Automated Updates for RubyGems Repos will end on Feb 26, 2016 #17
Description
Since the beginning, deppbot works for any GitHub repositories that contain a valid Gemfile and lockfile (Gemfile.lock).
While most users subscribed their Ruby/Rails apps on https://www.deppbot.com, we also noticed that some users subscribed their RubyGem repositories. As long as these RubyGem repositories have a valid Gemfile and lockfile, @deppbot will perform its scheduled automated updates on these repositories too.
However, we don't think that this is the optimal practice for such RubyGem repositories.
Yehuda sums up our sentiments excellently in this blog post and we quote:
When developing a gem, use the gemspec method in your Gemfile to avoid duplication. In general, a gem's Gemfile should contain the Rubygems source and a single gemspec line. Do not check your Gemfile.lock into version control, since it enforces precision that does not exist in the gem command, which is used to install gems in practice. Even if the precision could be enforced, you wouldn't want it, since it would prevent people from using your library with versions of its dependencies that are different from the ones you used to develop the gem.
That said, there are RubyGem repositories which also behave like small apps. Typically, these repos have a .gemspec file (which identifies it as a gem), and either a config.ru or Procfile. e.g. attache. It is necessary for such repositories to include both Gemfile and lockfile and be updated continuously.
With that in mind, with effect from 26th Feb, deppbot will stop Automated Updates for all RubyGem repositories because these repositories shouldn't have a Gemfile.lock in the first place, and we believe that deppbot shouldn't perpetuate an unnecessary practice of updating Gemfile.lock in RubyGem repositories. This excludes RubyGem repositories with either config.ru or Procfile present.
Hence, if you have a RubyGem repo subscribed on deppbot, it will eventually be automatically unsubscribed from deppbot.
As a good practice, you might also want to remove the lockfile from your version control and add Gemfile.lock to .gitignore for your RubyGem repos.
If you have any questions, please do not hesitate to let us know (either comment below or email us at [email protected]).
Thank you!
deppbot Team