Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
semantic-release-rubygem
Advanced tools
Readme
semantic-release plugin for publishing Ruby gems.
Step | Description | |
---|---|---|
verifyConditions | Locate and validate a .gemspec file, locate and validate a lib/**/version.rb file, verify the presence of the GEM_HOST_API_KEY environment variable, and create a credentials file with the API key. | |
prepare | Update the version in the lib/**/version.rb version file and build the gem. | |
publish | Push the gem to the gem server. |
$ npm install semantic-release-rubygem -D
Add the plugin to the semantic-release configuration file:
{
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"semantic-release-rubygem",
]
}
The gem server authentication configuration is required.
The API key must be set using the GEM_HOST_API_KEY
environment variable. To retrieve the key, you can:
gem signin
command. After you enter your credentials, your API key will be stored as a YAML value in the ~/.gem/credentials
file under the rubygems_api_key
key (or the hostname of your gem server).This plugin requires exactly one valid .gemspec
file to be present in the CWD.
lib/**/version.rb
fileThis plugin requires the version of the published gem to be defined in a version.rb
file somewhere in the lib
folder (e.g. lib/my/gem/version.rb
). The version itself must be defined as a constant named VERSION
inside the file:
module My
module Gem
VERSION = '0.0.0'
end
end
Options | Description | Default |
---|---|---|
gemHost | The gem server to push the gem to. | 'https//rubygems.org' |
updateGemfileLock | Whether to update the version of the gem to publish in the Gemfile.lock . This is useful if you are using the @semantic-release/git plugin to keep the version up to date in your git repo. When set to true the plugin will run bundle install to update the version. If another command is desired, it can be set by passing a string (e.g. bundle appraisal install ). | false |
FAQs
A semantic-release plugin for publishing Ruby gems
The npm package semantic-release-rubygem receives a total of 308 weekly downloads. As such, semantic-release-rubygem popularity was classified as not popular.
We found that semantic-release-rubygem demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.