ruby_shopify_api 1.0.0

data/RELEASING

@@ -0,0 +1,17 @@
+Releasing ShopifyAPI
+
+1. Check the Semantic Versioning page for info on how to version the new release: http://semver.org
+2. Update the version of ShopifyAPI in lib/shopify_api/version.rb
+3. Run `bundle`
+4. Add a CHANGELOG entry for the new release
+5. Commit the changes with a commit message like "Packaging for release X.Y.Z"
+6. Tag the release with the version (Leave REV blank for HEAD or provide a SHA)
+  $ git tag vX.Y.Z REV
+7. Push out the changes
+  $ git push
+8. Push out the tags
+  $ git push --tags
+9. Publish the gem using Shipit
+10. Consider if the dependency in Shopify/shopify needs updated. It's used only by the tests so is a low risk change.
+Also consider Shopify/shopify_app whose gemspec depends on this.
+We don't need to do this for every release, but we should try to keep them relatively up to date.

data/Rakefile

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+require 'rake'
+require "bundler/gem_tasks"
+require 'rake/testtask'
+require 'rubocop/rake_task'
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/*_test.rb'
+  test.warning = false
+end
+
+RuboCop::RakeTask.new
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/*_test.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task(:rcov) do
+    abort("RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov")
+  end
+end
+
+task(default: [:test, :rubocop, :verify_docs])
+
+require 'verify_docs'
+task(:verify_docs) do
+  unless VerifyDocs.call
+    abort("\nWARNING: docs/index.md and README.md no longer have identical content. Please correct this.")
+  end
+end
+
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  if File.exist?('VERSION.yml')
+    config = YAML.load(File.read('VERSION.yml'))
+    version = "#{config[:major]}.#{config[:minor]}.#{config[:patch]}"
+  else
+    version = ""
+  end
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "shopify_api #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+task(:docker) do
+  cmd = "docker-compose up -d && docker exec -i -t shopify_api bash"
+  exec(cmd, err: File::NULL)
+end

data/SECURITY.md

@@ -0,0 +1,59 @@
+# Security Policy
+
+## Supported versions
+
+### New features
+
+New features will only be added to the master branch and will not be made available in point releases.
+
+### Bug fixes
+
+Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.
+
+### Security issues
+
+Only the latest release series will receive patches and new versions in case of a security issue.
+
+### Severe security issues
+
+For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.
+
+### Unsupported Release Series
+
+When a release series is no longer supported, it's your own responsibility to deal with bugs and security issues. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.
+
+## Reporting a bug
+
+All security bugs in shopify repositories should be reported to [our hackerone program](https://hackerone.com/shopify)
+Shopify's whitehat program is our way to reward security researchers for finding serious security vulnerabilities in the In Scope properties listed at the bottom of this page, including our core application (all functionality associated with a Shopify store, particularly your-store.myshopify.com/admin) and certain ancillary applications.
+
+## Disclosure Policy
+
+We look forward to working with all security researchers and strive to be respectful, always assume the best and treat others as peers. We expect the same in return from all participants. To achieve this, our team strives to:
+
+- Reply to all reports within one business day and triage within two business days (if applicable)
+- Be as transparent as possible, answering all inquires about our report decisions and adding hackers to duplicate HackerOne reports
+- Award bounties within a week of resolution (excluding extenuating circumstances)
+- Only close reports as N/A when the issue reported is included in Known Issues, Ineligible Vulnerabilities Types or lacks evidence of a vulnerability
+
+**The following rules must be followed in order for any rewards to be paid:**
+
+- You may only test against shops you have created which include your HackerOne YOURHANDLE @ wearehackerone.com registered email address.
+- You must not attempt to gain access to, or interact with, any shops other than those created by you.
+- The use of commercial scanners is prohibited (e.g., Nessus).
+- Rules for reporting must be followed.
+- Do not disclose any issues publicly before they have been resolved.
+- Shopify reserves the right to modify the rules for this program or deem any submissions invalid at any time. Shopify may cancel the whitehat program without notice at any time.
+- Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed. We may disqualify you from receiving a reward, or from participating in the program altogether.
+- You are not an employee of Shopify; employees should report bugs to the internal bug bounty program.
+- You hereby represent, warrant and covenant that any content you submit to Shopify is an original work of authorship and that you are legally entitled to grant the rights and privileges conveyed by these terms. You further represent, warrant and covenant that the consent of no other person or entity is or will be necessary for Shopify to use the submitted content.
+- By submitting content to Shopify, you irrevocably waive all moral rights which you may have in the content.
+- All content submitted by you to Shopify under this program is licensed under the MIT License.
+- You must report any discovered vulnerability to Shopify as soon as you have validated the vulnerability.
+- Failure to follow any of the foregoing rules will disqualify you from participating in this program.
+
+** Please see our [Hackerone Profile](https://hackerone.com/shopify) for full details
+
+## Receiving Security Updates
+
+To recieve all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)

