New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch PluginManager to use require_with_graceful_fail #4233
Conversation
I'm not against this I'm against the wording, how does this improve the error message that Ruby by default uses? And if it does that's a bug in Ruby not in Jekyll. |
Maybe you also want to just switch it to |
Okay, you're right, 1require_with_graceful_require1 looks like exactly the right error message we'd want. Updated the PR. Thanks for the point in the right direction! |
@RochesterinNYC I would remove the "require gem" entirely and just just have that one single call, the graceful require does all that automatically, it's it's job. |
Ah, gotcha. |
@@ -27,7 +27,7 @@ def require_gems | |||
site.gems.each do |gem| | |||
if plugin_allowed?(gem) | |||
Jekyll.logger.debug("PluginManager:", "Requiring #{gem}") | |||
require gem | |||
Jekyll::External.require_with_graceful_fail([gem]) | |||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could also improve this to be
Jekyll::External.require_with_graceful_fail(site.gems.select { |g| plugin_allowed?(g) })
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks like a cleaner change. If we want to one line this, is there still a point to having the require_gems
method? It's only used on line 19 (PluginManager#conscientious_require
) so we could just use this one-liner there? How do we feel about that? Something like:
def conscientious_require
require_plugin_files
Jekyll::External.require_with_graceful_fail(site.gems.select { |g| plugin_allowed?(g) })
deprecation_checks
end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also notice that require_plugin_files
is still using require
without the graceful_fail method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All this debate is a smell, that file needs to be reviewed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there still a point to having the require_gems method?
Absolutely! Code clarity. This whole thing is for GitHub after all, for their security team to ensure that non-whitelisted gems are not required. So if we can encapsulate this as its own method, it's easier to audit (and to understand that line's purpose).
I also notice that require_plugin_files is still using require without the graceful_fail method.
Good point. You can fix that up too if you would like.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, valid point, makes sense. I do notice that this would remove the Jekyll.logger.debug if we wanted to one-line it. Would this break backwards compatibility if anyone is asserting or relying on these debug messages?
Also, thanks for the quick feedback!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We make no guarantees, so they should not rely on it. Is there a debug message in require_with_graceful_fallback?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, only a logger.error message about the Dependency Error in case of LoadError
in require_with_graceful_fail
.
Think it would be valuable to include a Jekyll.logger.debug message about which gem is being required in require_with_graceful_feedback
, provided that we remove any redundant logger.debug messages in places that use require_with_graceful_fail
. And looking through the codebase, there don't seem to be any.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make it so!
Thanks for all the feedback. Updated the PR to use |
require f | ||
end | ||
plugins_path.each do |plugin_search_path| | ||
plugin_files = Dir[File.join(plugin_search_path, "**", "*.rb")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do Utils.safe_glob(plugin_search_path, File.join("**", "*.rb"))
here instead :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, that sounds good. Is there still a need for using File.join
if we're passing in explicit parameters for the call? (i.e. it'll always just return "**/*.rb"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RochesterinNYC Yes, the File.join
returns "**/*.rb"
on Linux and Mac, but will return "**\*.rb"
on Windows. :)
@RochesterinNYC Thank you for being cool with all the back-and-forth. ❤️ |
* Add debug statement specifying current plugin to External#require_with_graceful_fail
Updated the PR to use |
Well done, @RochesterinNYC! 🎉 Thanks for your contribution. |
Thanks for the guidance and review! |
No description provided.