)
+        dependencies = DependencyCollector.new(git_file_reader).collect_all
 
         api = Gurney::Api.new(base_url: options.api_url, token: options.api_token)
         api.post_dependencies(dependencies: dependencies, branch: branch, project_id: options.project_id, repo_path: git.repo.path)
@@ -115,17 +107,5 @@ module Gurney
       branches
     end
 
-    def read_file(from_git, branch, filename)
-      if from_git
-        begin
-          git.show("#{branch}:#{filename}")
-        rescue Git::GitExecuteError
-          # happens if branch does not exist
-        end
-      else
-        File.read(filename) if File.exist?(filename)
-      end
-    end
-
   end
 end

data/lib/gurney/config.rb

@@ -3,13 +3,14 @@ require 'yaml'
 module Gurney
   class Config
 
-    attr_accessor :branches, :api_url, :api_token, :project_id
+    attr_accessor :branches, :api_url, :api_token, :project_id, :prefix
 
-    def initialize(branches: nil, api_url: nil, api_token: nil, project_id: nil)
+    def initialize(branches: nil, api_url: nil, api_token: nil, project_id: nil, prefix: '.')
       @branches = branches
       @api_url = api_url
       @api_token = api_token&.to_s
       @project_id = project_id&.to_s
+      @prefix = prefix&.to_s
     end
 
     def self.from_yaml(yaml)

data/lib/gurney/dependency_collector.rb

@@ -0,0 +1,64 @@
+module Gurney
+  class DependencyCollector
+
+    def initialize(git_file_reader)
+      @git_file_reader = git_file_reader
+    end
+
+    def collect_all
+      dependencies = []
+
+      dependencies.concat npm_dependencies
+      dependencies.concat bundler_dependencies
+      dependencies.concat ruby_version_dependencies
+
+      dependencies.compact
+    end
+
+    private
+
+    def bundler_dependencies
+      bundler_source = Gurney::Source::Bundler.new(gemfile_lock: @git_file_reader.read('Gemfile.lock'))
+      bundler_source.dependencies || []
+    end
+
+    def ruby_version_dependencies
+      ruby_version_source = Gurney::Source::RubyVersion.new(ruby_version: @git_file_reader.read('.ruby-version'))
+      ruby_version_source.dependencies || []
+    end
+
+    def npm_dependencies
+      npm_dependencies = []
+
+      if yarn_lock
+        yarn_source = Gurney::Source::Yarn.new(yarn_lock: yarn_lock)
+        npm_dependencies.concat(yarn_source.dependencies || [])
+      end
+
+      if package_lock_json
+        npm_source = Gurney::Source::Npm.new(package_lock_json: package_lock_json)
+        npm_dependencies.concat(npm_source.dependencies || [])
+      end
+
+      if pnpm_lock
+        pnpm_source = Gurney::Source::Pnpm.new(pnpm_lock: pnpm_lock)
+        npm_dependencies.concat(pnpm_source.dependencies || [])
+      end
+
+      npm_dependencies
+    end
+
+    def yarn_lock
+      @yarn_lock ||= @git_file_reader.read('yarn.lock')
+    end
+
+    def package_lock_json
+      @package_lock_json = @git_file_reader.read('package-lock.json')
+    end
+
+    def pnpm_lock
+      @pnpm_lock = @git_file_reader.read('pnpm-lock.yaml')
+    end
+
+  end
+end

data/lib/gurney/git_file_reader.rb

@@ -0,0 +1,25 @@
+module Gurney
+  class GitFileReader
+
+    def initialize(git, branch, read_from_git:, prefix: '.')
+      @git = git
+      @branch = branch
+      @read_from_git = read_from_git
+      @prefix = prefix
+    end
+
+    def read(filename)
+      prefixed_filename = File.join(@prefix, filename)
+      if @read_from_git
+        begin
+          @git.show("#{@branch}:#{prefixed_filename}")
+        rescue Git::GitExecuteError
+          # happens if branch does not exist
+        end
+      else
+        File.read(prefixed_filename) if File.exist?(prefixed_filename)
+      end
+    end
+
+  end
+end

