unwrappr 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 79e5cc78888cbad5bd38668addf51e451fb15074c2db7193e663950d77513fe2
+  data.tar.gz: '0024689eefd6ef862cf9249f833f2965a9d850263d0315624d61b998332afbb0'
+SHA512:
+  metadata.gz: cd069f4dd6de94d0060e13b0ca118b1091965777bb4ebd0a57e3c1e445d32c278cacf419ce971aeb8b59be59ed5257a6df0c77b42ffcd8602a7ad80cba6ed0b6
+  data.tar.gz: 2b33c94c7896797288b6945368c4c0f5502ed26bd48d64dc9eb7cf032fe28d0b9fa61d97ad05534e04c55cc6670d8050dff2ad799672bb7ec665758e23626927

data/.buildkite/pipeline.yml

@@ -0,0 +1,38 @@
+---
+
+steps:
+  - label: ":ruby: 2.5 :rspec:"
+    command: ".buildkite/steps/rspec.sh"
+    plugins:
+      docker#v1.2.1:
+        image: "ruby:2.5"
+    agents:
+      queue: "platform-docker-spot"
+    timeout_in_minutes: 5
+
+  - label: ":ruby: 2.4 :rspec:"
+    command: ".buildkite/steps/rspec.sh"
+    plugins:
+      docker#v1.2.1:
+        image: "ruby:2.4"
+    agents:
+      queue: "platform-docker-spot"
+    timeout_in_minutes: 5
+
+  - label: ":ruby: 2.3 :rspec:"
+    command: ".buildkite/steps/rspec.sh"
+    plugins:
+      docker#v1.2.1:
+        image: "ruby:2.3"
+    agents:
+      queue: "platform-docker-spot"
+    timeout_in_minutes: 5
+
+  - label: ":rubocop:"
+    command: ".buildkite/steps/rubocop.sh"
+    plugins:
+      docker#v1.2.1:
+        image: "ruby"
+    agents:
+      queue: "platform-docker-spot"
+    timeout_in_minutes: 5

data/.buildkite/steps/rspec.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -euo pipefail
+
+echo "--- :bundler: Bundling"
+bundle install --path .bundle
+
+echo "+++ :rspec: Running RSpec"
+bundle exec rspec

data/.buildkite/steps/rubocop.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -euo pipefail
+
+echo "--- :bundler: Bundling"
+bundle install --path .bundle
+
+echo "+++ :rubocop: Running Rubocop"
+bundle exec rubocop

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/error.txt
+/pkg/
+/spec/reports/
+/stdout.txt
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,25 @@
+---
+AllCops:
+  TargetRubyVersion: 2.5.1
+  Exclude:
+    - 'spike/*.rb'
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+
+Metrics/LineLength:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+
+Metrics/ModuleLength:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.2
+before_install: gem install bundler -v 1.16.1

data/CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+### Changed
+ - Preparing for release!

