Simplify using gems for load_paths

Question

Simplify using gems for load_paths

pmwmedia opened this issue 2 years ago · comments

I want to use Bootstrap 5.2 for my page. Therefore, I have added gem "bootstrap", "~> 5.2.0" to my Gemfile. Afterwards, I have added the full absolute path to Bootstrap to load_paths in my _config.yml:

sass:
  load_paths:
    - _sass
    - C:/ruby3/lib/ruby/gems/3.1.0/gems/bootstrap-5.2.0/assets/stylesheets

Now, I can import Bootstrap successfully via @import "bootstrap"; in my main.scss. However, the absolute path is very ugly! Other users have to use the same operation system and must install Ruby in the same folder.

It would be great, if a placeholder instead of the absolute path could be used. I think about something like this:

sass:
  load_paths:
    - _sass
    - $GEM_HOME/bootstrap-5.2.0/assets/stylesheets

Ashwin Maroli · Answer 1 · Thu Sep 01 2022 14:25:13 GMT+0800 (China Standard Time)

Hello @pmwmedia
We generally consider the ability to load resources outside the source_dir of the Jekyll project a security issue. An exception was made when Jekyll Core introduced the concept of theme-gems.
My recommendation for your project is to have the bootstrap assets copied over to your source_dir and configure that path under the load_paths.
For example, say the assets were copied to
<project_root>/_sass/bootstrap/assets/stylesheets.

If you would like the copying to be automated for any reason, you may write a shell script / rake task and then make a note of them same in the project's readme.

Martin Winandy · Answer 2 · Thu Sep 01 2022 15:55:25 GMT+0800 (China Standard Time)

Hi @ashmaroli,

Thank you for the quick response! I'm surprised that theme gems are an exception, but stylesheet gems are seen as a security issue. Is it a bug or a feature that absolute paths to stylesheet gems work nevertheless?

Adding third party projects to the Git repository itself is an anti pattern for me. I will automate copying Bootstrap for my open source website by a shell script or rake task as you have suggested. I had hoped for a simpler solution, as experience has shown that with each additional step, new contributors are discouraged from contributing to open source projects.

Ashwin Maroli · Answer 3 · Thu Sep 01 2022 20:47:51 GMT+0800 (China Standard Time)

I'm surprised that theme gems are an exception, but stylesheet gems are seen as a security issue.

Jekyll doesn't have a concept of stylesheet-gems just the broader theme-gems, the latter simply being a versioned archive of layouts, stylesheets and assets in specific directories.

Is it a bug or a feature that absolute paths to stylesheet gems work nevertheless?

Sounds like a bug to me. But not sure if it needs to be escalated as a security issue and patched though. The import function only loads files with specific extensions, to my knowledge.

Adding third party projects to the Git repository itself is an anti pattern for me.

To be honest, it doesn't look like an anti-pattern to me. You're just having the bootstrap sass partials in the _sass directory. Like say having a normalize.scss or reset.scss partial which eventually gets compiled into the final static *.css file(s) for your site.
The automation script / task would only be run once in a while and ideally via a standalone commit allowing easy groking of what changed across two versions.

Martin Winandy · Answer 4 · Fri Sep 02 2022 23:48:00 GMT+0800 (China Standard Time)

For the case that somebody has the same needs, here is my rake task for copying the bootstrap files:

task :prepare do
  require 'bootstrap'

  puts 'Delete ' + File.expand_path('_vendor')
  FileUtils.remove_dir('_vendor', true)

  puts 'Copy assets of Bootstrap ' + Bootstrap::VERSION + ' to ' + File.expand_path('_vendor/bootstrap')
  FileUtils.makedirs('_vendor/bootstrap')
  FileUtils.copy_entry(Bootstrap.assets_path, '_vendor/bootstrap')
end

Ashwin Maroli · Answer 5 · Sat Sep 03 2022 14:31:57 GMT+0800 (China Standard Time)

@pmwmedia Normally, the rake task for your private use would have been none of my business. But since you shared it here for public use, I am compelled to nitpick to make it portable...

this task will essentially fail because I don't see the Bootstrap lib being loaded in the task.
That means you are loading Bootstrap outside the task. If you don't have multiple tasks needing Bootstrap to be loaded, you could loaded it solely as part of the task:

task :bootstrap_assets do
  require 'bootstrap'
  ...
end

Or if there are multiple bootstrap-oriented tasks, you could organise them under a namespace:

namespace :bootstrap do
  require "bootstrap"

  desc "Copy Bootstrap assets to vendor directory"
  task :prepare do
    ...
  end
end

P.S.: I am not sure if Fileutils get loaded as part of rake itself. If not, that needs to be required explicitly in the example code block as well.

why delete the entire _vendor directory when you are only creating the _vendor/bootstrap directory subsequently..?

Martin Winandy · Answer 6 · Sat Sep 03 2022 18:03:54 GMT+0800 (China Standard Time)

this task will essentially fail because I don't see the Bootstrap lib being loaded in the task.

You are right, I have loaded Bootstrap outside of the prepare task. Thanks for the hint. I have updated the task.

P.S.: I am not sure if Fileutils get loaded as part of rake itself. If not, that needs to be required explicitly in the example code block as well.

FileUtils is part of rake. Actually, I use my example code successfully for my project on Windows and Linux.

why delete the entire _vendor directory when you are only creating the _vendor/bootstrap directory subsequently..?

In my real project, I copy also other stuff in my prepare task.