Skip to content
This repository was archived by the owner on Dec 12, 2020. It is now read-only.

Working example for bundler manager and gemstash ? #749

Closed
micheelengronne opened this issue Jul 13, 2020 · 7 comments
Closed

Working example for bundler manager and gemstash ? #749

micheelengronne opened this issue Jul 13, 2020 · 7 comments

Comments

@micheelengronne
Copy link

Which Renovate are you using?

Renovate Open Source CLI

Which platform are you using?

GitLab self-hosted

Have you checked the logs? Don't forget to include them if relevant

DEBUG: Datasource 404 (repository=Coppint/container-inspec)
       "datasource": "rubygems",
       "lookupName": "inspec",
       "url": "https://INTERNALDOMAIN/api/v1/gems/inspec.json"
DEBUG: Failed to look up dependency inspec (repository=Coppint/container-inspec, packageFile=Gemfile, dependency=inspec)

DEBUG: packageFiles with updates (repository=Coppint/container-inspec)
       "config": {
         "bundler": [
           {
             "packageFile": "Gemfile",
             "manager": "bundler",
             "registryUrls": [],
             "deps": [
               {
                 "depName": "inspec",
                 "managerData": {"lineNumber": 10},
                 "currentValue": "4.18.114",
                 "datasource": "rubygems",
                 "depTypes": ["production"],
                 "registryUrls": ["https://INTERNALDOMAIN"],
                 "lockedVersion": "4.18.114",
                 "depIndex": 1,
                 "updates": [],
                 "warnings": [
                   {
                     "depName": "inspec",
                     "message": "Failed to look up dependency inspec"
                   }
                 ]
               }
             ],
             "compatibility": {"bundler": "2.1.4"}
           }
         ],

What would you like to do?

I configured a gemstash server with :protected_fetch: true. I authenticate to it following their doc.

I use bundle config my-gemstash.dev api_key as well as export BUNDLE_MYGEMSTASH__DEV=api_key in my builds/tests and that works like a charm.

But, when I try to use Renovate to fetch internal gems I have 404 error (the error sent by gemstash when no credentials are set).

What do I do wrong ?

My hostRules configuration:

           {
             "hostType": "bundler",
             "hostName": "INTERNALDOMAIN",
             "token": "INTERNALTOKEN"
           }

Renovate checks correctly gems from the public rubygems.org repo.
@rarkins
Copy link
Collaborator

rarkins commented Jul 13, 2020

I think we have an incompatibility, but I think deliberate. I thought somebody raised this before but don't find a reference to gemstash in the main repo. We have a special implementation for rubygems.org, but otherwise fall back to assuming a gem server follows the official API. I suspect there's something else we're missing, any help identifying it would be appreciated. Eg which URL should it be?

@micheelengronne
Copy link
Author

micheelengronne commented Jul 13, 2020
edited
Loading

I thought the bundler implementation was to send connection infos as ENV variables in the docker container for the bundler process to fetch.

AFAIK, this url seems implemented in Gemstash but only for pushing gems https://github.com/rubygems/gemstash/blob/9d0e45d80e70f7e2d3987e5e1cdef68cd1119a91/lib/gemstash/web.rb#L48

It seems that urls used to fetch gems are /api/v1/dependencies. That's what fetched when I use bundle lock -V.

For instance, here fetching ffi and nokogiri gems

HTTP GET https://username:password@INTERNALDOMAIN/private/api/v1/dependencies
HTTP 200 OK https://username:password@INTERNALDOMAIN/private/api/v1/dependencies
Fetching gem metadata from https://INTERNALDOMAIN/private/
Query List: ["ffi", "nokogiri"]
Query Gemcutter Dependency Endpoint API: ffi,nokogiri
HTTP GET https://username:password@INTERNALDOMAIN/private/api/v1/dependencies?gems=ffi%2Cnokogiri
HTTP 200 OK https://username:password@INTERNALDOMAIN/private/api/v1/dependencies?gems=ffi%2Cnokogiri

@micheelengronne
Copy link
Author

micheelengronne commented Jul 13, 2020
edited
Loading

There are issues about Geminabox already.

The current issue is about Gemstash.

Geminabox is not maintained anymore and Gemstash is the most official private gem server project as stated here.

I think we should close the issues about Geminabox and improve the Gemstash support.

@rarkins
Copy link
Collaborator

rarkins commented Jul 14, 2020

YesX that's probably the one I was thinking of

@stale
Copy link

stale bot commented Jul 18, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed soon if no further activity occurs.

@rarkins
Copy link
Collaborator

rarkins commented Jul 18, 2020

Can you make sure we have this requirement in an issue in the main repo? We need to know what we're doing wrong today

@stale stale bot removed the pending-closure label Jul 18, 2020
@micheelengronne
Copy link
Author

micheelengronne commented Jul 20, 2020
edited
Loading

Ok, I opened it renovatebot/renovate#6787

@rarkins rarkins closed this as completed Jul 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rarkins @micheelengronne