gemfury / gemfury Goto Github PK

View Code? Open in Web Editor NEW

62.0 62.0 28.0 250 KB

Gemfury CLI and API client

Home Page: https://gemfury.com/help/gemfury-cli

License: MIT License

Ruby 100.00%

cli gemfury private-npm private-rubygems

gemfury's Introduction

Gemfury Ruby Library

The Gemfury Ruby library provides convenient access to the Gemfury API from software written in the Ruby language.

Gemfury is your personal cloud for your private and custom RubyGems, Python packages, and NPM modules. Once you upload your packages and enable Gemfury as a source, you can securely deploy any package to any host. It's simple, reliable, and hassle-free.

Important

Gemfury CLI has moved. We are migrating to a native CLI, and will be removing the CLI portion of this RubyGem. The API Client portion will remain and continue as the Gemfury Ruby SDK.

Introduction to Gemfury

Putting Gemfury to work

Using the Gemfury Client

You can also use the client directly via Ruby; you will need a "Full access token" (API token) from https://manage.fury.io/manage/YOUR-ACCOUNT-NAME/tokens/api

require 'gemfury'

client = Gemfury::Client.new(user_api_key: "YOUR API TOKEN")

all_artifacts = client.list
puts "Available artifacts:"
puts all_artifacts

one_artifact = all_artifacts[0]
puts "Versions of the #{one_artifact['language']} artifact #{one_artifact['name']}:"
artifact_versions = client.versions(one_artifact["name"])
puts artifact_versions.map { |v| v["version"] }

More information about the Gemfury::Client API is hosted on rubydoc.info.

Contribution and Improvements

Please email us if we've missed some key functionality or you have problems installing the CLI client. Better yet, fork the code, make the changes, and submit a pull request to speed things along.

Submitting updates

If you would like to contribute to this project, just do the following:

Fork the repo on Github.
Add your features and make commits to your forked repo.
Make a pull request to this repo.
Review will be done and changes will be requested.
Once changes are done or no changes are required, pull request will be merged.
The next release will have your changes in it.

Please take a look at the issues page if you want to get started.

Feature requests

If you think it would be nice to have a particular feature that is presently not implemented, we would love to hear that and consider working on it. Just open an issue in Github.

Dependency conflicts

Over time, dependencies for this gem will get stale and may interfere with your other gems. Please let us know if you run into this and we will re-test our gem with the new version of the dependency and update the gemspec.

Questions

Please email [email protected] or file a Github Issue if you have any other questions or problems.

gemfury's People

Contributors

Stargazers

Watchers

gemfury's Issues

Gemfury::Client::yank_version has been raising 404 for the last month

Hi,

In the Apache Arrow community we do use Gemfury to store our nightly pyarrow and adbc wheels. We had a job to clean up old wheels that run nightly with the following ruby script:

# Clean old releases from Gemfury.

require "gemfury"

client = Gemfury::Client.new(user_api_key: ENV["GEMFURY_API_TOKEN"])

client.list.each do |artifact|
  puts artifact["name"]
  versions = client.versions(artifact["name"])
  versions.sort_by! { |v| v["created_at"] }

  # Keep all versions uploaded within 90 days of the last uploaded version
  cutoff = DateTime.parse(versions.last['created_at']) - 90.0

  versions.each do |version|
    time = DateTime.parse(version['created_at'])
    if time < cutoff
      client.yank_version(artifact["name"], version["version"])
      puts "Yanked #{artifact['name']} #{version['version']} (created #{version['created_at']})"
    else
      puts "Kept #{artifact['name']} #{version['version']} (created #{version['created_at']})"
    end
  end
end

This had been working for us for a long time (~1 year) but on the last month we started getting 404's when trying to yank existing old wheels:

Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:14:54.440Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:14:55.255Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:22:53.335Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:23:02.456Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:30:59.804Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:32:31.240Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:34:39.163Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:36:48.953Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:37:44.074Z with Gemfury::NotFound
Failed to yank pyarrow 13.0.0.dev497 (created 2023-07-13T10:39:39.833Z with Gemfury::NotFound

Those wheels do exist on Gemfury.

