This morning on the Ruby5 podcast, we announced the release of Ruby Tracker. Ruby Tracker is our newest community support project which monitors and reports on library dependencies in your Ruby software and was primarily spearheaded by myself and Mr. Jacob Swanner.
“A dependency tracker… What the h*ll does that mean?”
Well, thanks for the unsolicited question, good sir. The simplest explanation is this: We examine your project repositories and determine what gems – specifically what versions of each gem – you use and then let you know when one of them is updated.
“And just how do you do that?”
Well, it has only been since the release and adoption of Bundler that an application like this is even possible. Bundler provides us all with a common way to define and share information pertaining to the exact external libraries in which our Ruby projects’ depend. So, if I gave you the source for Ruby Tracker, for example, you’d know exactly what gems you’d need to install to get it up and running. That being said, once we begin tracking your project, we examine the Bundler Gemfile and Gemfile.lock (found in the root of your app) to then begin keeping tabs on those gems which you use. And, should one of them change, you’ll get an email and a flag on your dashboard indicating that your project is now out-of-date.
“Great. But, my project is private and hosted on my own server. I don’t like you or the community.”
Fair enough. I would just like to point out, however, that Ruby Tracker does work with private repositories. Each project is given a unique, 1024-bit SSH RSA key pair. If we notice that your project is private, we’ll give you that public key and ask you to add us to your repository. On GitHub, that’s as easy as adding a new Deployment Key in the Admin area of your project. And, that’s not to say that we only work with GitHub; in fact, we work with any Git repository that is internet-accessible, whether it’s publicly available, SSH-only, or HTTPS.
“You said this was good for the community, I just don’t see it.”
Well, beyond helping you to look like an Awesome Programmer by always using the newest and best code available, we also collect aggregate statistics on the dependencies that we track. But don’t worry, no one will see your project information without you inviting them to do so. Instead, we provide public stats pages on each library in the system to give the community (more specifically the library authors) a better idea of real-world library adoption rates and illustrate which versions are truly in use in the wild. Ultimately, this helps everybody because library authors can spend their time supporting projects which are important to the community and even help them channel efforts toward those versions which the community actually uses, whether that’s through continued support of an older, but highly used branch, or easier migration paths from popular versions to the latest.
“I’ve got a whole team of people and I don’t see the point.”
Well, we’ve got a whole team of people, too, and not a single one of them has ever walked into the office on a bright, Monday morning to say, “I’m going to check RubyGems and see which of our many projects have a library out-of-date and fix it before there’s a problem!” Instead, we generally only realize that we’re out of date when something begins breaking. And then, it’s far too late. It’s easy to get several major releases behind on multiple gems, at which point, your quick-update hopes and dreams go right out the window. Update early, update often for the simplest possible migration path, right? Not to mention that early adoption helps the community, immensely.
Oh yeah, and, while we certainly prefer RubyGems.org (I mean, who doesn’t?), we work with any, valid Rubygems source you provide. If your Gemfile says you use gems.mysuperawesomegemserver.com, well, we’ll track that one too (if it’s accessible, of course), just for you, you special person, you. We love you just that much. <3 Kisses.
The project is fresh and certainly a little rough around the edges… but really, we wanted to get it out there to see where you might want to take it. So, try it out, love it, hate it, get uttlerly confused/frustrated and burn our name in effigy. Either way, give us feedback! While we’ve already got ideas for where we’d like to go and what we think needs work, your thoughts will certainly affect our direction.
TL;DR: We released a new community application called Ruby Tracker which lets you know when gems you use are old. If that’s not short enough for you, here’s a video… because, well, we can’t read, either:
[...] Bibler has written a blog post explaining what Ruby Tracker is all about in case the idea doesn't click for you immediately. Related [...]
interesting. but my projects are private and by giving you a SSH key you’ll get access to the whole source code of my projects, although you just need the Gemfile/Gemfile.lock file… Is there an easy way to workaround this ?
Interesting idea!
OpenID support for accounts would be nice.
@slainer68 make a public repo with just your gemfile.lock inside. workaround…
i am wondering why not uploading the gemfile.lock might be the most easy solution…
[...] Labs is announcing Ruby Tracker, the Ruby Dependency Manager. Basically, you give Ruby Tracker your code repository, and it [...]
Damn… Only work if you have Gemfile or Gemfile.lock so it’s useless for gems and old projects… Guys – support at last .gemspec for gems or provide tutorial how to include Gemfile when creating .gemspec…
@nanofunk Yeah, I’d like to see a way to upload via a Capistrano task on deploy. That’d send the freshest file up there.
Though I suppose you could also do the same with the public repo on deploy. Interesting workaround.
@nanofunk: Yeah, that’s certainly a good work-around solution. You could actually tie that in to a post-commit hook in Git to auto-update that Gemfile repository, as well… automate it as much as possible.
As for the upload, Nick Quaranto and James Rosen mentioned during our development to add an upload facility for people who just want to post their Gemfile (and Gemfile.lock) to us. It should be trivial to add that facility to the application. Our only concern with it is that the application is only useful if you keep that Gemfile and .lock up-to-date. Making it a manual process to upload the files diminishes the value… we think. Maybe we’re wrong. :)
Nathaniel,
If you believe that to be the case, why not go a step further and add something that one could POST the contents of their Gemfile/Gemfile.lock to so it could be added as a post commit hook? No need for another repository then.
@robert: That’d be the way we’d implement it when it went in. Basically, an endpoint that either a local HTML form would post into and an endpoint for an external POST call with the data.
I linked to this post at the Drink Rails blog as one of the top Ruby on Rails related posts of the day.
You might have a typo on the front page:
“Ruby Tracker alerts you whenever your project dependencies change. It works with public or private repositories and is setup is seconds.”
I am assuming you mean to say, “and is setup in seconds”??
Heh .. right. We’ve already got that fixed, just haven’t deployed it yet. Thanks for the heads up. :-D
Awesome, was thinking about the same thing. +1 for adding some collective intelligence and recommending which gems I would find useful, given other related gem sets out there.
[...] Ruby Tracker, the Ruby Dependency Manager ” Envy Labs (envylabs.com) [...]