unwrappr 0.8.0 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e53f322cf4057535b08607023edcf655e1f6aed5dda15538615f0fd5b06fc2f
-  data.tar.gz: 348ae550a3a6c1692502d9138639a9fa3a111a6a61f13b54dbd3f6c391637463
+  metadata.gz: 29736d84feb95b8cd5173861ac11989d11c94ecaca4a47c39dea8827edf03525
+  data.tar.gz: 16b06856873438227e78b980b762f03c5aaaad621e6b552337d5efb934aadca7
 SHA512:
-  metadata.gz: 52b132cf79ce405129eacc7423c9769a7e90962e1c35869ea6af4491320815f47467b2755a756cdff75c8bb6efedf40e2a1d5c416ecbad438cc3e3d28120688f
-  data.tar.gz: 168c20cc164596e3abe39ebc00a7c605022295fce8364973a4901381cd59405df68ea85cdbabc76fbb10d859b5505b74c5b2f97f9051039644685fdef388804f
+  metadata.gz: 987fbf80fd949d1a4f609d7d52f9d73dc0c49611ee65c26f8fcaa912c9f9e6affb7a45dce0db5ff5b96d54e19ce4ea889c7e3b71883ee22f5e9edb867e5cb1be
+  data.tar.gz: 9d721aa36e61b47b38a9165db52351b99ba4f4449484d100aa8518789af3bed4733c8887730cb677fd14490ef0cd752789658f52ea483a247f77254c86754afa

data/CHANGELOG.md

@@ -6,7 +6,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/envato/unwrappr/compare/v0.8.0...HEAD
+[Unreleased]: https://github.com/envato/unwrappr/compare/v0.8.1...HEAD
+
+## [0.8.1] 2023-02-07
+
+### Add
+- Add Ruby 3.1 and 3.2 to the CI test matrix ([#92], [#93]).
+
+### Fix
+- Resolve a number of issues raised by Rubocop ([#92], [#93]).
+- Resolve GitHub Actions Node.js 12 deprecation ([#93]).
+- Remove development files from the gem package ([#94]).
+
+### Documentation
+- Document how to grab credentials from the keychain ([#91]).
+
+[0.8.1]: https://github.com/envato/unwrappr/compare/v0.8.0...v0.8.1
+[#91]: https://github.com/envato/unwrappr/pull/91
+[#92]: https://github.com/envato/unwrappr/pull/92
+[#93]: https://github.com/envato/unwrappr/pull/93
+[#94]: https://github.com/envato/unwrappr/pull/94
 
 ## [0.8.0] 2021-07-22
 

data/README.md

@@ -41,7 +41,15 @@ $ gem install unwrappr
 
 ## Configuration
 
-`unwrappr` needs a [GitHub Personal Access Token](https://github.com/settings/tokens), stored in the environment as `GITHUB_TOKEN`.
+`unwrappr` needs a [GitHub Personal Access
+Token](https://github.com/settings/tokens), stored in the environment as
+`GITHUB_TOKEN`. If you have your Personal Access Token stored in the macOS
+keychain, you can pull this into your shell environment using the `security`
+tool. _E.g:_
+
+```bash
+export GITHUB_TOKEN=$(security find-internet-password -gs github.com 2>&1 | awk -F' ' '$1 == "password:" { print $2 }' | tr -d '"')
+```
 
 To run `unwrappr` in the current working directory use...
 

data/lib/unwrappr/cli.rb

@@ -29,8 +29,7 @@ module Unwrappr
       exit(0)
     end
 
-    subcommand 'all', 'run bundle update, push to GitHub, '\
-                      'create a pr and annotate changes' do
+    subcommand 'all', 'run bundle update, push to GitHub, create a pr and annotate changes' do
       option ['-R', '--recursive'],
              :flag,
              'Recurse into subdirectories',

data/lib/unwrappr/github/client.rb

@@ -60,20 +60,7 @@ module Unwrappr
         end
 
         def git_client
-          @git_client ||= Octokit::Client.new(access_token: github_token)
-        end
-
-        def github_token
-          @github_token ||= ENV.fetch('GITHUB_TOKEN')
-        rescue KeyError
-          raise %(
-Missing environment variable GITHUB_TOKEN.
-See https://github.com/settings/tokens to set up personal access tokens.
-Add to the environment:
-
-    export GITHUB_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
-            )
+          @git_client ||= Octokit::Client.new(access_token: Octokit.access_token_from_environment)
         end
       end
     end