We have temporarily disabled those jobs but we would like to be able to clean the old wheels. Has there been any change that makes this obsolete? I can see the method should still be available: https://github.com/gemfury/gemfury/blob/main/lib/gemfury/client.rb#L69

These are the related issues on arrow adbc: apache/arrow-adbc#1085
and arrow: apache/arrow#38308

License missing from gemspec

Some companies will only use gems with a certain license.
The canonical and easy way to check is via the gemspec,

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Even for projects that already specify a license, including a license in your gemspec is a good practice, since it is easily
discoverable there without having to check the readme or for a license file. For example, it is the field that rubygems.org uses to display a gem's license.

For example, there is a License Finder gem to help companies ensure all gems they use
meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough
issue that even Bundler now generates gems with a default 'MIT' license.

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), github has created a license picker tool.

In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :).

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue and let me know. In either case, I'll follow up. Thanks!

p.s. I've written a blog post about this project
p.p.s. Here's a list of the license names I've found and their frequenceis

uninitialized constant URI::Parser::Generic (NameError)

when running fury whoami with ruby 1.9.3-p484 I get

/Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/1.9.1/uri/common.rb:218:in `parse': uninitialized constant URI::Parser::Generic (NameError)
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/1.9.1/uri/common.rb:747:in `parse'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/gemfury-0.4.22/lib/gemfury/command/authorization.rb:72:in `netrc_host'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/gemfury-0.4.22/lib/gemfury/command/authorization.rb:11:in `has_credentials?'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/gemfury-0.4.22/lib/gemfury/command/app.rb:16:in `whoami'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/thor-0.18.1/lib/thor/command.rb:27:in `run'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/thor-0.18.1/lib/thor/invocation.rb:120:in `invoke_command'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/thor-0.18.1/lib/thor.rb:363:in `dispatch'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/thor-0.18.1/lib/thor/base.rb:439:in `start'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/gems/gemfury-0.4.22/bin/fury:10:in `<top (required)>'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/bin/fury:23:in `load'
    from /Users/Daniel/.rbenv/versions/1.9.3-p484/bin/fury:23:in `<main>'

Upload error

I'm getting this message when try to upload a package builded by myself.

There's no log to debug.

This is the build script of package.
https://git.disroot.org/rauldipeas/apt-repository/src/branch/main/scripts/mkpkg/raindrop.sh

v0.4.24 returns "Error occurred, contact support"

When we rake release on v0.4.24 we get the "contact support" error, but not when we roll back to v0.4.23.

Is there something we need to configure on our account for v0.4.24?

Connection Issues

We are trying to pull some PIP packages from gemfury,

pip return the following error :

WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7fcc3aabc490>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /intelcom-metrics/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7fcc3aabc5e0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /intelcom-metrics/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7fcc3aabc7c0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /intelcom-metrics/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7fcc3aabc9a0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /intelcom-metrics/
ERROR: Could not find a version that satisfies the requirement intelcom-metrics==0.0.1 (from versions: none)
ERROR: No matching distribution found for intelcom-metrics==0.0.1

this error is copied from our github actions job,

Can you please advise on this?

CLI and API 'add collaborators' call does not work

Hi,

I want to use your API to programmatically add a collaborator to my gemfury project. Removing a collaborator works fine, but adding one does not. I get these messages in the CLI and programmatically, respectively.

Ian-Axelrod:ops-tools ianaxelrod$ fury sharing:add <MY EMAIL>
Oops! Something went wrong. Please contact support.

PUT /collaborators/<MY EMAIL>
...
404 Client Error: Not Found for url: https://api.fury.io/collaborators/<my email>

Any ideas? Cheers,

-Ian

GemFury PyPI server embeds credentials in JSON responses

Hi GemFury Team!

We use GemFury as a private PyPI repository, but have been suffering from compatibility issues with our chosen Python package management system, Poetry.

