gurney_client 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -4
- data/Gemfile.lock +1 -1
- data/lib/gurney/cli.rb +4 -25
- data/lib/gurney/dependency_collector.rb +64 -0
- data/lib/gurney/git_file_reader.rb +23 -0
- data/lib/gurney/source/npm.rb +58 -0
- data/lib/gurney/source/pnpm.rb +54 -0
- data/lib/gurney/version.rb +1 -1
- data/lib/gurney.rb +4 -0
- metadata +11 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1097c1c98d3799765d40e6a5263a1fe58baa6a4df542570f91654247218b7d64
|
|
4
|
+
data.tar.gz: 953fe191235e0c338cb71a690284ff5beed7e36f26a511fe1cb3f6311493ef82
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41cd13cf0b65dca7b568cd00f2a3dc95045ae3a6cdb8e896b24e9dcc755efc21fd24d3a328388604d3e783ce2a64f1dfe864d17f745df6ae957f032a4a1131b5
|
|
7
|
+
data.tar.gz: b00a53d0aa50995c7be657090d50c906e5914cf5ee1dd5d3b14c74679400f356b49ded4fc653c525ca962d1a2755ceba12be27f32c0361b358c6011d19477cad
|
data/CHANGELOG.md
CHANGED
|
@@ -1,13 +1,37 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Changelog
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
|
5
|
+
|
|
6
|
+
## Unreleased
|
|
7
|
+
|
|
8
|
+
### Compatible changes
|
|
9
|
+
|
|
10
|
+
### Breaking changes
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
## 0.5.0 2025-03-26
|
|
14
|
+
|
|
15
|
+
### Compatible changes
|
|
16
|
+
* Dependencies are also parsed from package-lock.json and pnpm-lock.yaml if present.
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
## 0.4.0 2024-11-15
|
|
20
|
+
|
|
21
|
+
### Compatible changes
|
|
4
22
|
* Added: Reporting of the repository path as identifier. Should it ever change,
|
|
5
23
|
it is an indicator for an unchanged gurney.yml in a project fork, and the
|
|
6
24
|
API may respond with an error.
|
|
7
25
|
|
|
8
|
-
|
|
26
|
+
|
|
27
|
+
## 0.3.0 2024-11-14
|
|
28
|
+
|
|
29
|
+
### Compatible changes
|
|
9
30
|
* Added: Compatibility with Ruby 3
|
|
10
31
|
* Fixed: Support UTF-8 chars in branch names
|
|
11
32
|
|
|
12
|
-
|
|
33
|
+
|
|
34
|
+
## 0.2.3 2023-05-24
|
|
35
|
+
|
|
36
|
+
### Compatible changes
|
|
13
37
|
* Added: Suppress Bundler's "the Bundler version is older than the one in the lockfile" warning.
|
data/Gemfile.lock
CHANGED
data/lib/gurney/cli.rb
CHANGED
|
@@ -40,7 +40,8 @@ module Gurney
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
config_file = MAIN_BRANCHES.find do |branch|
|
|
43
|
-
|
|
43
|
+
git_file_reader = GitFileReader.new(git, branch, read_from_git: options.hook)
|
|
44
|
+
file = git_file_reader.read(options.config_file)
|
|
44
45
|
break file if file
|
|
45
46
|
end
|
|
46
47
|
if options.hook && !config_file
|
|
@@ -64,18 +65,8 @@ module Gurney
|
|
|
64
65
|
|
|
65
66
|
def run
|
|
66
67
|
reporting_branches.each do |branch|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
yarn_source = Gurney::Source::Yarn.new(yarn_lock: read_file(options.hook || options.client_hook, branch, 'yarn.lock'))
|
|
70
|
-
dependencies.concat yarn_source.dependencies || []
|
|
71
|
-
|
|
72
|
-
bundler_source = Gurney::Source::Bundler.new(gemfile_lock: read_file(options.hook || options.client_hook, branch, 'Gemfile.lock'))
|
|
73
|
-
dependencies.concat bundler_source.dependencies || []
|
|
74
|
-
|
|
75
|
-
ruby_version_source = Gurney::Source::RubyVersion.new(ruby_version: read_file(options.hook || options.client_hook, branch, '.ruby-version'))
|
|
76
|
-
dependencies.concat ruby_version_source.dependencies || []
|
|
77
|
-
|
|
78
|
-
dependencies.compact!