data/lib/unwrappr/lock_file_diff.rb

@@ -63,7 +63,7 @@ module Unwrappr
       # '+    websocket-driver (0.6.5)'
       # Careful not to match this (note the wider indent):
       # '+      websocket-extensions (>= 0.1.0)'
-      pattern = /^(?<change_type>[+\-])    (?<gem_name>\S+) \(\d/
+      pattern = /^(?<change_type>[+-])    (?<gem_name>\S+) \(\d/
       match = pattern.match(line)
       return match[:gem_name], match[:change_type] unless match.nil?
     end

data/lib/unwrappr/octokit.rb

@@ -3,6 +3,19 @@
 # Wrapper around octokit
 module Octokit
   def self.client
-    @client ||= Client.new(access_token: ENV['GITHUB_TOKEN'])
+    @client ||= Client.new(access_token: access_token_from_environment)
+  end
+
+  def self.access_token_from_environment
+    ENV.fetch('GITHUB_TOKEN') do
+      raise <<~MESSAGE
+        Missing environment variable GITHUB_TOKEN.
+        See https://github.com/settings/tokens to set up personal access tokens.
+        Add to the environment:
+
+            export GITHUB_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+      MESSAGE
+    end
   end
 end

data/lib/unwrappr/researchers/github_repo.rb

@@ -13,8 +13,8 @@ module Unwrappr
                               }ix.freeze
 
       def research(_gem_change, gem_change_info)
-        repo = match_repo(gem_change_info, :source_code_uri) ||
-               match_repo(gem_change_info, :homepage_uri)
+        repo = match_repo(gem_change_info, 'source_code_uri') ||
+               match_repo(gem_change_info, 'homepage_uri')
         gem_change_info.merge(github_repo: repo)
       end
 

data/lib/unwrappr/ruby_gems.rb

@@ -18,7 +18,7 @@ module Unwrappr
       def parse(response, name)
         case response.status
         when 200
-          JSON.parse(response.body, object_class: OpenStruct)
+          JSON.parse(response.body)
         when 404
           nil
         else
@@ -27,8 +27,7 @@ module Unwrappr
       end
 
       def error_message(response:, name:)
-        "Rubygems response for #{name}: "\
-          "HTTP #{response.status}: #{response.body}"
+        "Rubygems response for #{name}: HTTP #{response.status}: #{response.body}"
       end
     end
   end

data/lib/unwrappr/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Unwrappr
-  VERSION = '0.8.0'
+  VERSION = '0.8.1'
 end

data/lib/unwrappr/writers/project_links.rb

@@ -24,13 +24,11 @@ module Unwrappr
       private
 
       def change_log
-        link_or_strikethrough('change-log',
-                              ruby_gems_info&.changelog_uri)
+        link_or_strikethrough('change-log', ruby_gems_info('changelog_uri'))
       end
 
       def source_code
-        link_or_strikethrough('source-code',
-                              ruby_gems_info&.source_code_uri)
+        link_or_strikethrough('source-code', ruby_gems_info('source_code_uri'))
       end
 
       GEM_DIFF_URL_TEMPLATE = 'https://my.diffend.io/gems/%s/%s/%s'
@@ -46,8 +44,8 @@ module Unwrappr
         link_or_strikethrough('gem-diff', gem_diff_url)
       end
 
-      def ruby_gems_info
-        @gem_change_info[:ruby_gems]
+      def ruby_gems_info(*args)
+        @gem_change_info.dig(:ruby_gems, *args)
       end
 
       def link_or_strikethrough(text, url)

data/lib/unwrappr/writers/security_vulnerabilities.rb

@@ -85,12 +85,7 @@ module Unwrappr
       end
 
       def cvss_v2(advisory)
-        # rubocop:disable Style/GuardClause
-        if advisory.cvss_v2
-          "CVSS V2: [#{advisory.cvss_v2} #{advisory.criticality}]"\
-            "(#{cvss_v2_url(advisory.cve_id)})"
-        end
-        # rubocop:enable Style/GuardClause
+        "CVSS V2: [#{advisory.cvss_v2} #{advisory.criticality}](#{cvss_v2_url(advisory.cve_id)})" if advisory.cvss_v2
       end
 
       def cvss_v2_url(id)