The main issue we're currently facing is that Poetry cannot handle the URLs which include embedded credentials as returned by the GemFury server. For example, listing all of our packages we get a response like (with ${FURY_TOKEN} replaced by our actual token):

<!DOCTYPE html>
<html>
  <head><title>Simple Index</title></head>
  <body>
    <a href="https://${FURY_TOKEN}:@pypi.fury.io/repo/package_one">package_one</a>
    ...
    <a href="https://${FURY_TOKEN}:@pypi.fury.io/repo/package_n">package_n</a>
  </body>
</html>

Because of Poetry issue #746, Poetry fails to provide proper credentials when trying to follow requests including embedded credentials. We are currently working around this issue by using an in-house fork of Poetry.

However, beyond the inconvenience this causes, it's also a security issue for us, even when just using pip. As a result of the embedded credentials, we now have our GemFury token all over our dev, CI and prod logs, because it's printed every time pip installs something from our GemFury repository:

Collecting package_one==0.0.1 (from -r requirements.txt (line 38))
  Downloading https://${GEMFURY_TOKEN}:@pypi.fury.io/repo/-/ver_47e83/package_one-0.0.1.tar.gz

I know this is more of a server issue, so please let me know if I should direct this request to another channel.

Thanks!

Faraday::Error::ParsingError: uninitialized constant JSON::Parser

$ DEBUG=1 fury push
Please enter your Gemfury credentials.
Email: ...
Password:
Oops! Something went wrong. Looking into it ASAP!
Faraday::Error::ParsingError: uninitialized constant JSON::Parser
/Users/kurtisrainboltgreene/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/json/common.rb:155:in `parse'
../gems/faraday_middleware-0.9.0/lib/faraday_middleware/response/parse_json.rb:11:in `block in <class:ParseJson>'
../gems/faraday_middleware-0.9.0/lib/faraday_middleware/response_middleware.rb:48:in `call'
../gems/faraday_middleware-0.9.0/lib/faraday_middleware/response_middleware.rb:48:in `parse'
../gems/faraday_middleware-0.9.0/lib/faraday_middleware/response_middleware.rb:39:in `process_response'
../gems/faraday_middleware-0.9.0/lib/faraday_middleware/response_middleware.rb:32:in `block in call'
../gems/faraday-0.8.8/lib/faraday/response.rb:63:in `on_complete'
../gems/faraday_middleware-0.9.0/lib/faraday_middleware/response_middleware.rb:30:in `call'
../gems/faraday-0.8.8/lib/faraday/request/url_encoded.rb:14:in `call'
../gems/faraday-0.8.8/lib/faraday/request/multipart.rb:13:in `call'
../gems/gemfury-0.4.19/lib/faraday/request/multipart_with_file.rb:16:in `call'
../gems/faraday-0.8.8/lib/faraday/connection.rb:253:in `run_request'
../gems/faraday-0.8.8/lib/faraday/connection.rb:118:in `post'
../gems/gemfury-0.4.19/lib/gemfury/client.rb:61:in `get_access_token'
../gems/gemfury-0.4.19/lib/gemfury/command/authorization.rb:42:in `prompt_credentials!'
../gems/gemfury-0.4.19/lib/gemfury/command/authorization.rb:20:in `with_authorization'
../gems/gemfury-0.4.19/lib/gemfury/command/app.rb:149:in `with_checks_and_rescues'
../gems/gemfury-0.4.19/lib/gemfury/command/app.rb:28:in `push'
../gems/thor-0.18.1/lib/thor/command.rb:27:in `run'
../gems/thor-0.18.1/lib/thor/invocation.rb:120:in `invoke_command'
../gems/thor-0.18.1/lib/thor.rb:363:in `dispatch'
../gems/thor-0.18.1/lib/thor/base.rb:439:in `start'
../gems/gemfury-0.4.19/bin/fury:10:in `<top (required)>'
../bin/fury:23:in `load'
../bin/fury:23:in `<main>'

Gemfury PHP repository does not process 'conflict'-constraints

If a PHP Composer package uploaded to Gemfury contains a conflict-constraint with another package (https://getcomposer.org/doc/04-schema.md#conflict), that constraint is not put into the packages.json index file that Gemfury offers to the composer CLI client. As a result, composer does not take the conflict-constraint into account when determining the set of packages to install, causing incompatible packages to show up together in a project.