data/dev.yml

@@ -0,0 +1,11 @@
+name: shopify-api
+
+type: ruby
+
+up:
+  - ruby: "3.0"
+  - bundler
+
+commands:
+  test:
+    run: bundle exec rake test

data/docker-compose.yml

@@ -0,0 +1,13 @@
+version: '3.5'
+services:
+  api:
+    container_name: shopify_api
+    image: ruby:2.6
+    working_dir: /shopify_api
+    volumes:
+      - .:/shopify_api
+      - bundle:/usr/local/bundle
+    command: bash -c "bundle install && tail -f /dev/null"
+
+volumes:
+  bundle:

data/docs/_config.yml

@@ -0,0 +1 @@
+markdown: kramdown

data/docs/_includes/footer.html

@@ -0,0 +1,28 @@
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+<title>Shopify Open Source > {{ site.github.project_title }}</title>
+
+{% if page.description %}
+  <meta name="description" content="{{ site.github.project_tagline }}">
+{% endif %}
+
+<link rel="canonical" href="http://shopify.github.io">
+
+<meta name="robots" content="index, follow">
+<meta name="st:robots" content="index, follow">
+
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<meta property='st:title' content="Shopify Open Source > {{ site.github.project_title }}">
+
+<link rel="shortcut icon" href="//cdn.shopify.com/assets/favicon.ico" type="image/x-icon">
+
+<link href="//shopify.github.io/css/sub.css" rel="stylesheet" type="text/css">
+<!--[if lt IE 9]>
+  <link href="http://shopify.github.io/css/subie.css" rel="stylesheet" type="text/css">
+<![endif]-->
+
+<!--[if IE]>
+  <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+<![endif]-->

data/docs/_includes/head.html

@@ -0,0 +1,28 @@
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+<title>Shopify Open Source > {{ site.github.project_title }}</title>
+
+{% if page.description %}
+  <meta name="description" content="{{ site.github.project_tagline }}">
+{% endif %}
+
+<link rel="canonical" href="http://shopify.github.io">
+
+<meta name="robots" content="index, follow">
+<meta name="st:robots" content="index, follow">
+
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<meta property='st:title' content="Shopify Open Source > {{ site.github.project_title }}">
+
+<link rel="shortcut icon" href="//cdn.shopify.com/assets/favicon.ico" type="image/x-icon">
+
+<link href="//shopify.github.io/css/sub.css" rel="stylesheet" type="text/css">
+<!--[if lt IE 9]>
+  <link href="http://shopify.github.io/css/subie.css" rel="stylesheet" type="text/css">
+<![endif]-->
+
+<!--[if IE]>
+  <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+<![endif]-->

data/docs/_layouts/index.html

@@ -0,0 +1,57 @@
+<!doctype html>
+<!--[if IE 8]><html class="no-js lt-ie9" lang="en"> <![endif]-->
+<!--[if IE 9 ]><html class="ie9 no-js"> <![endif]-->
+<!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js"> <!--<![endif]-->
+  <head>
+  {% include head.html %}
+  </head>
+    <body>
+    <div class="hero">
+      <div class="hero-lines"></div>
+      <header class="hero-header">
+        <div class="pagewidth">
+          <div class="logo--ie">
+            <img src="http://shopify.github.io/images/shopify-open-source-sub.svg" alt="Shopify Open Source" class="logo">
+            <span class="breadcrumb"><a href="http://shopify.github.io">Open Source</a> > {{ site.github.project_title }}</span>
+          </div>
+          <div class="repo-lang {{ site.github.language | downcase }}">
+            {{ site.github.language }}
+          </div>
+        </div>
+      </header>
+      <div class="pagewidth">
+        <div class="hero-inner">
+          <h1 class="hero-logo">{{ site.github.project_title }}</h1>
+          <h2 class="hero-text">{{ site.github.project_tagline }}</h2>
+          <div class="cta-buttons">
+            <a href="{{ site.github.zip_url }}" class="float">Download ZIP</a>
+            <a href="{{ site.github.repository_url }}" class="float github">
+              Github Repo
+              <i class="icon-star" title="Stars"></i> <span id="starCount"></span>
+              <i class="icon-forks" title="Forks"></i> <span id="forkCount"></span>
+            </a>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="documentation">
+      <div class="pagewidth">
+
+        {{ content }}
+
+      </div>
+    </div>
+    {% include footer.html %}
+
+    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
+    <script src="//shopify.github.io/javascripts/sub.js"></script>
+    <script>
+    jQuery(function($) {
+      shopifyOpenSource.init({
+        repo_name: '{{ site.github.repository_nwo }}'
+      });
+    });
+    </script>
+    </body>
+</html>

