libyear-bundler 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2cd3378215fe47cbc740474dd3a8d5cf32a82aac
+  data.tar.gz: acc89ac6b9819ca27899a77fea914cd6f6d62496
+SHA512:
+  metadata.gz: 90134e10c548ae10330bf66b7405220f6d60750f2a0c27e197011ebfb0369807b4c36b2b5025f8f8777964bb815ac650e26d1d4c6ac6a44599b3e5b0fadd30ca
+  data.tar.gz: ffe3db93db14c0ad62a1694a5952e252cc0ba1faf90ae0539d6b30432a5b6fd63e9b9b831bb6986b20e7423e5d4b3de06218975d5ae08eefee2868879940bb56

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/CHANGELOG.md

@@ -0,0 +1,71 @@
+# libyear
+
+This project follows [semver 2.0.0][1] and the recommendations
+of [keepachangelog.com][2].
+
+## 0.2.0 (2017-03-10)
+
+Breaking changes:
+
+- Rename project
+  - Rename project from libyear-rb to libyear-bundler
+  - Rename binary from libyear to libyear-bundler
+  - Discussion: https://github.com/jaredbeck/libyear-rb/issues/1
+
+Added:
+
+- None
+
+Fixed:
+
+- None
+
+## 0.1.3 (2017-03-07)
+
+Breaking changes:
+
+- None
+
+Added:
+
+- None
+
+Fixed:
+
+- Don't crash when Gemfile uses git
+
+## 0.1.2 (2017-02-16)
+
+Breaking changes:
+
+- None
+
+Added:
+
+- None
+
+Fixed:
+
+- Better handling of weird sources like rails-assets
+- Wider report columns
+
+## 0.1.1 (2017-02-14)
+
+Breaking changes:
+
+- None
+
+Added:
+
+- None
+
+Fixed:
+
+- Better handling of error when bundle outdated fails
+
+## 0.1.0 (2017-02-13)
+
+Initial version. Proof of concept.
+
+[1]: http://semver.org/spec/v2.0.0.html
+[2]: http://keepachangelog.com/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in libyear.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

data/README.md

@@ -0,0 +1,30 @@
+# Libyear
+
+A simple measure of dependency freshness for ruby apps.
+
+A libyear (library year) is a measure of how old a software dependency is.
+
+If your system has two dependencies, the first one year old, the second three,
+then your system is four libyears out-of-date.
+
+A dependency is one year old when the version you are using is one year older
+than its latest version.
+
+## Usage
+
+Early access. Output and usage subject to change.
+
+```
+gem install libyear-bundler
+libyear-bundler Gemfile
+       activesupport   4.2.7.1     2016-08-10     5.0.1     2016-12-21       0.4
+                json     1.8.6     2017-01-13     2.0.3     2017-01-12       0.0
+   minitest_to_rspec     0.6.0     2015-06-09     0.8.0     2017-01-02       1.6
+System is 1.9 libyears behind
+```
+
+## Development
+
+```
+ruby -I lib bin/libyear-bundler spec/fixtures/01/Gemfile
+```

data/bin/libyear-bundler

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require "libyear_bundler"
+LibyearBundler::CLI.new(ARGV).run

data/lib/libyear_bundler/cli.rb

@@ -0,0 +1,23 @@
+require "bundler/cli"
+require "bundler/cli/outdated"
+require "libyear_bundler/report"
+require "libyear_bundler/query"
+
+module LibyearBundler
+  class CLI
+    def initialize(argv)
+      validate_arguments(argv)
+      @gemfile_path = argv.first
+    end
+
+    def run
+      print Report.new(Query.new(@gemfile_path).execute).to_s
+    end
+
+    private
+
+    def validate_arguments(argv)
+      # todo
+    end
+  end
+end

