podrpt 0.1.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 912c6a263f85b22b28f5ae69765387bf330eecf5900b9c9a895bace0436622c4
-  data.tar.gz: 229b466805159032d6f09fff9d6af0478dd19f144c84bdf813f27fa398ee450c
+  metadata.gz: 3b806f0000eb01912678830776a5ef3a61582d552bd0d648eb5b3cfdb3896394
+  data.tar.gz: e590ece5be99ae5d5c63df07de580009e149f03ccc06c2d838a8fe687aa6216c
 SHA512:
-  metadata.gz: 158bf9f7c90ede213f086a9294f1e900c69f0cc3239227d60176a16671ecc0c81d67d69f1356fd90c8df7548ec75aae271f80896ef60a3128e67979f9f333d19
-  data.tar.gz: 7e1d97dfdab3508f6b54097855fa45fea86b1ac68f0ed732dbcfc7d7a46da75abb1b252237f0fde882631e39282a39a815a0ec461627982efc5fe91a1811bc39
+  metadata.gz: 5bb4f467def5f841df6e848eed1f1eca29d7968763bbe65c144529c96dd77eb55e67f54e761811b6adade103cf8ab07b928d8a89901290b14bf747c15794c305
+  data.tar.gz: 1056100004bb690b1db1c591738b0c02e0e439061435dea82ccf182ff7e23d60b5da2e59af8eff04b43802c43ca54b90c22b58e09d95795037610e127a122835

data/CHANGELOG.md

@@ -1,5 +1,5 @@
 ## [Unreleased]
 
-## [0.1.0] - 2025-09-27
+## [1.0.1] - 2025-09-28
 
-- Initial release
+- first release of podrpt with all the features so far

data/README.md

@@ -4,38 +4,55 @@ Podrpt is a command-line tool written in Ruby to analyze and report outdated Coc
 
 It leverages the native CocoaPods API for high-performance analysis, avoiding slow external process calls for version fetching.
 
-Features
-- Fast Analysis: Uses the native CocoaPods gem API instead of shelling out to pod search.
+**Features**
+- **Fast Analysis**: Uses the native CocoaPods gem API instead of shelling out to pod search.
 
-- Outdated Pod Detection: Compares versions in your Podfile.lock against the latest public releases.
+- **Outdated Pod Detection**: Compares versions in your **Podfile.lock** against the latest public releases.
 
-- Risk Assessment: Assign custom risk scores and owner teams to dependencies via a PodsRisk.yaml file.
+- **Risk Assessment**: Assign custom risk scores and owner teams to dependencies via a PodsRisk.yaml file.
 
-- Dependency Filtering: Use an PodsAllowlist.yaml file to filter out transitive dependencies and focus only on the pods you directly manage.
+- **Dependency Filtering**: Use an PodsAllowlist.yaml file to filter out transitive dependencies and focus only on the pods you directly manage.
 
-- Slack Notifications: Delivers a clean, formatted report directly to a Slack channel, perfect for CI/CD pipelines.
+- **Slack Notifications**: Delivers a clean, formatted report directly to a Slack channel, perfect for CI/CD pipelines.
 
-- CI/CD Focused: Designed to run in automated environments without leaving behind unnecessary file artifacts.
+- **CI/CD Focused**: Designed to run in automated environments without leaving behind unnecessary file artifacts.
 
 - Interactive Setup: A simple init command to generate all necessary configuration files.- 
 
 ## Installation
 
 Add this line to your application's Gemfile:
---> gem 'podrpt', '~> 0.1.0'
+```ruby
+gem 'podrpt', '~> 1.0.0'
+```
 
 And then execute:
+```sh
 bundle install
+```
 
 ## Setup
 After installing the gem, you need to generate the configuration files in your project's root directory. Navigate to your iOS project's root folder and run the interactive setup command:
 
+And then execute:
+```sh
 bundle exec podrpt init
+```
 
 This command will:
 
-1 Create a sample PodsRisk.yaml file for defining risk scores.
-2 Create a sample PodsAllowlist.yaml file for filtering dependencies.
+1 Create a sample **PodsRisk.yaml** file for defining risk scores.
+```yaml
+default:
+  risk: 500
+  owners: []
+pods:
+  XPTO:
+    risk: 100
+    owners: ['core-team']
+```
+
+2 Create a sample **PodsAllowlist.yaml** file for filtering dependencies.
 3 Prompt you for your Slack Incoming Webhook URL and save it securely in a .podrpt.yml file (which should be added to your .gitignore).
 
