Maintenance #37
Maintenance #37
Conversation
| @@ -21,8 +21,6 @@ jobs: | |||
| with: | |||
| ruby-version: ${{ matrix.ruby_version }} | |||
| bundler-cache: true | |||
| - name: Install dependencies | |||
| run: bundle install --jobs=3 --retry=3 | |||
There was a problem hiding this comment.
bundler-cache: true on the previous step already runs a bundle install and caches the gems, so this isn't necessary.
| NewCops: enable | ||
| SuggestExtensions: false | ||
|
|
||
| Gemspec/DevelopmentDependencies: | ||
| EnforcedStyle: gemspec |
There was a problem hiding this comment.
This cop was added, forcing all development dependencies out of the gemspec and into the Gemfile. I looked at the discussion around the introduction of this cop, and wasn't convinced of the reasoning (when the repo is a gem): rubocop/rubocop#11469
This rubocop config does the opposite, forcing all development dependencies to the gemspec, which is how we have it now. I don't feel strongly either way, as long as all the dependencies are kept in the same place. Happy to hear any arguments for using the cop as-is and putting the dependencies in the Gemfile!
| def check_ruby(ruby, &block) | ||
| check(ruby, 'rubies', &block) | ||
| def check_ruby(ruby, &) | ||
| check(ruby, 'rubies', &) |
There was a problem hiding this comment.
Rubocop encourages using "anonymous block forwarding", which was introduced in Ruby 3.1.
| @@ -7,6 +7,7 @@ Gem::Specification.new do |spec| | |||
| spec.version = RubyAudit::VERSION | |||
| spec.authors = ['Jeff Cousens, Mike Saelim', 'John Zhang', 'Cristina Muñoz'] | |||
| spec.email = ['opensource@civisanalytics.com'] | |||
| spec.metadata['rubygems_mfa_required'] = 'true' | |||
There was a problem hiding this comment.
Rubocop encourages everyone to require MFA for rubygems operations like publishing gems.
https://guides.rubygems.org/mfa-requirement-opt-in/
This will take effect after this gem is published to rubygems, with this line of metadata in. We already have MFA set up for Civis's account, right?
|
Hah no problem, I knew you all were really busy back then, and then I kind of forgot about this PR. 😅 |
Just doing some regular maintenance. I don't think we need to do another release for this PR.