Non-Compliance with Dependency API Deprecation

Question

Non-Compliance with Dependency API Deprecation

LukeIGS opened this issue a year ago · comments

https://blog.rubygems.org/2023/02/22/dependency-api-deprecation.html

From this document:
March 22 at 00:00 UTC (4pm PT / 7pm ET) for 5 minutes
March 29 at the top of every hour UTC for 10 minutes
April 03 for the entire day UTC
April 10 from 00:00 UTC onward

As of April 10th the dependency API on rubygems.org will be deprecated. They're running a test brownout today on the third. Attempting to pull gems via the rubygems proxy will return a 404 error, like this one.
https://gist.github.com/LukeIGS/d28433f789bcba619e1b50885adb38f9

Lucas Ridge commented 7 months ago

ping.

Eusebius1920 · Answer 1 · Tue Apr 25 2023 16:21:21 GMT+0800 (China Standard Time)

Is there any way fixing this? A workaround?

May 10th is approaching...

Nate Bird · Answer 2 · Thu Apr 27 2023 03:23:00 GMT+0800 (China Standard Time)

This PR uses the modern ruby gems API - #435

github-actions · Answer 3 · Sat May 27 2023 08:52:59 GMT+0800 (China Standard Time)

Could you update this issue?

Eusebius1920 · Answer 4 · Tue May 30 2023 18:57:53 GMT+0800 (China Standard Time)

Any news on this or #435 ?

Martin Sander · Answer 5 · Tue May 30 2023 23:49:51 GMT+0800 (China Standard Time)

It seems that the workaround that the jfrog guys describe also works for geminabox:
https://jfrog.com/help/r/artifactory-rubygems-org-dependency-api-deprecation/possible-workaround

If you are not using a reverse-proxy and want a quick-and-dirty fix, just find server.rb and edit the two routes:

    get '/api/v1/dependencies' do
      halt 404, "https://github.com/geminabox/geminabox/issues/536" 
      #query_gems.any? ? Marshal.dump(gem_list) : 200
    end

    get '/api/v1/dependencies.json' do
      halt 404, "https://github.com/geminabox/geminabox/issues/536" 
      #query_gems.any? ? gem_list.to_json : {}
    end

Lucas Ridge · Answer 6 · Tue May 30 2023 23:54:57 GMT+0800 (China Standard Time)

The issue with that solution is that it's wildly slow, the real solution here is to get that PR listed above merged. We've been testing a solution based off of it for a couple of weeks now and haven't found any issues, i plan to merge it upstream.

Martin Sander · Answer 7 · Wed May 31 2023 00:30:49 GMT+0800 (China Standard Time)

That is why I wrote "workaround", "quick-and-dirty fix", and not "solution".

Of course merging the pull request would be better, but that is outside of my power. So I thought others might be interested in a workaround as well.

Lucas Ridge · Answer 8 · Wed May 31 2023 00:32:52 GMT+0800 (China Standard Time)

Another work around is to simply pull either mine or @skaes changes and execute from source or package and distribute it as a gem.

Joni Lahtinen · Answer 9 · Thu Jun 08 2023 21:44:43 GMT+0800 (China Standard Time)

4b6d853

This works with Geminabox.allow_remote_failure = true also.

vshunkov · Answer 10 · Thu Jun 22 2023 20:40:33 GMT+0800 (China Standard Time)

Not sure if #435 resolves the issue of API dependency deprecation. I have built an image based on it, but I am still encountering the same problem as with the master branch. Has anyone else attempted to test it as well?

Lucas Ridge · Answer 11 · Thu Jun 22 2023 22:34:30 GMT+0800 (China Standard Time)

435 wasn't 100% complete, #547 works somewhat, with the minor caveat of there being high potential for out of memory situations due to the sheer size of the versions file that's returned by rubygems.org. One solution of course would lie in being able to stream the response and write the file chunk by chunk. Currently the rubygems.org apis don't support streaming requests as far as i can tell though. It does however build and run fine as far as i can tell provided you give it like 4 gigs of memory to work with...

github-actions · Answer 12 · Sun Jul 23 2023 08:53:11 GMT+0800 (China Standard Time)

Could you update this issue?

github-actions · Answer 13 · Tue Aug 29 2023 08:52:16 GMT+0800 (China Standard Time)

Could you update this issue?

Lucas Ridge · Answer 14 · Tue Aug 29 2023 19:29:15 GMT+0800 (China Standard Time)

Still in dev

github-actions · Answer 15 · Fri Sep 29 2023 08:52:17 GMT+0800 (China Standard Time)

Could you update this issue?

Martin Sander · Answer 16 · Fri Sep 29 2023 21:42:27 GMT+0800 (China Standard Time)

@github-actions You are starting to sound like a broken record.

Btw. if somebody is searching for another workaround (using different software): Nexus OSS seems to have fixed the issue, and supports many more package formats besides rubygems.

github-actions · Answer 17 · Mon Oct 30 2023 08:52:23 GMT+0800 (China Standard Time)

Could you update this issue?

github-actions · Answer 18 · Sun Dec 10 2023 08:52:43 GMT+0800 (China Standard Time)

Could you update this issue?

Lucas Ridge · Answer 19 · Tue Jan 02 2024 20:48:35 GMT+0800 (China Standard Time)

Sneaky github actions bot closing this while i was out for holiday.
Could a contributor reopen this?