metadata_json_deps 0.2.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2bcbe32a5563efc72e3d20dca1bde1f7b6fd04daed604ac244b1b7b3a5248c0f
-  data.tar.gz: fdae66bfdaebacb7e019ccb762b63c85bce412f2b5b24e45319a241bd7321b35
+  metadata.gz: 6179bcf58c7d31443f14ee253a6138a39eb9cc5ee6522ad3ce90808af18b72c9
+  data.tar.gz: df68258de0fe2b4a056fd0bf71b00652f97ff127e5a925c99fc11cf0bb72ca82
 SHA512:
-  metadata.gz: 69e42cca04c2f04382d09f3e387684624395e5ebace94842fe721ae56fbdfc13a8609e8b82ccfc9388fbc7d1da8d218808a3ff760b5ddcc7c64bb088b55790f2
-  data.tar.gz: 0f354fcca5932a92401c14615de0a8b62bfdd91008719cb5e53bb64a8cf0a6b063244d77dfce02de39210558e42e2abc0ea8d30bfaddcf6d90a25520e1d9ec04
+  metadata.gz: 7386a095e6ae88bae37389863f813d07748bb8bd4a194f0d9a27b6156202670f2f93bd9b10b856d8d16f35f3e8be7da6386bc255d06d3f9cd31b7445d94ded0e
+  data.tar.gz: a02885daa2cae0fc442dbb92041a9db103a8fa72f10cf0bb3b46d75b1021198f9c24c40e7f563b119105f71b6eafccf4088ba55754daa58a0842754e3db12e25

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2017-2021 Ewoud Kohl van Wijngaarden
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -28,6 +28,20 @@ On the command line, run `metadata-json-deps` with the path(s) of your `metadata
 metadata-json-deps /path/to/metadata.json
 ```
 
+Example output:
+
+```console
+$ metadata-json-deps modules/*/*/metadata.json
+Checking modules/theforeman/puppet-candlepin/metadata.json
+  puppetlabs/stdlib (>= 4.2.0 < 8.0.0) doesn't match 8.1.0
+  puppet/extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
+Checking modules/theforeman/puppet-certs/metadata.json
+  puppetlabs-stdlib (>= 4.25.0 < 8.0.0) doesn't match 8.1.0
+  puppet-extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
+Checking modules/theforeman/puppet-dhcp/metadata.json
+Checking modules/theforeman/puppet-dns/metadata.json
+```
+
 It can also be run verbosely to show valid dependencies:
 
 ```shell
@@ -47,3 +61,19 @@ task :metadata_deps do
   MetadataJsonDeps::run(files)
 end
 ```
+
+### Bumping dependency upper bounds
+
+After detecting outdated dependencies, it's important to do something about this. Taking the earlier example, you can see some modules should allow newer dependencies (candlepin and certs) while others are up to date (dhcp and dns).
+
+The next step is to look into the newer dependencies. In this case stdlib and extlib had a major version bump. It is then important to look at the changes and see if it does affect modules. Sometimes it doesn't, like when a module drops support for Puppet 5 but our modules already dropped Puppet 5. In that case, it's safe to raise the upper version bound.
+
+To update the upper bounds, [bump-dependency-upper-bound](https://github.com/voxpupuli/modulesync_config/blob/master/bin/bump-dependency-upper-bound) can be used. For example, to allow puppetlabs/stdlib 8.x, the new upper bound is 9.0.0:
+
+```console
+$ bump-dependency-upper-bound puppetlabs/stdlib 9.0.0 modules/*/*/metadata.json
+Updated modules/theforeman/puppet-candlepin/metadata.json: '>= 4.2.0 < 8.0.0' to '>= 4.2.0 < 9.0.0'
+Updated modules/theforeman/puppet-certs/metadata.json: '>= 4.25.0 < 8.0.0' to '>= 4.25.0 < 9.0.0'
+modules/theforeman/puppet-dhcp/metadata.json already matches 9.0.0
+modules/theforeman/puppet-dns/metadata.json already matches 9.0.0
+```

data/bin/bump-dependency-upper-bound

@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+require 'optparse'
+require 'metadata_json_deps'
+
+def main
+  parser = OptionParser.new do |opts|
+    opts.banner = "Usage: #{opts.program_name} module_name new_upper_bound metadata"
+  end
+
+  parser.parse!
+  if ARGV.length < 3
+    STDERR.puts parser.help
+    exit 1
+  end
+
+  module_name, upper_bound, *paths = ARGV
+  module_name = PuppetForge::V3.normalize_name(module_name)
+  paths.each do |path|
+    begin
+      old, new = MetadataJsonDeps.bump_dependency(path, module_name, upper_bound)
+      if old != new
+        puts "Updated #{path}: '#{old}' to '#{new}'"
+      else
+        puts "#{path} already matches #{upper_bound}"
+      end
+    rescue Exception => e
+      puts "Failed to update #{path}: #{e}"
+    end
+  end
+end
+
+main

data/bin/generate-fixtures-yaml

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'metadata_json_deps'
+
+parser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{opts.program_name} metadata"
+end
+
+parser.parse!
+if ARGV.empty?
