gemnasium / gemnasium-gem Goto Github PK

Deprecated! Please use the Gemnasium Toolbelt instead: https://github.com/gemnasium/toolbelt

License: MIT License

Ruby 99.47% Shell 0.53%

gemnasium-gem's Introduction

Gemnasium gem

Gemnasium gem has been deprecated. Please use the Gemnasium Toolbelt instead!

This gem lets you push your dependency files to Gemnasium to track your project's dependencies and get notified about updates and security advisories.

Gemnasium app offers Github integration with fully automated synchronization but you can use this gem if you don't want to authorize access to your repositories (ie: for privacy concern).

Supported dependency files are:

Ruby: Gemfile, Gemfile.lock and *.gemspec
NPM: package.json and npm-shrinkwrap.json
Python: requirements.txt, setup.py and requires.txt
PHP Composer: composer.json and composer.lock

Installation

Add this line to your application's Gemfile:

gem 'gemnasium'

Or in your terminal:

$ gem install gemnasium

Add configuration file in your project

$ gemnasium install

Install command supports 2 options : --rake and --git to respectively install the gemnasium rake task and a post-commit git hook.

gemnasium install will add the config/gemnasium.yml file to your .gitignore so your private API key won't be committed. If you use another versionning system, please remember to ignore this file.

Warning: your api key is dedicated to your own user account and must not be published!

Fill the values of the new config/gemnasium.yml file.

Migrate from previous versions

Migrate your configuration file:

$ gemnasium migrate

Convert your project name to a unique "project slug":

$ gemnasium resolve

The resolve command will update your configuration file.

Usage

There is multiple ways to use the gemnasium gem. You can choose whichever you prefer.

1. Via the command line

Using gemnasium from the command line is as simple as typing gemnasium [command] :

To create a project on Gemnasium:

$ gemnasium create

Create command will look for data in your config/gemnasium.yml configuration file to create a project.

Please note that automatic Github synchronization will be dropped once project is configured with this gem.

To push your dependency files on Gemnasium:

$ gemnasium push

2. Via the rake task

Gemnasium gem comes with a rake task ready to be used. To use it, you need to install it via: gemnasium install --rake Once installed, you'll have access to 2 tasks:

To create a project on Gemnasium:

$ rake gemnasium:create

Create command will look for data in your config/gemnasium.yml configuration file to create a project.

Please note that automatic Github synchronization will be dropped once project is configured with this gem.

To push your dependency files on Gemnasium:

$ rake gemnasium:push

3. Via the post-commit git hook

We wrote for you a ready-to-use post-commit git hook.

Once installed via gemnasium install --git, the gem will push your dependency files after each commit only if they have changed.

4. Directly in your code

If you need to use Gemnasium gem right into your code, you can do so just like below:

require 'gemnasium'


# To install gemnasium files
#
# options is a Hash which can contain the following keys:
#   project_path (required) - [String] path to the project
#   install_rake_task       - [Boolean] whether or not to install the rake task
#   install_git_hook        - [Boolean] whether or not to install the git hook
Gemnasium.install(options)

# To create your project on gemnasium
#
# options is a Hash which can contain the following keys:
#   project_path (required) - [String] path to the project
Gemnasium.create_project(options)

# To push supported dependency files to gemnasium
#
# options is a Hash which can contain the following keys:
#   project_path (required) - [String] path to the project
Gemnasium.push(options)

Sample config

Here is a sample config file:

api_key: "some_secret_api_key"
project_name: "vandamme"
project_slug: "40d7fafbc32fe0c9e5b84ecacd71012c"
project_branch: "master"
ignored_paths:
  - spec/
  - tmp/

This will handle the dependencies of the vandamme project on master branch. Gemnasium gem will also ignore the project dependency files found in spec/ and tmp/.

Troubleshooting

Gemnasium will try to display the most accurate error message when something goes wrong.

Though, if you're stil stuck with something, feel free to contact Gemnasium support.

Contributing

Fork the project.
Make your feature or bug fix.
Test it.
Commit.
Create new pull request.

Credits

gemnasium-gem's People

Contributors

Stargazers

Watchers

Forkers

christianvuerings pr0d1r2 malachaifrazier petehamilton teile piptcb emailforviny voxmedia pombredanne roxer singhpratyush cloud-66-internal isabella232

gemnasium-gem's Issues

Invalid git post-commit hook under Mac OSX Mountain Lion

When the hook run the following command
(git diff --name-only HEAD~ HEAD 2>/dev/null || git diff-tree -r --no-commit-id --name-only --root HEAD) | grep -P '^(Gemfile|Gemfile.lock|.*.gemspec|package.json|npm-shrinkwrap.json)$'

I've got the following error
usage: grep [-abcDEFGHhIiJLlmnOoPqRSsUVvwxZ] [-A num] [-B num] [-C[num]]
[-e pattern] [-f file] [--binary-files=value] [--color=when]
[--context[=num]] [--directories=action] [--label] [--line-buffered]
[--null] [pattern] [file ...]

