Skip to content

Instantly share code, notes, and snippets.

@gsaslis

gsaslis/README.markdown

Last active February 19, 2021 10:05
Show Gist options
  • Save gsaslis/f4dada6614491cff7684ffcdc486d6b8 to your computer and use it in GitHub Desktop.
Save gsaslis/f4dada6614491cff7684ffcdc486d6b8 to your computer and use it in GitHub Desktop.
Download ZIP
Download rubygems.org gems from Gemfile.lock
Raw
README.markdown

Fetch Rubygems.org dependencies

When you only have / want to use a Gemfile.lock to retrieve the Ruby dependencies for a project, you can use this little ruby script.

There might be several reasons why you may want to do this:

  • You may not have the original Gemfile available
  • You may not want to interpret the ruby code in Gemfiles to avoid arbitrary code execution risks.

Usage

# Assuming Gemfile.lock is located in porta/Gemfile.lock
$  BUNDLE_GEMFILE_LOCK=porta/Gemfile.lock BUNDLE_CACHE_PATH=porta/ ruby fetch_rubygems.rb
Raw
fetch_rubygems.rb
require "bundler"
# Inspired by https://gist.github.com/bestie/4bd56205f4866719f1bfaaaaf5befd82
bundle = Bundler::LockfileParser.new(Bundler.read_file(ENV['BUNDLE_GEMFILE_LOCK']))
gem_name_version_map = bundle.specs.map { |spec|
[
spec.name,
spec.version.to_s,
]
}
gem_name_version_map.each do |gem|
gem_filename = "#{gem[0]}-#{gem[1]}.gem"
STDOUT.puts "Downloading #{gem_filename} ..."
`curl --silent --show-error --output #{ENV['BUNDLE_CACHE_PATH']}/#{gem_filename} https://rubygems.org/gems/#{gem_filename}`
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment