RubyGems - metadata_json_deps - Versions diffs - 0.4.0 → 0.6.0 - Mend

metadata_json_deps 0.4.0 → 0.6.0

Files changed (5) hide show

checksums.yaml +4 -4
data/README.md +30 -0
data/bin/bump-dependency-upper-bound +32 -0
data/lib/metadata_json_deps.rb +38 -0
metadata +7 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 376a5a0f5181d0d6095b02fd5eb968c8acc887c8f85c1127c80d3fd622ed4a14
-  data.tar.gz: 2a8978e1c706f98b80a82c04e9bc4cb5721d72026ab7089b044d0981e1db16c7
+  metadata.gz: 957053c39314e5fae78a9a48640c3babf2ba4a0f160a616c8dc41464c8f7592d
+  data.tar.gz: 926feeae2bd1b0764a6f0eff29272fab9b78afac8f6b831ff50a4c64789f16fa
 SHA512:
-  metadata.gz: d7a981df5b61c4ff15f7f016ce4f90ad5045f47c3556db8d686c6cd5ada2eff218daa240507f73c071f249c255bae1c39073ba04a675bb4426158ca3f9b56b68
-  data.tar.gz: 28fabc4c9c1cfe758875314d137117a7c7b437d39f15e94b160469f2a7fade2a3a59eba9eaa39e4d5f71e054d9aa1df9b760f3c1a7a63db860fbb27d9c0dcdb4
+  metadata.gz: 501218e7ffd20f2e10cadf62176f80ae92707a677867a384071723d259c2bfb8e71c98e4521c8cf6010da01ea34bfdd592a64a4f7cafb6f549eb962ed4e3188e
+  data.tar.gz: 89b909bcdb29105edf8ee88059a58363852f910df43c583e8f4d050b95d14b923e69ad4897e17858cd3224ea99200bc923c05c385f29d26cb0c5a13d6cffda7e

