Gemstash server integration #6787
Comments
viceice
added
datasource:rubygems
type:feature
|
Can we locate any documentation for this API? We need to (a) support it and (b) have a way to know how/when to switch to it |
|
Here is the doc from the user POV for setting auth https://github.com/rubygems/gemstash/blob/master/docs/gemstash-private-gems.7.md The files handling auth and fetch are: https://github.com/rubygems/gemstash/blob/master/lib/gemstash/api_key_authorization.rb https://github.com/rubygems/gemstash/blob/master/lib/gemstash/authorization.rb https://github.com/rubygems/gemstash/blob/master/lib/gemstash/gem_fetcher.rb But I don't know if they documented an API. I think we should empirically test with a Gemstash docker container. |
|
I opened an issue on their side rubygems/gemstash#272 |
|
If it works fine with Bundler then I'd hope there's an answer out there already, we just haven't found it yet. Thanks for your help |
|
I investigated further. Gemstash gives the It is used that way (example with the
and gives this result: etc... It looks similar to the result of But, we only need So there is smthg to do here : renovate/lib/datasource/rubygems/get.ts Line 56 in b45502c And here: renovate/lib/datasource/rubygems/get.ts Line 10 in b45502c BTW, this endpoint also exist in rubygems. That would make the manager simpler and more reliable by removing: https://github.com/renovatebot/renovate/blob/master/lib/datasource/rubygems/releases.ts#L10 and the file: |
|
Thanks for the analysis. FYI rubygems.org will block any IP that uses the regular API more than one query per second, so it is definitely not possible to replace that functionality. I think we want to default to the API that gives us the. Eat metadata and then fall back to the less informative one. |
|
Also note that gemfury uses the same bulk approach as rubygems |
|
Ok, as bundler uses the |
|
Bundler itself does not use the Rubygems API for most queries due to the load. It uses the append-only flat versions file that Renovate now uses too. Hopefully other servers support api v1 though |
|
I think it is better to improve gemstash to make it more compatible with the official rubygems API. So, I commited there instead. rubygems/gemstash#277 |
rarkins
added
the
status:requirements
|
Did anybody fix this already? |
|
Sorry, I was busy on other matters and this sunk down in my backlog. I don't when I would be able to fix this properly. |
|
Yeah, no problem. |
|
So prior to #16312 we were at least able to utilize renovate with our private Gemstash server. After that PR, all our renovate runs that have a reference to the private Gemstash server abort and fail to successfully complete a run. We've locked our runner back to the version prior to that PR, but that's far from a long-term plan. I'm attempting to dig through the renovate code to see how/where I can patch out or correct the behavior to return at least partial functionality while using a private Gemstash. Any pointers would be most welcome... |
|
We recently had the same problem and made a pull request on the gemstash repository: |
|
Ahh wonderful. I ended up disabling the private gemserver via hostRules and setting packageRules to ignore anything stored there... It worked, but it was real ugly. I'll give the newer version of Gemstash a whirl. Appreciate your comment and your PR. |
What would you like Renovate to be able to do?
Renovate should be able to fetch gems in a private Gemstash server. It should be able to handle credentials for this server.
AFAIK, the url
/api/v1/gemsseems implemented in Gemstash but only for pushing gems https://github.com/rubygems/gemstash/blob/9d0e45d80e70f7e2d3987e5e1cdef68cd1119a91/lib/gemstash/web.rb#L48It seems that urls used to fetch gems are
/api/v1/dependencies. That's what fetched when I usebundle lock -V.For instance, here fetching ffi and nokogiri gems:
The text was updated successfully, but these errors were encountered: