https://pact.io logo
Join Slack
Powered by
Hi all, I’m guessing this is the place to ask abou...
# pact-ruby-standalone
m
Hi all, I’m guessing this is the place to ask about 
pact-ruby-standalone
. I’m in the process of including this within an image but noticed there are are open dependabot pull requests on this project. Is this actively maintained?
It would be good to get these merged in if possible as they are being flagged by a vulnerability scanner.
m
It definitely is
It's likely not yet at the top of a maintenance list. What's the use case?
m
I’m including these binaries in a image that I use as a build agent in Jenkins, so they can be used in a neat way within pipelines
👍 1
But we have to vuln scan all running images. I can see the PRs have been created by dependabot which I think resolve the vulns
m
It's a maintained project. I'd not necessarily wait for the...
Right 🤣
2 of the dependabot updates seemingly break the build, so I'd not expect them quickly if they resolve your issues - do you know if the ones with passing builds do?
m
I’m happy to work on broken ones if they are needed simple smile
m
If you have a moment, that would be helpful for sure!
m
I don’t really simple smile but if they cause me pain I’ll find the time
if someone could find time to get the rack one merged that would be much appreciated 🙏
m
Just getting dependabot to rebase so I can get fresh builds and baseline. standby
🙌 1
m
when do you schedule in new releases?
m
There is no specific release cadence - we have something like > 100 “releasable” artifacts across our repositories that we manage, so it’s usually on demand, when there is something to release
m
understood, if it isn’t already obvious I’m looking for a new release after these PRs 😁
😆 1
m
yep 🙂
so looking at the repo, it is maintained but due to the way we distribute the CLI as a quasi-binary (via travelling Ruby) we will be constrained to support only Ruby 2.4 (that’s all it supports). This might cause issues for your scanner, so see how you go
The alternative is to just install Ruby on your base image, and 
gem install <tool>
each ruby tool you need. Probably this is likely just 
gem install pact_broker-client
m
ok thank you for all your help, much appreciated
👍 1
I’ll post back when I have a working solution
m
OK all the rebases are done and most of those builds are green, bar one that can’t be merged as the dep needs Ruby 2.6
Will run the release step shortly. I’ve not done it before, but will follow the guide and see what happens!
m
ha, perfect, thank you
m
I might need the maintainer to run the release sorry!
m
np, appreciate your efforts
👍 1
@Yousaf Nabi (pactflow.io), sorry for the tag, I noticed you were in my timezone simple smile is performing a release something you can do?
y
hold on to your butts
😁 1
👋 Just kicked it off!
🙌 1
m
what a legend! thank you very much
mario luigi dance 1
y
No worries fella! Seems some yak's need shaving for the downstream notifications, I'll sort that https://github.com/pact-foundation/pact-ruby-standalone/actions/runs/4491941252/jobs/7901148808 You based in the UK? I'm in Leeds
m
Yeah Cardiff. I was in Leeds for ~10years
y
Ahh lovely, we've got family in Neath, love a drive down over the sugar loaf mountains, and getting out and out with the wifey int camper van in North wales. Let us know how you get on with the release and would be super cool if you wanted to share some of warez with the community in a blog post or something when you are all sorted, as this sounds like something people would appreciate (a community contributor build some GitHub actions for the community too 🙂 ) - no pressure tho
I’m including these binaries in a image that I use as a build agent in Jenkins, so they can be used in a neat way within pipelines
m
Yeah will do my best to contribute back
y
Hmmm, The binary size is quite a big bigger than before. I've just been sorting out the homebrew build and came across a snag there, and thought I would try out the library, and on OSX at least, I am seeing the same issue with it not finding 
json
gem https://github.com/pact-foundation/homebrew-pact-ruby-standalone/issues/87 thats installing the latest version via 
curl -fsSL <https://raw.githubusercontent.com/pact-foundation/pact-ruby-standalone/master/install.sh> | bash
on my mac m1. hmmm will check it out on windows and linux boxes ,as well as an intel mac
Have you been able to run the binary successfully at all?
The json gem is there in the downloaded package
xD things are never simple 😅 Raised now, https://github.com/pact-foundation/pact-ruby-standalone/issues/94 might need to pull that release!
marked it as pre-release so it won’t get installed under the latest tag, so it can be investigated.
m
Oh no! what a pain, no I hadn’t gotten around to trying it yet unfortunately, hopefully today
Sorry, only just getting back to this simple smile It would seem the version of rack we graded to, 2.2.6, needs ruby >=2.30, as per https://rubygems.org/gems/rack/versions/2.2.6 Any reason why 
pact-ruby-standalone
is down on 
2.2.10-alpine
?
hmm, maybe that dockerfile isn’t getting used hey
m
Yeah I think it could be updated to 2.4 now. There might be some other reason why it hasn’t updated
Open in Slack
PreviousNext
Powered by