gemnasium / gemnasium-gem Goto Github PK

I just attempted to use the gemnasium:push rake task (gem version: 3.2.0) and got the following output:

$ bundle exec rake gemnasium:push
2 supported dependency file(s) found: Gemfile, Gemfile.lock
757: unexpected token at '<!DOCTYPE html>
<html>
<head>
<title>500 Error</title>

<link href='//fonts.googleapis.com/css?family=Source+Sans+Pro:400,600' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Archivo+Narrow:400,400italic,700italic,700' rel='stylesheet' type='text/css'>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet">

<style type="text/css">
body{
    font-size: 14px;
    font-family: Helvetica, sans-serif;
    margin-bottom: 60px;
    text-align: center;
    margin-top: 100px;
    background-color: #EEEEEE;
}

h1{
    font-size: 55px;
    text-transform: uppercase;
    line-height: 25px;
    margin-top: 40px;
    margin-bottom: 20px;
}

h2{
    font-size: 30px;
    line-height: 32px;
    font-weight: 400;
}
h3{
    font-size: 20px;
    line-height: 26px;
    font-weight: normal;
}
a{
    font-size: 32px;
    color: #0077AA;
    line-height: 50px;
}
a:hover{
    color: #005588;
}
</style>

<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta content="authenticity_token" name="csrf-param" />
<meta content="ZFcfe1nk2OW8gwI0Gov4zuZXdKhNhZUAlrh3mwcWIUc=" name="csrf-token" />

</head>

<body>
<div class="container">
    <div class="row-fluid">
        <div class="span12">
            <img src="/images/500.png" alt="image" />
            <h1>Internal Server Error</h1>
            <h3>We've been notified about this issue and we'll take a look at it shortly.</h3>
            <br/>
            <a href="/">
            <img src="/images/logo.png" alt="image" />
            <br/>
            Go back to home page</a>
        </div>
    </div>
</div>

<!--///////////////////////////////-->
<!-- SCRIPTS -->
<!--///////////////////////////////-->

<script src="//code.jquery.com/jquery-latest.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
</body>
</html>
'

• The ruby client should gracefully handle HTTP 500 responses and surface a message.
• Returning a non-zero exit code seems the right thing to do here, but it would be preferable to have that be a config option since we have this rake task running on a CI machine and we don't consider this task critical enough to warrant a build failure. I'm in the position now of having to remove that build step and will have to remember to re-enable it (which I probably won't).

Any chance you can push a new version of the gem on rubygems.org?

I am pretty sure this is not the example you are trying to make.

It's unclear how I can resolve this.

When the hook run the following command
(git diff --name-only HEAD~ HEAD 2>/dev/null || git diff-tree -r --no-commit-id --name-only --root HEAD) | grep -P '^(Gemfile|Gemfile.lock|.*.gemspec|package.json|npm-shrinkwrap.json)$'

I've got the following error
usage: grep [-abcDEFGHhIiJLlmnOoPqRSsUVvwxZ] [-A num] [-B num] [-C[num]]
[-e pattern] [-f file] [--binary-files=value] [--color=when]
[--context[=num]] [--directories=action] [--label] [--line-buffered]
[--null] [pattern] [file ...]

It seems that the default grep installed in mountain lion doesn't like the -P command

Replacing by -E seems to do the trick.

Some companies will only use gems with a certain license.
The canonical and easy way to check is via the gemspec,

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Even for projects that already specify a license, including a license in your gemspec is a good practice, since it is easily
discoverable there without having to check the readme or for a license file. For example, it is the field that rubygems.org uses to display a gem's license.

For example, there is a License Finder gem to help companies ensure all gems they use
meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough
issue that even Bundler now generates gems with a default 'MIT' license.

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), github has created a license picker tool.

In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :).

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue and let me know. In either case, I'll follow up. Thanks!

p.s. I've written a blog post about this project
p.p.s. Here's a list of the license names I've found and their frequenceis

Right now Gemnasium only supports dependency files residing in the top level repository folder. It would be great if the following could be added:

• either manual specification of dependency files within sub-folders
• or automatic scanning for depenency files within sub-folders (it might make sense to exclude folders like node_modules from scan by default)

If this would work for polyglot projects with modules in different supported languages, it would be even greater.

Namely:

• rake task goes into ./lib/tasks
• config goes into ./config

Support for ./.gemnasium.yml (similarly to rspec, rubocop...) would be most welcome.