data/lib/unwrappr/writers/title.rb

@@ -12,7 +12,7 @@ module Unwrappr
         def write(gem_change, gem_change_info)
           embellished_gem_name = maybe_link(
             gem_change.name,
-            gem_change_info[:ruby_gems]&.homepage_uri
+            gem_change_info.dig(:ruby_gems, 'homepage_uri')
           )
           "### #{embellished_gem_name}\n"
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: unwrappr
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - Emilyn Escabarte
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-07-21 00:00:00.000000000 Z
+date: 2023-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -222,23 +222,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".buildkite/pipeline.yml"
-- ".buildkite/steps/rspec.sh"
-- ".buildkite/steps/rubocop.sh"
-- ".github/workflows/ci.yml"
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".tool-versions"
 - CHANGELOG.md
-- CODE_OF_CONDUCT.md
-- Gemfile
-- Guardfile
 - LICENSE.txt
 - README.md
-- Rakefile
-- bin/console
-- bin/setup
 - exe/unwrappr
 - lib/unwrappr.rb
 - lib/unwrappr/bundler_command_runner.rb
@@ -267,7 +253,6 @@ files:
 - lib/unwrappr/writers/security_vulnerabilities.rb
 - lib/unwrappr/writers/title.rb
 - lib/unwrappr/writers/version_change.rb
-- unwrappr.gemspec
 homepage: https://opensource.envato.com/projects/unwrappr.html
 licenses:
 - MIT
@@ -276,6 +261,7 @@ metadata:
   changelog_uri: https://github.com/envato/unwrappr/blob/HEAD/CHANGELOG.md
   documentation_uri: https://github.com/envato/unwrappr/blob/HEAD/README.md
   homepage_uri: https://opensource.envato.com/projects/unwrappr.html
+  rubygems_mfa_required: 'true'
   source_code_uri: https://github.com/envato/unwrappr
 post_install_message:
 rdoc_options: []
@@ -292,7 +278,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '2.7'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
 summary: A tool to unwrap your gems and see what's changed easily

data/.buildkite/pipeline.yml

@@ -1,47 +0,0 @@
----
-
-steps:
-  - label: ":ruby: 2.6 :rspec:"
-    command: ".buildkite/steps/rspec.sh"
-    plugins:
-      docker#v1.2.1:
-        image: "ruby:2.6"
-    agents:
-      queue: "platform-docker-spot"
-    timeout_in_minutes: 5
-
-  - label: ":ruby: 2.5 :rspec:"
-    command: ".buildkite/steps/rspec.sh"
-    plugins:
-      docker#v1.2.1:
-        image: "ruby:2.5"
-    agents:
-      queue: "platform-docker-spot"
-    timeout_in_minutes: 5
-
-  - label: ":ruby: 2.4 :rspec:"
-    command: ".buildkite/steps/rspec.sh"
-    plugins:
-      docker#v1.2.1:
-        image: "ruby:2.4"
-    agents:
-      queue: "platform-docker-spot"
-    timeout_in_minutes: 5
-
-  - label: ":ruby: 2.3 :rspec:"
-    command: ".buildkite/steps/rspec.sh"
-    plugins:
-      docker#v1.2.1:
-        image: "ruby:2.3"
-    agents:
-      queue: "platform-docker-spot"
-    timeout_in_minutes: 5
-
-  - label: ":rubocop:"
-    command: ".buildkite/steps/rubocop.sh"
-    plugins:
-      docker#v1.2.1:
-        image: "ruby"
-    agents:
-      queue: "platform-docker-spot"
-    timeout_in_minutes: 5

data/.buildkite/steps/rspec.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-echo "--- :bundler: Bundling"
-bundle install --path .bundle
-
-echo "+++ :rspec: Running RSpec"
-bundle exec rspec

data/.buildkite/steps/rubocop.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-echo "--- :bundler: Bundling"
-bundle install --path .bundle
-
-echo "+++ :rubocop: Running Rubocop"
-bundle exec rubocop

data/.github/workflows/ci.yml

@@ -1,23 +0,0 @@
-name: CI
-
-on: [push, pull_request]
-
-jobs:
-  test:
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby: ['2.5', '2.6', '2.7', '3.0']
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-    - name: Install dependencies
-      run: bundle install
-    - name: Run tests
-      run: bundle exec rake

data/.gitignore

@@ -1,13 +0,0 @@
-*.gem
-.rspec_status
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/error.txt
-/pkg/
-/spec/reports/
-/stdout.txt
-/tmp/

