unwrappr 0.3.0

data/lib/unwrappr/writers/github_commit_log.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module Unwrappr
+  module Writers
+    # Inform of the number of commits included in the change. Annotate several
+    # commits, and link to the Github compare page on which we can see all the
+    # commits and file changes.
+    #
+    # Implements the `annotation_writer` interface required by the
+    # LockFileAnnotator.
+    class GithubCommitLog
+      MAX_COMMITS = 10
+      MAX_MESSAGE = 60
+      SHA_LENGTH = 7
+
+      def self.write(gem_change, gem_change_info)
+        new(gem_change, gem_change_info).write
+      end
+
+      def initialize(gem_change, gem_change_info)
+        @gem_change = gem_change
+        @gem_change_info = gem_change_info
+      end
+
+      def write
+        return nil if comparison.nil?
+
+        collapsed_section('Commits', <<~MESSAGE)
+          A change of **#{comparison.total_commits}** commits. See the full changes on [the compare page](#{comparison.html_url}).
+
+          #{list_commits_introduction}
+          #{commit_messages.join("\n")}
+        MESSAGE
+      end
+
+      private
+
+      def list_commits_introduction
+        if comparison.commits.length > MAX_COMMITS
+          "These are the first #{MAX_COMMITS} commits:"
+        else
+          'These are the individual commits:'
+        end
+      end
+
+      def commit_messages
+        comparison.commits.first(MAX_COMMITS).map(&method(:commit_message))
+      end
+
+      def commit_message(commit)
+        message = commit.commit.message.lines.first.strip
+        message = "#{message[0, MAX_MESSAGE]}…" if message.length > MAX_MESSAGE
+        "- (#{commit.sha[0, SHA_LENGTH]}) [#{message}](#{commit.html_url})"
+      end
+
+      def comparison
+        @gem_change_info[:github_comparison]
+      end
+
+      def collapsed_section(summary, body)
+        <<~MESSAGE
+          <details>
+          <summary>#{summary}</summary>
+
+          #{body}
+
+          </details>
+        MESSAGE
+      end
+    end
+  end
+end

data/lib/unwrappr/writers/project_links.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Unwrappr
+  module Writers
+    # Add links to project documentation as obtained from Rubygems.org.
+    # Specifically, the changelog and sourcecode.
+    #
+    # Implements the `annotation_writer` interface required by the
+    # LockFileAnnotator.
+    class ProjectLinks
+      def self.write(gem_change, gem_change_info)
+        new(gem_change, gem_change_info).write
+      end
+
+      def initialize(gem_change, gem_change_info)
+        @gem_change = gem_change
+        @gem_change_info = gem_change_info
+      end
+
+      def write
+        "[_#{change_log}, #{source_code}_]\n"
+      end
+
+      private
+
+      def change_log
+        link_or_strikethrough('change-log',
+                              @gem_change_info[:ruby_gems]&.changelog_uri)
+      end
+
+      def source_code
+        link_or_strikethrough('source-code',
+                              @gem_change_info[:ruby_gems]&.source_code_uri)
+      end
+
+      def link_or_strikethrough(text, url)
+        if url.nil? || url.empty?
+          "~~#{text}~~"
+        else
+          "[#{text}](#{url})"
+        end
+      end
+    end
+  end
+end

data/lib/unwrappr/writers/security_vulnerabilities.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+module Unwrappr
+  module Writers
+    # Present reported security vulnerabilities in the gem change annotation.
+    #
+    # Implements the `annotation_writer` interface required by the
+    # LockFileAnnotator.
+    class SecurityVulnerabilities
+      def self.write(gem_change, gem_change_info)
+        new(gem_change, gem_change_info).write
+      end
+
+      def initialize(gem_change, gem_change_info)
+        @gem_change = gem_change
+        @gem_change_info = gem_change_info
+      end
+
+      def write
+        return nil if vulnerabilities.nil?
+
+        <<~MESSAGE
+          #{patched_vulnerabilities}
+          #{introduced_vulnerabilities}
+          #{remaining_vulnerabilities}
+        MESSAGE
+      end
+
+      private
+
+      def patched_vulnerabilities
+        list_vulnerabilites(
+          ':tada: Patched vulnerabilities:',
+          vulnerabilities.patched
+        )
+      end
+
+      def introduced_vulnerabilities
+        list_vulnerabilites(
+          ':rotating_light::exclamation: Introduced vulnerabilities:',
+          vulnerabilities.introduced
+        )
+      end
+
+      def remaining_vulnerabilities
+        list_vulnerabilites(
+          ':rotating_light: Remaining vulnerabilities:',
+          vulnerabilities.remaining
+        )
+      end
+
+      def list_vulnerabilites(message, advisories)
+        return nil if advisories.empty?
+
+        <<~MESSAGE
+          #{message}
+
+          #{advisories.map(&method(:render_vulnerability)).join("\n")}
+        MESSAGE
+      end
+
+      def render_vulnerability(advisory)
+        <<~MESSAGE
+          - #{identifier(advisory)}
+            **#{advisory.title}**
+
+            #{cvss_v2(advisory)}
+            #{link(advisory)}
+
+            #{advisory.description&.gsub("\n", ' ')&.strip}
+
+        MESSAGE
+      end
+
+      def identifier(advisory)
+        if advisory.cve_id
+          "[#{advisory.cve_id}](#{cve_url(advisory.cve_id)})"
+        elsif advisory.osvdb_id
+          advisory.osvdb_id
+        end
+      end
+
+      def cve_url(id)
+        "https://nvd.nist.gov/vuln/detail/#{id}"
+      end
+
+      def cvss_v2(advisory)
+        # rubocop:disable Style/GuardClause
+        if advisory.cvss_v2
+          "CVSS V2: [#{advisory.cvss_v2} #{advisory.criticality}]"\
+          "(#{cvss_v2_url(advisory.cve_id)})"
+        end
+        # rubocop:enable Style/GuardClause
+      end
+
+      def cvss_v2_url(id)
+        "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=#{id}"
+      end
+
+      def link(advisory)
+        "URL: #{advisory.url}" if advisory.url
+      end
+
+      def vulnerabilities
+        @gem_change_info[:security_vulnerabilities]
+      end
+    end
+  end
+end