 After running init, customize the generated .yaml files to fit your project's needs.
@@ -43,7 +60,16 @@ After running init, customize the generated .yaml files to fit your project's ne
 ## Usage
 To run an analysis and send a report to Slack, simply execute the run command:
 
+And then execute:
+```sh
 bundle exec podrpt run
+```
+
+If you want to see what will be sent and what URL is configured, use this command:
+
+```sh
+bundle exec podrpt run --dry-run
+```
 
 The report will only include outdated pods by default.
 

data/lib/podrpt/cli.rb

@@ -0,0 +1,142 @@
+# lib/podrpt/cli.rb
+module Podrpt
+  class CLI
+    def self.start(args)
+      command = args.shift || 'run'
+      case command
+      when 'run'
+        run_reporter(args)
+      when 'init'
+        initialize_configuration
+      when '--version', '-v'
+        puts Podrpt::VERSION
+      else
+        puts "Comando desconhecido: '#{command}'. Use 'run' ou 'init'."
+        exit 1
+      end
+    end
+
+    private
+
+    def self.initialize_configuration
+      puts "🚀 Iniciando a configuração do Podrpt..."
+      
+      pod_names_to_configure = []
+      project_dir = Dir.pwd
+      lockfile_path = File.join(project_dir, 'Podfile.lock')
+      
+      if File.exist?(lockfile_path)
+        puts "📄 `Podfile.lock` encontrado. Analisando pods para pré-popular os arquivos..."
+        begin
+          # Analisa o lockfile para obter a lista completa de pods externos
+          analyzer = Podrpt::LockfileAnalyzer.new(project_dir)
+          all_pods_versions = analyzer.pod_versions
+          classified_pods = analyzer.classify_pods
+          
+          # Filtramos apenas para pods que não são de desenvolvimento local
+          external_pods_filter = classified_pods[:spec_repo].dup
+          external_pods_filter -= classified_pods[:dev_path]
+          
+          pods_to_configure = all_pods_versions.slice(*external_pods_filter.to_a)
+          pod_names_to_configure = pods_to_configure.keys
+          
+        rescue => e
+          puts "⚠️ Erro ao analisar o `Podfile.lock`: #{e.message}. Os arquivos serão criados com exemplos."
+        end
+      else
+        puts "⚠️ `Podfile.lock` não encontrado. Os arquivos serão criados com exemplos."
+      end
+
+      # Cria os arquivos de configuração, passando a lista de pods encontrados
+      Podrpt::Configuration.create_allowlist_file(pod_names: pod_names_to_configure)
+      Podrpt::Configuration.create_risk_file(pod_names: pod_names_to_configure)
+      
+      puts "\nAgora, por favor, informe a URL do seu Incoming Webhook do Slack:"
+      print "> "
+      url = $stdin.gets.chomp
+      Podrpt::Configuration.save_slack_url(url)
+      puts "\nConfiguração concluída! Edite os arquivos .yaml conforme necessário e execute 'podrpt run'."
+    end
+    
+    # O método `run_reporter` e seus auxiliares permanecem os mesmos da última versão funcional
+    def self.run_reporter(args)
+      options = parse_run_options(args)
+      analyzer = Podrpt::LockfileAnalyzer.new(options.project_dir)
+      all_pods_versions = analyzer.pod_versions
+      classified_pods = analyzer.classify_pods
+
+      initial_filter = classified_pods[:spec_repo].dup
+      initial_filter -= classified_pods[:dev_path]
+      current_pods = all_pods_versions.slice(*initial_filter.to_a)
+
+      allowlist_config = load_allowlist(File.join(options.project_dir, options.allowlist_yaml))
+      pods_for_report = apply_allowlist_filter(current_pods, allowlist_config)
+      puts "[podrpt] Totais lock: #{all_pods_versions.size} | Pré-allowlist: #{current_pods.size} | Relatório final: #{pods_for_report.size}"
