This is a client for the Moderne API. It is how Jonathan Leitschuh generates automated pull requests to fix vulnerabilities, at-scale, across the entire open source ecosystem.
Running a Moderne recipe once via their UI is easy, but what if you want to run a recipe on a scheduled basis across all of your repositories? Moderne doesn't, currently, support campaigns. This fills that gap.
This client can either be used as a standalone script, or as a library.
All environment variables are either read directly from the environment or a .env file in the execution directory.
The client requires a few secrets to be set in the environment:
Can either be read from:
~/.moderne/token.txtfileMODERNE_API_TOKENenvironment variable
This is required for all moderne API calls.
Can either be read from:
~/.config/hubfileGITHUB_TOKEN_FOR_MODERNEenvironment variable
This is required only when attempting to create pull requests.
In order to support GPG signing commits, there are two options:
-
Set the following environment variables:
GPG_KEY_PUBLIC_KEYGPG_KEY_PRIVATE_KEYGPG_KEY_PASSPHRASE
-
Set the following environment variables and the rest of the data will be loaded from your local gpg install:
GPG_KEY_IDGPG_KEY_PASSPHRASE
This is required only when attempting to create pull requests.
To install the CLI dependencies use the following command:
pip install .[cli]For live development, you can use the following command to install the CLI in editable mode:
pip install -e .[cli]To see more information about developing the CLI, see the CONTRIBUTING guide.
To use it as a script, you can run it like this:
moderne-client --helpTODO