data/lib/gurney/source/npm.rb

@@ -0,0 +1,58 @@
+require 'json'
+require 'colorize'
+
+module Gurney
+  module Source
+    class Npm < Base
+
+      SUPPORTED_LOCKFILE_VERSIONS = [2, 3].freeze
+     
+      def initialize(package_lock_json:)
+        @package_lock_json = package_lock_json
+      end
+
+      def present?
+        !@package_lock_json&.empty?
+      end
+
+      def dependencies
+        if present?
+          parsed_lock = JSON.parse(@package_lock_json)
+
+          if SUPPORTED_LOCKFILE_VERSIONS.include?(parsed_lock['lockfileVersion'])
+            extract_dependencies(parsed_lock)
+          else
+            puts "package-lock.json: Lockfile version #{parsed_lock['lockfileVersion']} is unsupported. No npm dependencies reported.".yellow
+            []
+          end
+        end
+      rescue JSON::ParserError => e
+        raise Gurney::Error.new("Invalid package-lock.json format: #{e.message}")
+      end
+
+      private
+
+      attr_reader :package_lock_json
+
+      def extract_dependencies(parsed_lock)
+        dependencies = []
+
+        if parsed_lock['packages']
+          parsed_lock['packages'].each do |path_to_package, details|
+            next if path_to_package == ''
+
+            name = path_to_package.sub(/^node_modules\//, '') # remove "node_modules/" prefix to get package name
+            dependencies << Dependency.new(
+              ecosystem: 'npm',
+              name: name,
+              version: details['version']
+            )
+          end
+        end
+
+        dependencies
+      end
+
+    end
+  end
+end

data/lib/gurney/source/pnpm.rb

@@ -0,0 +1,54 @@
+require 'yaml'
+require 'colorize'
+
+module Gurney
+  module Source
+    class Pnpm < Base
+      def initialize(pnpm_lock:)
+        @pnpm_lock = pnpm_lock
+      end
+
+      def present?
+        !@pnpm_lock&.empty?
+      end
+
+      def dependencies
+        if present?
+          parsed_lock = YAML.safe_load(@pnpm_lock)
+
+          major_version = parsed_lock['lockfileVersion'].split('.').first
+          if major_version == '9'
+            extract_dependencies(parsed_lock)
+          else
+            puts "pnpm-lock.yaml: Lockfile version #{major_version} is unsupported. No npm dependencies reported.".yellow
+            []
+          end
+        end
+      rescue Psych::SyntaxError => e
+        raise Gurney::Error.new("Invalid pnpm-lock.yaml format: #{e.message}")
+      end
+
+      private
+
+      attr_reader :pnpm_lock
+
+      def extract_dependencies(parsed_lock)
+        dependencies = []
+
+        # dependency_id has format <scoped_pkg_name>@<pkg_version>
+        # see https://github.com/pnpm/spec/blob/master/lockfile/9.0.md#packages
+        parsed_lock['packages'].each_key do |dependency_id|
+          name, _, version = dependency_id.rpartition('@')
+          dependencies << Dependency.new(
+            ecosystem: 'npm',
+            name: name,
+            version: version
+          )
+        end
+
+        dependencies
+      end
+
+    end
+  end
+end 

data/lib/gurney/version.rb

@@ -1,3 +1,3 @@
 module Gurney
-  VERSION = '0.4.0'
+  VERSION = '0.6.0'
 end

data/lib/gurney.rb

@@ -1,8 +1,12 @@
 require_relative 'gurney/version'
 require_relative 'gurney/config'
+require_relative 'gurney/git_file_reader'
 require_relative 'gurney/dependency'
+require_relative 'gurney/dependency_collector'
 require_relative 'gurney/source/base'
 require_relative 'gurney/source/yarn'
+require_relative 'gurney/source/npm'
+require_relative 'gurney/source/pnpm'
 require_relative 'gurney/source/bundler'
 require_relative 'gurney/source/ruby_version'
 require_relative 'gurney/api'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gurney_client
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Martin Schaflitzl
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-11-15 00:00:00.000000000 Z
+date: 2025-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -93,8 +93,12 @@ files:
 - lib/gurney/cli/option_parser.rb
 - lib/gurney/config.rb
 - lib/gurney/dependency.rb
+- lib/gurney/dependency_collector.rb
+- lib/gurney/git_file_reader.rb
 - lib/gurney/source/base.rb
 - lib/gurney/source/bundler.rb
+- lib/gurney/source/npm.rb
+- lib/gurney/source/pnpm.rb
 - lib/gurney/source/ruby_version.rb
 - lib/gurney/source/yarn.rb
 - lib/gurney/version.rb
@@ -118,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
+rubygems_version: 3.3.27
 signing_key: 
 specification_version: 4
 summary: Gurney is a small tool to extract yarn and RubyGems dependencies from project