Remove github-pages gem dependency; declare explicit gems; commit Gemfile.lock#1380
Merged
Merged
Conversation
- Rewrite Gemfile to explicitly declare Jekyll 4.x and all direct plugins (jekyll-github-metadata, jekyll-redirect-from, jekyll-seo-tag, jekyll-sitemap, jekyll-polyglot, webrick) instead of using the github-pages meta-gem and fetching versions from pages.github.com - Add safe_yaml to test group (referenced directly by the test suite) - Add require 'safe_yaml' to spec/spec_helper.rb - Generate and commit Gemfile.lock with pinned gem versions - Create .ruby-version file with 3.3.4 as repository-controlled source of truth - Remove .ruby-version and Gemfile.lock from .gitignore - Rewrite spec/ci_ruby_version_spec.rb to check version consistency among .ruby-version, test.yml workflow, and .rubocop.yml without contacting pages.github.com - Update .devcontainer/post-create.sh to read .ruby-version instead of fetching from pages.github.com/versions.json
Copilot
AI
changed the title
[WIP] Remove dependency on github-pages gem and update Gemfile
Remove github-pages gem dependency; declare explicit gems; commit Gemfile.lock
Jul 13, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request decouples the site’s Ruby/Jekyll dependency management from the GitHub Pages build image by removing the pages.github.com/versions.json runtime pinning approach, declaring explicit gem dependencies, and committing the lockfile for reproducible installs. It also introduces .ruby-version as the repository’s Ruby-version source of truth and updates tests/devcontainer setup to reference it.
Changes:
- Replace
github-pagesmeta-gem + remote versions fetch with explicit Jekyll/plugin gem declarations and commitGemfile.lock. - Add
.ruby-version(3.3.4) and update CI-version verification/spec helpers to use it (no network dependency). - Update devcontainer provisioning to read Ruby version from
.ruby-versioninstead of fetching from GitHub Pages.
Show a summary per file
| File | Description |
|---|---|
Gemfile |
Removes GitHub Pages coupling and declares explicit Jekyll/plugin dependencies; adds safe_yaml for tests. |
Gemfile.lock |
Adds a committed lockfile to make gem resolution reproducible across environments. |
.gitignore |
Stops ignoring .ruby-version and Gemfile.lock so they can be versioned. |
.ruby-version |
Establishes the repo-controlled canonical Ruby version (3.3.4). |
spec/spec_helper.rb |
Requires safe_yaml explicitly to avoid incidental dependency loading. |
spec/ci_ruby_version_spec.rb |
Reworks Ruby version consistency checks to reference repo files rather than GitHub Pages. |
.devcontainer/post-create.sh |
Uses .ruby-version to choose the Ruby version during devcontainer setup. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 5/7 changed files
- Comments generated: 3
- Review effort level: Low
…ion, safe match navigation
Contributor
There was a problem hiding this comment.
Review details
Comments suppressed due to low confidence (1)
.devcontainer/post-create.sh:9
- This script uses
grep(for package checks) andtr(for parsing.ruby-version), but they’re not included in the required-command check. If they’re missing, the script will fail later with a less actionable error.
for cmd in git sed; do
if ! command -v "${cmd}" >/dev/null 2>&1; then
echo "${cmd} is required for .devcontainer/post-create.sh"
exit 1
fi
done
- Files reviewed: 5/7 changed files
- Comments generated: 4
- Review effort level: Low
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The repository was coupled to the GitHub Pages build image via a runtime fetch of
pages.github.com/versions.jsonto pin thegithub-pagesmeta-gem. Now that the site deploys via a custom Actions workflow, that coupling is obsolete and actively harmful to reproducibility.Gemfile
json/net/httpversions-JSON fetch andgem 'github-pages'jekyll ~> 4.3,jekyll-github-metadata,jekyll-redirect-from,jekyll-seo-tag,jekyll-sitemap,jekyll-polyglot,webricksafe_yaml ~> 1.0to the test group — directly used byspec/license_meta_spec.rbviaSafeYAML.load_file, previously loaded incidentally through Jekyll's own dependencyGemfile.lock
Gemfile.lockfrom.gitignoreand committed the generated lockfilelicenseepinned to git revisionc96beb17; nogithub-pagesentryRuby version source of truth
.ruby-version(3.3.4) as the repository-controlled canonical version, removed from.gitignorespec/spec_helper.rb: added explicitrequire 'safe_yaml'spec/ci_ruby_version_spec.rb: rewritten to validate consistency among.ruby-version, thetest.yml"Set up Ruby" step, and.rubocop.yml— without contactingpages.github.com. Step is located by name rather than array index..devcontainer/post-create.sh: replacedcurl https://pages.github.com/versions.jsonRuby version derivation with a read from.ruby-version