Folder restructure (#502)

Restructure the folder layout for the ruby code to allow for easier management and testing later. This also paves way for open-sourcing the updater we use internally similar to the official one.
tinglesoftware · Feb 5, 2023 · db8d3b7 · db8d3b7
1 parent aba9281
commit db8d3b7
Show file tree

Hide file tree

Showing 22 changed files with 177 additions and 98 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,25 +1,27 @@
-**/.classpath
-**/.dockerignore
-**/.env
-**/.git
-**/.gitignore
-**/.project
-**/.settings
-**/.toolstarget
-**/.vs
-**/.vscode
-**/*.*proj.user
-**/*.dbmdl
-**/*.jfm
-**/azds.yaml
-**/bin
-**/charts
-**/docker-compose*
-**/Dockerfile*
+/.core-bash_history
+/.env
+/.envrc
+/.git
+/.github
+/.vscode-server-insiders/
+/.vscode-server/
+/.vscode/
+/dependabot-*.gem
+/dry-run
+/pkg
+/vendor
+/tmp
+**/.bundle
+**/coverage
+**/Gemfile.lock
+!updater/Gemfile.lock
+!updater/spec/fixtures/**/Gemfile.lock
 **/node_modules
-**/npm-debug.log
-**/obj
-**/secrets.dev.yaml
-**/values.dev.yaml
-LICENSE
-README.md
+!**/spec/fixtures/*
+git.store
+.DS_Store
+*.pyc
+.dockerignore
+Dockerfile*
+*.md
+CODEOWNERS
diff --git a/.dockerignore-old b/.dockerignore-old
@@ -0,0 +1,25 @@
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/azds.yaml
+**/bin
+**/charts
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,32 +5,32 @@
 
 version: 2
 updates:
-- package-ecosystem: "bundler" # See documentation for possible values
-  directory: "/script" # Location of package manifests
+- package-ecosystem: "github-actions" # See documentation for possible values
+  directory: "/" # Location of package manifests
   schedule:
     interval: "weekly"
     time: "04:00"
   open-pull-requests-limit: 10
-- package-ecosystem: "docker" # See documentation for possible values
-  directory: "/script" # Location of package manifests
+- package-ecosystem: "gitsubmodule" # See documentation for possible values
+  directory: "/" # Location of package manifests
   schedule:
     interval: "weekly"
     time: "04:00"
   open-pull-requests-limit: 10
-- package-ecosystem: "gitsubmodule" # See documentation for possible values
-  directory: "/" # Location of package manifests
+- package-ecosystem: "bundler" # See documentation for possible values
+  directory: "/script" # Location of package manifests
   schedule:
     interval: "weekly"
     time: "04:00"
   open-pull-requests-limit: 10
-- package-ecosystem: "npm" # See documentation for possible values
-  directory: "/extension" # Location of package manifests
+- package-ecosystem: "docker" # See documentation for possible values
+  directory: "/" # Location of package manifests
   schedule:
     interval: "weekly"
     time: "04:00"
   open-pull-requests-limit: 10
-- package-ecosystem: "github-actions" # See documentation for possible values
-  directory: "/" # Location of package manifests
+- package-ecosystem: "npm" # See documentation for possible values
+  directory: "/extension" # Location of package manifests
   schedule:
     interval: "weekly"
     time: "04:00"

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -8,16 +8,18 @@ on:
     - '*'
     paths:
     - "script/**"
+    - "Dockerfile"
     - ".github/workflows/docker.yml"
-    - "!script/README.md"
+    - "!docs/**"
   pull_request:
     branches:
     # Only trigger for PRs against `main` branch.
     - main
     paths:
     - "script/**"
+    - "Dockerfile"
     - ".github/workflows/docker.yml"
-    - "!script/README.md"
+    - "!docs/**"
 
 jobs:
   dockerize:
@@ -50,14 +52,14 @@ jobs:
     - name: Build image
       run: |
         docker build \
-        -f script/Dockerfile \
+        -f Dockerfile \
         -t "tingle/$IMAGE_NAME:latest" \
         -t "tingle/$IMAGE_NAME:$GITVERSION_FULLSEMVER" \
         -t "tingle/$IMAGE_NAME:$GITVERSION_MAJOR.$GITVERSION_MINOR" \
         -t "tingle/$IMAGE_NAME:$GITVERSION_MAJOR" \
         --cache-from tingle/$IMAGE_NAME:latest \
         --build-arg BUILDKIT_INLINE_CACHE=1 \
-        script
+        .
 