+      options.total_pods_count = pods_for_report.size
+
+      risk_config = load_risk_config(File.join(options.project_dir, options.risk_yaml))
+      if options.sync_risk_yaml
+        sync_risk_yaml(File.join(options.project_dir, options.risk_yaml), pods_for_report, risk_config)
+      end
+
+      version_fetcher = Podrpt::VersionFetcher.new(options)
+      latest_versions = version_fetcher.fetch_latest_versions_in_bulk(pods_for_report.keys)
+
+      final_analysis = []
+      pods_for_report.sort_by { |name, _| name.downcase }.each do |name, version|
+        pod_risk_info = risk_config['pods'][name] || risk_config['default']
+        analysis = Podrpt::PodAnalysis.new(name: name, current_version: version, latest_version: latest_versions[name], risk: pod_risk_info['risk'], owners: pod_risk_info['owners'] || [])
+        if options.only_outdated && !is_outdated(analysis.current_version, analysis.latest_version)
+          next
+        end
+        final_analysis << analysis
+      end
+      
+      reporter = Podrpt::ReportGenerator.new(final_analysis, options)
+      report_text = reporter.build_report_text
+      
+      Podrpt::SlackNotifier.notify(options.slack_webhook_url, report_text)
+    end
+    
+    def self.parse_run_options(args)
+      options = Podrpt::Options.new(
+        project_dir: Dir.pwd,
+        risk_yaml: 'PodsRisk.yaml',
+        allowlist_yaml: 'PodsAllowlist.yaml',
+        only_outdated: true,
+        trunk_workers: 8,
+        slack_webhook_url: ENV['SLACK_WEBHOOK_URL'] || Podrpt::Configuration.load_slack_url
+      )
+      OptionParser.new do |opts|
+        opts.banner = "Usage: podrpt run [options]"
+        opts.on("--project-dir DIR", "Diretório do projeto") { |v| options.project_dir = v }
+        opts.on("--slack-webhook-url URL", "URL do Webhook (sobrescreve config)") { |v| options.slack_webhook_url = v }
+        opts.on("--show-all", "Mostra todos os pods") { |v| options.only_outdated = false }
+        opts.on("--sync-risk-yaml", "Sincroniza PodsRisk.yaml") { |v| options.sync_risk_yaml = v }
+      end.parse!(args)
+
+      unless options.slack_webhook_url
+        puts "❌ ERRO: URL do Slack não configurada. Rode 'podrpt init'."
+        exit 1
+      end
+      options
+    end
+    
+    def self.load_allowlist(path); return {} unless File.exist?(path); config = YAML.load_file(path); config&.key?('allowlist') ? config['allowlist'] : {}; rescue; {}; end
+    def self.apply_allowlist_filter(all_pods, allowlist_config)
+      return all_pods if allowlist_config.nil? || allowlist_config.empty?
+      allowed_sets = allowlist_config.transform_values(&:to_set); vendor_prefixes = allowed_sets.keys
+      all_pods.select { |pod_name, _| matched_prefix = vendor_prefixes.find { |p| pod_name.start_with?(p) }; matched_prefix ? allowed_sets[matched_prefix].include?(pod_name) : true }
+    end
+    def self.load_risk_config(path)
+      return { 'default' => { 'risk' => 500, 'owners' => [] }, 'pods' => {} } unless File.exist?(path)
+      config = YAML.load_file(path) || {}; config['default'] ||= { 'risk' => 500, 'owners' => [] }; config['pods'] ||= {}; config
+    end
+    def self.sync_risk_yaml(path, pods, config)
+      pods.keys.sort_by(&:downcase).each { |name| config['pods'][name] ||= config['default'].dup }
+      File.write(path, config.to_yaml)
+      puts "[podrpt] PodsRisk.yaml sincronizado com #{config['pods'].size} pods."
+    end
+    def self.is_outdated(current, latest); latest && !latest.empty? && Podrpt::VersionComparer.compare(latest, current) > 0; end
+  end
+end

