still_active 0.5.0 → 1.0.0

data/lib/still_active/options.rb

@@ -17,6 +17,7 @@ module StillActive
         add_token_options(opts)
         add_parallelism_options(opts)
         add_range_options(opts)
+        add_exit_options(opts)
         add_emoji_options(opts)
       end
     end
@@ -48,14 +49,18 @@ module StillActive
     end
 
     def add_output_options(opts)
-      opts.on("--markdown", "Prints output in markdown format") { StillActive.config { |config| config.output_format = :markdown } }
-      opts.on("--json", "Prints output in JSON format") { StillActive.config { |config| config.output_format = :json } }
+      opts.on("--terminal", "Coloured terminal output (default in TTY)") { StillActive.config { |config| config.output_format = :terminal } }
+      opts.on("--markdown", "Markdown table output") { StillActive.config { |config| config.output_format = :markdown } }
+      opts.on("--json", "JSON output (default when piped)") { StillActive.config { |config| config.output_format = :json } }
     end
 
     def add_token_options(opts)
       opts.on("--github-oauth-token=TOKEN", String, "GitHub OAuth token to make API calls") do |value|
         StillActive.config { |config| config.github_oauth_token = value }
       end
+      opts.on("--gitlab-token=TOKEN", String, "GitLab personal access token for API calls") do |value|
+        StillActive.config { |config| config.gitlab_token = value }
+      end
     end
 
     def add_parallelism_options(opts)
@@ -66,21 +71,30 @@ module StillActive
 
     def add_range_options(opts)
       opts.on(
-        "--no-warning-range-end=YEARS",
+        "--safe-range-end=YEARS",
         Integer,
-        "maximum number of years since last activity until which you do not want to be warned about ",
+        "maximum years since last activity considered safe (no warning)",
       ) do |value|
         StillActive.config { |config| config.no_warning_range_end = value }
       end
       opts.on(
         "--warning-range-end=YEARS",
         Integer,
-        "maximum number of years since last activity that you want to be warned about",
+        "maximum years since last activity that triggers a warning (beyond this is critical)",
       ) do |value|
         StillActive.config { |config| config.warning_range_end = value }
       end
     end
 
+    def add_exit_options(opts)
+      opts.on("--fail-if-critical", "Exit 1 if any gem has critical activity warning") do
+        StillActive.config { |config| config.fail_if_critical = true }
+      end
+      opts.on("--fail-if-warning", "Exit 1 if any gem has warning or critical activity warning") do
+        StillActive.config { |config| config.fail_if_warning = true }
+      end
+    end
+
     def add_emoji_options(opts)
       opts.on("--critical-warning-emoji=EMOJI") { |value| StillActive.config { |config| config.critical_warning_emoji = value } }
       opts.on("--futurist-emoji=EMOJI") { |value| StillActive.config { |config| config.futurist_emoji = value } }

data/lib/still_active/repository.rb

@@ -2,28 +2,21 @@
 
 module StillActive
   module Repository
-    GITHUB_REGEX = %r{(http(?:s)?://(?:www\.)?(github)\.com/((?:\w|_|-)+)/((?:\w|_|-)+))}i
-    GITLAB_REGEX = %r{(http(?:s)?://(?:www\.)?(gitlab)\.com/((?:\w|_|-)+)/((?:\w|_|-)+))}i
-
-    HASH_KEYS = [:url, :source, :owner, :name]
-    private_constant :HASH_KEYS
+    REPO_REGEX = %r{(https?://(?:www\.)?(github|gitlab)\.com/([\w.\-]+)/([\w.\-]+))}i
 
     extend self
 
     def valid?(url:)
-      [GITHUB_REGEX, GITLAB_REGEX].any? do |regex|
-        !url.scan(regex)&.first.nil?
-      end
+      return false if url.nil?
+
+      url.match?(REPO_REGEX)
     end
 
     def url_with_owner_and_name(url:)
-      [GITHUB_REGEX, GITLAB_REGEX].each do |regex|
-        values = url&.scan(regex)&.first
-        next if values.nil? || values.empty?
+      match = url&.match(REPO_REGEX)
+      return { source: :unhandled, owner: nil, name: nil } unless match
 
