Hello! Welcome to the June newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In May, Ruby Central's open-source work was supported by Ruby Shield sponsor Shopify, AWS, the German Sovereign Tech Fund (STF), and Ruby Central memberships from 29 other companies, including Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 189 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

RubyConf 2024 announcements

ICYMI: We’re thrilled to have confirmed our second RubyConf 2024 keynote speaker, Kent Beck!

Kent Beck is Chief Scientist at Mechanical Orchard, an Agile Manifesto signatory, a prolific author and creator of Extreme Programming. His work paved the way for many software practices used by the community today.

Ticket Sales Updates

Tickets will be available to the public on July 3! But you can join the list now to purchase presale tickets starting June 26. If you are a Ruby Central member you’ll automatically receive pre-sale access.

A limited number of supporter tickets are on sale now, here.

Book Your Conference Hotel Room

Book your hotel room in our RubyConf room block at conference rates, while they last! The deadline to reserve these rooms is October 18.

CFP Deadline: July 8

The deadline is getting closer! If you want the chance to join us as a speaker, don’t forget to get your CFP submission in by July 8.

Call for Speaker Mentors

We’re looking for volunteers with conference speaking experience to offer guidance during CFP group coaching sessions and provide one-on-one speaker mentorship. Learn more and apply here.

Keep up with Ruby Central’s AWS Software Engineer in Residence

  • Samuel Giddins, RubyGems.org lead Security Engineer and our Software Engineer in Residence, has been sharing the highs, lows, and progress updates of his security work on his blog. Last month his development work included:
    • Significant refactoring and improvement of the Sigstore Ruby implementation.
    • Progress on the RubyGems research tool, mainly involving deploying it to a new kubernetes cluster.
    • API security improvements for an easier, more functional and safe user experience.
    • Trusted publishing enhancements including a RubyGems plugin for automatically adding trusted publishing to existing gems.
  • You can learn more and follow along here. Thank you to AWS for supporting this work!

We’re revamping our Ruby Central Membership Program!

Upcoming Conferences:

Get Involved:

  • If you'd like to get involved and help make our community and events even better, we'd love to have you join us! Check out our volunteer page, and/or feel free to shoot an email to our executive director, Adarsh, to find the best way to get plugged in.
  • Want to promote your company at RubyConf 2024? Secure your sponsorship now to reach all our attendees, showcase your thought leadership, and cultivate invaluable industry relationships. Email our wonderful sponsorships manager, Tom to learn more.
  • Remember, you can receive exclusive benefits like conference discounts and more by signing up for a Ruby Central membership. Check to see if your employer matches donations to Ruby Central, Inc. through Benevity and double your support!

RubyGems News

In May, we released RubyGems 3.5.10 and 3.5.11 , and Bundler 2.5.10 and 2.5.11. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems, including: a security update to limit the size of the metadata and checksums files in a gem package, a fix for an issue when plugin stubs would sometimes not be properly removed by gem uninstall, the deprecation of Bundler constants and the addition of--glob flag to bundle add. Finally, Ngan Pham, software engineer at Gusto, penned this guest blog post on an exciting improvement to auto_install @technicalpickles implemented, that is also included in this Bundler release.

Some other important accomplishments from the team this month include:

Improve handling of applications with a local cache of gems

  • Recently we had fixed some issues for gems with a local cache of gems. Unfortunately these fixes created both functionality and performance regressions with this mode of operation. We worked on fixing these issues while also improving Bundler’s internal code organization.
  • We made handling the type of gems considered by bundler (locally installed, cached, or remote) more explicit and moved it out of Bundler::Definition which is a class with too many responsibilities. This allowed us to simplify the code and fix reported issues about functionality and performance, improving the RubyGems experience for both users and developers.

Making default gems behave like regular gems

  • Handling default gems can be challenging even with minor Ruby updates. This can impact Bundler when switching Ruby versions, leading to missing gems.
  • Default gems also require special internal handling. Ideally, we want to treat default gems like regular gems, allowing them to be cached and fully installed in Bundler's configured path. Although we attempted this change for Bundler 2.5, we reverted it just before release due to reports of issues.
  • This time, we've tried to learn from past experiences and re-enable the feature, ensuring that default gems are considered a last resort if their regular copies cannot be found. This approach maintains backward compatibility.

Fixing a shallow clone bug in Bundler git sources

  • Bundling a git source could fail if the git server does not support shallow cloning. This issue was a regression from previous versions of Bundler.
  • @llenk joined us at RailsConf 2024’s Hack Day and helped work on a fix for this. We focused on a bug report about git sources breaking for some users. @llenk developed a solution that first attempts an efficient shallow clone and, if that fails, automatically retries with a full git clone.

Refactoring the Compact Index Client

  • The CompactIndexClient, Bundler’s high efficiency gem resolution interface to rubygems.org and other gem sources, has grown organically over time.
  • Previously we had to refactor the updater to make it compatible with other gem sources and to clarify behavior. Increasing the readability of critical code paths makes it easier for new and experienced contributors alike to improve code, find bugs and increase performance.
  • Inspired by memory improvements implemented during RailsConf 2024’s Hack Day, we have refactored the client, improved the cache interfaces and extracted a compact index parser.

Improving the memory footprint of bundle update

  • When running bundle update and parsing the compact index versions file, an inefficiency caused nearly 70MB of unnecessary memory usage each time.
  • This issue was discussed during at session at RailsConf 2024, which led @jacklynhma to join us during the conference’s Hack Day and help tackle it. We quickly identified a change to reduce the memory footprint of parsing compact index versions: updating cache checksums. @jacklynhma successfully implemented this improvement.
==> after <==
Total allocated: 689.06 MB (9638226 objects)
Total retained:  237.01 MB (2979180 objects)
==> before <==
Total allocated: 755.64 MB (10379242 objects)
Total retained:  236.94 MB (2977745 objects)

Fixing a Bundler Error Message Related Bug

  • A user reported that they received a confusing error message during a failed Bundle install of the Crono gem, leading them to open an issue. The error message incorrectly suggested a problem with Bundler, while the actual issue was operating system incompatibility.
  • After collaborating with the user to define the problem, the error message was clarified to accurately reflect the operating system incompatibility issue. It now also provides clear guidance on gem naming to help users resolve the problem.

In May, RubyGems gained 131 new commits contributed by 18 authors. They were 1,961 additions and 864 deletions across 142 files.

RubyGems.org News

The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in May was provided by AWSFastly, and DataDog. The following are highlights of what the team worked on this month:

Set up Users for Trusted Publishing at RailsConf 2024

  • At the end of last year we announced the release of Trusted Publishing, a new feature that will help make RubyGems.org more secure, and make it easier to automate gem publishing.
  • RailsConf 2024’s Hack Day provided contributors with an opportunity to get involved in RubyGems projects and learn how to set up Trusted Publishing. During the event, @segiddins successfully set up a Trusted Publishing API for users, making the process even more accessible.

Added a timescaledb to RubyGems.org infrastructure

  • Earlier this year we began work on the metrics project, which seeks to introduce granular tracking and insights of gem downloads for users. To continue momentum on this, we have started the process of adding Timescale DB to RubyGems.org stack. We plan to use a separate Timescale instance to hold analytics information, like downloads over time.

In May, RubyGems.org gained 83 new commits contributed by 11 authors. There were 1,429 additions and 662 deletions across 135 files.

Total spent

In May we spent $166,682.86 on development work.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org:

If we missed you, please let us know so we can include you in our shout out!