forked from dependabot/dependabot-script
-
Notifications
You must be signed in to change notification settings - Fork 0
/
update-script.rb
116 lines (100 loc) · 3.24 KB
/
update-script.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# This script is designed to be copied into an interactive Ruby session, to
# give you an idea of how the different classes in Dependabot Core fit together.
#
# It's used regularly by the Dependabot team to manually debug issues, so should
# always be up-to-date.
require "dependabot/file_fetchers"
require "dependabot/file_parsers"
require "dependabot/update_checkers"
require "dependabot/file_updaters"
require "dependabot/pull_request_creator"
require "dependabot/omnibus"
# GitHub credentials with write permission to the repo you want to update
# (so that you can create a new branch, commit and pull request).
# If using a private registry it's also possible to add details of that here.
credentials =
[{
"type" => "git_source",
"host" => "github.com",
"username" => "x-access-token",
"password" => "a-github-access-token"
}]
# Full name of the GitHub repo you want to create pull requests for.
repo_name = "github-account/github-repo"
# Directory where the base dependency files are.
directory = "/"
# Name of the dependency you'd like to update. (Alternatively, you could easily
# modify this script to loop through all the dependencies returned by
# `parser.parse`.)
dependency_name = "rails"
# Name of the package manager you'd like to do the update for. Options are:
# - bundler
# - pip (includes pipenv)
# - npm_and_yarn
# - maven
# - gradle
# - cargo
# - hex
# - composer
# - nuget
# - dep
# - go_modules
# - elm
# - submodules
# - docker
# - terraform
package_manager = "npm_and_yarn"
source = Dependabot::Source.new(
provider: "github",
repo: repo_name,
directory: directory,
branch: nil
)
##############################
# Fetch the dependency files #
##############################
fetcher = Dependabot::FileFetchers.for_package_manager(package_manager).
new(source: source, credentials: credentials)
files = fetcher.files
commit = fetcher.commit
##############################
# Parse the dependency files #
##############################
parser = Dependabot::FileParsers.for_package_manager(package_manager).new(
dependency_files: files,
source: source,
credentials: credentials,
)
dependencies = parser.parse
dep = dependencies.find { |d| d.name == dependency_name }
#########################################
# Get update details for the dependency #
#########################################
checker = Dependabot::UpdateCheckers.for_package_manager(package_manager).new(
dependency: dep,
dependency_files: files,
credentials: credentials,
)
checker.up_to_date?
checker.can_update?(requirements_to_unlock: :own)
updated_deps = checker.updated_dependencies(requirements_to_unlock: :own)
#####################################
# Generate updated dependency files #
#####################################
updater = Dependabot::FileUpdaters.for_package_manager(package_manager).new(
dependencies: updated_deps,
dependency_files: files,
credentials: credentials,
)
updated_files = updater.updated_dependency_files
########################################
# Create a pull request for the update #
########################################
pr_creator = Dependabot::PullRequestCreator.new(
source: source,
base_commit: commit,
dependencies: updated_deps,
files: updated_files,
credentials: credentials,
)
pr_creator.create