To reproduce:

Create a composer test project and install (say) symfony/console version ^3.4 in it.
Create another package (say foo/bar), put "conflict": { "symfony/console": "<4.0" } in its composer.json, and upload it to Gemfury as version 1.0.0.
Try to install that version into the composer test project by running composer require foo/bar=^1.0.0

Expected result: Composer indicates that the requirements could not be resolved to an installable set of packages. The packages.json that composer retrieved from Gemfury and cached on disk contains the conflict-constraint.

Actual result: Composer installs foo/bar without complaining. The packages.json cached on disk lacks the conflict-constraint.

more details on error "problem processing this package"

we have started seeing errors while releasing a gem
(last successful push on 2020-11-03, first failed push on 2020-11-05)

➜  my-gem git:(88f096d) bundle exec rake release
my-gem 0.16.7 built to pkg/my-gem-0.16.7.gem.
Tag v0.16.7 has already been created.
Uploading my-gem-0.16.7.gem - problem processing this package
There was a problem uploading at least 1 package

after searching around, I've found that the gem is "invalid"

gemfury/lib/gemfury/command/app.rb

Lines 334 to 335 in bbc75b5

    
           rescue Gemfury::CorruptGemFile => e 
        
             shell.say "- problem processing this package", :red

gemfury/lib/gemfury/client.rb

Line 247 in f2c1bb1

when 'InvalidGemFile' then Gemfury::CorruptGemFile

But I'm not sure that's the problem

Is it related to this ?

We will deprecate gems.gemfury.com endpoint for downloading and uploading packages.

We have not changed our build/release script and it worked fine.

Our set up :

# my-gem.gemspec

  spec.metadata['allowed_push_host'] = 'https://gem.fury.io/'

# Rakefile

require 'bundler/gem_tasks'
require 'gemfury'
require 'gemfury/command'
# Override rubygem_push to push to gemfury instead when doing `rake release`
module Bundler
  class GemHelper
    def rubygem_push(path)
      ::Gemfury::Command::App.start(['push', path])
    end
  end
end

# ~/.gem/gemfury

---
:gemfury_api_key: XXX

(inspired by https://stackoverflow.com/questions/18229805/override-rake-release-task-to-use-gemfury)

Expired SSL certificate for fury.io

It seems the certificate for fury.io expired at 14:00 UTC +2 today:

This precludes us from building our applications since we receive an SSL verification error from Bundler:

Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://gem.fury.io/

Can't upload not even one single js file as a module in the web UI

I'm trying to upload npm modules to gemfury via the UI or curl and is not working.

I'm trying to upload a single js file that say

'exports.test = "It works";'

I'm putting this issue here cause I've sent a mail to the gemfury email list and I got no answer.

Bundler 2.2+ looks for gem dependencies in Gemfury when https://rubygems.org is the primary source

TL;DR: Does Gemfury work with Bundler 2.2+? It seems not to for me.

I realize this isn't related to the Gemfury CLI, but I wanted to post somewhere public where this issue might get attention (I hit a wall with customer support).

For me, Gemfury works fine with Bundler 2.1. But in 2.2 and later versions, for gems sourced from Gemfury, it attempts to get these gems' dependencies from Gemfury (even when rubygems.org is specified as the primary source).

Here's a reproduction:

#/usr/bin/env bash

ruby -v
gem -v
bundle -v

mkdir bundler-test
cd bundler-test
wget https://rubygems.org/downloads/rspec-rails-6.0.1.gem
fury push rspec-rails-6.0.1.gem
cat <<EOF> Gemfile
source "https://rubygems.org/"
gem "rspec-rails", source: "https://[redacted]@gem.fury.io/[redacted]/"
EOF
bundle install --verbose

This downloads rspec-rails (a random gem that has some dependencies), pushes it to Gemfury, creates a Gemfile that sources rspec-rails from Gemfury and has rubygems.org as a primary source, and runs bundle install.