data/lib/unwrappr/writers/title.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Unwrappr
+  module Writers
+    # Add the gem name to the annotation as a heading. If a homepage
+    # URI has been determined this heading will link to that page.
+    #
+    # Implements the `annotation_writer` interface required by the
+    # LockFileAnnotator.
+    module Title
+      class << self
+        def write(gem_change, gem_change_info)
+          embellished_gem_name = maybe_link(
+            gem_change.name,
+            gem_change_info[:ruby_gems]&.homepage_uri
+          )
+          "### #{embellished_gem_name}\n"
+        end
+
+        private
+
+        def maybe_link(text, url)
+          if url.nil?
+            text
+          else
+            "[#{text}](#{url})"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/unwrappr/writers/version_change.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Unwrappr
+  module Writers
+    # Describe the version change. Is it an upgrade to a later version, or a
+    # downgrade to an older version? Is it a major, minor or patch version
+    # change?
+    #
+    # Implements the `annotation_writer` interface required by the
+    # LockFileAnnotator.
+    class VersionChange
+      extend Forwardable
+
+      def self.write(gem_change, gem_change_info)
+        new(gem_change, gem_change_info).write
+      end
+
+      def initialize(gem_change, gem_change_info)
+        @gem_change = gem_change
+        @gem_change_info = gem_change_info
+      end
+
+      def write
+        "#{change_description}\n"
+      end
+
+      private
+
+      def_delegators(:@gem_change,
+                     :added?, :removed?, :major?, :minor?, :patch?,
+                     :upgrade?, :downgrade?, :base_version, :head_version)
+
+      def change_description
+        if added? then 'Gem added :snowman:'
+        elsif removed? then 'Gem removed :fire:'
+        elsif major?
+          "**Major** version #{grade}:exclamation: #{version_diff}"
+        elsif minor?
+          "**Minor** version #{grade}:large_orange_diamond: #{version_diff}"
+        elsif patch?
+          "**Patch** version #{grade}:small_blue_diamond: #{version_diff}"
+        end
+      end
+
+      def grade
+        if upgrade?
+          'upgrade :chart_with_upwards_trend:'
+        elsif downgrade?
+          'downgrade :chart_with_downwards_trend::exclamation:'
+        end
+      end
+
+      def version_diff
+        "#{base_version} → #{head_version}"
+      end
+    end
+  end
+end

data/lib/unwrappr.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'unwrappr/bundler_command_runner'
+require 'unwrappr/cli'
+require 'unwrappr/gem_change'
+require 'unwrappr/gem_version'
+require 'unwrappr/git_command_runner'
+require 'unwrappr/github/client'
+require 'unwrappr/github/pr_sink'
+require 'unwrappr/github/pr_source'
+require 'unwrappr/lock_file_annotator'
+require 'unwrappr/lock_file_comparator'
+require 'unwrappr/lock_file_diff'
+require 'unwrappr/octokit'
+require 'unwrappr/researchers/composite'
+require 'unwrappr/researchers/github_comparison'
+require 'unwrappr/researchers/github_repo'
+require 'unwrappr/researchers/ruby_gems_info'
+require 'unwrappr/researchers/security_vulnerabilities'
+require 'unwrappr/ruby_gems'
+require 'unwrappr/spec_version_comparator'
+require 'unwrappr/version'
+require 'unwrappr/writers/composite'
+require 'unwrappr/writers/github_commit_log'
+require 'unwrappr/writers/project_links'
+require 'unwrappr/writers/security_vulnerabilities'
+require 'unwrappr/writers/title'
+require 'unwrappr/writers/version_change'
+
+# Define our namespace
+module Unwrappr
+end