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---require spec_helper

data/.rubocop.yml

@@ -1,29 +0,0 @@
----
-AllCops:
-  Exclude:
-    - 'spike/*.rb'
-  NewCops: enable
-  TargetRubyVersion: 2.5
-
-Gemspec/RequiredRubyVersion:
-  Enabled: false
-
-Metrics/BlockLength:
-  Exclude:
-    - 'spec/**/*'
-    - 'test/**/*'
-
-Metrics/LineLength:
-  Exclude:
-    - 'spec/**/*'
-    - 'test/**/*'
-
-Metrics/ModuleLength:
-  Exclude:
-    - 'spec/**/*'
-    - 'test/**/*'
-
-Style/Documentation:
-  Exclude:
-    - 'spec/**/*'
-    - 'test/**/*'

data/.tool-versions

@@ -1 +0,0 @@
-ruby 3.0.0

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at pete.johns@envato.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-# Specify your gem's dependencies in unwrappr.gemspec
-gemspec

data/Guardfile

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-guard :rspec, cmd: 'bundle exec rspec' do
-  require 'guard/rspec/dsl'
-  dsl = Guard::RSpec::Dsl.new(self)
-
-  # RSpec files
-  rspec = dsl.rspec
-  watch(rspec.spec_helper) { rspec.spec_dir }
-  watch(rspec.spec_support) { rspec.spec_dir }
-  watch(rspec.spec_files)
-
-  # Ruby files
-  ruby = dsl.ruby
-  dsl.watch_spec_files_for(ruby.lib_files)
-end

data/Rakefile

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-
-RuboCop::RakeTask.new
-RSpec::Core::RakeTask.new(:spec)
-
-task default: %i[rubocop spec]

data/bin/console

@@ -1,11 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'bundler/setup'
-require 'unwrappr'
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-require 'pry'
-Pry.start

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/unwrappr.gemspec

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'unwrappr/version'
-
-AUTHORS = {
-  'emilyn.escabarte@envato.com' => 'Emilyn Escabarte',
-  'joe.sustaric@envato.com' => 'Joe Sustaric',
-  'orien.madgwick@envato.com' => 'Orien Madgwick',
-  'pete.johns@envato.com' => 'Pete Johns',
-  'vladimir.chervanev@envato.com' => 'Vladimir Chervanev'
-}.freeze
-
-GITHUB_URL = 'https://github.com/envato/unwrappr'
-HOMEPAGE_URL = 'https://opensource.envato.com/projects/unwrappr.html'
-
-Gem::Specification.new do |spec| # rubocop:disable Metrics/BlockLength:
-  spec.name = 'unwrappr'
-  spec.version = Unwrappr::VERSION
-  spec.authors = AUTHORS.values
-  spec.email = AUTHORS.keys
-
-  spec.summary = "A tool to unwrap your gems and see what's changed easily"
-  spec.description = 'bundle update PRs: Automated. Annotated.'
-  spec.homepage = HOMEPAGE_URL
-  spec.license = 'MIT'
-  spec.required_ruby_version = '>= 2.5'
-  spec.required_rubygems_version = '>= 2.7'
-
-  spec.files = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-  spec.bindir = 'exe'
-  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
-
-  spec.add_dependency 'bundler', '< 3'
-  spec.add_dependency 'bundler-audit', '>= 0.6.0'
-  spec.add_dependency 'clamp', '~> 1'
-  spec.add_dependency 'faraday', '~> 1'
-  spec.add_dependency 'git', '~> 1'
-  spec.add_dependency 'octokit', '~> 4.0'
-  spec.add_dependency 'safe_shell', '~> 1'
-
-  spec.add_development_dependency 'guard', '~> 2'
-  spec.add_development_dependency 'guard-rspec', '~> 4'
-  spec.add_development_dependency 'pry', '~> 0'
-  spec.add_development_dependency 'rake', '>= 12.3.3'
-  spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rspec-its', '~> 1'
-  spec.add_development_dependency 'rubocop', '>= 0.49.0'
-
-  spec.metadata = {
-    'bug_tracker_uri' => "#{GITHUB_URL}/issues",
-    'changelog_uri' => "#{GITHUB_URL}/blob/HEAD/CHANGELOG.md",
-    'documentation_uri' => "#{GITHUB_URL}/blob/HEAD/README.md",
-    'homepage_uri' => HOMEPAGE_URL,
-    'source_code_uri' => GITHUB_URL
-  }
-end