Here's the output:

ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-darwin20]
3.4.10
Bundler version 2.4.10
--2023-05-08 13:56:39--  https://rubygems.org/downloads/rspec-rails-6.0.1.gem
Resolving rubygems.org (rubygems.org)... 151.101.193.227, 151.101.65.227, 151.101.1.227, ...
Connecting to rubygems.org (rubygems.org)|151.101.193.227|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 70144 (68K) [binary/octet-stream]
Saving to: ‘rspec-rails-6.0.1.gem’

rspec-rails-6.0.1.gem                                  100%[===========================================================================================================================>]  68.50K  --.-KB/s    in 0.03s

2023-05-08 13:56:40 (2.65 MB/s) - ‘rspec-rails-6.0.1.gem’ saved [70144/70144]

Top level ::CompositeIO is deprecated, require 'multipart/post' and use `Multipart::Post::CompositeReadIO` instead!
Top level ::Parts is deprecated, require 'multipart/post' and use `Multipart::Post::Parts` instead!
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Uploading rspec-rails-6.0.1.gem - done
Running `bundle install --verbose` with bundler 2.4.10
Found changes from the lockfile, re-resolving dependencies because the dependencies in your gemfile changed, you added a new platform to your gemfile
HTTP GET https://gem.fury.io/[redacted]/me/versions
HTTP 200 OK https://gem.fury.io/[redacted]/me/versions
Fetching gem metadata from https://gem.fury.io/[redacted]/me/
Looking up gems ["rspec-rails"]
Looking up gems ["actionpack", "activesupport", "railties", "rspec-core", "rspec-expectations", "rspec-mocks", "rspec-support"]
Looking up gems ["builder", "rack", "rack-test", "erubis", "i18n", "multi_json", "tzinfo", "minitest", "thread_safe", "rake", "thor", "rdoc"]
Resolving dependencies...
HTTP GET https://index.rubygems.org/versions
HTTP 304 Not Modified https://index.rubygems.org/versions
Fetching gem metadata from https://rubygems.org/
Looking up gems ["rspec-core", "rspec-expectations", "rspec-mocks", "rspec-support", "builder", "rack", "rack-test", "erubis", "i18n", "multi_json", "tzinfo", "minitest", "thread_safe", "rake", "thor", "rdoc"]
Looking up gems ["diff-lcs", "json", "atomic", "abstract", "concurrent-ruby", "hoe", "psych"]
Looking up gems ["rubyforge", "RubyInline", "gemcutter", "functional-ruby", "ref", "jar-dependencies", "stringio"]
Looking up gems ["ZenTest", "json_pure", "net-scp", "ruby-maven"]
Looking up gems ["net-ssh", "spruz", "maven-tools", "ruby-maven-libs"]
Looking up gems ["virtus", "needle", "jruby-pageant", "bcrypt_pbkdf", "rbnacl", "rbnacl-libsodium"]
Looking up gems ["backports", "descendants_tracker", "axiom-types", "coercible", "equalizer", "ffi"]
Looking up gems ["adamantium", "ice_nine"]
Looking up gems ["memoizable"]
Found conflicts with dependencies with prereleases. Will retrying considering prereleases for rspec-rails, railties...
Retrying resolution...
Bundler::SolveFailure: Could not find compatible versions

Because every version of rspec-rails depends on railties >= 6.1
  and railties >= 6.1 could not be found in rubygems repository https://gem.fury.io/[redacted]/me/,
  rspec-rails cannot be used.
So, because Gemfile depends on rspec-rails >= 0,
  version solving has failed.
/Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/resolver.rb:108:in `rescue in solve_versions'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/resolver.rb:71:in `solve_versions'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/resolver.rb:32:in `start'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/definition.rb:554:in `start_resolution'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/definition.rb:289:in `resolve'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/definition.rb:507:in `materialize'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/definition.rb:197:in `specs'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/installer.rb:231:in `ensure_specs_are_compatible!'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/installer.rb:83:in `block in run'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/process_lock.rb:12:in `block in lock'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/process_lock.rb:9:in `open'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/process_lock.rb:9:in `lock'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/installer.rb:71:in `run'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/installer.rb:23:in `install'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/cli/install.rb:62:in `run'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/cli.rb:261:in `block in install'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/settings.rb:131:in `temporary'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/cli.rb:260:in `install'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/vendor/thor/lib/thor.rb:392:in `dispatch'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/cli.rb:34:in `dispatch'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/vendor/thor/lib/thor/base.rb:485:in `start'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/cli.rb:28:in `start'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/gems/3.2.0/gems/bundler-2.4.10/exe/bundle:45:in `block in <top (required)>'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/site_ruby/3.2.0/bundler/friendly_errors.rb:117:in `with_friendly_errors'
  /Users/pat/.asdf/installs/ruby/3.2.2/lib/ruby/gems/3.2.0/gems/bundler-2.4.10/exe/bundle:33:in `<top (required)>'
  /Users/pat/.asdf/installs/ruby/3.2.2/bin/bundle:25:in `load'
  /Users/pat/.asdf/installs/ruby/3.2.2/bin/bundle:25:in `<main>'

