You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I, along with I'm sure many other developers, leverage Rubocop for static analysis on my Ruby application. Rubocop has the rule Bundler/OrderedGems that enforces gems listed in the Gemfile must be sorted within their respective newline delimited blocks/groups.
I recently just got the security update from deppbot (much appreciated, btw.) but unfortunately the PR failed my CI due to the aforementioned Rubocop rule failing. This prevented me from immediately merging the changing and releasing it, which any security update should be.
This was because deppbot added it directly after a previous gem.
Example: Pull Request
gem 'unicorn'
+gem 'nokogiri'
To fix this issue, I had to manually pull the branch down, fix the issue, the push it back up to the branch. Not impossible, but adds time to a security incident resolution.
Solution Proposal
To enable this to pass immediately from the pull request, there's two options:
For the last group, alphabetically sort the gems and ensure that the nokogiri gem comes before unicorn.
Add a newline before the added gem. This separates it out into a separate Gemfile group, which would pass the Rubocop rule.
This would enable Rubocop users to immediately merge these updates into their branch.
Regardless, I really appreciate deppbot and the time it saves me.
The text was updated successfully, but these errors were encountered:
Problem Statement
I, along with I'm sure many other developers, leverage Rubocop for static analysis on my Ruby application. Rubocop has the rule Bundler/OrderedGems that enforces gems listed in the Gemfile must be sorted within their respective newline delimited blocks/groups.
I recently just got the security update from deppbot (much appreciated, btw.) but unfortunately the PR failed my CI due to the aforementioned Rubocop rule failing. This prevented me from immediately merging the changing and releasing it, which any security update should be.
This was because deppbot added it directly after a previous gem.
Example: Pull Request
To fix this issue, I had to manually pull the branch down, fix the issue, the push it back up to the branch. Not impossible, but adds time to a security incident resolution.
Solution Proposal
To enable this to pass immediately from the pull request, there's two options:
This would enable Rubocop users to immediately merge these updates into their branch.
Regardless, I really appreciate deppbot and the time it saves me.
The text was updated successfully, but these errors were encountered: