Skip to content

BundlerChecksum: Add command to lint gems checksums

Peter Leitzen requested to merge pl-bundler-checksum-lint into master

What does this MR do and why?

BundlerChecksum: Add command to lint gems checksums

This command checks if every gem has a corresponding checksum stored. It does not verify the checksum though.

To avoid failing CI pipelines let lefthook lint gems when Gemfile.lock has changed and ensure that every gem has a checksum stored.

Contributes to #414374 (closed).

Screenshots or screen recordings

No gem changes Gemfile.lock changed without checksum 💥 Gemfile.lock with checksum changes
Screenshot_from_2023-06-13_13-41-41 Screenshot_from_2023-06-13_13-41-04 Screenshot_from_2023-06-13_13-41-25

How to set up and validate locally

  1. Add gem "foo" to Gemfile (see httos;//rubygems.org/gems/foo)
  2. Run bundle install
  3. Commit the changes git commit -m 'Add gems' Gemfile*
  4. Run bundle exec lefthook run pre-push 💥
  5. Run bundle exec bundler-checksum init
  6. Amend the latest commit git commit --amend -m 'Add gems' Gemfile*
  7. Run bundle exec lefthook run pre-push

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Peter Leitzen

Merge request reports