I wonder whether this issue is relevant.

Install latest version | Node

Hiya, we're trying to find a way to install the latest version of a node module hosted on gemfury.

currently we do:
npm install --save-dev https://npm.fury.io/token/me/package/-/VERSION.tgz
But is it possible to install via:
npm install --save-dev https://npm.fury.io/token/me/package
and have the version specified in the package.json?

Many thanks

Add build version to "fury versions"

Currently this is a sample output of fury versions mypackage --as=user

*** mypackage Versions ***

version  uploaded_by  uploaded
3.99.0   user         2022-05-16 15:10
3.11.2   user         2022-06-27 19:58 (~ 17h ago)
3.11.2   user         2022-06-27 19:54 (~ 17h ago)
3.11.2   user         2022-06-27 19:53 (~ 17h ago)
3.11.2   user         2022-06-27 19:33 (~ 18h ago)
3.11.2   user         2022-06-27 19:23 (~ 18h ago)
3.11.2   user         2022-06-27 19:19 (~ 18h ago)
3.11.1   user         2022-06-20 16:29
3.11.0   user         2022-06-22 15:22
3.10.0   user         2022-06-02 12:06
3.10.0   user         2022-06-01 13:33
3.10.0   user         2022-05-31 18:06

As you can see there are duplicate versions and the only distinguishable attribute between them is the "uploaded" timestamp.
Since the gemfury repository has the build number information(which is mandatory to be different when uploading packages with twine for example) it should be able to return it.

This would also enable specifying the build number when yanking a package. But that's a separate issue I suppose.

Is it necessary to extend Hash?

Hi there. Long-time gemfury user here, I just ran into the following incompatibility between gemfury and a recently-upgraded version of tilt as documented here:

rtomayko/tilt#180

I haven't looked into your rationale for extending Hash, but monkey-patching such a foundational class in a utility library designed for widespread adoption seems risky.

Thanks for any insight.

Gemfury still down?

Publish gem via CI server (no `fury login`)

In a current project, I would like our CI server to publish new versions of a private gem. (This will trigger on tag creation in github).

Since I cannot ask the CI server to run fury login, is there an ENVIRONMENT_VARIABLE I can set with a pre-supplied token?

fury command exits zero on error

It would be good if it exited non-zero on error.

Currently it's hard to detect failure when scripting things.

Missing info on how to add gemfury server to pip's global config.

On the gemfury website there is a nice info on how to add the gemfury server as a default registry for NPM

You can update the default registry in your ~/.npmrc by running:

npm config set registry https://npm-proxy.fury.io/KEY/USER/
npm config set ca ""

How about adding an info for the PIP equivalent to the website/documentation:

You can add the your gemfury repo to pip if you add this line to ~/.pip/pip.conf:

[global]
extra-index-url = https://pypi.fury.io/KEY/USER/

Now if you use pip install PACKAGE pip will look on both the default pip registry and your personal registry.

Gemfury PHP repository returns URL's containing credentials

Similar to #45 (issue for PyPI), also the PHP Composer repository returns dist-URL's containing credentials. These eventually end up in the composer.lock file, causing the credentials of individual developers to be leaked to the entire team working on that project.

Is this something that could be fixed?

Unable to upload a gem.

Uploading nokogiri-1.5.2-x86_64-darwin-11.gem - oops
Oops! Something went wrong. Looking into it ASAP!

https://s3-us-west-2.amazonaws.com/steakknife.gems/nokogiri-1.5.2-x86_64-darwin-11.gem

rake fury:release AS=myorg

It would be great if the rake tasks could be used with organizations.

