Blog
21 Mar 2024
February 2024 RubyGems Updates
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in February.
RubyGems News
This month, RubyGems released RubyGems 3.5.6 and Bundler 2.5.6. These updates include enhancements such as improved deep copy requirements in Gem::Specification and Gem::Requirement specifications, and improvements to the gem login scope. These efforts are part of our ongoing commitment to improving the RubyGems development experience.
Another accomplishment from the team this month:
Merging a new gem rebuild command
- The goal of this feature was to help create a simplified version of gem rebuild command as a standalone tool, so reproducible builds are available for existing RubyGems versions (since RubyGems versions have to match a build to be reproduced properly). The process involved setting up reproducible gem builds as a default, and including the
Gem.source_date_epochvalue into the metadata of built gems. - The groundwork for this command involved a preliminary rebuild script to assess reproducibility requirements. Special thanks to @duckinator for their significant contributions in developing this feature.
In February, RubyGems gained 97 new commits contributed by 16 authors. There were 691 additions and 329 deletions across 120 files.
RubyGems.org News
February’s updates to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform.
The following are highlights of what the team worked on this month:
Converted Rubygems.org to Importmap + Stimulus Controllers
- The goal of adding stimulus controllers is to enable a modern, faster and simpler development experience for devs and bring us all the way to the most modern Rails default.
- We introduced
importmapson RubyGems.org last month to set us up for adding stimulus controllers. This entailed first creating a foundation for import map changes - the first stage of which was a migration topropshaft, allowing us to avoid Node entirely for our assets and still use and update npm packages for JS. The second stage was creating a separate pull request for the import map changes. - We’ve now begun implementing changes, adding an API key stimulus controller and improving it for ease of developer use.
- If you’re interested in learning more about Stimulus.js and its best practices, more information can be found here and here.
Improving the Design of RubyGems Gems page
- The Gems page on RubyGems ranks as the most visited page of the website, serving as a key resource for engineers to understand essential details about a gem, including its purpose, licenses, dependencies, and how to access and install the gem itself. Recognizing the importance of these pages in helping visiting engineers accomplish their tasks, it’s crucial to closely examine their needs and ensure that the page structure and design align with their objectives.
- Through interviews and discussions with RubyGems power users and stakeholders, we have been able to identify the fundamental values of the interface elements, understand the reasons behind their development, track their evolution, and determine the most beneficial next steps for our broader user base. Moving forward, we are exploring new design options to enhance user experience on these pages.
Initiating the Gem Research Tool Project
- This will be most relevant for RubyGems developers. The team will be able to use this as a playground for features that we want to expose to the public eventually, like browsing gem contents and being able to make queries. We also have been able to use this for security research to assess the impact of particular changes across the entire published gem ecosystem.
- The creation of this tool has involved (and will continue to involve) a lot of investigation, experimentation and steps like renting a dedicated server from Hetzner to host the gem research tool, after repeatedly running out of disk space!
Developing a Pure Ruby Sigstore Implementation
- This project kicked off with a long-term goal of integrating it directly into RubyGems. The team is drawing inspiration from the existing sigstore and The Update Framework (TUF) implementations in Python.
- We intend to focus on meeting the sigstore compliance specifications through continuous iterations. Additionally, by analyzing code and branch coverage, we’re identifying sections that need more extensive testing.
- A critical part of this project is creating a
protobufimplementation that does not depend on native extensions, ensuring it can be seamlessly incorporated into RubyGems.
In February, RubyGems.org gained 86 new commits contributed by 13 authors. There were 5,265 additions and 2,022 deletions across 270 files.
Thank you
Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.
Contributors to RubyGems:
- @nobu Nobuyoshi Nakada
- @martinemde Martin Emde
- @deivid-rodriguez David Rodríguez
- @VitaliySerov Vitaliy Serov
- @flavorjones Mike Dalessio
- @jgarber623 Jason Garber
- @kimesf Kim Emmanuel
- @hsbt Hiroshi Shibata
- @ccutrer Cody Cutrer
- @simi Josef Šimánek
- @mame Yusuke Endoh
- @segiddins Samuel Giddins
- @dduugg Douglas Eichelberger
- @indirect André Arko
Contributors to RubyGems.org:
- @jenshenny Jenny Shen
- @martinemde Martin Emde
- @segiddins Samuel Giddins
- @hsbt Hiroshi Shibata
- @simi Josef Šimánek
- @colby-swandale Colby Swandale
- @sh0n0 sh0n0
- @coorasse Alessandro Rodi
- @CuddlyBunion341 Daniel Bengl
- @albertchae Albert Chae
- @bradly Bradly Feeley
- @ekyburz EtienneKyburz
- @indirect André Arko
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.