What is SourceNinja?
SourceNinja is an awesome service that allows you to stay informed of updates to the open source packages that your application uses. When a newer version of a package is released, SourceNinja alerts you and gives you actionable information to help you determine whether you should upgrade to the newer package.
Visit SourceNinja to learn more.
What is the sourceninja gem?
The sourceninja gem is a gem that can be included in your Rails application to allow seamless integration with SourceNinja. The sourceninja gem will send SourceNinja the list of the gem names and gem versions that you are using to begin managing your open source libraries.
In a non-Rails environment, a script is included for processing a Gemfile.lock and uploading it to SourceNinja.
Create a SourceNinja account.
Log into SourceNinja and create a product. The product you create will be paired with your application.
After you create a product, you will be directed to a page asking what language your application is running. Select
Railsfrom the menu on the left side.
You will be presented with two values, you'll need these two values later.
Install the sourceninja gem. You can do this by adding the following line to your Gemfile.
gem "sourceninja", "~> 0.0.6"
Rails environment - Testing
- In order to automate the process of uploading module information from your Rails environment, you can create an initializer script to configure how your Rails application will send information to SourceNinja.
ENV["SOURCENINJA_TOKEN"] ||= "50a336d92da8ddea1ae0a6c0d06a172" ENV["SOURCENINJA_PRODUCT_ID"] ||= "477fcfa7-765a-4b91-b6a5-2ebe4c4f9d58"
The values that you set in this initializer script should be the ones presented to you in step 4, above.
Now each time your Rails application is started, the sourceninja gem will be run and data will be populated back to SourceNinja. If you visit your SourceNinja page you will be given a list of outdated gems.
You could also use these steps if you want to manage a production instance and a development instance.
Note: DO NOT DO THIS FOR PRODUCTION: No configuration files with sensitive information should ever be required within the application source and required config values should be read in from the ENV by supported libraries.
Rails environment - Production
- Configure environment variables for
SOURCENINJA_PRODUCT_IDusing the values from step 4, above.
Included in the gem is a script,
sourceninja, that you may run to have it upload information to SourceNinja directly from your Gemfile.lock.
You will need the
SOURCENINJA_PRODUCT_IDvalues from step 4, above.
Run the script with
-hto see this output:
Usage: sourceninja -t <sourceninja_account_token> -p <sourceninja_product_id> [-f Gemfile.lock] -f, --filename FILE Gemfile.lock file to process -h, --help Display this screen -p, --product_id PRODUCT_ID SourceNinja Product ID -t, --token TOKEN SourceNinja API Key Token -v, --verbose Output more information
Run the script using
-tto pass along the correct configuration information to SourceNinja.
Now you can login to your SourceNinja account and review your project's information.
Feel free to email us at support at sourceninja dot com if you have any questions or issues.