APT and Nala update error

This is what happens when I run sudo nala update or sudo nala upgrade...

When I run sudo apt update it doesn't show any error, but it can't reach those translations address too.

If You don't know anything about Nala, please take a look here.

gem

Return nonzero exit code for failed upload

CLI command furry push returns 0 when gem upload failed due to any of errors handled in https://github.com/gemfury/gemfury/blob/master/lib/gemfury/command/app.rb#L225.

gemfury and droneio

Anyone deploying successfully to gemfury using Drone.io?

Despite creating a .netrc in the home directory with the appropriate credentials and file
permissions , it still prompts for credentials.

I create my .netrc file as follows
cat > ~/.netrc <<END
machine www.gemfury.com
login -redacted-
password -redacted-
END
chmod 0600 ~/.netrc

Not sure if its a drone or gemfury issue.

Mark

Publish failed PUT 503

Gemfury throws 503 error when trying to publish a private npm package.

We hadn't had any issue publishing previous versions of our packages. We are using Docker with our build process, tests and linting working correctly.

Command: npm publish
Node version: lts/carbon

npm ERR! publish Failed PUT 503
npm ERR! Unexpected token < in JSON at position 0
npm ERR! <!DOCTYPE html>
npm ERR!     <html>
npm ERR!       <head>
npm ERR!         <meta name="viewport" content="width=device-width, initial-scale=1">
npm ERR!         <meta charset="utf-8">
npm ERR!         <title>Application Error</title>
npm ERR!         <style media="screen">
npm ERR!           html,body,iframe {
npm ERR!             margin: 0;
npm ERR!             padding: 0;
npm ERR!           }
npm ERR!           html,body {
npm ERR!             height: 100%;
npm ERR!             overflow: hidden;
npm ERR!           }
npm ERR!           iframe {
npm ERR!             width: 100%;
npm ERR!             height: 100%;
npm ERR!             border: 0;
npm ERR!           }
npm ERR!         </style>
npm ERR!       </head>
npm ERR!       <body>
npm ERR!         <iframe src="//s3.amazonaws.com/fury-info/heroku/error.html"></iframe>
npm ERR!       </body>
npm ERR! </html>

NameError: uninitialized constant Faraday::Request::Multipart

$ DEBUG=true fury yank vendored_javascripts_rails -v 0.0.1 --as=doximity
NameError: uninitialized constant Faraday::Request::Multipart
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/client.rb:119:in `block in connection'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/faraday-0.9.0.rc5/lib/faraday/connection.rb:84:in `initialize'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/faraday-0.9.0.rc5/lib/faraday.rb:70:in `new'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/faraday-0.9.0.rc5/lib/faraday.rb:70:in `new'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/client.rb:117:in `connection'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/client.rb:53:in `yank_version'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/command/app.rb:62:in `block in yank'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/command/authorization.rb:21:in `call'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/command/authorization.rb:21:in `with_authorization'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/command/app.rb:149:in `with_checks_and_rescues'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/lib/gemfury/command/app.rb:60:in `yank'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/thor-0.18.1/lib/thor/command.rb:27:in `run'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/thor-0.18.1/lib/thor/invocation.rb:120:in `invoke_command'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/thor-0.18.1/lib/thor.rb:363:in `dispatch'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/thor-0.18.1/lib/thor/base.rb:439:in `start'
/Users/jeyb/.rbenv/versions/2.0.0-p0/lib/ruby/gems/2.0.0/gems/gemfury-0.4.17/bin/fury:10:in `<top (required)>'
/Users/jeyb/.rbenv/versions/2.0.0-p0/bin/fury:23:in `load'
/Users/jeyb/.rbenv/versions/2.0.0-p0/bin/fury:23:in `<main>'

Dependency on recent version of netrc gem

This project depends on a quite recent version of the netrc gem

s.add_dependency "netrc", "~> 0.10.0"

There are other gems that I would like to use (in particular rest-client) that depend on earlier versions of netrc. Is there any reason why earlier versions are not permitted?

