Private Github Rubygems registry for bundler

[allanmc]

How are you running Renovate?

WhiteSource Renovate hosted app on github.com

Please select which platform you are using if self-hosting.

No response

If you're self-hosting Renovate, tell us what version of Renovate you run.

No response

Describe the bug

I'm trying to get Renovate to update gems from a private rubygems repository hosted on http://rubygems.pkg.github.com/.
But no matter how i try to configure Renovate, it can't seem to find the updated dependencies.
Is Github hosted Rubygems not supported?

Minimal reproduction: https://github.com/allanmc/renovate-bundler-issue

Relevant debug logs

Logs

DEBUG: RubyGems lookup for dependency (sd-rails-utils)(dependency="sd-rails-utils")
DEBUG: Datasource 404
{
  "datasource": "rubygems",
  "lookupName": "sd-rails-utils",
  "url": "https://rubygems.pkg.github.com/mercell/api/v1/gems/sd-rails-utils.json"
}
DEBUG: Failed to look up dependency sd-rails-utils (sd-rails-utils)(packageFile="subfolder/Gemfile", dependency="sd-rails-utils")

Have you created a minimal reproduction repository?

I have linked to a minimal reproduction repository in the bug description

[rarkins]

The question is two parts:

• Is the URL we are calling correct?
• Are the credentials correct?

Based on the brief docs I can find it seems like a Bearer token is required, so your hostRules entry looks correct. Can you reach the url https://rubygems.pkg.github.com/mercell/api/v1/gems/sd-rails-utils.json using curl/postman/etc using the same auth?

[allanmc]

@rarkins
The token provided is exactly the same as we use for our private npm repository at npm.pkg.github.com - the token works fine for this. Should the token for rubygems/bundler be any different? E.g. additional permissions, etc?

I can not seem to reach the URL https://rubygems.pkg.github.com/mercell/api/v1/gems/sd-rails-utils.json with the same token - I also get 404.
I'm not sure if Github's Rubygems registry completely follows the Rubygems API?

When running bundler install, I can see that bundler fetches the following url:

Query Gemcutter Dependency Endpoint API: sd-rails-utils
HTTP GET https://rubygems.pkg.github.com/mercell/api/v1/dependencies?gems=sd-rails-utils
HTTP 200 OK https://rubygems.pkg.github.com/mercell/api/v1/dependencies?gems=sd-rails-utils

Fetching that URL works fine with the provided token.

[allanmc]

If it's any help, here's the package:

[viceice]

i think this is related to #11107

[viceice]

renovate/lib/datasource/rubygems/releases.ts

Lines 14 to 16 in 48acb42

	if (knownFallbackHosts.includes(parseUrl(registryUrl)?.hostname)) {
	return getDependencyFallback(lookupName, registryUrl);
	}

renovate/lib/datasource/rubygems/common.ts

Line 10 in 48acb42

export const knownFallbackHosts = ['rubygems.pkg.github.com', 'gitlab.com'];

renovate/lib/datasource/rubygems/get.ts

Lines 13 to 41 in 48acb42

	const DEPENDENCIES_PATH = '/api/v1/dependencies';
	export async function getDependencyFallback(
	dependency: string,
	registry: string
	): Promise<ReleaseResult | null> {
	logger.debug(
	{ dependency, api: DEPENDENCIES_PATH },
	'RubyGems lookup for dependency'
	);
	const info = await fetchBuffer<MarshalledVersionInfo[]>(
	dependency,
	registry,
	DEPENDENCIES_PATH
	);
	if (!info || info.length === 0) {
	return null;
	}
	const releases = info.map(({ number: version, platform: rubyPlatform }) => ({
	version,
	rubyPlatform,
	}));
	return {
	releases,
	homepage: null,
	sourceUrl: null,
	changelogUrl: null,
	};
	}

[rarkins]

OK, I will try to test the app on v26 today or tomorrow.

[viceice]

@allanmc Can you check the logs which renovate version was used? Should be newer than v26.3.0 to support rubygems on github

your hostType is wrong, should be rubygems. @rarkins Maybe we need some migrations for hostType=bundler to hostType=rubygems ?

renovate/lib/datasource/rubygems/common.ts

Lines 7 to 8 in 48acb42

	export const id = 'rubygems';
	export const http = new Http(id);

[allanmc]

@allanmc Can you check the logs which renovate version was used? Should be newer than v26.3.0 to support rubygems on github

It's running:

INFO: Repository started
{
  "renovateVersion": "25.76.2"
}

your hostType is wrong, should be rubygems.

I can switch to hostType=rubygems, but i just tried to follow this part of the documentation:
https://docs.renovatebot.com/modules/manager/bundler/
It says:

hostType=bundler is essential. If the registry is used for multiple package types then you may need multiple hostRules. You cannot leave off hostType.

[viceice]

@rarkins I think we can move this to a discussion, as it's not a bug. The app and the docs supports this, but the app isn't updated to the required version yet.

[rarkins]

We had incorrect documentation for bundler hostType previously.

[viceice]

yes, and it's now wrong again 🙈 @HonkingGoose Can you suggest a docs change please?

https://github.com/renovatebot/renovate/blob/f00413c298ad63e1ff0bf03d4dba7c1db3ca5be4/lib/manager/bundler/readme.md

hostType needs to be rubygems on v26 / current main