decentralize 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7969a46d53c49480ede9305359818ab90198dab11d3dede64c72677e74a64ce4
+  data.tar.gz: 568e0394f237c63ec67d264f114b7c3dc0de3215c60328e92a63d077507f2eee
+SHA512:
+  metadata.gz: aedf216682f2aa2e0aecbfb5badb9f851b8a7c304eb72021880bcd60ebba88fc7e307d3663092658dea90e4f4f6edc2e1d2c2d322f531041e25641ccb9c83abd
+  data.tar.gz: 31c5cf3788f04979fdd5112c8e18f7efa84244f3867c0444b97b28db31bba8e989f904ab08124f23095fc0a0e080d2f57b19c66a7d5f95fe643ea517f942281b

data/.mdlrc

@@ -0,0 +1,5 @@
+# see: https://github.com/markdownlint/markdownlint/blob/main/docs/configuration.md
+
+git_recurse true
+show_kramdown_warnings true
+style "#{File.dirname(__FILE__)}/markdownlint.rb"

data/.rubocop_todo.yml

@@ -0,0 +1,13 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2025-10-17 10:26:23 UTC using RuboCop version 1.81.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+RSpec/ExpectActual:
+  Exclude:
+    - "spec/decentralize_spec.rb"

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2025-10-17
+
+- Initial release

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+veganstraightedge@gmail.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Shane Becker
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,95 @@
+# Decentralize
+
+⚠️ **Under construction** ⚠️
+A tool to modify a `Gemfile` so that each gem can be installed from its source.
+
+Goal: install gems from the source code repo, not a gem server
+
+## Tradeoffs
+
+- ❌ **Ergonomics:** A `Gemfile` full of `git`, `tag`, `branch` args is uglier
+- ❌ **Performance:** Installing gems from source repos is probably slower than installing from a gem server
+- ❌ **Transitive dependencies:** Gems in `Gemfile` get installed from source repo (`git`, `github`, etc), but transitive dependencies are not installed from source repos. Is there a way to install transitive dependencies from source repos?
+- ❌ **Bootstrapping:** This gem needs to phone home to a gem server to fetch metadata for `Gemfile` gems
+
+- ⚠️ **Updates:** Will Dependabot version bump PRs Just Work?
+- ⚠️ **Namespaces:** Will this leads to multiple gems of the same name/space colliding?
+- ⚠️ **Phishing:** Will this enable phishing attacks?
+- ⚠️ **Discovery:** Will discovery of gems be harder if we’re installing from source repos?
+- ⚠️ **Security:** Will this introduce security vulnerabilities? Checksums!?
+
+- ✅ **Decentralization:** Installing gems doesn’t depend on any gem server, sort of (but it does depend on a gem server for metadata)
+- ✅ **Transparency:** Installing gems from source repos is more transparent than installing from a gem server
+- ✅ **Resilience:** Makes it harder for a bad actor to takeover a gem
+
+## Examples
+
+`Gemfile`and `Gemfile.lock` examples are in `/spec/examples`.
+
+## Installation
+
+Install the gem and add to the application’s `Gemfile` by executing:
+
+```sh
+bundle add decentralize
+```
+
+If Bundler is not being used to manage dependencies, install the gem by executing:
+
+```sh
+gem install decentralize
+```
+
+## Usage
+
+Hypothetical CLI usage:
+
+```sh
+decentralize # easiest usage
+decentralize path/to/Gemfile # default: ./Gemfile
+```
+
+Optional args:
+
+```sh
+# print help
+decentralize -h
+decentralize --help
+
+# print version
+decentralize -v
+decentralize --version
+
+# dry run, print what would happen without modifying files
+decentralize -dry-run
+
+# asks for confirmation/choice of git remote args
+decentralize -i --interactive
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies.
+Then, run `rake spec` to run the tests.
+You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`.
+To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`,
+which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/veganstraightedge/decentralize.
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the
+[code of conduct](https://github.com/veganstraightedge/decentralize/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Decentralize project’s codebases,
+issue trackers, chat rooms and mailing lists is expected to follow the
+[code of conduct](https://github.com/veganstraightedge/decentralize/blob/main/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/TODO.md

