Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintenance #37

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Maintenance #37

wants to merge 7 commits into from

Conversation

mikesaelim
Copy link
Contributor

@mikesaelim mikesaelim commented May 25, 2024
edited
Loading

Just doing some regular maintenance. I don't think we need to do another release for this PR.

  • Bump the ruby version in development to 3.3.1
  • Drop support for ruby 2.5, 2.6, 2.7, and 3.0, which have all reached end-of-life.
  • Bump the Rubocop version to 1.64.0, and make the necessary changes so Rubocop is happy.
  • Remove the timecop development dependency, which is no longer necessary.

mikesaelim
mikesaelim commented May 25, 2024
View reviewed changes
.github/workflows/test.yml
@@ -21,8 +21,6 @@ jobs:
with:
ruby-version: ${{ matrix.ruby_version }}
bundler-cache: true
- name: Install dependencies
run: bundle install --jobs=3 --retry=3
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bundler-cache: true on the previous step already runs a bundle install and caches the gems, so this isn't necessary.

.rubocop.yml
NewCops: enable
SuggestExtensions: false

Gemspec/DevelopmentDependencies:
EnforcedStyle: gemspec
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This cop was added, forcing all development dependencies out of the gemspec and into the Gemfile. I looked at the discussion around the introduction of this cop, and wasn't convinced of the reasoning (when the repo is a gem): rubocop/rubocop#11469

This rubocop config does the opposite, forcing all development dependencies to the gemspec, which is how we have it now. I don't feel strongly either way, as long as all the dependencies are kept in the same place. Happy to hear any arguments for using the cop as-is and putting the dependencies in the Gemfile!

lib/ruby_audit/database.rb
def check_ruby(ruby, &block)
check(ruby, 'rubies', &block)
def check_ruby(ruby, &)
check(ruby, 'rubies', &)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubocop encourages using "anonymous block forwarding", which was introduced in Ruby 3.1.

ruby_audit.gemspec
@@ -7,6 +7,7 @@ Gem::Specification.new do |spec|
spec.version = RubyAudit::VERSION
spec.authors = ['Jeff Cousens, Mike Saelim', 'John Zhang', 'Cristina Muñoz']
spec.email = ['[email protected]']
spec.metadata['rubygems_mfa_required'] = 'true'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubocop encourages everyone to require MFA for rubygems operations like publishing gems.

https://guides.rubygems.org/mfa-requirement-opt-in/

This will take effect after this gem is published to rubygems, with this line of metadata in. We already have MFA set up for Civis's account, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@mikesaelim