|
|
68
|
+
git_file_reader = GitFileReader.new(git, branch, read_from_git: options.hook || options.client_hook)
|
|
69
|
+
dependencies = DependencyCollector.new(git_file_reader).collect_all
|
|
79
70
|
|
|
80
71
|
api = Gurney::Api.new(base_url: options.api_url, token: options.api_token)
|
|
81
72
|
api.post_dependencies(dependencies: dependencies, branch: branch, project_id: options.project_id, repo_path: git.repo.path)
|
|
@@ -115,17 +106,5 @@ module Gurney
|
|
|
115
106
|
branches
|
|
116
107
|
end
|
|
117
108
|
|
|
118
|
-
def read_file(from_git, branch, filename)
|
|
119
|
-
if from_git
|
|
120
|
-
begin
|
|
121
|
-
git.show("#{branch}:#{filename}")
|
|
122
|
-
rescue Git::GitExecuteError
|
|
123
|
-
# happens if branch does not exist
|
|
124
|
-
end
|
|
125
|
-
else
|
|
126
|
-
File.read(filename) if File.exist?(filename)
|
|
127
|
-
end
|
|
128
|
-
end
|
|
129
|
-
|
|
130
109
|
end
|
|
131
110
|
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
module Gurney
|
|
2
|
+
class DependencyCollector
|
|
3
|
+
|
|
4
|
+
def initialize(git_file_reader)
|
|
5
|
+
@git_file_reader = git_file_reader
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def collect_all
|
|
9
|
+
dependencies = []
|
|
10
|
+
|
|
11
|
+
dependencies.concat npm_dependencies
|
|
12
|
+
dependencies.concat bundler_dependencies
|
|
13
|
+
dependencies.concat ruby_version_dependencies
|
|
14
|
+
|
|
15
|
+
dependencies.compact
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
private
|
|
19
|
+
|
|
20
|
+
def bundler_dependencies
|
|
21
|
+
bundler_source = Gurney::Source::Bundler.new(gemfile_lock: @git_file_reader.read('Gemfile.lock'))
|
|
22
|
+
bundler_source.dependencies || []
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def ruby_version_dependencies
|
|
26
|
+
ruby_version_source = Gurney::Source::RubyVersion.new(ruby_version: @git_file_reader.read('.ruby-version'))
|
|
27
|
+
ruby_version_source.dependencies || []
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def npm_dependencies
|
|
31
|
+
npm_dependencies = []
|
|
32
|
+
|
|
33
|
+
if yarn_lock
|
|
34
|
+
yarn_source = Gurney::Source::Yarn.new(yarn_lock: yarn_lock)
|
|
35
|
+
npm_dependencies.concat(yarn_source.dependencies || [])
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
if package_lock_json
|
|
39
|
+
npm_source = Gurney::Source::Npm.new(package_lock_json: package_lock_json)
|
|
40
|
+
npm_dependencies.concat(npm_source.dependencies || [])
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
if pnpm_lock
|
|
44
|
+
pnpm_source = Gurney::Source::Pnpm.new(pnpm_lock: pnpm_lock)
|
|
45
|
+
npm_dependencies.concat(pnpm_source.dependencies || [])
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
npm_dependencies
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def yarn_lock
|
|
52
|
+
@yarn_lock ||= @git_file_reader.read('yarn.lock')
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def package_lock_json
|
|
56
|
+
@package_lock_json = @git_file_reader.read('package-lock.json')