data/unwrappr.gemspec

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'unwrappr/version'
+
+AUTHORS = {
+  'emilyn.escabarte@envato.com' => 'Emilyn Escabarte',
+  'joe.sustaric@envato.com' => 'Joe Sustaric',
+  'orien.madgwick@envato.com' => 'Orien Madgwick',
+  'pete.johns@envato.com' => 'Pete Johns',
+  'vladimir.chervanev@envato.com' => 'Vladimir Chervanev'
+}.freeze
+
+Gem::Specification.new do |spec| # rubocop:disable Metrics/BlockLength:
+  spec.name = 'unwrappr'
+  spec.version = Unwrappr::VERSION
+  spec.authors = AUTHORS.values
+  spec.email = AUTHORS.keys
+
+  spec.summary = "A tool to unwrap your gems and see what's changed easily"
+  spec.description = "Let's fill this bit out later"
+  spec.homepage = 'http://www.unwrappr.com.org'
+  spec.license = 'MIT'
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'bundler', '~> 1.16'
+  spec.add_dependency 'bundler-audit', '~> 0'
+  spec.add_dependency 'clamp', '~> 1'
+  spec.add_dependency 'faraday', '~> 0'
+  spec.add_dependency 'git', '~> 1'
+  spec.add_dependency 'octokit', '~> 4.0'
+  spec.add_dependency 'safe_shell', '~> 1'
+
+  spec.add_development_dependency 'guard', '~> 2'
+  spec.add_development_dependency 'guard-rspec', '~> 4'
+  spec.add_development_dependency 'pry', '~> 0'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rspec-its', '~> 1'
+  spec.add_development_dependency 'rubocop', '~> 0'
+
+  spec.metadata = {
+    'bug_tracker_uri' => 'https://github.com/envato/unwrappr/issues',
+    'changelog_uri' => 'https://github.com/envato/unwrappr/blob/master/CHANGELOG.md',
+    'documentation_uri' => 'https://github.com/envato/unwrappr/blob/master/README.md',
+    'homepage_uri' => 'https://opensource.envato.com/projects/unwrappr.html',
+    'source_code_uri' => 'https://github.com/envato/unwrappr'
+  }
+end

metadata

@@ -0,0 +1,299 @@
+--- !ruby/object:Gem::Specification
+name: unwrappr
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+platform: ruby
+authors:
+- Emilyn Escabarte
+- Joe Sustaric
+- Orien Madgwick
+- Pete Johns
+- Vladimir Chervanev
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-11-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: clamp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: safe_shell
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Let's fill this bit out later
+email:
+- emilyn.escabarte@envato.com
+- joe.sustaric@envato.com
+- orien.madgwick@envato.com
+- pete.johns@envato.com
+- vladimir.chervanev@envato.com
+executables:
+- unwrappr
+extensions: []
+extra_rdoc_files: []
+files:
+- ".buildkite/pipeline.yml"
+- ".buildkite/steps/rspec.sh"
+- ".buildkite/steps/rubocop.sh"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/unwrappr
+- lib/unwrappr.rb
+- lib/unwrappr/bundler_command_runner.rb
+- lib/unwrappr/cli.rb
+- lib/unwrappr/gem_change.rb
+- lib/unwrappr/gem_version.rb
+- lib/unwrappr/git_command_runner.rb
+- lib/unwrappr/github/client.rb
+- lib/unwrappr/github/pr_sink.rb
+- lib/unwrappr/github/pr_source.rb
+- lib/unwrappr/lock_file_annotator.rb
+- lib/unwrappr/lock_file_comparator.rb
+- lib/unwrappr/lock_file_diff.rb
+- lib/unwrappr/octokit.rb
+- lib/unwrappr/researchers/composite.rb
+- lib/unwrappr/researchers/github_comparison.rb
+- lib/unwrappr/researchers/github_repo.rb
+- lib/unwrappr/researchers/ruby_gems_info.rb
+- lib/unwrappr/researchers/security_vulnerabilities.rb
+- lib/unwrappr/ruby_gems.rb
+- lib/unwrappr/spec_version_comparator.rb
+- lib/unwrappr/version.rb
+- lib/unwrappr/writers/composite.rb
+- lib/unwrappr/writers/github_commit_log.rb
+- lib/unwrappr/writers/project_links.rb
+- lib/unwrappr/writers/security_vulnerabilities.rb
+- lib/unwrappr/writers/title.rb
+- lib/unwrappr/writers/version_change.rb
+- unwrappr.gemspec
+homepage: http://www.unwrappr.com.org
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/envato/unwrappr/issues
+  changelog_uri: https://github.com/envato/unwrappr/blob/master/CHANGELOG.md
+  documentation_uri: https://github.com/envato/unwrappr/blob/master/README.md
+  homepage_uri: https://opensource.envato.com/projects/unwrappr.html
+  source_code_uri: https://github.com/envato/unwrappr
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: A tool to unwrap your gems and see what's changed easily
+test_files: []