     - name: Log into registry (Docker Hub)
       if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }}

diff --git a/.github/workflows/extension.yml b/.github/workflows/extension.yml
@@ -10,6 +10,7 @@ on:
     - "extension/**"
     - ".github/workflows/extension.yml"
     - "!extension/README.md"
+    - "!docs/**"
   pull_request:
     branches:
     # Only trigger for PRs against `main` branch.
@@ -18,6 +19,7 @@ on:
     - "extension/**"
     - ".github/workflows/extension.yml"
     - "!extension/README.md"
+    - "!docs/**"
 
 jobs:
   Build:

diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,3 @@
-[submodule "script/dependabot-core"]
-	path = script/dependabot-core
+[submodule "dependabot-core"]
+	path = dependabot-core
 	url = https://github.com/dependabot/dependabot-core.git
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,42 @@
+# The tagged versions are currently slow (sometimes it takes months)
+# We temporarily switch to getting the gem from git.
+# When the changes to this repository are no longer many/major,
+# we can switch back to using the tagged versions.
+
+# FROM dependabot/dependabot-core:0.215.0
+FROM dependabot/dependabot-core@sha256:3681373aeb07e29fdf30c7a03713195424636fd1cafd569c424a96af27d37735
+
+ENV DEPENDABOT_HOME /home/dependabot
+WORKDIR ${DEPENDABOT_HOME}
+
+COPY --chown=dependabot:dependabot updater/Gemfile updater/Gemfile.lock dependabot-updater/
+COPY --chown=dependabot:dependabot dependabot-core dependabot-core/
+
+WORKDIR $DEPENDABOT_HOME/dependabot-updater
+
+RUN bundle config set --local path 'vendor' && \
+    bundle config set --local frozen 'true' && \
+    bundle config set --local without 'development' && \
+    bundle install
+
+# Project files are known to change more frequently than Gemfiles.
+# They are copied after installation of dependencies so that the
+# image layers that change less frequently are available for caching
+# and hence be reused in subsequent builds.
+# For more information:
+# https://docs.docker.com/develop/develop-images/build_enhancements/
+# https://testdriven.io/blog/faster-ci-builds-with-docker-cache/
+
+# Add project
+COPY --chown=dependabot:dependabot LICENSE $DEPENDABOT_HOME
+COPY --chown=dependabot:dependabot updater $DEPENDABOT_HOME/dependabot-updater
+
+WORKDIR $DEPENDABOT_HOME/dependabot-updater
+
+# This entrypoint exists to solve specific setup problems.
+# It is only used with the extension and directly on Docker.
+# Hosted version does not allow this.
+ENTRYPOINT ["bin/entrypoint.sh"]
+
+# Run update script
+CMD ["bundle", "exec", "ruby", "bin/update-script.rb"]
diff --git a/script/Dockerfile → Dockerfile-old b/script/Dockerfile → Dockerfile-old
@@ -6,15 +6,15 @@
 # FROM dependabot/dependabot-core:0.215.0
 FROM dependabot/dependabot-core@sha256:3681373aeb07e29fdf30c7a03713195424636fd1cafd569c424a96af27d37735
 
-# Copy the Gemfile and Gemfile.lock
+# Copy core logic
+COPY dependabot-core dependabot-core/
+
+# Copy Gemfile and Gemfile.lock
 ARG CODE_DIR=/home/dependabot/dependabot-script
 RUN mkdir -p ${CODE_DIR}
-COPY --chown=dependabot:dependabot Gemfile Gemfile.lock ${CODE_DIR}/
+COPY --chown=dependabot:dependabot script/Gemfile script/Gemfile.lock ${CODE_DIR}/
 WORKDIR ${CODE_DIR}
 
-# Copy core logic
-COPY dependabot-core dependabot-core/
-
 # Install dependencies
 RUN bundle config set --local path "vendor" \
   && bundle install --jobs 4 --retry 3
@@ -28,10 +28,10 @@ RUN bundle config set --local path "vendor" \
 # https://testdriven.io/blog/faster-ci-builds-with-docker-cache/
 