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def pnpm_lock
|
|
60
|
+
@pnpm_lock = @git_file_reader.read('pnpm-lock.yaml')
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
end
|
|
64
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
module Gurney
|
|
2
|
+
class GitFileReader
|
|
3
|
+
|
|
4
|
+
def initialize(git, branch, read_from_git:)
|
|
5
|
+
@git = git
|
|
6
|
+
@branch = branch
|
|
7
|
+
@read_from_git = read_from_git
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def read(filename)
|
|
11
|
+
if @read_from_git
|
|
12
|
+
begin
|
|
13
|
+
@git.show("#{@branch}:#{filename}")
|
|
14
|
+
rescue Git::GitExecuteError
|
|
15
|
+
# happens if branch does not exist
|
|
16
|
+
end
|
|
17
|
+
else
|
|
18
|
+
File.read(filename) if File.exist?(filename)
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
require 'json'
|
|
2
|
+
require 'colorize'
|
|
3
|
+
|
|
4
|
+
module Gurney
|
|
5
|
+
module Source
|
|
6
|
+
class Npm < Base
|
|
7
|
+
|
|
8
|
+
SUPPORTED_LOCKFILE_VERSIONS = [2, 3].freeze
|
|
9
|
+
|
|
10
|
+
def initialize(package_lock_json:)
|
|
11
|
+
@package_lock_json = package_lock_json
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def present?
|
|
15
|
+
!@package_lock_json&.empty?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def dependencies
|
|
19
|
+
if present?
|
|
20
|
+
parsed_lock = JSON.parse(@package_lock_json)
|
|
21
|
+
|
|
22
|
+
if SUPPORTED_LOCKFILE_VERSIONS.include?(parsed_lock['lockfileVersion'])
|
|
23
|
+
extract_dependencies(parsed_lock)
|
|
24
|
+
else
|
|
25
|
+
puts "package-lock.json: Lockfile version #{parsed_lock['lockfileVersion']} is unsupported. No npm dependencies reported.".yellow
|
|
26
|
+
[]
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
rescue JSON::ParserError => e
|
|
30
|
+
raise Gurney::Error.new("Invalid package-lock.json format: #{e.message}")
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
private
|
|
34
|
+
|
|
35
|
+
attr_reader :package_lock_json
|
|
36
|
+
|
|
37
|
+
def extract_dependencies(parsed_lock)
|
|
38
|
+
dependencies = []
|
|
39
|
+
|
|
40
|
+
if parsed_lock['packages']
|
|
41
|
+
parsed_lock['packages'].each do |path_to_package, details|
|
|
42
|
+
next if path_to_package == ''
|
|
43
|
+
|
|
44
|
+
name = path_to_package.sub(/^node_modules\//, '') # remove "node_modules/" prefix to get package name
|
|
45
|
+
dependencies << Dependency.new(
|
|
46
|
+
ecosystem: 'npm',
|
|
47
|
+
name: name,
|
|
48
|
+
version: details['version']
|
|
49
|
+
)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
dependencies
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
require 'yaml'
|
|
2
|
+
require 'colorize'
|
|
3
|
+
|
|
4
|
+
module Gurney
|
|
5
|
+
module Source
|
|
6
|
+
class Pnpm < Base
|
|
7
|
+
def initialize(pnpm_lock:)
|
|
8
|
+
@pnpm_lock = pnpm_lock
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def present?
|
|
12
|
+
!@pnpm_lock&.empty?
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def dependencies
|
|
16
|
+
if present?
