Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Gemfile source variables #23931

Closed
rarkins opened this issue Aug 18, 2023 · 2 comments · Fixed by #32337
Closed

Support Gemfile source variables #23931

rarkins opened this issue Aug 18, 2023 · 2 comments · Fixed by #32337
Labels
good first issue Suitable for new contributors manager:bundler Bundler (Ruby) package manager priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)

Comments

@rarkins
Copy link
Collaborator

rarkins commented Aug 18, 2023

Describe the proposed change(s).

Support parsing source values in variables like so:

source 'https://nexus.company.net/repository/rubygems-proxy-repos-group/'
private_gem_source = 'https://nexus.company.net/repository/rubygems-secondary-repos-group/'

gem 'activesupport', '>= 7.0.4.3' # CVE-2023-28120
gem 'faraday', '~> 2.7'
gem 'faraday-encoding', '~> 0.0.5'
gem 'rails', '~> 7.0.4'
gem 'redis', '~> 5.0.5'

source private_gem_source do
  gem 'private-kafka', '~> 0.34.1'
  gem 'private-logger', '~> 1.0'
  gem 'private-metrics', '~> 3.6'
end

Describe why we need/want these change(s).

This is a common pattern. Today we support only direct URLs like so:

source 'https://nexus.company.net/repository/rubygems-proxy-repos-group/'

gem 'activesupport', '>= 7.0.4.3' # CVE-2023-28120
gem 'faraday', '~> 2.7'
gem 'faraday-encoding', '~> 0.0.5'
gem 'rails', '~> 7.0.4'
gem 'redis', '~> 5.0.5'

source 'https://nexus.company.net/repository/rubygems-secondary-repos-group/' do
  gem 'private-kafka', '~> 0.34.1'
  gem 'private-logger', '~> 1.0'
  gem 'private-metrics', '~> 3.6'
end
@rarkins rarkins added priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others manager:bundler Bundler (Ruby) package manager status:ready good first issue Suitable for new contributors labels Aug 18, 2023
@HonkingGoose HonkingGoose added the type:feature Feature (new functionality) label Oct 4, 2023
@rarkins
Copy link
Collaborator Author

rarkins commented Nov 1, 2024

@Djiit the code would need to be added in https://github.com/renovatebot/renovate/blob/main/lib/modules/manager/bundler/extract.ts

The logic iterates through the Gemfile line by line, so you'd probably want to:

  • Initialize an empty set of sources
  • For each line, see if it matches the variable assignment pattern, and store the key/value if so
  • For any subsequent source definition, see if it matches a key in the source list

@Djiit Djiit mentioned this issue Nov 5, 2024
Merged
6 tasks
@renovate-release
Copy link
Collaborator

🎉 This issue has been resolved in version 39.17.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
good first issue Suitable for new contributors manager:bundler Bundler (Ruby) package manager priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(bundler): add source variables support Djiit/renovate
3 participants
@rarkins @HonkingGoose @renovate-release