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at pete.johns@envato.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in unwrappr.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Pete Johns
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,118 @@
+# ![logo](https://user-images.githubusercontent.com/20217279/37953358-6847ed8a-31ee-11e8-9d3f-492e2574d7dc.png)
+
+>  `bundle update` PRs: Automated. Annotated.
+
+Keeping dependencies up-to-date requires regular work. Some teams automate this,
+others do it manually. This project seeks to reduce manual and cerebral labor
+to get regular dependency updates into production.
+
+## Features
+
+ - Saves your team time in keeping dependencies up-to-date and understanding what's changed
+ - `unwrappr` runs `bundle update`, creates a GitHub Pull Request with the changes and annotates the differences in your project's `Gemfile.lock`
+ - Annotations include:
+  - Major, minor and patch-level changes
+  - Upgrades versus downgrades
+  - Vulnerability advisory information using [bundler-audit](https://github.com/rubysec/bundler-audit)
+  - Links to the home page, source code and change log (where available) of each gem
+
+## Development status [![Build status](https://badge.buildkite.com/d7db34f910131ff2a03d31dcc0ee960a3bc5f0df2c42ec4eb4.svg?branch=master&style=flat-square)](https://buildkite.com/envato-marketplaces/unwrappr)
+
+`unwrappr` is used in many projects around [Envato][envato]
+However, it is still undergoing development and features are likely to change
+over time.
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake spec` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+
+
+## Getting started [![Gem version](https://img.shields.io/gem/v/unwrappr.svg?style=flat-square)](https://github.com/envato/unwrappr) [![Gem downloads](https://img.shields.io/gem/dt/unwrappr.svg?style=flat-square)](https://rubygems.org/gems/unwrappr)
+
+```
+$ gem install unwrappr
+```
+
+## Configuration
+
+`unwrappr` needs a [GitHub Personal Access Token](https://github.com/settings/tokens), stored in the environment as `GITHUB_TOKEN`.
+
+To run `unwrappr` in the current working directory use...
+
+```bash
+export GITHUB_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+unwrappr
+```
+
+See https://github.com/settings/tokens to set up personal access tokens.
+
+## Requirements
+
+ - Ruby (tested against v2.4 and above)
+ - GitHub access (see Configuration section)
+
+## Contact ![Join the chat at https://gitter.im/envato/unwrappr](https://badges.gitter.im/Join%20Chat.svg)
+
+ - [GitHub project](https://github.com/envato/unwrappr)
+ - [Gitter chat room](https://gitter.im/envato/unwrappr)
+ - Bug reports and feature requests are welcome via [GitHub Issues](https://github.com/envato/unwrappr/issues)
+
+## Maintainers
+
+ - [Pete Johns](https://github.com/johnsyweb)
+ - [Joe Sustaric](https://github.com/joesustaric)
+
+## Authors
+
+ - [Pete Johns](https://github.com/johnsyweb)
+ - [Orien Madgwick](https://github.com/orien)
+ - [Joe Sustaric](https://github.com/joesustaric)
+ - [Vladimir Chervanev](https://github.com/vchervanev)
+ - [Em Esc](https://github.com/emesc)
+ - [Chun-wei Kuo](https://github.com/Domon)
+
+## License [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=flat-square)](https://github.com/envato/unwrappr/blob/master/LICENSE.txt)
+
+`unwrappr` uses MIT license. See
+[`LICENSE.txt`](https://github.com/envato/unwrappr/blob/master/LICENSE.txt) for
+details.
+
+## Code of Conduct
+
+We welcome contribution from everyone. Read more about it in
+[`CODE_OF_CONDUCT.md`](https://github.com/envato/unwrappr/blob/master/CODE_OF_CONDUCT.md)
+
+## Contributing [![PRs welcome](https://img.shields.io/badge/PRs-welcome-orange.svg?style=flat-square)](https://github.com/envato/unwrappr/issues)
+
+For bug fixes, documentation changes, and features:
+
+1. [Fork it](./fork)
+1. Create your feature branch (`git checkout -b my-new-feature`)
+1. Commit your changes (`git commit -am 'Add some feature'`)
+1. Push to the branch (`git push origin my-new-feature`)
+1. Create a new Pull Request
+
+For larger new features: Do everything as above, but first also make contact with the project maintainers to be sure your change fits with the project direction and you won't be wasting effort going in the wrong direction.
+
+## About [![code with heart by Envato](https://img.shields.io/badge/%3C%2F%3E%20with%20%E2%99%A5%20by-Envato-ff69b4.svg?style=flat-square)](https://github.com/envato/unwrappr)
+
+This project is maintained by the [Envato engineering team][webuild] and funded by [Envato][envato].
+
+[<img src="http://opensource.envato.com/images/envato-oss-readme-logo.png" alt="Envato logo">][envato]
+
+Encouraging the use and creation of open source software is one of the ways we
+serve our community. See [our other projects][oss] or [come work with
+us][careers] where you'll find an incredibly diverse, intelligent and capable
+group of people who help make our company succeed and make our workplace fun,
+friendly and happy.
+
+  [webuild]: https://webuild.envato.com?utm_source=github
+  [envato]: https://envato.com?utm_source=github
+  [oss]: https://opensource.envato.com/?utm_source=github
+  [careers]: https://envato.com/careers/?utm_source=github

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+RSpec::Core::RakeTask.new(:spec)
+
+task default: %i[rubocop spec]

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'unwrappr'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require 'pry'
+Pry.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/unwrappr