|
|
17
|
+
parsed_lock = YAML.safe_load(@pnpm_lock)
|
|
18
|
+
|
|
19
|
+
major_version = parsed_lock['lockfileVersion'].split('.').first
|
|
20
|
+
if major_version == '9'
|
|
21
|
+
extract_dependencies(parsed_lock)
|
|
22
|
+
else
|
|
23
|
+
puts "pnpm-lock.yaml: Lockfile version #{major_version} is unsupported. No npm dependencies reported.".yellow
|
|
24
|
+
[]
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
rescue Psych::SyntaxError => e
|
|
28
|
+
raise Gurney::Error.new("Invalid pnpm-lock.yaml format: #{e.message}")
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
private
|
|
32
|
+
|
|
33
|
+
attr_reader :pnpm_lock
|
|
34
|
+
|
|
35
|
+
def extract_dependencies(parsed_lock)
|
|
36
|
+
dependencies = []
|
|
37
|
+
|
|
38
|
+
# dependency_id has format <scoped_pkg_name>@<pkg_version>
|
|
39
|
+
# see https://github.com/pnpm/spec/blob/master/lockfile/9.0.md#packages
|
|
40
|
+
parsed_lock['packages'].each_key do |dependency_id|
|
|
41
|
+
name, _, version = dependency_id.rpartition('@')
|
|
42
|
+
dependencies << Dependency.new(
|
|
43
|
+
ecosystem: 'npm',
|
|
44
|
+
name: name,
|
|
45
|
+
version: version
|
|
46
|
+
)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
dependencies
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
data/lib/gurney/version.rb
CHANGED
data/lib/gurney.rb
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
require_relative 'gurney/version'
|
|
2
2
|
require_relative 'gurney/config'
|
|
3
|
+
require_relative 'gurney/git_file_reader'
|
|
3
4
|
require_relative 'gurney/dependency'
|
|
5
|
+
require_relative 'gurney/dependency_collector'
|
|
4
6
|
require_relative 'gurney/source/base'
|
|
5
7
|
require_relative 'gurney/source/yarn'
|
|
8
|
+
require_relative 'gurney/source/npm'
|
|
9
|
+
require_relative 'gurney/source/pnpm'
|
|
6
10
|
require_relative 'gurney/source/bundler'
|
|
7
11
|
require_relative 'gurney/source/ruby_version'
|
|
8
12
|
require_relative 'gurney/api'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gurney_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Schaflitzl
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-03-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -66,7 +66,7 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '1.5'
|
|
69
|
-
description:
|
|
69
|
+
description:
|
|
70
70
|
email:
|
|
71
71
|
- martin.schaflitzl@makandra.de
|
|
72
72
|
executables:
|
|
@@ -93,8 +93,12 @@ files:
|
|
|
93
93
|
- lib/gurney/cli/option_parser.rb
|
|
94
94
|
- lib/gurney/config.rb
|
|
95
95
|
- lib/gurney/dependency.rb
|
|
96
|
+
- lib/gurney/dependency_collector.rb
|
|
97
|
+
- lib/gurney/git_file_reader.rb
|
|
96
98
|
- lib/gurney/source/base.rb
|
|
97
99
|
- lib/gurney/source/bundler.rb
|
|
100
|
+
- lib/gurney/source/npm.rb
|
|
101
|
+
- lib/gurney/source/pnpm.rb
|
|
98
102
|
- lib/gurney/source/ruby_version.rb
|
|
99
103
|
- lib/gurney/source/yarn.rb
|
|
100
104
|
- lib/gurney/version.rb
|
|
@@ -103,7 +107,7 @@ licenses:
|
|
|
103
107
|
- MIT
|
|
104
108
|
metadata:
|
|
105
109
|
rubygems_mfa_required: 'true'
|
|
106
|
-
post_install_message:
|
|
110
|
+
post_install_message:
|
|
107
111
|
rdoc_options: []
|
|
108
112
|
require_paths:
|
|
109
113
|
- lib
|
|
@@ -118,8 +122,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
118
122
|
- !ruby/object:Gem::Version
|
|
119
123
|
version: '0'
|
|
120
124
|
requirements: []
|
|
121
|
-
rubygems_version: 3.0
|
|
122
|
-
signing_key:
|
|
125
|
+
rubygems_version: 3.1.0
|
|
126
|
+
signing_key:
|
|
123
127
|
specification_version: 4
|
|
124
128
|
summary: Gurney is a small tool to extract yarn and RubyGems dependencies from project
|
|
125
129
|
files and report them to a web api.
|