Generate .gem files under pkg/

It would be nice if rake fury:release generated the .gem files under pkg like bundler's build task. That would allow trivial cleanup using rake/clean.

Bad response Service Unavailable 503

Getting "bad response Service Unavailable 503" while installing private packages hosted on Gemfury.

`fury push` for existing version fails with 'Gemfury::Conflict' instead of 'DupeVersion'

When pushing a gem version which already exists, the result used to be a warning about the dupe but the fury command would not be a failure.

Recently, when pushing a gem which already exists the command now ends with an error and the message Oops! Locked for another user. Try again later.

The response handling at https://github.com/gemfury/gemfury/blob/master/lib/gemfury/client.rb#L174 looks for a JSON response that seems to be different from what the current gemfury API is returning which is now:

[
  {
    "UploadResult": {
      "errors": {
        "base": "Version already exists"
      },
      "error": {
        "type": "DupeVersion",
        "message": "Version already exists"
      }
    }
  }
]

fury git:list results in error message

Running fury git:list in 0.6.0 results in the message "Oops! Something went wrong. Please contact support."
Using OSX 10.11.5 and ruby 2.0.0p648 (2015-12-16 revision 53162) [universal.x86_64-darwin15]

Suggestion, npmrc as install - as a part of the guide for registry targeting

In relation with multiple registry configs for .npmrc and gemfury I have experienced multiple challenges.

Looking through various guides there are many suggestions but also challenges with these.

I see one item missing from your guide in relation with registry config, as one can now install npmrc through npm, the following procedure is available:

npm install npmrc -g
npmrc

First run initializes ~/.npmrcs folder

Within the folder the ~/.npmrcs/default will be initialized and populated by your ~/.npmrc if that file exists, and/or replace that file with a default config.

adding more profile files to ~/.npmrcs folder will allow you to use:

juksefantomet@juksefantomet:~$ npmrc
Available npmrcs:

   default
   profile_juan
 * profile_two

additionally it allows you to use:

juksefantomet@juksefantomet:~$ npmrc profile_juan
Removing old .npmrc (profile_two)
Activating .npmrc "profile_juan"

This allows for a good structure where multiple configs can cause issues if not scoped and guide wise allows from a more visible assistance to the end-user.

restrictive multi_json dependency

Is there any particular reason the dependency on multi_json is specified as < 1.7? gemfury's gemspec was updated to say "< 1.7" on the same day that multi_json 1.7 was released. The commit (26775f9) does not explain the reasoning. gemfury's test suite passes under the current version of multi_json, version 1.7.2, so I'm pretty sure the < 1.7 restriction is unnecessary.

Fix your SSL god damn it.

fury.io god damn it.

Upgrade to Faraday 2.0

I'm removing dependencies on this gem (and updating workflows) until it is no longer blocking the Faraday 2.0 upgrade, so I'm creating this issue to track, as once it is complete I will add back.

Update faraday dependency (performance)

The faraday gem has recent performance updates. (See v0.10.1: https://github.com/lostisland/faraday/releases). But the gemfury gem freezes it below 0.10.0.pre.

Upload public package

I'm using Gemfury to host some open source packages which I pre-build for ARM (because the official distribution only provides x86). Because they are open-source, I want to make all packages in my repository "public".

But until now, it takes much effort to "public" each of uploaded packages. Do you have any method to do it faster?

update faraday to v1.0

Faraday was released in v1.0 in January 2020.

Could you consider if we can loosen dependencies, since my repository was previously updated to Faraday v1.0.

I hate to downgrade to make Gemfury happy.

Could you upgrade if the effort is not too big? (see https://github.com/lostisland/faraday/blob/master/UPGRADING.md#faraday-10)

fury migrate fails

Not sure why but fury push works fine on a single gem yet fury migrate fails on the same gem and stops execution with:

Oops! Something went wrong. Looking into it ASAP!

Despite that, this is a pretty fantastic CLI and service you have going on, after suffering through the sluggishness of our geminabox server it's utterly refreshing.

I'm using:

GNU bash, version 3.2.48(1)-release (x86_64-apple-darwin12)
OS X 10.8

	rescue Gemfury::CorruptGemFile => e
	shell.say "- problem processing this package", :red