@@ -0,0 +1,11 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+$LOAD_PATH << File.expand_path('../lib', __dir__)
+
+require 'unwrappr'
+
+$stdout.sync = true
+$stderr.sync = true
+
+Unwrappr::CLI.run

data/lib/unwrappr/bundler_command_runner.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'safe_shell'
+
+module Unwrappr
+  # Runs the bundle command. No surprises.
+  module BundlerCommandRunner
+    class << self
+      def bundle_update!
+        raise 'bundle update failed' unless updated_gems?
+      end
+
+      private
+
+      def updated_gems?
+        SafeShell.execute?(
+          'bundle',
+          'update',
+          stdout: 'stdout.txt',
+          stderr: 'error.txt'
+        )
+      end
+    end
+  end
+end

data/lib/unwrappr/cli.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'clamp'
+
+module Unwrappr
+  # Entry point for the app
+  class CLI < Clamp::Command
+    self.default_subcommand = 'all'
+
+    option ['--version', '-v'], :flag, 'Show version' do
+      puts "unwrappr v#{Unwrappr::VERSION}"
+      exit(0)
+    end
+
+    subcommand 'all', 'run bundle update, push to github, '\
+                      'create a pr and annotate changes' do
+      def execute
+        puts 'Doing the unwrappr thing...'
+        GitCommandRunner.create_branch!
+        BundlerCommandRunner.bundle_update!
+        GitCommandRunner.commit_and_push_changes!
+        GitHub::Client.make_pull_request!
+      end
+    end
+
+    subcommand 'annotate-pull-request',
+               'Annotate Gemfile.lock changes in a Github pull request' do
+
+      option '--repo', 'REPO',
+             'The repo in github <owner/project>',
+             required: true
+
+      option '--pr', 'PR',
+             'The github PR number',
+             required: true
+
+      def execute
+        LockFileAnnotator.annotate_github_pull_request(
+          repo: repo,
+          pr_number: pr.to_i
+        )
+      end
+    end
+  end
+end

data/lib/unwrappr/gem_change.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module Unwrappr
+  # Represents a gem change in a Gemfile.lock diff.
+  class GemChange
+    extend Forwardable
+
+    def initialize(
+      name:, head_version:, base_version:, line_number:, lock_file_diff:
+    )
+      @name = name
+      @head_version = head_version
+      @base_version = base_version
+      @line_number = line_number
+      @lock_file_diff = lock_file_diff
+    end
+
+    attr_reader :name, :head_version, :base_version, :line_number
+    def_delegators :@lock_file_diff, :filename, :sha
+
+    def added?
+      (head_version && base_version.nil?)
+    end
+
+    def removed?
+      (base_version && head_version.nil?)
+    end
+
+    def major?
+      head_version && base_version &&
+        head_version.major_difference?(base_version)
+    end
+
+    def minor?
+      head_version && base_version &&
+        head_version.minor_difference?(base_version)
+    end
+
+    def patch?
+      head_version && base_version &&
+        head_version.patch_difference?(base_version)
+    end
+
+    def upgrade?
+      head_version && base_version && (head_version > base_version)
+    end
+
+    def downgrade?
+      head_version && base_version && (head_version < base_version)
+    end
+  end
+end

data/lib/unwrappr/gem_version.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Unwrappr
+  # Represents the version of a gem. Helps in comparing two versions to
+  # identify differences and extracting the major, minor and patch components
+  # that make up semantic versioning. https://semver.org/
+  class GemVersion
+    include Comparable
+
+    def initialize(version_string)
+      @version_string = version_string
+      @version = Gem::Version.create(version_string)
+      @major = segment(0)
+      @minor = segment(1)
+      @patch = segment(2)
+    end
+
+    attr_reader :major, :minor, :patch, :version
+
+    def major_difference?(other)
+      (major != other.major)
+    end
+
+    def minor_difference?(other)
+      (major == other.major) &&
+        (minor != other.minor)
+    end
+
+    def patch_difference?(other)
+      (major == other.major) &&
+        (minor == other.minor) &&
+        (patch != other.patch)
+    end
+
+    def <=>(other)
+      @version <=> other.version
+    end
+
+    def to_s
+      @version_string
+    end
+
+    private
+
+    def segment(index)
+      segment = @version.canonical_segments[index] || 0
+      (segment.is_a?(Numeric) ? segment : nil)
+    rescue NoMethodError
+      abort(<<~MESSAGE)
+        Unwrappr requires RubyGems v2.7.0 or newer.
+
+        To upgrade to the latest RubyGems visit https://rubygems.org/pages/download
+
+      MESSAGE
+    end
+  end
+end