Skip to content

Cop for gem fetched from a git source

What does this MR do?

Alert if Gemfile contains gem with git or github as parameter, for example:

gem 'xyzgem', git: 'git@gitlab.com:xyz/xyzgem.git', tag: '1.2.3'
gem 'json', github: 'flori/json', ref: 'v1.8.2'

Are there points in the code the reviewer needs to double check?

Yes

Why was this MR needed?

To reduce external dependencies not from the RubyGems index, which help to minimise the build times

Screenshots (if relevant)

N/A

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes #27311 (closed).

Merge request reports

Loading