data/docs/graphql.md

@@ -0,0 +1,241 @@
+# GraphQL client
+
+The `shopify_api` gem includes a full featured GraphQL client to interact with
+Shopify's [GraphQL Admin API](https://help.shopify.com/en/api/graphql-admin-api).
+GitHub's [graphql-client](https://github.com/github/graphql-client) is used as
+the underlying client and this library integrates it with our existing
+session, authentication, and API versioning features.
+
+## Example
+
+```ruby
+client = ShopifyAPI::GraphQL.client
+
+SHOP_NAME_QUERY = client.parse <<-'GRAPHQL'
+  {
+    shop {
+      name
+    }
+  }
+GRAPHQL
+
+result = client.query(SHOP_NAME_QUERY)
+result.data.shop.name
+```
+
+* [Getting started](#getting-started)
+* [Rails integration](#rails-integration)
+* [API versioning](#api-versioning)
+* [Initialization process](#initialization-process)
+* [Migration guide](#migration-guide)
+
+## Getting started
+
+1. [Dump the schema](#dump-the-schema)
+2. [Configure session/authentication](#sessions-and-authentication)
+3. [Make queries](#make-queries)
+
+### Dump the schema
+One of the main benefits of GraphQL is its [schema and type system](https://graphql.org/learn/schema/)
+which enables tools like graphql-client to ensure your queries are valid in development.
+
+So the first step in making GraphQL queries is having a local JSON file of Shopify's Admin schema.
+This gem provides a `shopify_api:graphql:dump` Rake task to make it as easy as possible:
+
+#### Private apps
+```bash
+$ rake shopify_api:graphql:dump SHOP_URL="https://API_KEY:PASSWORD@SHOP_NAME.myshopify.com" API_VERSION=2020-01
+```
+#### Public apps
+```bash
+$ rake shopify_api:graphql:dump SHOP_DOMAIN="SHOP_NAME.myshopify.com" ACCESS_TOKEN="SHOP_TOKEN" API_VERSION=2020-01
+```
+
+If successful `db/shopify_graphql_schemas/2020-01.json` will be created.
+
+You can either use private app authentication or an OAuth access token. Run `rake shopify_api:graphql:dump`
+to see full usage details.
+
+If you're using shopify_api in a Rails app, the default location for schema files is `db/shopify_graphql_schemas`.
+For non-Rails applications, the default is `shopify_graphql_schemas` in your project root.
+
+The schema path location can be changed via `ShopifyAPI::GraphQL.schema_location`:
+
+```ruby
+ShopifyAPI::GraphQL.schema_location = 'assets/schemas'
+```
+
+#### Updating schemas
+Each time you want to use a new API version, or update an existing one
+(such as the `unstable` version), simply run the Rake task again to overwrite the file.
+
+### Sessions and authentication
+The GraphQL client is designed to be integrated with the rest of shopify_api so
+all its features such as sessions, authentication, and API versioning work the
+exact same.
+
+If you've already been using the shopify_api gem in your application to make
+REST API calls then no other configuration is necessary.
+
+Steps 1-5 of our main [Getting started](https://github.com/Shopify/shopify_api#getting-started)
+section still apply for the GraphQL client as well.
+
+### Make queries
+Now that you've dumped a schema file and configured an authenticated session, you can make GraphQL API requests.
+graphql-client encourages all queries to be defined statically as constants:
+
+```ruby
+SHOP_NAME_QUERY = ShopifyAPI::GraphQL.client.parse <<-'GRAPHQL'
+  {
+    shop {
+      name
+    }
+  }
+GRAPHQL
+
+result = ShopifyAPI::GraphQL.client.query(SHOP_NAME_QUERY)
+result.data.shop.name
+```
+
+But we've also enabled its `allow_dynamic_queries` option if you prefer:
+
+```ruby
+query = ShopifyAPI::GraphQL.client.parse <<-'GRAPHQL'
+  {
+    shop {
+      name
+    }
+  }
+GRAPHQL
+
+result = ShopifyAPI::GraphQL.client.query(query)
+result.data.shop.name
+```
+
+See the [graphql-client documentation](https://github.com/github/graphql-client#defining-queries)
+for more details on defining and executing queries.
+
+## Rails integration
+`ShopifyAPI::GraphQL` integrates with Rails to automatically do the following:
+
