Page MenuHomePhabricator
Create Task
Maniphest T181576

Make a bot to bump our trivial-but-with-security-warnings Ruby CI dependency chain
Closed, DeclinedPublic
Actions

Description

We use Ruby for CI purposes in a lot of repos (at least until T138401: Replace jsduck with JSDoc3 across all Wikimedia code bases). This means we have a small dependency chain subject to updates (and potentially security issues, as is suggested with rubocop).

Steps, not all procedural:

  1. git checkout -b bump-ruby-ci
  2. Edit the Gemfile and Rakefile to update to current templates, remove crud, update versions
  3. bundle update
  4. bundle exec rake
  5. Sanity-check it still tests the right files
  6. rubocop --auto-gen-config
  7. Sanity-check the auto-gen'ed config is not stupid
  8. bundle exec rake
  9. git add Gemfile Gemfile.lock Rakefile .jsduck/
  10. git commit -m "build: Update Ruby toolchain to latest"

Example: https://gerrit.wikimedia.org/r/#/c/393918/

Related Objects

Event Timeline

Jdforrester-WMF created this task.Nov 28 2017, 11:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 28 2017, 11:16 PM
Jdforrester-WMF added a comment.Nov 28 2017, 11:16 PM

I'm sure a better Ruby guru (pretty much anyone) could turn my comments into a better set of commands…

Jdforrester-WMF updated the task description. (Show Details)Nov 28 2017, 11:16 PM
Jdforrester-WMF updated the task description. (Show Details)
Legoktm updated the task description. (Show Details)Nov 28 2017, 11:20 PM
hashar removed a project: Continuous-Integration-Config.May 5 2020, 2:18 PM
Legoktm subscribed.Dec 29 2020, 7:08 AM

Is this still needed? For what it's worth, adding a new language/package manager should be much easier now...

Jdforrester-WMF added a comment.Dec 31 2020, 2:52 AM

Given https://codesearch.wmcloud.org/search/?q=gem&i=nope&files=Gemfile&repos= I guess we can skip? Eh.

Legoktm closed this task as Declined.Dec 31 2020, 9:12 AM

Yeah, not worth it for 6 repos (minus the ones that are using it for puppet stuff).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL