feat: add RubyGems registry support#60
Open
kylesnowschwartz wants to merge 1 commit into
Open
Conversation
Add gem:, ruby:, and rubygems: prefixes to fetch Ruby gem source code via rubygems.org API. Same shape as npm, PyPI, and crates.io. Usage: opensrc path gem:rails opensrc path ruby:sidekiq opensrc path gem:nokogiri@1.16.0 The API returns source_code_uri, which maps to a git clone URL. Falls back to homepage_uri if source_code_uri is absent. Also adds --rubygems to clean and shows RubyGems in list output. Rebased onto current main against vercel-labs#56's structured-error refactor, and adds the Registry::RubyGems arm in remove.rs that the review bot flagged on the original PR. Also tightens remove.rs to skip the cross-registry fallback when the user supplied an explicit prefix, so `opensrc remove gem:foo` cannot delete a cached npm/PyPI/crates `foo`. Collapses the rubygems.rs VersionNotFound variant into PackageNotFound, since a single-call V2 endpoint can't tell "gem missing" from "version missing" apart. Co-authored-by: Kyle Snow Schwartz <kyle.schwartz@envato.com>
|
@mvanhorn is attempting to deploy a commit to the Vercel Labs Team on Vercel. A member of the Team first needs to authorize it. |
|
Thanks for picking this up @kylesnowschwartz -- happy to see #43's work landed under your stewardship with the co-authorship credit preserved. Two of the changes you added are real improvements I missed:
The three out-of-scope concerns all look legitimate to me on a re-read of LGTM as a contributor; deferring to vercel-labs on the merge call. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Re-submission of #43 (Matt Van Horn's RubyGems registry support), rebased onto current main with the remove.rs fix the review bot flagged on the original PR, plus two follow-on fixes surfaced during review.
Adds
gem:,ruby:, andrubygems:prefixes to fetch Ruby gem source code via rubygems.org API. Same shape as npm, PyPI, and crates.io.Usage
Also adds
--rubygemstoopensrc cleanand shows RubyGems inopensrc list.What changed vs #43
Box<dyn std::error::Error>with the crate's typedError/Resultacross all registries.rubygems.rsnow usesError::PackageNotFound,Error::HttpStatus, andError::NoRepoUrlto match the other registry modules.opensrc fetchsubcommand #53'sopensrc fetchsubcommand. The empty-state hint usesfetchexamples to match the post-Addopensrc fetchsubcommand #53 style.Registry::RubyGemsto the fallback registry scan in remove.rs, the issue the review bot flagged on feat: add RubyGems registry support #43. Without it, RubyGems packages could only be removed by an explicitgem:prefix.opensrc remove gem:railsno longer risks deleting a cached npm/PyPI/cratesrailswhen no gemrailsis present. Added awas_explicit: boolfield toDetectedRegistryto carry the prefix information out of detection.VersionNotFoundwas replaced with a singlePackageNotFoundreporting the user's spec verbatim.Known limitations (out of scope here)
Three concerns surfaced during review that exist in current
mainfor every registry, not just RubyGems. Flagging for maintainer visibility; happy to open separate PRs if helpful:Substring-based host validation.
is_git_repo_urlincore/registries/mod.rsusesurl.contains("github.com"), andauthenticated_clone_urlrewrites credentials viastr::replace. A malicious package whose repository URL contains a known host as a substring (e.g.https://github.com.evil.example/owner/repo) passes validation and would receiveGITHUB_TOKEN. Fix: parse withurl::Urland require exact host match.Default-branch fallback silently mislabels cache.
clone_at_tagincore/git.rstreats a tagless default-branch clone as success afterv{version}and{version}both miss.sources.jsonthen records the package at the requested version while the cache holds default-branch HEAD. RubyGems is more likely to hit this than npm/crates because gem repos don't uniformly tag with thevprefix.URL encoding inconsistency.
npm.rsencodes package names withurlencoding::encode;pypi.rs,crates.rs, and this PR'srubygems.rsinterpolate raw. Probably benign for the constrained name characters these registries allow, but worth aligning.Testing
All 107 tests pass. fmt and clippy clean.
Credit
Original work by @mvanhorn in #43. The squashed commit keeps Matt as Author. I'm listed as Co-author for the rebase, error-pattern port, remove.rs scoping fix, and error-variant collapse.
This PR was AI-generated and human-reviewed. The rebase, error refactor, and remove.rs fixes were prepared with Claude Code under my review, with adversarial review from Codex and Gemini before submission.