{"id":15101711,"url":"https://github.com/jaynetics/gouteur","last_synced_at":"2026-02-24T11:31:31.404Z","repository":{"id":56875022,"uuid":"339446635","full_name":"jaynetics/gouteur","owner":"jaynetics","description":"A Ruby gem to automate integration testing of gems before release","archived":false,"fork":false,"pushed_at":"2023-05-14T10:38:44.000Z","size":58,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-28T06:52:21.804Z","etag":null,"topics":["automation","integration-testing","minitest","rspec","ruby","tooling"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaynetics.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-16T15:42:56.000Z","updated_at":"2022-09-24T20:33:14.000Z","dependencies_parsed_at":"2024-09-15T21:00:29.397Z","dependency_job_id":"861810e1-338a-45f6-8240-376719eeefb5","html_url":"https://github.com/jaynetics/gouteur","commit_stats":{"total_commits":21,"total_committers":1,"mean_commits":21.0,"dds":0.0,"last_synced_commit":"dbc406b84f6e8be2bff2356f61abe02f10522a4a"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/jaynetics/gouteur","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaynetics%2Fgouteur","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaynetics%2Fgouteur/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaynetics%2Fgouteur/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaynetics%2Fgouteur/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaynetics","download_url":"https://codeload.github.com/jaynetics/gouteur/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaynetics%2Fgouteur/sbom","scorecard":{"id":509111,"data":{"date":"2025-08-11","repo":{"name":"github.com/jaynetics/gouteur","commit":"dbc406b84f6e8be2bff2356f61abe02f10522a4a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jaynetics/gouteur/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jaynetics/gouteur/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/jaynetics/gouteur/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jaynetics/gouteur/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jaynetics/gouteur/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jaynetics/gouteur/lint.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T00:04:23.041Z","repository_id":56875022,"created_at":"2025-08-20T00:04:23.041Z","updated_at":"2025-08-20T00:04:23.041Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28853361,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T15:15:36.453Z","status":"ssl_error","status_checked_at":"2026-01-28T15:15:13.020Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","integration-testing","minitest","rspec","ruby","tooling"],"created_at":"2024-09-25T18:28:48.308Z","updated_at":"2026-02-24T11:31:31.381Z","avatar_url":"https://github.com/jaynetics.png","language":"Ruby","readme":"# 👨‍🍳 Gouteur\n\n[![Gem Version](https://badge.fury.io/rb/gouteur.svg)](http://badge.fury.io/rb/gouteur)\n[![Build Status](https://github.com/jaynetics/gouteur/workflows/build/badge.svg)](https://github.com/jaynetics/gouteur/actions)\n[![Coverage](https://codecov.io/gh/jaynetics/gouteur/branch/main/graph/badge.svg?token=519NAAEQFC)](https://codecov.io/gh/jaynetics/gouteur)\n\nTreat the people that use your gem like royalty! Send for a [gouteur](https://en.wikipedia.org/wiki/Food_taster) before serving them something new!\n\n## What?\n\nThis gem runs the build tasks of other projects against your unreleased changes.\n\n## Why?\n\nSometimes, other projects start depending on your gem.\n\nWhen you release a new version of your gem, these projects might break.\n\n[Semantic versioning](https://semver.org) obviously helps. People make mistakes, though. The boundary between public and private APIs can also be fuzzy, particularly in an open language like Ruby.\n\nThus, when you update your gem, you might feel as if you should check whether things that depend on it will keep working before you release the new version.\n\nGouteur automates this step.\n\n## Installation\n\nAdd `gouteur` to the development dependencies of your gem.\n\n## Usage\n\n### Recommended usage\n\nCreate a `.gouteur.yml` in the root of your project:\n\n```yml\nrepos:\n  - uri: https://github.com/someone/some_gem\n    ref: some_specific_branch # optional, default is the default branch\n    before: setup_special_dependency # optional, bundle is always installed\n    tasks: ['rspec', 'rake foo'] # optional, default is `rake`\n    name: cool_gem # optional, defaults to repo name from uri, e.g. `some_gem`\n    locked: true # optional, prevents setting an incompatible VERSION\n    force: true # optional, forces test even if VERSION is incompatible\n```\n\nThen simply `bundle exec gouteur` or add the rake task to your Rakefile:\n\n```ruby\nrequire 'gouteur/rake_task'\nGouteur::RakeTask.new\n\n# default name is :gouteur, e.g. to include it in the default task:\ntask default: %i[rspec gouteur]\n```\n\nPro tip: for large repos, running only relevant specs can speed up things a lot, e.g.:\n\n```yml\ntasks: 'rspec spec/known_relevant_spec.rb'\n```\n```yml\ntasks: 'rspec --pattern \"**/{,*}{keyword1,keyword2}{,*,*/**/*}_spec.rb\"'`\n```\n\n### Manual usage\n\nFrom the shell:\n\n```shell\n# example: check one dependent repo\ngouteur 'https://github.com/foo/bar'\n\n# see other usage options:\ngouteur --help\n```\n\nFrom Ruby:\n\n```ruby\nrepo = Gouteur::Repo.new(uri: 'https://github.com/foo/bar')\nsuccess, message = Gouteur::Checker.call(repo)\n```\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/jaynetics/gouteur.\n\n## Outlook\n\nPossible future improvements:\n\n- consider caching of dependent repositories in CI, e.g. in GitHub workflows\n- support more sources of code, e.g. latest release, private GitHub repositories\n- improve performance by tracing \u0026 rerunning only specs/tests that use the gem\n- save time in MiniTest by forcing it to run in fail-fast mode like RSpec\n- other ideas? open an issue!\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaynetics%2Fgouteur","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaynetics%2Fgouteur","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaynetics%2Fgouteur/lists"}