data/lib/libyear_bundler/query.rb

@@ -0,0 +1,88 @@
+require "English"
+require "open3"
+
+module LibyearBundler
+  # Responsible for getting all the data that goes into the `Report`.
+  class Query
+    # Format of `bundle outdated --parseable` (BOP)
+    BOP_FMT = /\A(?<name>[^ ]+) \(newest (?<newest>[^,]+), installed (?<installed>[^,)]+)/
+
+    def initialize(gemfile_path)
+      @gemfile_path = gemfile_path
+    end
+
+    def execute
+      gems = []
+      bundle_outdated.lines.each do |line|
+        match = BOP_FMT.match(line)
+        next if match.nil?
+        gems.push(
+          installed: { version: match["installed"] },
+          name: match["name"],
+          newest: { version: match["newest"] }
+        )
+      end
+      gems.each do |gem|
+        di = release_date(gem[:name], gem[:installed][:version])
+        dn = release_date(gem[:name], gem[:newest][:version])
+        gem[:installed][:date] = di
+        gem[:newest][:date] = dn
+        if di.nil? || dn.nil? || dn <= di
+          # Known issue: Backports and maintenance releases of older minor versions.
+          # Example: json 1.8.6 (2017-01-13) was released *after* 2.0.3 (2017-01-12)
+          years = 0.0
+        else
+          days = (dn - di).to_f
+          years = days / 365.0
+        end
+        gem[:libyears] = years
+      end
+      gems
+    end
+
+    private
+
+    def bundle_outdated
+      stdout, stderr, status = Open3.capture3(
+        %Q(BUNDLE_GEMFILE="#{@gemfile_path}" bundle outdated --parseable)
+      )
+      # Known statuses:
+      # 0 - Nothing is outdated
+      # 256 - Something is outdated
+      # 1792 - Unable to determine if something is outdated
+      unless [0, 256].include?(status.to_i)
+        $stderr.puts "`bundle outdated` failed with status: #{status.to_i}"
+        $stderr.puts "stderr: #{stderr}"
+        $stderr.puts "stdout: #{stdout}"
+        $stderr.puts "Try running `bundle install`."
+        Kernel.exit(1)
+      end
+      stdout
+    end
+
+    # Known issue: Probably performs a network request every time, unless
+    # there's some kind of caching.
+    def release_date(gem_name, gem_version)
+      dep = nil
+      begin
+        dep = ::Bundler::Dependency.new(gem_name, gem_version)
+      rescue ::Gem::Requirement::BadRequirementError => e
+        $stderr.puts "Could not find release date for: #{gem_name}"
+        $stderr.puts(e)
+        $stderr.puts(
+          "Maybe you used git in your Gemfile, which libyear doesn't support " \
+          "yet. Contributions welcome."
+        )
+        return nil
+      end
+      tuples, _errors = ::Gem::SpecFetcher.fetcher.search_for_dependency(dep)
+      if tuples.empty?
+        $stderr.puts "Could not find release date for: #{gem_name}"
+        return nil
+      end
+      tup, source = tuples.first # Gem::NameTuple
+      spec = source.fetch_spec(tup) # raises Gem::RemoteFetcher::FetchError
+      spec.date.to_date
+    end
+  end
+end

data/lib/libyear_bundler/report.rb

@@ -0,0 +1,30 @@
+module LibyearBundler
+  # Responsible presenting data from the `Query`. Should only be concerned
+  # with presentation, nothing else.
+  class Report
+    # `gems` - Array of hashes.
+    def initialize(gems)
+      @gems = gems
+    end
+
+    def to_s
+      sum_years = 0.0
+      @gems.each do |gem|
+        years = gem[:libyears]
+        sum_years += years
+        puts(
+          format(
+            "%30s%15s%15s%15s%15s%10.1f",
+            gem[:name],
+            gem[:installed][:version],
+            gem[:installed][:date],
+            gem[:newest][:version],
+            gem[:newest][:date],
+            years
+          )
+        )
+      end
+      puts format("System is %.1f libyears behind", sum_years)
+    end
+  end
+end

data/lib/libyear_bundler/version.rb

@@ -0,0 +1,3 @@
+module LibyearBundler
+  VERSION = "0.2.0"
+end

data/lib/libyear_bundler.rb

@@ -0,0 +1,3 @@
+require "bundler"
+require "libyear_bundler/version"
+require "libyear_bundler/cli"

data/libyear-bundler.gemspec

@@ -0,0 +1,21 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'libyear_bundler/version'
+
+Gem::Specification.new do |spec|
+  spec.name = "libyear-bundler"
+  spec.version = LibyearBundler::VERSION
+  spec.authors = ["Jared Beck"]
+  spec.email = ["jared@jaredbeck.com"]
+  spec.summary = "A simple measure of dependency freshness"
+  spec.homepage = "https://libyear.com"
+  spec.licenses = ["GPL-3.0"]
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir = "bin"
+  spec.executables = ["libyear-bundler"]
+  spec.require_paths = ["lib"]
+  spec.add_dependency "bundler", "~> 1.14"
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: libyear-bundler
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Jared Beck
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-03-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+description: 
+email:
+- jared@jaredbeck.com
+executables:
+- libyear-bundler
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- bin/libyear-bundler
+- lib/libyear_bundler.rb
+- lib/libyear_bundler/cli.rb
+- lib/libyear_bundler/query.rb
+- lib/libyear_bundler/report.rb
+- lib/libyear_bundler/version.rb
+- libyear-bundler.gemspec
+homepage: https://libyear.com
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.10
+signing_key: 
+specification_version: 4
+summary: A simple measure of dependency freshness
+test_files: []