 # Copy the Ruby scripts
-COPY --chown=dependabot:dependabot update-script.rb ${CODE_DIR}
-COPY --chown=dependabot:dependabot azure_helpers.rb ${CODE_DIR}
-COPY --chown=dependabot:dependabot vulnerabilities.rb ${CODE_DIR}
-COPY --chown=dependabot:dependabot --chmod=755 entrypoint.sh ${CODE_DIR}
+COPY --chown=dependabot:dependabot script/update-script.rb ${CODE_DIR}
+COPY --chown=dependabot:dependabot script/azure_helpers.rb ${CODE_DIR}
+COPY --chown=dependabot:dependabot script/vulnerabilities.rb ${CODE_DIR}
+COPY --chown=dependabot:dependabot --chmod=755 script/entrypoint.sh ${CODE_DIR}
 
 # This entrypoint exists to solve specific setup problems.
 # It is only used with the extension and directly on Docker.

diff --git a/README.md b/README.md
@@ -68,7 +68,7 @@ A GitHub access token with `public_repo` access is required to perform the GitHu
 
 ## Kubernetes CronJob
 
-A Kubernetes CronJobs is a useful resource for running tasks (a.k.a Jobs) on a recurring schedule. For more information on them read the [documentation](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/). Using the Docker image, we can create a CronJob and have it run periodically. The [environment variables](./script/README.md#environment-variables) are supplied in the job template but can be stored in a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for ease of reuse.
+A Kubernetes CronJobs is a useful resource for running tasks (a.k.a Jobs) on a recurring schedule. For more information on them read the [documentation](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/). Using the Docker image, we can create a CronJob and have it run periodically. The [environment variables](./docs/docker.md#environment-variables) are supplied in the job template but can be stored in a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for ease of reuse.
 
 Use the [template provided](./cronjob-template.yaml) and replace the parameters in curly braces (e.g. replace `{{azure_organization}}` with the actual value for your organization), then deploy it. Be sure to replace the `{{k8s_schedule}}` variable with the desired schedule as per the [Cron format](https://en.wikipedia.org/wiki/Cron).
 

diff --git a/advisories-example.json b/advisories-example.json
@@ -1,12 +1,12 @@
 [
-    {
-        "dependency-name": "Contoso.Utils",
-        "patched-versions": [
-            "3.0.1"
-        ],
-        "unaffected-versions": [],
-        "affected-versions": [
-            "< 3.0.1"
-        ]
-    }
+  {
+    "dependency-name": "Contoso.Utils",
+    "patched-versions": [
+      "3.0.1"
+    ],
+    "unaffected-versions": [],
+    "affected-versions": [
+      "< 3.0.1"
+    ]
+  }
 ]
diff --git a/script/dependabot-core → dependabot-core b/script/dependabot-core → dependabot-core
diff --git a/script/README.md → docs/docker.md b/script/README.md → docs/docker.md
diff --git a/script/Gemfile b/script/Gemfile
diff --git a/updater/.gitignore b/updater/.gitignore
@@ -0,0 +1,3 @@
+/.bundle/
+/spec/examples.txt
+/tmp/
diff --git a/updater/Gemfile b/updater/Gemfile
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "dependabot-bundler", path: "../dependabot-core/bundler"
+gem "dependabot-cargo", path: "../dependabot-core/cargo"
+gem "dependabot-common", path: "../dependabot-core/common"
+gem "dependabot-composer", path: "../dependabot-core/composer"
+gem "dependabot-docker", path: "../dependabot-core/docker"
+gem "dependabot-elm", path: "../dependabot-core/elm"
+gem "dependabot-github_actions", path: "../dependabot-core/github_actions"
+gem "dependabot-git_submodules", path: "../dependabot-core/git_submodules"
+gem "dependabot-go_modules", path: "../dependabot-core/go_modules"
+gem "dependabot-gradle", path: "../dependabot-core/gradle"
+gem "dependabot-hex", path: "../dependabot-core/hex"
+gem "dependabot-maven", path: "../dependabot-core/maven"
+gem "dependabot-npm_and_yarn", path: "../dependabot-core/npm_and_yarn"
+gem "dependabot-nuget", path: "../dependabot-core/nuget"
+gem "dependabot-pub", path: "../dependabot-core/pub"
+gem "dependabot-python", path: "../dependabot-core/python"
+gem "dependabot-terraform", path: "../dependabot-core/terraform"