+* load the `shopify_api:graphql:dump` Rake task
+* set the `schema_location` to be in the `db` directory in your Rails root
+* initialize clients in the Rails app initializer phase
+
+## API versioning
+`ShopifyAPI::GraphQL` is version aware and lets you easily make queries to multiple
+API versions through version specific clients if need be.
+
+If you have multiple clients and need to be explicit you can specify the version parameter:
+
+```ruby
+ShopifyAPI::GraphQL.client # defaults to the client using ShopifyAPI::Base.api_version
+ShopifyAPI::GraphQL.client('unstable')
+```
+
+## Initialization process
+`ShopifyAPI::GraphQL` is a thin integration layer which initializes `GraphQL::Client`s
+from local schema files.
+
+`ShopifyAPI::GraphQL.initialize_clients` scans `ShopifyAPI::GraphQL.schema_location`
+and creates a client for each version specific schema file found.
+
+This happens automatically in a Rails application due to our [integration](#rails-integration).
+For non-Rails applications, ensure you call `ShopifyAPI::GraphQL.initialize_clients`
+during your boot process.
+
+The goal is to have all clients created at boot so there's no schema loading,
+parsing, or client instantiation done during runtime when your app serves a request.
+
+
+## Using a custom GraphQL Client
+By default `ShopifyAPI::GraphQL` wraps the Github GraphQL Client library. However, this client
+may not suitable for various reasons. If you wish to expand on the interface of the client or
+improve the required functions for your use case you can implement a client of your own.
+
+To use a custom GraphQL Client:
+```
+class CustomGraphQLClient < ::GraphQL::Client
+end
+
+ShopifyAPI::GraphQL.graphql_client = CustomGraphQLClient
+```
+
+
+## Using a custom query execution adapter
+Github's GraphQL Client uses an adapter pattern so that you can define how you interact
+with GraphQL API's. Shopify provides a minimal implementation in `ShopifyAPI::GraphQL::HTTPClient`.
+If you need to add additional functionality pre, during or post query execution you can
+consider implementing these within a custom query execution adapter, inheriting from
+`ShopifyAPI::GraphQL::HTTPClient` which provides the necessary implementation for
+headers, url, and api versions
+
+
+To set a custom query executiona dapter set `ShopifyAPI::GraphQL.execution_adapter` to your client:
+```ruby
+class RaisingHTTPClient < ShopifyAPI::GraphQL::HTTPClient
+  def execute(document:, operation_name: nil, variables: {}, context: {})
+    result = super
+    do_work(result)
+  end
+
+  private
+
+  def do_work(result)
+    result
+  end
+end
+
+ShopifyAPI::GraphQL.execution_adapter = RaisingHTTPClient
+```
+
+Note, the execution adapter has `client` in the name. This is to remain consistent with
+the naming conventions within the Github GraphQL Client library.
+
+## Migration guide
+Prior to shopify_api v9.0 the GraphQL client implementation was limited and almost
+unusable due to the client making dynamic introspection queries to Shopify's API.
+This was not only very slow but also led to unbounded memory growth.
+
+There are two steps to migrate to the new client:
+1. [Dump a local schema file](#dump-the-schema)
+2. [Migrate `client` usage](#migrate-usage)
+
+### Migrate usage
+
+Previously a client was initialized with `ShopifyAPI::GraphQL.new`:
+```ruby
+client = ShopifyAPI::GraphQL.new
+
+SHOP_NAME_QUERY = client.parse <<-'GRAPHQL'
+  {
+    shop {
+      name
+    }
+  }
+GRAPHQL
+
+result = client.query(SHOP_NAME_QUERY)
+result.data.shop.name
+```
+
+Now there's no need to initialize a client so all references to
+`ShopifyAPI::GraphQL.new` should be removed and instead the client is called
+via `ShopifyAPI::GraphQL.client`:
+
+```ruby
+client = ShopifyAPI::GraphQL.client
+
+SHOP_NAME_QUERY = client.parse <<-'GRAPHQL'
+  {
+    shop {
+      name
+    }
+  }
+GRAPHQL
+
+result = client.query(SHOP_NAME_QUERY)
+result.data.shop.name
+```
+
+See [make queries](#make-queries) for more usage details.