Skip to content

Instantly share code, notes, and snippets.

@bobvanderlinden
Last active Mar 14, 2019
Embed
What would you like to do?
Update gem conservative for Ruby project

Usage

Make sure hub is installed and set up with your user credentials.

./update-gem.sh loofah "Resolves security vulnerability."
#!/bin/bash
set -x
set -o errexit
gem="$1"
description="$2"
[ -z "$gem" ] && echo "No gem" >&2 && exit 1
[ -z "$description" ] && echo "No description" >&2 && exit 1
projectdir="${projectdir:-${PWD}}"
projectname="${projectdir##*/}"
[ ! -d "$projectdir/.git" ] && echo "No git repository" >&2 && exit 1
gemversion()
{
sed -n -e '/^GEM$/,$p' | sed -n '/^DEPENDENCIES/q;p' | perl -n -e "/^ $1 \((.*)\)$/ && print \$1"
}
function finish()
{
cd "$projectdir"
git worktree prune
rm -rf "$tmp"
}
git fetch
tmp="$(mktemp -d -t "${projectname}-update-worktree")"
git worktree add "$tmp" origin/master
trap finish EXIT
cd "$tmp"
rbenv install --skip-existing
bundled_with="$(grep --after-context=1 --regex='^BUNDLED WITH' Gemfile.lock | tail -n 1 | xargs)"
gem install bundler
gem install bundler --version "${bundled_with}"
# Depending on the update, this sometimes needs a change.
# command=(bundle _"${bundled_with}"_ update --conservative "$gem")
# command=(bundle _"${bundled_with}"_ update "$gem")
command=(bundle _"${bundled_with}"_ update --patch "$gem")
${command[*]}
# Check whether the audit checks passes
bundle audit
new_version="$(cat Gemfile.lock | gemversion $gem)"
old_version="$(git show HEAD:Gemfile.lock | gemversion $gem)"
[ -z "$new_version" ] && echo "No new_version" >&2 && exit 1
[ -z "$old_version" ] && echo "No old_version" >&2 && exit 1
branch="update-${gem}-$new_version"
commit_message="${gem}: $old_version -> $new_version"
git checkout -b "$branch"
git commit -a -m "$commit_message"
git push origin "$branch"
hub pull-request -m "$commit_message
**Context**
$description
**Changes**
\`\`\`
${command[*]}
\`\`\`
Note: this PR was automatically created. Please check the changes of this PR and the link provided above.
"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment