Class: StillActive::CLI
- Inherits:
-
Object
- Object
- StillActive::CLI
- Defined in:
- lib/still_active/cli.rb
Constant Summary collapse
- SCHEMA_URL =
The committed JSON Schema for the --json output. Emitted as
$schemaso the output is self-describing and a consumer can validate it. "https://raw.githubusercontent.com/SeanLF/still_active/main/docs/still_active.schema.json"
Instance Method Summary collapse
Instance Method Details
#run(args) ⇒ Object
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/still_active/cli.rb', line 30 def run(args) # Apply the committed .still_active.yml first so CLI flags (parsed next) # win over it: CLI flag > env var > config file > default. config_data = ConfigFile.load ConfigFile.apply(StillActive.config, config_data).each { |warning| $stderr.puts("warning: #{warning}") } = begin Options.new.parse!(args) rescue ArgumentError, OptionParser::ParseError => e # Bad CLI input (conflicting flags, a missing file, an unknown flag, a bad # enum value) is a user error: print it and exit 2, matching the SBOM/baseline # paths, rather than letting the raise bubble into a Ruby backtrace. $stderr.puts("error: #{e.}") exit(2) end # After CLI flags resolve, nudge (don't auto-inherit) an un-imported # bundler-audit ignore list when the vulnerability gate is on. hint = ConfigFile.import_hint(config_data) $stderr.puts("hint: #{hint}") if hint # An SBOM audit is cross-ecosystem: it runs the deps.dev/ecosyste.ms lens # over the SBOM's packages, not Bundler over a lockfile. Dispatch before the # Bundler resolution below so a Gemfile is never required (or read). return run_sbom if [:provided_sbom] unless [:provided_gems] begin StillActive.config.gems = BundlerHelper.gemfile_dependencies rescue MissingLockfileError => e $stderr.puts("error: #{e.}") exit(2) end end warn_output_flag_conflicts() warn_stale_suppressions result = if $stderr.tty? Workflow.call { |done, total| $stderr.print("\rChecking #{done}/#{total} gems...") } else Workflow.call end $stderr.print("\r\e[K") if $stderr.tty? ruby_info = Workflow.ruby_freshness pr_context = BotContext.detect if (baseline_path = StillActive.config.baseline_path) emit_diff(result, ruby_info, baseline_path, pr_context) elsif (sarif_path = StillActive.config.sarif_path) emit_sarif(result, ruby_info, sarif_path) elsif (cyclonedx_path = StillActive.config.cyclonedx_path) emit_cyclonedx(result, ruby_info, cyclonedx_path) else case resolve_format when :json output = { "$schema": SCHEMA_URL, schema_version: 1, tool: { name: "still_active", version: StillActive::VERSION }, generated_at: Time.now.utc.iso8601, # A one-object digest of the audit's posture, so a machine/LLM # consumer reads the headline counts without iterating every gem. summary: SummaryHelper.summarize(result, ruby_info: ruby_info), # Surface the derived verdict so a machine/LLM consumer reads it # directly instead of re-deriving it from the raw dates. gems: result.transform_values do |data| data.merge( activity_level: ActivityHelper.activity_level(data), status: StatusHelper.gem_status(data), ) end, } output[:ruby] = ruby_info if ruby_info output[:pr_context] = pr_context if pr_context puts iso8601_times(output).to_json when :terminal puts BotContext.summary(pr_context) if pr_context puts TerminalHelper.render(result, ruby_info: ruby_info) when :markdown render_markdown(result, ruby_info: ruby_info, pr_context: pr_context) end end check_exit_status(result) end |