-        return HASH_KEYS.zip(values).to_h
-      end
-      { source: :unhandled, owner: nil, name: nil }
+      { url: match[1], source: match[2].to_sym, owner: match[3], name: match[4] }
     end
   end
 end

data/lib/still_active/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module StillActive
-  VERSION = "0.5.0"
+  VERSION = "1.0.0"
 end

data/lib/still_active/workflow.rb

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
+require_relative "deps_dev_client"
+require_relative "gitlab_client"
 require_relative "repository"
 require_relative "../helpers/version_helper"
 require "async"
 require "async/barrier"
 require "async/semaphore"
 require "gems"
-require "github_api"
 
 module StillActive
   module Workflow
     extend self
-    include VersionHelper
 
     def call
       task = Async do
@@ -20,7 +20,7 @@ module StillActive
         result_object = {}
         StillActive.config.gems.each_with_object(result_object) do |gem, hash|
           semaphore.async do
-            gem_info(gem_name: gem[:name], result_object: hash, gem_version: gem.dig(:version))
+            gem_info(gem_name: gem[:name], result_object: hash, gem_version: gem[:version])
           end
         end
         barrier.wait
@@ -37,13 +37,17 @@ module StillActive
 
       vs = versions(gem_name: gem_name)
       repo_info = repository_info(gem_name: gem_name, versions: vs)
-      last_commit_date = last_commit_date(
+      commit_date = last_commit_date(
         source: repo_info[:source],
         repository_owner: repo_info[:owner],
         repository_name: repo_info[:name],
       )
       last_release = VersionHelper.find_version(versions: vs, pre_release: false)
       last_pre_release = VersionHelper.find_version(versions: vs, pre_release: true)
+      deps_dev = fetch_deps_dev_info(
+        gem_name: gem_name,
+        version: VersionHelper.gem_version(version_hash: last_release),
+      )
       result_object[gem_name].merge!({
         latest_version: VersionHelper.gem_version(version_hash: last_release),
         latest_version_release_date: VersionHelper.release_date(version_hash: last_release),
@@ -52,7 +56,8 @@ module StillActive
         latest_pre_release_version_release_date: VersionHelper.release_date(version_hash: last_pre_release),
 
         repository_url: repo_info[:url],
-        last_commit_date: last_commit_date,
+        last_commit_date: commit_date,
+        **deps_dev,
       })
 
       unless vs.empty?
@@ -62,8 +67,7 @@ module StillActive
       if gem_version
         version_used = VersionHelper.find_version(versions: vs, version_string: gem_version)
         result_object[gem_name].merge!({
-          up_to_date:
-          VersionHelper.up_to_date?(
+          up_to_date: VersionHelper.up_to_date(
             version_used: version_used,
             latest_version: last_release,
             latest_pre_release_version: last_pre_release,
@@ -73,7 +77,16 @@ module StillActive
         })
       end
     rescue StandardError => e
-      puts "error occured for #{gem_name}: #{e.class}\n\t#{e.message}"
+      $stderr.puts "error occurred for #{gem_name}: #{e.class}\n\t#{e.message}"
+    end
+
+    def fetch_deps_dev_info(gem_name:, version:)
+      info = DepsDevClient.version_info(gem_name: gem_name, version: version)
+      scorecard = DepsDevClient.project_scorecard(project_id: info&.dig(:project_id))
+      {
+        scorecard_score: scorecard&.dig(:score),
+        vulnerability_count: info&.dig(:advisory_keys)&.length,
+      }
     end
 
     # makes network request
@@ -96,8 +109,8 @@ module StillActive
       return [] if info.nil?
 
       [
-        info&.metadata&.dig("source_code_uri"),
-        info&.homepage,
+        info.metadata&.dig("source_code_uri"),
+        info.homepage,
       ].compact.uniq
     end
 
@@ -119,22 +132,17 @@ module StillActive
       []
     end
 
-    def last_commit(source:, repository_owner:, repository_name:)
-      case source.to_sym
-      when :github
-        StillActive.config.github_client.repos.commits.all(repository_owner, repository_name, per_page: 1)&.first
-        # when :gitlab
-        #   Gitlab.commits(name, per_page: 1)
-      end
-    end
-
     def last_commit_date(source:, repository_owner:, repository_name:)
-      commit = last_commit(source: source, repository_owner: repository_owner, repository_name: repository_name)
-      case source.to_sym
+      case source
       when :github
-        commit&.dig("commit", "author", "date").then { |date| Time.parse(date) unless date.nil? }
-        # when :gitlab
-        #   commit
+        commit = StillActive.config.github_client.commits("#{repository_owner}/#{repository_name}", per_page: 1)&.first
+        date = commit&.commit&.author&.date
+        case date
+        when Time then date
+        when String then Time.parse(date)
+        end
+      when :gitlab
+        GitlabClient.last_commit_date(owner: repository_owner, name: repository_name)
       end
     end
   end

data/still_active.gemspec

@@ -8,20 +8,21 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Sean Floyd"]
   spec.email         = ["contact@seanfloyd.dev"]
 