data/lib/podrpt/configuration.rb

@@ -0,0 +1,81 @@
+# lib/podrpt/configuration.rb
+require 'yaml'
+
+module Podrpt
+  class Configuration
+    CONFIG_FILE = '.podrpt.yml'.freeze
+    RISK_FILE = 'PodsRisk.yaml'.freeze
+    ALLOWLIST_FILE = 'PodsAllowlist.yaml'.freeze
+
+    def self.save_slack_url(url)
+      config = File.exist?(CONFIG_FILE) ? YAML.load_file(CONFIG_FILE) || {} : {}
+      config['slack_webhook_url'] = url
+      File.write(CONFIG_FILE, config.to_yaml)
+      puts "✅ URL do Slack salva em #{CONFIG_FILE}"
+    end
+
+    def self.load_slack_url
+      return nil unless File.exist?(CONFIG_FILE)
+      YAML.load_file(CONFIG_FILE)['slack_webhook_url']
+    end
+
+    def self.create_risk_file(pod_names: [])
+      return if File.exist?(RISK_FILE)
+
+      bands_config = { 'green_max' => 400, 'yellow_max' => 700 }
+      default_config = { 'owners' => [], 'risk' => 500 }
+      
+      pods_hash = {}
+      if pod_names.empty?
+        puts "⚠️ Nenhum pod encontrado para pré-popular. Criando arquivo de risco com um exemplo."
+        pods_hash['Firebase'] = { 'owners' => ['core-team'], 'risk' => 100 }
+      else
+        pod_names.sort_by(&:downcase).each do |name|
+          pods_hash[name] = YAML.load(default_config.to_yaml)
+        end
+      end
+
+      final_structure = {
+        'bands' => bands_config,
+        'default' => default_config,
+        'pods' => pods_hash
+      }
+
+      File.write(RISK_FILE, final_structure.to_yaml)
+      puts "✅ Arquivo '#{RISK_FILE}' criado e pré-populado com #{pods_hash.count} pods."
+    end
+
+    def self.create_allowlist_file(pod_names: [])
+      return if File.exist?(ALLOWLIST_FILE)
+      
+      header = <<~YAML
+        # The allowlist is used to filter transitive dependencies (sub-dependencies)
+        # and focus only on the pods you manage directly in your Podfile.
+        #
+        # For each "group" (e.g., Firebase), only the pods listed here will appear in the report.
+        # Pods that don't belong to any group (e.g., Alamofire) will appear by default.
+        #
+        # Uncomment and adjust the examples below, or create your own groups.
+      YAML
+
+      example_content = {
+        'allowlist' => {
+          'Firebase' => ['FirebaseAnalytics', 'FirebaseCrashlytics']
+        }
+      }
+
+      project_pods_comment = pod_names.sort_by(&:downcase).map { |name| "#    - #{name}" }.join("\n")
+      
+      final_content = header + example_content.to_yaml
+      unless pod_names.empty?
+        final_content += "\n# --- Pods Encontrados no seu Projeto (descomente para usar) ---\n"
+        final_content += "# allowlist:\n"
+        final_content += "#   MeuGrupo:\n"
+        final_content += project_pods_comment
+      end
+
+      File.write(ALLOWLIST_FILE, final_content)
+      puts "✅ Arquivo de exemplo '#{ALLOWLIST_FILE}' criado."
+    end
+  end
+end

data/lib/podrpt/lockfile_analyzer.rb

@@ -0,0 +1,32 @@
+module Podrpt
+  class LockfileAnalyzer
+    def initialize(project_dir)
+      lockfile_path = File.join(project_dir, 'Podfile.lock')
+      raise "ERRO: #{lockfile_path} not found." unless File.exist?(lockfile_path)
+      @lockfile = Pod::Lockfile.from_file(Pathname.new(lockfile_path))
+    end
+
+    def pod_versions
+      pod_versions_map = {}
+      @lockfile.pod_names.each do |pod_name|
+        root_name = Pod::Specification.root_name(pod_name)
+        pod_versions_map[root_name] ||= @lockfile.version(pod_name).to_s
+      end
+      pod_versions_map
+    end
+
+    def classify_pods
+      lockfile_hash = @lockfile.to_hash
+      all_pods = (@lockfile.pod_names || []).map { |n| Pod::Specification.root_name(n) }.to_set
+      git_pods = Set.new
+      dev_pods = Set.new
+      (lockfile_hash['EXTERNAL SOURCES'] || {}).each do |name, details|
+        root_name = Pod::Specification.root_name(name)
+        git_pods.add(root_name) if details.key?(:git)
+        dev_pods.add(root_name) if details.key?(:path)
+      end
+      spec_repo_pods = all_pods - git_pods - dev_pods
+      { spec_repo: spec_repo_pods, git_source: git_pods, dev_path: dev_pods }
+    end
+  end
+end

data/lib/podrpt/models.rb

@@ -0,0 +1,14 @@
+# lib/podrpt/models.rb
+
+module Podrpt
+  Options = Struct.new(
+    :project_dir, :risk_yaml, :allowlist_yaml, :trunk_workers,
+    :only_outdated, :sync_risk_yaml, :total_pods_count, :slack_webhook_url,
+    :dry_run,
+    keyword_init: true
+  )
+  PodAnalysis = Struct.new(
+    :name, :current_version, :latest_version,
+    :risk, :owners, keyword_init: true
+  )
+end

data/lib/podrpt/report_generator.rb

@@ -0,0 +1,35 @@
+module Podrpt
+  class ReportGenerator
+    def initialize(pods_analysis, options)
+      @pods = pods_analysis
+      @options = options
+    end
+
+    def build_report_text
+      outdated_count = @pods.count { |p| is_outdated?(p.current_version, p.latest_version) }
+      total_pods_in_report = @options.total_pods_count 
+      header = "_Generated: #{Time.now.utc.iso8601}_\n" \
+               "_Outdated: #{outdated_count}/#{total_pods_in_report}_"
+      
+      h_pod, h_ver, h_risk, h_owners = "Pod", "Versions", "Risk", "Owners"
+      pod_names = @pods.map(&:name); versions = @pods.map { |p| versions_cell(p) }; risks = @pods.map { |p| risk_cell(p) }; owners = @pods.map { |p| p.owners.empty? ? "—" : p.owners.join(', ') }
+      w_pod = [h_pod.length, pod_names.map(&:length).max || 0].max; w_ver = [h_ver.length, versions.map(&:length).max || 0].max; w_risk = [h_risk.length, risks.map(&:length).max || 0].max; w_owners = [h_owners.length, owners.map(&:length).max || 0].max
+      
+      row_formatter = ->(c1, c2, c3, c4) { "| #{c1.ljust(w_pod)} | #{c2.ljust(w_ver)} | #{c3.rjust(w_risk)} | #{c4.ljust(w_owners)} |" }
+      
+      lines = [header, ""]; lines << row_formatter.call(h_pod, h_ver, h_risk, h_owners)
+      sep_pod = ":-" + ("-" * (w_pod - 1)); sep_ver = ":-" + ("-" * (w_ver - 1)); sep_risk = ("-" * (w_risk - 1)) + ":"; sep_owners = ":-" + ("-" * (w_owners - 1))
+      lines << "|#{sep_pod}|#{sep_ver}|#{sep_risk}|#{sep_owners}|"
+      @pods.each_with_index { |_, i| lines << row_formatter.call(pod_names[i], versions[i], risks[i], owners[i]) }
+      
+      lines.join("\n")
+    end
+
+    private
+
+    def is_outdated?(current, latest); latest && !latest.empty? && Podrpt::VersionComparer.compare(latest, current) > 0; end
+    def versions_cell(pod); current, latest = pod.current_version, pod.latest_version; return "#{current} (latest unknown)" if latest.nil? || latest.empty?; is_outdated?(current, latest) ? "#{current} -> #{latest}" : "#{current} (latest)"; end
+    def risk_cell(pod); "#{pod.risk} #{risk_emoji(pod.risk)}"; end
+    def risk_emoji(risk_value); return "🟢" if risk_value.nil?; case risk_value; when ...401 then "🟢"; when 401..700 then "🟡"; else "🔴"; end; end
+  end
+end

