Cop/GemFetcher: Match also when gem version is used
What does this MR do and why?
This MR fixes Cop/GemFetcher
to also flag gem "name", "version", git: "..."
like:
gem 'gitlab-styles', '~> 9.2.0', require: false,
git: 'git@gitlab.com:gitlab-org/ruby/gems/gitlab-styles.git',
ref: 'bump-deps'
This functionality was broken in !144 (merged).
See !144 (diffs, comment 1231949739)
Refs https://docs.gitlab.com/ee/development/gemfile.html#no-gems-fetched-from-git-repositories.
Discovered while testing !146 (merged) on gitlab-org/gitlab
.
How to verify locally
- Apply the diff:
diff --git a/Gemfile b/Gemfile
index af98996..c8a9311 100644
--- a/Gemfile
+++ b/Gemfile
@@ -11,7 +11,7 @@ end
group :test do
# Pin these dependencies, otherwise a new rule could break the CI pipelines
- gem 'rubocop', '1.38.0'
+ gem 'rubocop', '1.38.0', git: 'git@github.com:rubocop/rubocop.git', ref: 'v1.38.0'
gem 'rubocop-rspec', '2.15.0'
gem 'rspec-parameterized', '0.5.2', require: false
end
bundle
bundle exec rubocop
✅
This MR $ be rubocop
Inspecting 99 files
.C.................................................................................................
Offenses:
Gemfile:14:28: C: Cop/GemFetcher: Do not use gems from git repositories, only use gems from RubyGems or vendored gems. See https://docs.gitlab.com/ee/development/gemfile.html#no-gems-fetched-from-git-repositories
gem 'rubocop', '1.38.0', git: 'git@github.com:rubocop/rubocop.git', ref: 'v1.38.0'
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
99 files inspected, 1 offense detected
master
❌
$ be rubocop
Inspecting 99 files
...................................................................................................
99 files inspected, no offenses detected
Edited by Peter Leitzen