@@ -0,0 +1,53 @@
+# TODO
+
+Goal: make a gem that will change a Gemfile to install gems from their source repository (GitHub, GitLab, Bitbucket, etc) using Bundler's for git locations.
+
+```ruby
+# examples
+gem 'nokogiri', '1.7.0.1', git: 'https://github.com/sparklemotion/nokogiri'
+gem 'cf-copilot', git: 'https://github.com/cloudfoundry/copilot', glob: 'sdk/ruby/*.gemspec'
+git 'https://github.com/rails/rails.git' do
+  gem 'railties'
+  gem 'actionpack'
+  gem 'activemodel'
+end
+git 'https://github.com/rails/rails.git', ref: '4aded' do
+git 'https://github.com/rails/rails.git', branch: '5-0-stable' do
+git 'https://github.com/rails/rails.git', tag: 'v5.0.0' do
+gem 'rails', github: 'rails', ref: 'a9752dcfd15bcddfe7b6f7126f3a6e0ba5927c56'
+gem 'keystone', bitbucket: 'musicone/keystone'
+gem 'my_gist', gist: '4815162342'
+```
+
+Reference: https://bundler.io/guides/git.html
+
+## Development guielines
+
+- Always latest ruby
+- Always latest bundler
+- Always latest rubygems
+- Use Seattle.rb style
+- Test first!
+- Use RSpec
+- Small and simple is better than big and complex (methods, files, PRs, etc)
+-
+
+## Unorganized tasks
+
+- [_] Use Bundler to analyze and understand Gemfile
+- [_] Check for already installed gems in Gemfile
+    - [_] Use their .gemspec for remote repo info
+- [_] Fetch remote gemspecs
+  - [_] Or scrape gem host for gem remote repo info
+- [_] For each gem repo, figure out how to does versioning
+  - [_] Tags, branches, GitHub Releases, some other secret third thing
+- [_] How to handle private repositories?
+- [_] Add git keyword args to `gem` lines in Gemfile
+- [_] Try to maintain existing formatting
+- [_] Check checksums for increased security and safety
+- [_] Create CLI
+    - [_] decentralize path_to_gemfile (default: './Gemfile')
+    - [_] -h --help
+    - [_] -v --version
+    - [_] -dry-run
+    - [_] -i --interactive : asks for confirmation/choice of git remote args

data/lib/decentralize/version.rb

@@ -0,0 +1,3 @@
+module Decentralize
+  VERSION = '0.1.0'.freeze
+end

data/lib/decentralize.rb

@@ -0,0 +1,6 @@
+require_relative 'decentralize/version'
+
+module Decentralize
+  class Error < StandardError; end
+  # Your code goes here...
+end

data/markdownlint.rb

@@ -0,0 +1,56 @@
+# mdl (markdownlint) links
+# gem repo:
+#     https://github.com/markdownlint/markdownlint
+# rules:
+#     https://github.com/markdownlint/markdownlint/blob/main/docs/RULES.md
+# configuration:
+#     https://github.com/markdownlint/markdownlint/blob/main/docs/configuration.md
+#     relevant .mdlrc
+# styles:
+#     https://github.com/markdownlint/markdownlint/blob/main/docs/creating_styles.md
+#     relevant to this file!
+
+# load all rules
+all
+
+# skip these rules/tags
+# https://github.com/markdownlint/markdownlint/blob/main/docs/RULES.md
+
+# allow long lines
+exclude_rule 'MD013'
+
+exclude_rule 'MD034'
+# allow bare URLs
+
+# configure these rules (like .rubocop.yml)
+# any rule in with `params` is configurable
+# search here for which rules have `params`:
+# https://github.com/markdownlint/markdownlint/blob/main/lib/mdl/rules.rb
+
+# ensure that all headings are ATX style
+# ATX headings are 1-6 leading octothorpes, example:
+#     # This is an ATX H1
+#     ## This is an ATX H2
+rule 'MD003', style: :atx
+
+# ensure that all unordered lists start with a hyphen,
+# not asterisks or pluses
+rule 'MD004', style: :dash
+
+# indent nested listed with four spaces
+rule 'MD007', indent: 4
+
+# allow ending heading with question mark
+# default disallowed list is: ".,;:!?"
+rule 'MD026', punctuation: '.,;:!'
+
+# ensure that all horizontal lists are hyphen style,
+# not asterisks or hyphens with spaces
+rule 'MD035', style: '---'
+
+# ensure that all code blocks use backtick fences, not indentation
+# example:
+# ```ruby
+# ...
+# ```
+rule 'MD046', style: :fenced

data/sig/decentralize.rbs

@@ -0,0 +1,4 @@
+module Decentralize
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: decentralize
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Shane Becker
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: 'A tool to modify a `Gemfile` so that each gem can be installed from
+  its source
+
+  '
+email:
+- veganstraightedge@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".mdlrc"
+- ".rubocop_todo.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- TODO.md
+- lib/decentralize.rb
+- lib/decentralize/version.rb
+- markdownlint.rb
+- sig/decentralize.rbs
+homepage: https://github.com/veganstraightedge/decentralize
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/veganstraightedge/decentralize
+  source_code_uri: https://github.com/veganstraightedge/decentralize
+  changelog_uri: https://github.com/veganstraightedge/decentralize/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.4.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Modify a Gemfile and install gems from upstream repos
+test_files: []