Assumption that all gems are hosted at rubygems.org does not hold

[johnsyweb]

Context

Given a project that includes the following in its Gemfile...

source 'https://gems.contribsys.com/' do
  gem 'sidekiq-pro'
end

And a new version of sidekiq-pro becomes available...

When unwrappr is run, a comment is made thus:

---

sidekiq-pro

Major version upgrade 📈❗ 4.0.5 → 5.0.0

[change-log, source-code]

---

Expected comment

::Bundler.locked_gems.specs.find { |s| s.name == "sidekiq-pro" }.homepage
#=> "http://sidekiq.org"
# [...]
::Bundler.locked_gems.specs.find { |s| s.name == "sidekiq-pro" }.metadata
#=> {"allowed_push_host"=>"https://gems.contribsys.com", "changelog_uri"=>"https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md", "documentation_uri"=>"https://github.com/mperham/sidekiq/wiki", "wiki_uri"=>"https://github.com/mperham/sidekiq/wiki"}

---

sidekiq-pro

Major version upgrade 📈❗ 4.0.5 → 5.0.0

[change-log, source-code]

---

[joesustaric]

Just reading this one.
This is because we make an assumption that all gems are hosted on rubygems.org?

I'm not super familiar with the RubyGems API but would this be a matter of parsing the source URL then talking to it to receive the necessary metadata?

[johnsyweb]

Exactly!

Unwrappr calls the RubyGems API, which works most of the time to get the Gem metadata. However for privately-hosted gems (such as Sidekiq Pro but also ones that are hosted within an organisation), this metadata isn't publicly available. I think we can get this programmatically using BundlerCommandRunner instead.