-  spec.summary       = "Check if gems are under active development."
-  spec.description   = "Obtain last release, pre-release, and last commit date to determine if a gem is still under active development."
+  spec.summary       = "Check if your Ruby dependencies are still actively maintained."
+  spec.description   = "Analyses your Gemfile dependencies for staleness: latest releases, " \
+    "last commit dates (GitHub and GitLab), OpenSSF Scorecard scores, " \
+    "and known vulnerabilities via deps.dev. " \
+    "Outputs coloured terminal tables, markdown, or JSON with CI gating support."
   spec.homepage      = "https://github.com/SeanLF/still_active"
   spec.license       = "MIT"
-  spec.required_ruby_version = ">= 2.7.0"
-
-  # spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'"
+  spec.required_ruby_version = ">= 3.2.0"
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
-  spec.metadata["changelog_uri"] = "#{spec.metadata["source_code_uri"]}/blob/main/CHANGELOG.md"
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     %x(git ls-files -z).split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
   end
@@ -29,9 +30,6 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{\Abin/still_active}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  # For more information and examples about making a new gem, checkout our
-  # guide at: https://bundler.io/guides/creating_gem.html
-  spec.add_development_dependency("dead_end")
   spec.add_development_dependency("debug")
   spec.add_development_dependency("faker")
   spec.add_development_dependency("rubocop")
@@ -39,13 +37,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("rubocop-rspec")
   spec.add_development_dependency("rubocop-shopify")
 
-  spec.add_runtime_dependency("activesupport")
   spec.add_runtime_dependency("async")
-  # spec.add_runtime_dependency("cli-ui")
-  spec.add_runtime_dependency("async-http")
   spec.add_runtime_dependency("bundler", ">= 2.0")
+  spec.add_runtime_dependency("faraday-retry")
   spec.add_runtime_dependency("gems")
-  spec.add_runtime_dependency("github_api")
-  # spec.add_runtime_dependency("gitlab")
-  # spec.add_runtime_dependency("tty-progressbar")
+  spec.add_runtime_dependency("octokit")
 end

metadata

@@ -1,29 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: still_active
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Sean Floyd
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-21 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: dead_end
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -109,7 +94,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: async
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,21 +108,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: async
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: async-http
+  name: faraday-retry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -150,20 +135,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: gems
   requirement: !ruby/object:Gem::Requirement
@@ -179,7 +150,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: github_api
+  name: octokit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -192,8 +163,10 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Obtain last release, pre-release, and last commit date to determine if
-  a gem is still under active development.
+description: 'Analyses your Gemfile dependencies for staleness: latest releases, last
+  commit dates (GitHub and GitLab), OpenSSF Scorecard scores, and known vulnerabilities
+  via deps.dev. Outputs coloured terminal tables, markdown, or JSON with CI gating
+  support.'
 email:
 - contact@seanfloyd.dev
 executables:
@@ -201,7 +174,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
 - ".github/workflows/codeql-analysis.yml"
+- ".github/workflows/publish.yml"
 - ".github/workflows/rspec.yml"
 - ".github/workflows/rubocop-analysis.yml"
 - ".gitignore"
@@ -216,15 +191,25 @@ files:
 - bin/console
 - bin/setup
 - bin/still_active
+- fixtures/debug_versions.json
+- fixtures/still_active_version.json
+- fixtures/vcr_cassettes/deps_dev_project.yml
+- fixtures/vcr_cassettes/deps_dev_version.yml
 - fixtures/vcr_cassettes/gems.yml
+- lib/helpers/activity_helper.rb
+- lib/helpers/ansi_helper.rb
 - lib/helpers/bundler_helper.rb
 - lib/helpers/emoji_helper.rb
+- lib/helpers/http_helper.rb
 - lib/helpers/markdown_helper.rb
+- lib/helpers/terminal_helper.rb
 - lib/helpers/version_helper.rb
 - lib/still_active.rb
 - lib/still_active/cli.rb
 - lib/still_active/config.rb
-- lib/still_active/gemfile.rb
+- lib/still_active/core_ext.rb
+- lib/still_active/deps_dev_client.rb
+- lib/still_active/gitlab_client.rb
 - lib/still_active/options.rb
 - lib/still_active/repository.rb
 - lib/still_active/version.rb
@@ -237,7 +222,8 @@ metadata:
   homepage_uri: https://github.com/SeanLF/still_active
   source_code_uri: https://github.com/SeanLF/still_active
   changelog_uri: https://github.com/SeanLF/still_active/blob/main/CHANGELOG.md
-post_install_message:
+  bug_tracker_uri: https://github.com/SeanLF/still_active/issues
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -245,15 +231,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 4.0.3
 specification_version: 4
-summary: Check if gems are under active development.
+summary: Check if your Ruby dependencies are still actively maintained.
 test_files: []

data/lib/still_active/gemfile.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-require "bundler"
-
-module StillActive
-  module Gemfile
-    extend self
-
-    def dependencies(gemfile_path:)
-      Bundler::SharedHelpers.set_env("BUNDLE_GEMFILE", File.expand_path(gemfile_path))
-      Bundler.definition.dependencies.map(&:name)
-    end
-  end
-end