unwrappr
unwrappr copied to clipboard
envato
Assumption that all gems are hosted at rubygems.org does not hold
Context
Given a project that includes the following in its Gemfile...
source 'https://gems.contribsys.com/' do
gem 'sidekiq-pro'
end
And a new version of sidekiq-pro becomes available...
When unwrappr is run, a comment is made thus:
sidekiq-pro
Major version upgrade :chart_with_upwards_trend::exclamation: 4.0.5 → 5.0.0
[~~change-log~~, ~~source-code~~]
Expected comment
::Bundler.locked_gems.specs.find { |s| s.name == "sidekiq-pro" }.homepage
#=> "http://sidekiq.org"
# [...]
::Bundler.locked_gems.specs.find { |s| s.name == "sidekiq-pro" }.metadata
#=> {"allowed_push_host"=>"https://gems.contribsys.com", "changelog_uri"=>"https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md", "documentation_uri"=>"https://github.com/mperham/sidekiq/wiki", "wiki_uri"=>"https://github.com/mperham/sidekiq/wiki"}
sidekiq-pro
Major version upgrade :chart_with_upwards_trend::exclamation: 4.0.5 → 5.0.0
[change-log, ~~source-code~~]
Just reading this one.
This is because we make an assumption that all gems are hosted on rubygems.org?
I'm not super familiar with the RubyGems API but would this be a matter of parsing the source URL then talking to it to receive the necessary metadata?
Exactly!
Unwrappr calls the RubyGems API, which works most of the time to get the Gem metadata. However for privately-hosted gems (such as Sidekiq Pro but also ones that are hosted within an organisation), this metadata isn't publicly available. I think we can get this programmatically using BundlerCommandRunner instead.