Detect locally-sourced gems in bundle_report outdated#188
Closed
JuanVqz wants to merge 2 commits into
Closed
Conversation
JuanVqz
force-pushed
the
feature/local-gem-source-detection
branch
2 times, most recently
from
141e690 to
9b98328
Compare
A gem pulled in via `path:` (e.g. a private engine) could share its name with an unrelated public gem on rubygems. `bundle_report outdated` looked up the latest version by name, matched the public gem, and reported a bogus upgrade. Add `GemInfo#sourced_locally?`, which reads the Bundler source type from the lockfile (path source, excluding git which is already reported separately). `outdated` now excludes locally-sourced gems from the out-of-date check and reports them in a separate count, mirroring how git-sourced gems are handled. Closes #29
JuanVqz
force-pushed
the
feature/local-gem-source-detection
branch
from
7f219e2 to
56bfbd9
Compare
Member
Author
|
I used this issue-29-sandbox.zip to QA it, there is a README if you need instructions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
bundle_report outdatedlooked up each installed gem's latest version on rubygems by name only. A gem pulled in viapath:(for example a private engine) that happens to share its name with an unrelated public gem was matched against the public one and reported as out-of-date with a bogus upgrade suggestion.This adds
NextRails::GemInfo#sourced_locally?, which reads the Bundler source type from the lockfile. A gem is considered local when its source is aBundler::Source::Paththat is not aBundler::Source::Git(git sources subclass the path source and are already reported separately viasourced_from_git?).BundleReport.outdatednow:sourced_locally_countin the JSON output and a new "N gems are sourced from a local path" line in the human-readable footer).Motivation and Context
Closes #29.
A local private gem named
app_storecollides with the abandoned publicapp_storegem.bundle_reportwould suggest "upgrading" the private engine to the unrelated public version.As discussed in the issue, this does not try to decide whether two same-named gems are the same gem (gemspec metadata is unreliable). It trusts the lockfile source instead: a
path:gem is local, so it is not compared against rubygems at all.How Has This Been Tested?
GemInfo#sourced_locally?covering path, git, and rubygems sources.BundleReport.outdatedspec asserting a locally-sourced gem is excluded from the out-of-date list and counted separately, plus updated the existing JSON/stdout expectations.99 examples, 0 failures).app_storegem viapath::next_rails(buggy):app_store listed: trueapp_store listed: false, footer shows it under "sourced from a local path".Screenshots:
N/A
I will abide by the code of conduct