dependabot-linguist
Use linguist to check the contents of a local repository, and then scan for dependabot-core ecosystems relevant to those languages! With the list of ecosystems present in a repository, add a dependabot.y[a]ml (configuration file).
Getting Started
Linguist dependencies;
Before installing this gem, which will install the github-linguist gem, linguists dependencies should be installed. A number of these are enabling rugged, so they can't be "ignored" like dependabot's setup, which can be ignored for the purpose of this gem, which only intends to use the file fetchers.
sudo apt-get install build-essential cmake pkg-config libicu-dev zlib1g-dev libcurl4-openssl-dev libssl-dev ruby-dev
Install this
To install the latest from RubyGems;
gem install dependabot-linguist
Or to install from GitHub's hosted gems;
gem install dependabot-linguist --source "https://rubygems.pkg.github.com/skenvy"
Or add to the Gemfile
Add the RubyGems hosted gem with bundler;
bundle add dependabot-linguist
Or add the following line to your Gemfile
manually
gem "dependabot-linguist", ">= 0.217.0
source "https://rubygems.pkg.github.com/skenvy" do
gem "dependabot-linguist", ">= 0.217.0"
end
Setup external CLIs
If you intend to use ::Dependabot::Linguist::DependabotFileValidator.commit_new_config
, you'll need to also setup the gh
CLI. You can follow instructions on cli/cli to install it, which for the intended use case should be this guide. Once you've installed it, you'll need to log in prior to running this script, as the credentials are expected to already be in place.
It also expects git
to be installed and credentialed, for pushing the branch.
Usage
The two main classes this provides, ::Dependabot::Linguist::Repository
and ::Dependabot::Linguist::DependabotFileValidator
, can be utilised independently, although the intention is that they be utilised together; to discover the contents of a repository that should be watched with a dependabot file by Repository
, and subsequently using DependabotFileValidator
to edit an existing, or add a new, dependabot file to watch the directories that were validated earlier. There is also a CLI tool, dependabot-linguist
, that wraps these classes and surfaces all the available options to them, although adding automated tests for the executable is still a #TODO
.
The intended end goal is to use this to automatically raise a PR on GitHub with the recommended changes to the ~/.github/dependabot.y[a]ml
file. This is performed by ::Dependabot::Linguist::DependabotFileValidator.commit_new_config
, which utilises Ruby's Kernel
to run commands in an external shell that perform actions using the gh
cli, and git
. If you intend to use these you'll want to follow Setup external CLIs.
Use the classes in a ruby script, with defaults
require "dependabot/linguist"
# Get the list of directories validated for each ecosystem.
@repo_path = "." # "here"
@repo_name = "Skenvy/dependabot-linguist" # If it were evaluating this repo!
@this_repo = ::Dependabot::Linguist::Repository.new(@repo_path, @repo_name)
@this_repo.directories_per_ecosystem_validated_by_dependabot
# Use this list to see what the recommended update to the existing (or add new) config is.
@validator = ::Dependabot::Linguist::DependabotFileValidator.new(repo_path)
@validator.load_ecosystem_directories(incoming: @this_repo.directories_per_ecosystem_validated_by_dependabot)
@validator.new_config
# If you trust it to write the new config;
@validator.write_new_config
# If you have git, and the gh cli tool installed and configured, and trust this
# tool to handle branching, commiting, pushing, and raising a pull request;
@validator.commit_new_config
Use the CLI
If you installed this with bundler, you'll need to preface these with bundle exec
.
# With no flags, it'll run "here", and print out the recommended new config.
dependabot-linguist
# With -w, it'll write the file. You can also specify a path.
dependabot-linguist ../../some/other/repo -w
# With -x, you'll be trusting it to raise a pull request of the recommended config.
# You can also specify a name, which will be required if there isn't a "origin" remote.
dependabot-linguist ../../some/other/repo Username/Reponame -x
Configure
A yaml config file can be placed at ~/.github/.dependabot-linguist
. See this example. Although it's a dotfile, it'll be read by rugged, so for it to be utilised it should be checked in. The options available to this configuration file currently are;
ignore
The below options, directory
and ecosystem
are not mutually exclusive, and can be mixed, according to what top level catagorisation requires less verbose configuration, if you want to ignore many directories for one or two ecosystems, or many ecosystems for one or two directories!
directory
To ignore some ecosystems per directory, you can add
ignore:
directory:
/path/to/somewhere:
- some_ecosystem
ecosystem
To ignore some directories per ecosystem, you can add
ignore:
ecosystem:
some_other_ecosystem:
- /path/to/somewhere_else
RDoc generated docs
Developing
The first time setup
git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-linguist && make setup
Iterative development
The majority of make
recipes for this are just wrapping a bundle
invocation of rake
.
make docs
will recreate the RDoc docsmake test
will run the RSpec tests.make lint
will run the RuboCop linter.