lock-gemfile 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 70164942502370d3ca05b5e8ed259e798dd21b6891d7e0bb6324daf444312dc1
+  data.tar.gz: cd2765434d8e9cbb9b73d657d0e36bbc78e10d3fb5d32254c4b8c9f3cf632553
+SHA512:
+  metadata.gz: 24b9c62a24cc58031f3575abdc194a6bcb0621144e92e22e7c81194333a4220bdb15f00d30b9d996e70ec4bd20cc84c79bb5a100303d98b9948537e3e25eb98d
+  data.tar.gz: bd3338d1f6d64ac2d223884aeb5f9ec59fa185b53e5c00f576ac4aae27fb3d38ffd1f040d17ac96416aac532ccec9600c4442c89ec656c4531bdfed75b124c82

data/.rubocop.yml

@@ -0,0 +1,25 @@
+AllCops:
+  TargetRubyVersion: 3.0
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+Style/StringConcatenation:
+  Enabled: false
+

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2024-07-05
+
+- Initial release

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Durable Programming Team
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,130 @@
+# Lock::Gemfile
+
+Lock::Gemfile is a Ruby library that provides functionality to update a Gemfile with locked versions - typically, from a corresponding Gemfile.lock file, but you can also provide arbitrary versions as well. 
+
+## Installation
+
+Install using RubyGems:
+
+```
+$ gem install lock-gemfile
+```
+
+Alternatively, if you intend to use this as a library, you can add this to your Gemfile:
+
+```
+$ bundle add lock-gemfile
+```
+
+## Usage
+
+### Command-line Interface
+
+Lock::Gemfile provides a command-line interface (CLI) through the `bin/lock-gemfile` script. You can run the script with the following command:
+
+```
+$ lock-gemfile update GEMFILE [options]
+```
+
+Replace `GEMFILE` with the path to your Gemfile.
+
+#### Options
+
+- `-w`, `--[no-]write`: Write the updated Gemfile back to disk (default: `false`).
+- `-p`, `--[no-]pessimistic`: Use pessimistic version constraints (`~>`) (default: `true`).
+
+#### Examples
+
+Update a Gemfile and print the result to the console:
+
+```
+$ lock-gemfile update Gemfile
+```
+
+Update a Gemfile and write the changes back to the file:
+
+```
+$ lock-gemfile update Gemfile --write
+```
+
+Update a Gemfile using exact version constraints:
+
+```
+$ lock-gemfile update Gemfile --no-pessimistic
+```
+
+### Library API
+
+You can also use Lock::Gemfile as a library in your own Ruby code.
+
+```ruby
+require 'lock/gemfile'
+
+# Read the content of the Gemfile
+gemfile_content = File.read('Gemfile')
+
+# Parse the corresponding Gemfile.lock using Bundler's LockfileParser
+lockfile = Bundler::LockfileParser.new(Bundler.read_file('Gemfile.lock'))
+
+# Create a hash to store the desired versions of each gem
+desired_versions = {}
+lockfile.specs.each do |spec|
+  desired_versions[spec.name] = spec.version
+end
+
+# Create a buffer to hold the Gemfile content
+buffer = Parser::Source::Buffer.new('(gemfile)')
+buffer.source = gemfile_content
+
+# Create a new Ruby parser
+parser = Parser::CurrentRuby.new
+# Parse the Gemfile content into an Abstract Syntax Tree (AST)
+ast = parser.parse(buffer)
+
+# Create a new instance of the Lock::Gemfile::Rewriter
+rewriter = Lock::Gemfile::Rewriter.new
+# Set the desired versions from the lockfile
+rewriter.lockfile = desired_versions
+# Set the pessimistic option
+rewriter.pessimistic = true
+
+# Rewrite the Gemfile AST with the locked versions
+transformed_code = rewriter.rewrite(buffer, ast)
+
+# Print the transformed Gemfile content
+puts transformed_code
+```
+
+## How It Works
+
+Lock::Gemfile uses the following steps to update a Gemfile with locked versions:
+
+1. Read the content of the specified Gemfile.
+2. Parse the corresponding Gemfile.lock using Bundler's LockfileParser.
+3. Create a hash to store the desired versions of each gem based on the lockfile.
+4. Create a buffer to hold the Gemfile content and parse it into an AST using the Parser gem.
+5. Create an instance of the Lock::Gemfile::Rewriter and set the desired versions and pessimistic option.
+6. Rewrite the Gemfile AST with the locked versions using the rewriter.
+7. Transform the modified AST back into source code.
+8. Print the transformed Gemfile content to the console or write it back to the file, depending on the options.
+
+The core of the library is the Lock::Gemfile::Rewriter class, which is a subclass of Parser::TreeRewriter. It traverses the AST and looks for `gem` method calls. For each `gem` call found, it checks if a version specifier is already present. If not, it retrieves the locked version from the provided lockfile hash and inserts a version specifier string after the gem name. The version specifier can be either pessimistic or exact, depending on the value of the `pessimistic` attribute.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Commercial Support
+
+Commercial support for lock-gemfile and related tools is available from Durable Programming, LLC. You can contact us at [durableprogramming.com](https://www.durableprogramming.com).
+
+![Durable Programming, LLC Logo](https://durableprogramming.com/wp-content/uploads/2022/04/Full-logo-2color-1024x392.png)
+
+

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "minitest/test_task"
+
+Minitest::TestTask.create
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[test rubocop]

data/bin/lock-gemfile

@@ -0,0 +1,98 @@
+#!/bin/env ruby
+# frozen_string_literal: true
+#
+# lock-gemfile
+#
+# This script updates a Gemfile with locked versions from the
+# corresponding Gemfile.lock file.  It uses the Parser gem to parse the
+# Gemfile into an Abstract Syntax Tree (AST), and then uses a custom
+# TreeRewriter to modify the AST, inserting the locked versions from
+# the lockfile.  The modified AST is then transformed back into source
+# code and either printed to the console or written back to the Gemfile,
+# depending on the provided options.
+#
+# Usage:
+#   gemfile_updater.rb update GEMFILE [options]
+#
+# Options:
+#   -w, [--write], [--no-write]        # Write the updated Gemfile back
+#   to disk (default: false) -p, [--pessimistic], [--no-pessimistic]  #
+#   Use pessimistic version constraints (~>) (default: true)
+#
+# Examples:
+#   gemfile_updater.rb update Gemfile gemfile_updater.rb update Gemfile
+#   --write gemfile_updater.rb update Gemfile --no-pessimistic
+#
+# Dependencies:
+#   - parser - bundler - thor
+
+require "parser/current"
+require "bundler"
+require "thor"
+
+require_relative "../lib/lock/gemfile/rewriter"
+
+class GemfileUpdater < Thor
+  #
+  # This class update a Gemfile with locked versions - designed to pull
+  # from the corresponding Gemfile.lock file, it can also accept an
+  # arbitrary hash of versions..  It uses the Parser gem to parse the
+  # Gemfile into an Abstract Syntax Tree (AST), and then uses a custom
+  # TreeRewriter to modify the AST, inserting the locked versions from
+  # the lockfile.  The modified AST is then transformed back into source
+  # code and either printed to the console or written back to the Gemfile,
+  # depending on the provided options.
+  #
+  desc "update GEMFILE", "Update Gemfile with locked versions"
+
+  option :write, type: :boolean, default: false, aliases: "-w"
+  option :pessimistic, type: :boolean, default: true, aliases: "-p"
+
+  def update(gemfile)
+    # Read the content of the specified Gemfile
+    gemfile_content = File.read(gemfile)
+
+    # Parse the corresponding Gemfile.lock using Bundler's LockfileParser
+    lockfile = Bundler::LockfileParser.new(Bundler.read_file(gemfile + ".lock"))
+
+    # Create a hash to store the desired versions of each gem
+    desired_versions = {}
+
+    # Iterate over each gem specification in the lockfile
+    lockfile.specs.each do |spec|
+      # Store the gem name and its locked version in the desired_versions hash
+      desired_versions[spec.name] = spec.version
+    end
+
+    # Create a buffer to hold the Gemfile content
+    buffer = Parser::Source::Buffer.new("(gemfile)")
+    buffer.source = gemfile_content
+
+    # Create a new Ruby parser
+    parser = Parser::CurrentRuby.new
+    # Parse the Gemfile content into an Abstract Syntax Tree (AST)
+    ast = parser.parse(buffer)
+
+    # Create a new instance of the Lock::Gemfile::Rewriter
+    rewriter = Lock::Gemfile::Rewriter.new
+    # Set the desired versions from the lockfile
+    rewriter.lockfile = desired_versions
+    # Set the pessimistic option based on the command-line argument
+    rewriter.pessimistic = options[:pessimistic]
+
+    # Rewrite the Gemfile AST with the locked versions
+    transformed_code = rewriter.rewrite(buffer, ast)
+
+    # Print the transformed Gemfile content
+    puts transformed_code
+
+    # If the write option is not specified, exit the method
+    return unless options[:write]
+
+    # Write the transformed Gemfile content back to the original file
+    File.write(gemfile, transformed_code)
+  end
+end
+
+# Start the GemfileUpdater CLI with the provided command-line arguments
+GemfileUpdater.start(ARGV)