data/lib/podrpt/slack_notifier.rb

@@ -0,0 +1,39 @@
+# lib/podrpt/slack_notifier.rb
+
+module Podrpt
+  class SlackNotifier
+    def self.notify(webhook_url, report_text, dry_run: false)
+      if dry_run
+        puts "\n--- SLACK NOTIFICATION DRY RUN ---"
+        puts "Target URL: #{webhook_url || 'Nenhuma URL fornecida'}"
+        puts "--- Payload ---"
+        puts report_text
+        puts "----------------------------------"
+        puts "Dry run completed. No notification was sent."
+        return
+      end
+
+      unless webhook_url && !webhook_url.empty?
+        puts "ERRO: Slack URL not provided. Logging out."
+        exit 1
+      end
+      
+      puts "Sending report to Slack..."
+      headers = { 'Content-Type' => 'application/json' }
+      payload = { text: "```\n#{report_text}\n```" }.to_json
+      
+      begin
+        response = HTTParty.post(webhook_url, body: payload, headers: headers)
+        if response.success?
+          puts "Report sent successfully!"
+        else
+          puts "ERROR sending to Slack. Status: #{response.code}, Response: #{response.body}"
+          exit 1
+        end
+      rescue => e
+        puts "Connection ERROR when sending to Slack: #{e.message}"
+        exit 1
+      end
+    end
+  end
+end

data/lib/podrpt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Podrpt
-  VERSION = "0.1.0"
+  VERSION = "1.0.1"
 end

data/lib/podrpt/version_comparer.rb

@@ -0,0 +1,18 @@
+module Podrpt
+  module VersionComparer
+    def self.tokenize(version); (version || '').to_s.scan(/[A-Za-z]+|\d+/).map { |t| t.match?(/\d+/) ? t.to_i : t.downcase }; end
+    def self.compare(a, b)
+      ta, tb = tokenize(a), tokenize(b)
+      [ta.length, tb.length].max.times do |i|
+        va, vb = ta[i] || 0, tb[i] || 0
+        if va.is_a?(vb.class)
+          next if va == vb
+          return va > vb ? 1 : -1
+        else
+          return va.is_a?(Integer) ? 1 : -1
+        end
+      end
+      0
+    end
+  end
+end

data/lib/podrpt/version_fetcher.rb

@@ -0,0 +1,29 @@
+module Podrpt
+  class VersionFetcher
+    def initialize(options)
+      @options = options
+      @sources_manager = Pod::Config.instance.sources_manager
+    end
+
+    def fetch_latest_versions_in_bulk(pod_names)
+      return {} if pod_names.empty?
+      puts "Discovering the latest version for #{pod_names.length} pods..."
+      results = Concurrent::Map.new
+      pool = Concurrent::ThreadPoolExecutor.new(max_threads: @options.trunk_workers)
+      pod_names.each { |name| pool.post { results[name] = find_latest_version(name) } }
+      pool.shutdown
+      pool.wait_for_termination
+      Hash[results.each_pair.to_a]
+    end
+
+    private
+
+    def find_latest_version(pod_name)
+      set = @sources_manager.search(Pod::Dependency.new(pod_name))
+      set&.highest_version.to_s
+    rescue => e
+      warn " WARNING: Failed to fetch version for #{pod_name}: #{e.message}"
+      nil
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: podrpt
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Andrew Alves
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-27 00:00:00.000000000 Z
+date: 2025-09-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cocoapods
@@ -74,6 +74,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".DS_Store"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -82,7 +83,15 @@ files:
 - Rakefile
 - bin/podrpt
 - lib/podrpt.rb
+- lib/podrpt/cli.rb
+- lib/podrpt/configuration.rb
+- lib/podrpt/lockfile_analyzer.rb
+- lib/podrpt/models.rb
+- lib/podrpt/report_generator.rb
+- lib/podrpt/slack_notifier.rb
 - lib/podrpt/version.rb
+- lib/podrpt/version_comparer.rb
+- lib/podrpt/version_fetcher.rb
 - sig/podrpt.rbs
 homepage: https://github.com/swiftdrew/podrpt
 licenses: