dependabot-linguist
Use linguist to check the contents of a local repository, and then scan for dependabot-core ecosystems relevant to those languages! With the list of ecosystems present in a repository, add a dependabot.y[a]ml (configuration file).
Getting Started
Linguist dependencies;
Before installing this gem, which will install the github-linguist gem, linguists dependencies should be installed. A number of these are enabling rugged, so they can't be "ignored" like dependabot's setup, which can be ignored for the purpose of this gem, which only intends to use the file fetchers.
sudo apt-get install build-essential cmake pkg-config libicu-dev zlib1g-dev libcurl4-openssl-dev libssl-dev ruby-dev
Install this
To install the latest from RubyGems;
gem install dependabot-linguist
Or to install from GitHub's hosted gems;
gem install dependabot-linguist --source "https://rubygems.pkg.github.com/skenvy"
Or add to the Gemfile
Add the RubyGems hosted gem with bundler;
bundle add dependabot-linguist
Or add the following line to your Gemfile manually
gem "dependabot-linguist", ">= 0.212.0
source "https://rubygems.pkg.github.com/skenvy" do
gem "dependabot-linguist", ">= 0.212.0"
end
Usage
The two main classes this provides, ::Dependabot::Linguist::Repository and ::Dependabot::Linguist::DependabotFileValidator, can be utilised independently, although the intention is that they be utilised together; to discover the contents of a repository that should be watched with a dependabot file by Repository, and subsequently using DependabotFileValidator to edit an existing, or add a new, dependabot file to watch the directories that were validated earlier. There is also a CLI tool, dependabot-linguist, that wraps these classes and surfaces all the available options to them, although adding automated tests for the executable is still a #TODO.
Use the classes in a ruby script, with defaults
require "dependabot/linguist"
# Get the list of directories validated for each ecosystem.
@repo_path = "." # "here"
@repo_name = "Skenvy/dependabot-linguist" # If it were evaluating this repo!
@this_repo = ::Dependabot::Linguist::Repository.new(@repo_path, @repo_name)
@this_repo.directories_per_ecosystem_validated_by_dependabot
# Use this list to see what the recommended update to the existing (or add new) config is.
@validator = ::Dependabot::Linguist::DependabotFileValidator.new(repo_path)
@validator.load_ecosystem_directories(incoming: @this_repo.directories_per_ecosystem_validated_by_dependabot)
@validator.new_config
# If you trust it to write the new config;
@validator.write_new_config
# If you have git, and the gh cli tool installed and configured, and trust this
# tool to handle branching, commiting, pushing, and raising a pull request;
@validator.commit_new_config
Use the CLI
# With no flags, it'll run "here", and print out the recommended new config.
dependabot-linguist
# With -w, it'll write the file. You can also specify a path.
dependabot-linguist ../../some/other/repo -w
# With -x, you'll be trusting it to raise a pull request of the recommended config.
# You can also specify a name, which will be required if there isn't a "origin" remote.
dependabot-linguist ../../some/other/repo Username/Reponame -x
RDoc generated docs
Developing
The first time setup
git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-linguist && make setup
Iterative development
The majority of make recipes for this are just wrapping a bundle invocation of rake.
make docswill recreate the RDoc docsmake testwill run both the RSpec tests and the RuboCop linter.