Class: StillActive::CLI

Inherits:
Object
  • Object
show all
Defined in:
lib/still_active/cli.rb

Constant Summary collapse

SCHEMA_URL =

The committed JSON Schema for the --json output. Emitted as $schema so the output is self-describing and a consumer can validate it.

"https://raw.githubusercontent.com/SeanLF/still_active/main/docs/still_active.schema.json"

Instance Method Summary collapse

Instance Method Details

#run(args) ⇒ Object



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# File 'lib/still_active/cli.rb', line 30

def run(args)
  # Apply the committed .still_active.yml first so CLI flags (parsed next)
  # win over it: CLI flag > env var > config file > default.
  config_data = ConfigFile.load
  ConfigFile.apply(StillActive.config, config_data).each { |warning| $stderr.puts("warning: #{warning}") }
  options = begin
    Options.new.parse!(args)
  rescue ArgumentError, OptionParser::ParseError => e
    # Bad CLI input (conflicting flags, a missing file, an unknown flag, a bad
    # enum value) is a user error: print it and exit 2, matching the SBOM/baseline
    # paths, rather than letting the raise bubble into a Ruby backtrace.
    $stderr.puts("error: #{e.message}")
    exit(2)
  end
  # After CLI flags resolve, nudge (don't auto-inherit) an un-imported
  # bundler-audit ignore list when the vulnerability gate is on.
  hint = ConfigFile.import_hint(config_data)
  $stderr.puts("hint: #{hint}") if hint
  # An SBOM audit is cross-ecosystem: it runs the deps.dev/ecosyste.ms lens
  # over the SBOM's packages, not Bundler over a lockfile. Dispatch before the
  # Bundler resolution below so a Gemfile is never required (or read).
  return run_sbom if options[:provided_sbom]

  unless options[:provided_gems]
    begin
      StillActive.config.gems = BundlerHelper.gemfile_dependencies
    rescue MissingLockfileError => e
      $stderr.puts("error: #{e.message}")
      exit(2)
    end
  end

  warn_output_flag_conflicts(options)
  warn_stale_suppressions

  result = if $stderr.tty?
    Workflow.call { |done, total| $stderr.print("\rChecking #{done}/#{total} gems...") }
  else
    Workflow.call
  end
  $stderr.print("\r\e[K") if $stderr.tty?

  ruby_info = Workflow.ruby_freshness
  pr_context = BotContext.detect

  if (baseline_path = StillActive.config.baseline_path)
    emit_diff(result, ruby_info, baseline_path, pr_context)
  elsif (sarif_path = StillActive.config.sarif_path)
    emit_sarif(result, ruby_info, sarif_path)
  elsif (cyclonedx_path = StillActive.config.cyclonedx_path)
    emit_cyclonedx(result, ruby_info, cyclonedx_path)
  else
    case resolve_format
    when :json
      output = {
        "$schema": SCHEMA_URL,
        schema_version: 1,
        tool: { name: "still_active", version: StillActive::VERSION },
        generated_at: Time.now.utc.iso8601,
        # A one-object digest of the audit's posture, so a machine/LLM
        # consumer reads the headline counts without iterating every gem.
        summary: SummaryHelper.summarize(result, ruby_info: ruby_info),
        # Surface the derived verdict so a machine/LLM consumer reads it
        # directly instead of re-deriving it from the raw dates.
        gems: result.transform_values do |data|
          data.merge(
            activity_level: ActivityHelper.activity_level(data),
            status: StatusHelper.gem_status(data),
          )
        end,
      }
      output[:ruby] = ruby_info if ruby_info
      output[:pr_context] = pr_context if pr_context
      puts iso8601_times(output).to_json
    when :terminal
      puts BotContext.summary(pr_context) if pr_context
      puts TerminalHelper.render(result, ruby_info: ruby_info)
    when :markdown
      render_markdown(result, ruby_info: ruby_info, pr_context: pr_context)
    end
  end

  check_exit_status(result)
end