It seems that the default grep installed in mountain lion doesn't like the -P command

Replacing by -E seems to do the trick.

License missing from gemspec

Some companies will only use gems with a certain license.
The canonical and easy way to check is via the gemspec,

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Even for projects that already specify a license, including a license in your gemspec is a good practice, since it is easily
discoverable there without having to check the readme or for a license file. For example, it is the field that rubygems.org uses to display a gem's license.

For example, there is a License Finder gem to help companies ensure all gems they use
meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough
issue that even Bundler now generates gems with a default 'MIT' license.

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), github has created a license picker tool.

In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :).

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue and let me know. In either case, I'll follow up. Thanks!

p.s. I've written a blog post about this project
p.p.s. Here's a list of the license names I've found and their frequenceis

Gemnasium's own gemnasium-gem: dependencies are out-of-date

I am pretty sure this is not the example you are trying to make.

Gem assumes a layout similar to Rails

Namely:

rake task goes into ./lib/tasks
config goes into ./config

Support for ./.gemnasium.yml (similarly to rspec, rubocop...) would be most welcome.

New version on rubygems.org

Any chance you can push a new version of the gem on rubygems.org?

You have no off-line project matching name `oplerno` and branch `master`.

It's unclear how I can resolve this.

unexpected token at <!DOCTYPE html>

gemnasium push
2 supported dependency file(s) found: Gemfile, Gemfile.lock
746: unexpected token at '<!DOCTYPE html>
<html>
<head>
  <title>The page you were looking for doesn't exist (404)</title>
  <style type="text/css">
    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
    div.dialog {
      width: 25em;
      padding: 0 4em;
      margin: 4em auto 0 auto;
      border: 1px solid #ccc;
      border-right-color: #999;
      border-bottom-color: #999;
    }
    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
  </style>
</head>

<body>
  <!-- This file lives in public/404.html -->
  <div class="dialog">
    <h1>The page you were looking for doesn't exist.</h1>
    <p>You may have mistyped the address or the page may have moved.</p>
  </div>
</body>
</html>
'

Support for multi-module (polyglot) projects

Right now Gemnasium only supports dependency files residing in the top level repository folder. It would be great if the following could be added:

either manual specification of dependency files within sub-folders
or automatic scanning for depenency files within sub-folders (it might make sense to exclude folders like node_modules from scan by default)

If this would work for polyglot projects with modules in different supported languages, it would be even greater.

Gemnasium client spews HTML when API returns 500 error

I just attempted to use the gemnasium:push rake task (gem version: 3.2.0) and got the following output:

$ bundle exec rake gemnasium:push
2 supported dependency file(s) found: Gemfile, Gemfile.lock
757: unexpected token at '<!DOCTYPE html>
<html>
<head>
<title>500 Error</title>

<link href='//fonts.googleapis.com/css?family=Source+Sans+Pro:400,600' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Archivo+Narrow:400,400italic,700italic,700' rel='stylesheet' type='text/css'>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet">

<style type="text/css">
body{
    font-size: 14px;
    font-family: Helvetica, sans-serif;
    margin-bottom: 60px;
    text-align: center;
    margin-top: 100px;
    background-color: #EEEEEE;
}

h1{
    font-size: 55px;
    text-transform: uppercase;
    line-height: 25px;
    margin-top: 40px;
    margin-bottom: 20px;
}

h2{
    font-size: 30px;
    line-height: 32px;
    font-weight: 400;
}
h3{
    font-size: 20px;
    line-height: 26px;
    font-weight: normal;
}
a{
    font-size: 32px;
    color: #0077AA;
    line-height: 50px;
}
a:hover{
    color: #005588;
}
</style>

<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta content="authenticity_token" name="csrf-param" />
<meta content="ZFcfe1nk2OW8gwI0Gov4zuZXdKhNhZUAlrh3mwcWIUc=" name="csrf-token" />

</head>

<body>
<div class="container">
    <div class="row-fluid">
        <div class="span12">
            <img src="/images/500.png" alt="image" />
            <h1>Internal Server Error</h1>
            <h3>We've been notified about this issue and we'll take a look at it shortly.</h3>
            <br/>
            <a href="/">
            <img src="/images/logo.png" alt="image" />
            <br/>
            Go back to home page</a>
        </div>
    </div>
</div>

<!--///////////////////////////////-->
<!-- SCRIPTS -->
<!--///////////////////////////////-->

<script src="//code.jquery.com/jquery-latest.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
</body>
</html>
'

The ruby client should gracefully handle HTTP 500 responses and surface a message.
Returning a non-zero exit code seems the right thing to do here, but it would be preferable to have that be a config option since we have this rake task running on a CI machine and we don't consider this task critical enough to warrant a build failure. I'm in the position now of having to remove that build step and will have to remember to re-enable it (which I probably won't).