data/README.md CHANGED Viewed

@@ -28,6 +28,20 @@ On the command line, run `metadata-json-deps` with the path(s) of your `metadata
 metadata-json-deps /path/to/metadata.json
 ```
+Example output:
+```console
+$ metadata-json-deps modules/*/*/metadata.json
+Checking modules/theforeman/puppet-candlepin/metadata.json
+  puppetlabs/stdlib (>= 4.2.0 < 8.0.0) doesn't match 8.1.0
+  puppet/extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
+Checking modules/theforeman/puppet-certs/metadata.json
+  puppetlabs-stdlib (>= 4.25.0 < 8.0.0) doesn't match 8.1.0
+  puppet-extlib (>= 3.0.0 < 6.0.0) doesn't match 6.0.0
+Checking modules/theforeman/puppet-dhcp/metadata.json
+Checking modules/theforeman/puppet-dns/metadata.json
+```
 It can also be run verbosely to show valid dependencies:
 ```shell
@@ -47,3 +61,19 @@ task :metadata_deps do
   MetadataJsonDeps::run(files)
 end
 ```
+### Bumping dependency upper bounds
+After detecting outdated dependencies, it's important to do something about this. Taking the earlier example, you can see some modules should allow newer dependencies (candlepin and certs) while others are up to date (dhcp and dns).
+The next step is to look into the newer dependencies. In this case stdlib and extlib had a major version bump. It is then important to look at the changes and see if it does affect modules. Sometimes it doesn't, like when a module drops support for Puppet 5 but our modules already dropped Puppet 5. In that case, it's safe to raise the upper version bound.
+To update the upper bounds, [bump-dependency-upper-bound](https://github.com/voxpupuli/modulesync_config/blob/master/bin/bump-dependency-upper-bound) can be used. For example, to allow puppetlabs/stdlib 8.x, the new upper bound is 9.0.0:
+```console
+$ bump-dependency-upper-bound puppetlabs/stdlib 9.0.0 modules/*/*/metadata.json
+Updated modules/theforeman/puppet-candlepin/metadata.json: '>= 4.2.0 < 8.0.0' to '>= 4.2.0 < 9.0.0'
+Updated modules/theforeman/puppet-certs/metadata.json: '>= 4.25.0 < 8.0.0' to '>= 4.25.0 < 9.0.0'
+modules/theforeman/puppet-dhcp/metadata.json already matches 9.0.0
+modules/theforeman/puppet-dns/metadata.json already matches 9.0.0
+```

data/bin/bump-dependency-upper-bound ADDED Viewed

@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+require 'optparse'
+require 'metadata_json_deps'
+def main
+  parser = OptionParser.new do |opts|
+    opts.banner = "Usage: #{opts.program_name} module_name new_upper_bound metadata"
+  end
+  parser.parse!
+  if ARGV.length < 3
+    STDERR.puts parser.help
+    exit 1
+  end
+  module_name, upper_bound, *paths = ARGV
+  module_name = PuppetForge::V3.normalize_name(module_name)
+  paths.each do |path|
+    begin
+      old, new = MetadataJsonDeps.bump_dependency(path, module_name, upper_bound)
+      if old != new
+        puts "Updated #{path}: '#{old}' to '#{new}'"
+      else
+        puts "#{path} already matches #{upper_bound}"
+      end
+    rescue Exception => e
+      puts "Failed to update #{path}: #{e}"
+    end
+  end
+end
+main

data/lib/metadata_json_deps.rb CHANGED Viewed

@@ -35,6 +35,44 @@ module MetadataJsonDeps
     puts result.to_yaml
   end
+  # Bump a dependency in a filename
+  #
+  # @param [String] filename A path to a metadata file. An error is raised if
+  #   it's invalid metadata.
+  # @param [String] module_name The module name listed in dependencies. It must
+  #   be normalized to the forge style (using a dash). It can fall back to a
+  #   slash if metadata uses a slash.
+  # @param [String] upper_bound The new upper bound for the module name
+  # @return [Array<String>] An array with the old and new version. Can be used
+  #   to determine if a change was made.
+  # @see PuppetMetadata.read
+  def self.bump_dependency(filename, module_name, upper_bound)
+    metadata = PuppetMetadata.read(filename)
+    requirement = metadata.dependencies[module_name]
+    unless requirement
+      # TODO: normalize keys in puppet_metadata so we don't need 2 lookups?
+      module_name = module_name.tr('-', '/')
+      requirement = metadata.dependencies[module_name]
+      raise Exception.new("Dependency #{module_name} not found") unless requirement
+    end
+    return [requirement.to_s, requirement.to_s] if requirement.end == upper_bound
+    new = ">= #{requirement.begin} < #{upper_bound}"
+    new_metadata = metadata.metadata.clone
+    new_metadata['dependencies'].each do |dependency|
+      if dependency['name'] == module_name
+        dependency['version_requirement'] = new
+      end
+    end
+    File.write(filename, JSON.pretty_generate(new_metadata) + "\n")
+    [requirement.to_s, new]
+  end
   def self.run(filenames, verbose = false)
     forge = ForgeVersions.new

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: metadata_json_deps
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Ewoud Kohl van Wijngaarden
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-09 00:00:00.000000000 Z
+date: 2022-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: puppet_forge
@@ -19,7 +19,7 @@ dependencies:
         version: '2.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '2.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '5'
 - !ruby/object:Gem::Dependency
   name: puppet_metadata
   requirement: !ruby/object:Gem::Requirement
@@ -81,6 +81,7 @@ dependencies:
 description: Verify all your dependencies allow the latest versions on Puppet Forge
 email: ewoud+rubygems@kohlvanwijngaarden.nl
 executables:
+- bump-dependency-upper-bound
 - generate-fixtures-yaml
 - metadata-json-deps
 extensions: []
@@ -89,6 +90,7 @@ extra_rdoc_files:
 files:
 - LICENSE
 - README.md
+- bin/bump-dependency-upper-bound
 - bin/generate-fixtures-yaml
 - bin/metadata-json-deps
 - lib/metadata_json_deps.rb
@@ -112,7 +114,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Check your Puppet metadata dependencies