Rubygems Package Manager MVC
Release post
For any organization delivering software, providing teams with an easy and secure way to manage dependencies is critical. Package managers, such as RubyGems, provide a standardized way to share and version-control these libraries across projects.
We are proud to offer support for publishing Ruby packages directly into GitLab. Developers now have an easier way to publish their projects’ gems. All you have to do is set the RubyGems remote to the GitLab Package Registry and start uploading, installing, and deleting packages today.
Problem to solve
The goal of the Package group is to build a set of features that, within three years, will allow ninety percent of our customers to store all of their packages in GitLab. In order to achieve that goal, we must provide support for the most commonly used package managers for our users. T
Ruby developers need a mechanism to create, share, and consume packages that contain compiled code and other content in projects that consume these packages.
Proposal
Provide support for users coding in Ruby/Rails by integrating with RubyGems and allowing developers to publish, share, and consume packages alongside their source code and CI/CD pipelines.
Proposed MVC Scope
- We will provide documentation for, configuring the client to add GitLab to the remote list.
- Users are able to authenticate using their GitLab credentials
- Users are able to push a package
- Users are able to pull a package
- Users are able to delete a package (for the MVC, we will only allow deletion via the Packages API or the UI)
Further details
Investigation results
📄 Summary
Implementing the RubyGems package registry combines a variety of the behavior's we have seen in previously implemented package managers (metadata extraction, index creation, authentication potentially using a secondary JWT). Because we are familiar with these patterns, we can work from pre-established code. RubyGems Gem
module is also written in ruby and available to help with some of the operations we need to perform.
🔎 Issue breakdown
Each item represents 1 MR, we can create an issue for each, or keep things like "Upload" combined in one issue with many MRs.
-
API skeleton with feature flag
-
Authentication
GET /api/v4/projects/27/packages/gems/api/v1/api_key
-
Workhorse route
-
Upload
-
Metadata model, table, factories, fixtures
-
Dependency services
-
Metadata extraction services and jobs
-
Package and package file creation services
-
Upload routes
POST /api/v4/projects/27/packages/gems/api/v1/gems POST /api/v4/projects/27/packages/gems/api/v1/gems/authorize
-
-
Install
-
Spec file generation
-
Spec file download routes
GET "/api/v4/projects/27/packages/gems/specs.4.8.gz" GET "/api/v4/projects/27/packages/gems/latest_specs.4.8.gz" GET "/api/v4/projects/27/packages/gems/specs.4.8.gz"
-
Dependencies route
GET "/api/v4/projects/27/packages/gems/api/v1/dependencies"
-
Versions route
GET "/api/v4/projects/27/packages/gems/versions"
-
Gemspec download route
GET "/api/v4/projects/27/packages/gems/quick/Marshal.4.8/test_gem-1.0.0.gemspec.rz
-
Gem download route
GET "/api/v4/projects/27/packages/gems/gems/test_gem-1.0.0.gem"
-
-
Remove feature flag
Metadata
Metadata will need to be extracted, similar to how we handle NuGet. For the MVC we will extract the following fields:
- authors=
- files
- name
- summary
- version
- description
- homepage
- license=
- licenses=
- metadata
After the MVC, we'll add:
- add_development_dependency
- add_runtime_dependency
- author=
- bindir
- cert_chain
- executables
- extensions
- extra_rdoc_files
- platform=
- post_install_message
- rdoc_options
- require_paths=
- required_ruby_version
- required_ruby_version=
- required_rubygems_version
- required_rubygems_version=
- requirements
- rubygems_version
- signing_key
Links
- https://github.com/geminabox/geminabox
-
https://guides.rubygems.org/rubygems-org-api/
- This API is handled by https://github.com/rubygems/rubygems.org (check the routes file)
- https://guides.rubygems.org/command-reference/#gem-push
Testing
An end-to-end test for this package manager is scheduled gitlab-org/quality/testcases#1131 (closed) the coverage should be similar to package managers already in the Package QA test suite epic
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.