data/lib/lock/gemfile/rewriter.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require "parser/current"
+
+module Lock
+  module Gemfile
+    # The Lock::Gemfile::Rewriter class is a subclass of
+    # Parser::TreeRewriter that rewrites a Gemfile's Abstract Syntax
+    # Tree (AST) to include locked gem versions from a corresponding
+    # Gemfile.lock file.
+    #
+    # The rewriter traverses the AST and looks for `gem` method calls. For
+    # each `gem` call found, it checks if a version specifier is already
+    # present. If not, it retrieves the locked version from the provided
+    # lockfile hash and inserts a version specifier string after the
+    # gem name.
+    #
+    # The version specifier can be either pessimistic or exact, depending
+    # on the value of the `pessimistic` attribute. If `pessimistic` is
+    # true (default), the version specifier will be prefixed with "~>",
+    # otherwise it will be an exact version.
+    #
+    # Example usage:
+    #
+    #   parser = Parser::CurrentRuby.new ast = parser.parse(buffer)
+    #
+    #   rewriter = Lock::Gemfile::Rewriter.new rewriter.lockfile = {
+    #     "rails" => "6.1.0", "puma" => "5.0.4"
+    #   } rewriter.pessimistic = true
+    #
+    #   modified_ast = rewriter.rewrite(buffer, ast)
+    #
+    # Attributes:
+    #   lockfile (Hash): A hash containing gem names as keys and their
+    #   locked versions as values.  pessimistic (Boolean): Determines
+    #   whether to use pessimistic version specifiers. Default is true.
+    #
+    # Methods:
+    #   on_send(node): Called when a `:send` node is encountered in the
+    #   AST. Checks if the node represents a `gem` method call
+    #                  and inserts the locked version specifier if
+    #                  applicable.
+    class Rewriter < Parser::TreeRewriter
+      attr_accessor :lockfile, :pessimistic
+
+      # Handles `:send` nodes in the AST, which represent method calls.
+      #
+      # If the node is a `gem` method call and doesn't already have
+      # a version specifier, retrieves the locked version from the
+      # `lockfile` hash and inserts a version specifier string.
+      #
+      # The version specifier can be either pessimistic or exact,
+      # depending on the value of `pessimistic`.
+      #
+      # Arguments:
+      #
+      #   node (Parser::AST::Node): The `:send` node being processed.
+      #
+      def on_send(node)
+        return unless node.type == :send && node.children[1] == :gem
+
+        gem_name = node.children[2].children[0]
+
+        old_version_specifier = node.children[3]
+        already_has_version_specifier = old_version_specifier && old_version_specifier.type == :str
+
+        return if already_has_version_specifier
+
+        lockfile_gem_details = lockfile[gem_name]
+        new_version_specifier = lockfile_gem_details&.to_s
+        prefix = if pessimistic
+                   "~> "
+                 else
+                   ""
+                 end
+
+        return unless new_version_specifier
+
+        insert_after(node.children[2].location.end, ", '#{prefix}#{new_version_specifier}'")
+      end
+    end
+  end
+end

data/lib/lock/gemfile/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Lock
+  module Gemfile
+    VERSION = "0.1.0"
+  end
+end

data/lib/lock/gemfile.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative "gemfile/version"
+
+module Lock
+  module Gemfile
+    class Error < StandardError; end
+    # Your code goes here...
+  end
+end

data/sig/lock/gemfile.rbs

@@ -0,0 +1,6 @@
+module Lock
+  module Gemfile
+    VERSION: String
+    # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+  end
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: lock-gemfile
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Durable Programming Team
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-07-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: This gem provides a command-line tool to update a Gemfile with locked
+  versions from the corresponding Gemfile.lock file.
+email:
+- djberube@durableprogramming.com
+executables:
+- lock-gemfile
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/lock-gemfile
+- lib/lock/gemfile.rb
+- lib/lock/gemfile/rewriter.rb
+- lib/lock/gemfile/version.rb
+- sig/lock/gemfile.rbs
+homepage: https://github.com/durableprogramming/lock-gemfile
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/durableprogramming/lock-gemfile
+  source_code_uri: https://github.com/durableprogramming/lock-gemfile
+  changelog_uri: https://github.com/durableprogramming/lock-gemfile/blob/main/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.26
+signing_key: 
+specification_version: 4
+summary: A tool to update Gemfile with locked versions
+test_files: []