Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new Gemspec/RequireMFA cop #10243

Merged
merged 2 commits into from Nov 15, 2021
Merged

Add new Gemspec/RequireMFA cop #10243

merged 2 commits into from Nov 15, 2021

Conversation

dvandersluis
Copy link
Member

Following #10239, adds a new Gemspec cop to ensure that the rubygems_mfa_required metadata is set.

By default operates in Strict mode which requires rubygems_mfa_required to be set to true. If given Strict: false, it just checks that it is given a value.

Before submitting the PR make sure the following are checked:

  • The PR relates to only one subject with a clear title and description in grammatically correct, complete sentences.
  • Wrote good commit messages.
  • Commit message starts with [Fix #issue-number] (if the related issue exists).
  • Feature branch is up-to-date with master (if not - rebase it).
  • Squashed related commits together.
  • Added tests.
  • Ran bundle exec rake default. It executes all tests and runs RuboCop on its own code.
  • Added an entry (file) to the changelog folder named {change_type}_{change_description}.md if the new code introduces user-observable changes. See changelog entry format for details.

@dvandersluis dvandersluis force-pushed the gemspec/mfa branch 2 times, most recently from 6ff0407 to d515e9c Compare November 12, 2021 20:47
@dvandersluis dvandersluis force-pushed the gemspec/mfa branch 2 times, most recently from d2bbbf4 to d78659c Compare November 12, 2021 21:10
@bbatsov
Copy link
Collaborator

bbatsov commented Nov 13, 2021

Looks good to me. I'm just wondering about the name Strict, as I might not have guessed what it does without reading your PR description.

@dvandersluis
Copy link
Member Author

Happy to change it if you have any ideas!

@koic
Copy link
Member

koic commented Nov 14, 2021

The Strict option looks unnecessary. I think it's better to make sure that MFA is always enabled because it's about security.
If there is any reason why MFA cannot be enabled, the user has the option of disabling cop instead of Strict: false. This will simplify the use and design of cop.

I've heard talks by RubyGems developer about enabling MFA at past conferences. I think it's good to be able to detect this :-)

@bbatsov
Copy link
Collaborator

bbatsov commented Nov 14, 2021

That would be fine by me as it solves the problem with the name. :D

@dvandersluis
Copy link
Member Author

@bbatsov @koic I absolutely agree, my rationale for creating this was that we can encourage every gem that uses RuboCop to require MFA for pushes, which is best for the community.

I've updated the PR to not have the Strict config anymore. I originally added it because the RubyGems docs state that you can set the value to 'false', but disabling the cop in that case is fine too.

@koic
Copy link
Member

koic commented Nov 15, 2021

Thank you for the update! This looks good to me. Can you squash your commits into one? As noted in Martin Fowler's "Refactoring 2nd edition", refactoring is closely tied to addition of new feature. Therefore once commits are separated, the context in which the refactoring took place is unknown.

@dvandersluis
Copy link
Member Author

Sure, I squashed the autocorrection commit in. I think the refactoring commit makes sense on its own because it's affecting multiple cops. I'm partial to @marcandre's blog about it 😁

@koic
Copy link
Member

koic commented Nov 15, 2021

As a most active contributor for several years, I like the pragmatic policies of Martin Fowler (No one can talk about refactoring better than he). Anyway that's it for this topic, as it's not the main subject of this PR and I'm grateful for your contribution :-)

koic
koic reviewed Nov 15, 2021
View reviewed changes
config/default.yml Outdated Show resolved Hide resolved
@bbatsov bbatsov merged commit 5780761 into rubocop:master Nov 15, 2021
@dvandersluis dvandersluis deleted the gemspec/mfa branch November 15, 2021 13:03
@m0sh1dawa m0sh1dawa mentioned this pull request Feb 21, 2022
Merged
osanay added a commit to osanay/armg that referenced this pull request May 27, 2022
@osanay
Enable Gemspec/RequireMFA and Style/FetchEnvVar cops
0485ecd 
Because `.rubocop.yml` is set to `NewCops: enable`, these newly added cops
detect offenses when Rake Task is running.

* rubocop/rubocop#10243
* rubocop/rubocop#10502
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@koic koic koic left review comments

@bbatsov bbatsov bbatsov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dvandersluis @bbatsov @koic