I want to install redmine plugins by adding gem name to Gemfile.local like redmine_github_hook plugin.
Current installing/updating method have below cautions for me.
- Difficult to specify plugin version
- Server maintainer should exec `$ git clone [--depth=1] -b <release version> https://github.com/foo/bar/`, but plugin README often describes installing master
- Difficult to detect plugins vulnerability with using bundler-audit
- We have to check each plugins by hand now
I'm happy if Redmine::Plugin.load requires gem's init.rb.
- Pros
- Easy to install plugin: only writing gem name to Gemfile.local
- Easy to specify plugin version: only specifying gem version to Gemfile.local
- Easy to update plugin: only executing `$ bundle update <plugin gem name>`
- Easy to detect (only gemified) plugins vulnerability with using bundler-audit
- Cons
- Redmine should detect wheather redmine plugin or not from all bundle installed gem
For example, support_gem_plugin.patch can load gemified plugin.
Gemfile.local example is below(I fixed little existing sidebar_hide plugin).
gem 'sidebar_hide', github: 'sho-h/sidebar_hide', branch: 'redmine_support_gem_plugin_test'
This was gemified and specified directory in init.rb.