+  puts parser.help
+  exit 1
+end
+
+MetadataJsonDeps.build_fixtures(ARGV.first)

data/bin/metadata-json-deps

@@ -5,9 +5,7 @@ require 'metadata_json_deps'
 
 options = {}
 OptionParser.new do |opts|
-  opts.on("-v", "--[no-]verbose", "Run verbosely") do |v|
-    options[:verbose] = v
-  end
-end.parse!
+  opts.on("-v", "--[no-]verbose", "Run verbosely")
+end.parse!(into: options)
 
 MetadataJsonDeps.run(ARGV, options[:verbose])

data/lib/metadata_json_deps.rb

@@ -7,12 +7,72 @@ module MetadataJsonDeps
       @cache = cache
     end
 
-    def get_current_version(name)
-      name = name.sub('/', '-')
-      @cache[name] ||= PuppetForge::Module.find(name).current_release.version
+    def get_module(name)
+      name = PuppetForge::V3.normalize_name(name)
+      @cache[name] ||= PuppetForge::Module.find(name)
     end
   end
 
+  def self.build_fixtures(filename)
+    require 'yaml'
+
+    result = {}
+
+    dependencies = PuppetMetadata.read(filename).dependencies
+    if dependencies.any?
+      forge = ForgeVersions.new
+
+      repositories = {}
+      result['fixtures'] = {'repositories' => repositories}
+
+      dependencies.each do |dependency, _constraint|
+        mod = forge.get_module(dependency)
+        # TODO: The forge should expose the source URL directly
+        repositories[mod.name] = mod.current_release.metadata[:source]
+      end
+    end
+
+    puts result.to_yaml
+  end
+
+  # Bump a dependency in a filename
+  #
+  # @param [String] filename A path to a metadata file. An error is raised if
+  #   it's invalid metadata.
+  # @param [String] module_name The module name listed in dependencies. It must
+  #   be normalized to the forge style (using a dash). It can fall back to a
+  #   slash if metadata uses a slash.
+  # @param [String] upper_bound The new upper bound for the module name
+  # @return [Array<String>] An array with the old and new version. Can be used
+  #   to determine if a change was made.
+  # @see PuppetMetadata.read
+  def self.bump_dependency(filename, module_name, upper_bound)
+    metadata = PuppetMetadata.read(filename)
+
+    requirement = metadata.dependencies[module_name]
+    unless requirement
+      # TODO: normalize keys in puppet_metadata so we don't need 2 lookups?
+      module_name = module_name.tr('-', '/')
+      requirement = metadata.dependencies[module_name]
+      raise Exception.new("Dependency #{module_name} not found") unless requirement
+    end
+
+    return [requirement.to_s, requirement.to_s] if requirement.end == upper_bound
+
+    new = ">= #{requirement.begin} < #{upper_bound}"
+
+    new_metadata = metadata.metadata.clone
+    new_metadata['dependencies'].each do |dependency|
+      if dependency['name'] == module_name
+        dependency['version_requirement'] = new
+      end
+    end
+
+    File.write(filename, JSON.pretty_generate(new_metadata) + "\n")
+
+    [requirement.to_s, new]
+  end
+
   def self.run(filenames, verbose = false)
     forge = ForgeVersions.new
 
@@ -21,14 +81,26 @@ module MetadataJsonDeps
       metadata = PuppetMetadata.read(filename)
 
       metadata.dependencies.map do |dependency, constraint|
-        current = forge.get_current_version(dependency)
+        mod = forge.get_module(dependency)
 
-        if metadata.satisfies_dependency?(dependency, current)
-          if verbose
-            puts "  #{dependency} (#{constraint}) matches #{current}"
+        if mod.deprecated_at
+          if mod.superseded_by
+            puts "  #{dependency} was superseded by #{mod.superseded_by[:slug]}"
+          elsif mod.deprecated_for
+            puts "  #{dependency} was deprecated: #{mod.deprecated_for}"
+          else
+            puts "  #{dependency} was deprecated"
           end
         else
-          puts "  #{dependency} (#{constraint}) doesn't match #{current}"
+          current = mod.current_release.version
+
+          if metadata.satisfies_dependency?(dependency, current)
+            if verbose
+              puts "  #{dependency} (#{constraint}) matches #{current}"
+            end
+          else
+            puts "  #{dependency} (#{constraint}) doesn't match #{current}"
+          end
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: metadata_json_deps
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Ewoud Kohl van Wijngaarden
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-05 00:00:00.000000000 Z
+date: 2022-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: puppet_forge
@@ -34,25 +34,64 @@ dependencies:
   name: puppet_metadata
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.3.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.3.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
 description: Verify all your dependencies allow the latest versions on Puppet Forge
 email: ewoud+rubygems@kohlvanwijngaarden.nl
 executables:
+- bump-dependency-upper-bound
+- generate-fixtures-yaml
 - metadata-json-deps
 extensions: []
 extra_rdoc_files:
 - README.md
 files:
+- LICENSE
 - README.md
+- bin/bump-dependency-upper-bound
+- bin/generate-fixtures-yaml
 - bin/metadata-json-deps
 - lib/metadata_json_deps.rb
 homepage: https://github.com/ekohl/metadata_json_deps