Issue ID:
Type
Bug
Title:
Implement Compact API Endpoints for Ruby Gems (Bundler)
Created:
4/25/2023 8:15:32 AM by Steve Dennis
Status:
Open
Last pulled:
4/28/2023 3:01:56 PM
Description:
Rubygems.org recently deprecated the dependencies endpoint, which leads to the following errors: > An error occurred processing a GET request to https://proget.local/rubygems/rubygems.org/api/v1/dependencies?gems=chef-vault: The remote server returned an error: (404) Not Found. Manually making a request to the same endpoint on rubygems.org (https://rubygems.org/api/v1/dependencies?gems=chef-vault) revealed: > The dependency API is going away. See https://blog.rubygems.org/2023/02/22/dependency-api-deprecation.html for more information. Per that blog post, the `/api/v1/dependencies` RubyGems API is going away permanently on 2023-04-10. On 2023-03-29, that API returned 404 for the first 10 minutes of every hour. During that 10 minute downtime, RubyGems clients failed to resolve gems because ProGet failed to get a response from that endpoint. The reason that `bundle install` (Bundle version 2.3.7) was using the deprecated `/api/v1/dependencies` endpoint was because that's the fallback behavior when the `/versions` endpoint returns a 404, which ProGet does for that endpoint. ProGet needs to implement all the Compact Index API endpoints so that clients don't fallback to the deprecated "dependencies" API and also don't fallback to the slow full index endpoints (e.g. `/specs.4.8.gz`). Unfortunately, it turns out the Compact Index API is undocumented. The best I could find is the Gem that implements the API [rubygems/compact_index (GitHub)](https://github.com/rubygems/compact_index) and an [open issue](https://github.com/rubygems/guides/issues/292) to document that API (:facepalm:). Fortunately, via ticket EDO-8759, we already implemented the root `/` endpoint and the Gem info endpoint `/info/gem_name`. So it looks like just the `/versions` and `/names` endpoints need to be added. Additionally, it seems the `/api/v1/dependencies` endpoint should be updated to simply return a 404 (like the official rubygems.org API will be doing on 2023-04-10) and not log an exception in the ProGet Diagnostic Center when that request results in a 404.