I get this message in my github pages branch:
"1 jekyll vulnerability found in Gemfile.lock on Sep 16, 2019'. Upgrade jekyll to version 3.6.3 or later. For example:
gem "jekyll", ">= 3.6.3"
There were too issues before, one with nokogiri which I addressed by updating to the latest version of the gem, then commit and push.
I have already updated Jekyll to version 4.0 and then committed and pushed the whole site but the error has not gone away.
Any suggestions?
Should I push any file in particular?
Thanks
Your Gemfile is not properly updated, it still mentions gem "jekyll", "~> 3.2.1" which is also referenced in your Gemfile.lock.
Nevertheless, if you publish on github pages, the only gem you need to reference is github-pages.
Your Gemfile content :
source 'https://rubygems.org'
gem 'github-pages'
You can then do a bundle update and push your code to github, every security warning will be gone.
Your Gemfile is locked to jekyll-3.2.x.
No matter how many times you run bundle update, your lockfile is going not going to use Jekyll 3.3 and above.
To allow upgrading to v3.3.0 and above but not v4.0.0, the gem listing need to be:
gem "jekyll", "~> 3.2"
Understand the following:
gem "jekyll", "~> 3.2.1" is the same as gem "jekyll", ">= 3.2.1", "< 3.3.0"
gem "jekyll", "~> 3.2" is the same as gem "jekyll", ">= 3.2.0", "< 4.0.0"
The above said, the correct move here is what David Jacquel said in his answer. Let me summarize what he meant:
Update your Gemfile to list just the github-pages gem — the gem includes the needed plugins as well.
Commit updated Gemfile and Gemfile.lock.
Push branch to remote repository.
Related
I've been trying for a while to get a Jekyll website running on Github Pages, but it doesn't seem to work. I've been getting the error
Your site is having problems building: The symbolic link
/vendor/bundle/ruby/2.3.0/gems/ffi-1.9.18/ext/ffi_c/libffi-x86_64-linux-gnu/include/ffitarget.h
targets a file which does not exist within your site's repository. For
more information, see
https://help.github.com/articles/page-build-failed-symlink-does-not-exist-within-your-site-s-repository/.
I have already tried it with 9 different Jekyll themes, but none of them seem to work, so I'm clearly doing something wrong. Here are the steps that I am taking
1) Create a new repo and put the files from a Jekyll Theme there, OR fork it from another repo (e.g. https://github.com/iwiedenm/jekyll-theme-massively-src)
2) Git pull it into my computer and make sure I'm on the gh-pages branch
3) Run bundle install --path vendor/bundle
4) Make sure it was built with bundle exec jekyll serve
5) Once it looks good, upload it into Github
git add *
git commit -m 'Test'
git push
Then I go to the repo in the browser and I see the error above, and I can't see the website because of that missing "ffitarget.h" file. When I go look for it in that directory, I am able to find it, but Github doesn't seem to be able to find it.
Nick Shu
PS: Feel free to mark this as a duplicate. I have seen other pages, such as this and I tried it, but it didn't work.
Github page will use local gems in vendor. If you commit them, you will have errors each time github pages tries to resolve symbolic links.
From a fresh repository
Add vendor/** in your .gitignore file before you do a git add . *.
The dot in git add . * forces git to stage dotfiles (.gitignore, ...).
From an already existing repository containing gems in a vendor folder
Add vendor/** in your .gitignore file,
Remove vendor/ files from versioning, git rm --cached -r vendor/
You can now stage, commit and push
git add . *
git commit -m 'remove vendor from versioning'
git push origin master`
Notes :
you can publish master branch content, as gh-pages branch is no more mandatory. See documentation.
unless you have special needs like debuging, it's not necessary to download gems for each of your project. You can just do a bundle install.
Ensure the vendor/bundle/ directory has been excluded..
By default, Jekyll excludes that directory and therefore, it would not care about the contents in your vendor directory..
When you fork/clone a repo, there's a possibility that the exclude: list has been customized (therefore overriding the default setting). You can ensure vendor/bundle/ is ignored by Jekyll by adding it to your custom exclude list:
# Exclude list
exclude:
- README.md
- Gemfile
- Gemfile.lock
- node_modules
- gulpfile.js
- package.json
- _site
- src
- vendor
- CNAME
- LICENSE
- Rakefile
- old
- vendor/bundle/
To locally emulate how the site is built on GitHub Pages, you can build using the --safe switch:
bundle exec jekyll serve --safe
In the official Polymer documentation for elements, it's recommended to use Bower in order to install the elements and their dependencies: https://elements.polymer-project.org/guides/using-elements.
To install the major elements, I'm using the following commands:
bower install PolymerElements/iron-elements
bower install PolymerElements/paper-elements
bower install PolymerElements/app-elements
bower install PolymerElements/neon-elements
This is working fine, but the installed versions of the different components are based on the latest tag available from their git repositories.
Some repositories are not often updated, and the tag can be pretty old even if some commits were applied, like for https://github.com/PolymerElements/paper-listbox. In that case, the last tag is nearly one year old!
So, how can Bower be asked to download only the master branch of each dependency?
When using this command:
bower install PolymerElements/iron-elements#master
the "iron-elements" project will be installed from the master branch, but all the dependencies are still installed with their latest tag available from their git repository.
You can simply give address of the master branch in your bower.json file.
"paper-card": "git#github.com:PolymerElements/paper-card.git#master"
Then anytime you do a bower install bower will fetch from master of that element's code.
So, I have a library haste-mapper (link to Github - I would like some opinions on it). It uses gulp, babel-core and a few other npm packages to build itself so as to have valid JavaScript instead of Flow into the build/ directory. I added that as a postinstall hook script in package.json:
"postinstall": "gulp build"
It works, the script starts running but it does not meet the required dependencies in the host package. I have gulp and babel-core as devDependencies and it seems not to install them. Adding them to dependencies seems semantically wrong. I tried adding them to peerDependencies, but instead of installing what's missing, it just complains about it.
How should I go about this?
P.S. Here is the package.json
If you want to use something in a postinstall hook, it needs to be a dependency.
However, you're doing it wrong. You shouldn't be transpiling your code after the install. Instead, you should transpile your code before you publish the package.
To do that, you will need to rename your script to prepublish so that it is run when you run npm publish. List gulp, babel, etc. as devDependencies. Add an .npmignore file in the root of your project, containing:
/src/
The .npmignore file works just like a .gitignore. You don't want your src/ directory included in the published package, only build/. Make sure .npmignore is committed to git. If you don't have an .npmignore, npm will use the .gitignore file. This isn't what you want, since build/ is ignored for version control, but should be included in the npm package.
When you run npm publish, npm will run your prepublish hook before bundling your package for the registry. Then when someone npm installs your package, they will get the build/ folder, but not src/. Just what you want!
I started to leave a comment on RyanZim's answer because his technique is correct. However, I wanted to give a slightly different approach. Our company maintains a lot of open source projects and this is how we would advise you.
Keep developing your project like you normally would. Your .gitignore file should be ignoring your dist directory (/build in your case).
When you are ready to deploy, you want to build your code, bump your version number inside package.json, tag the changes, and push the built code to both github and npm.
The main idea is that we want to keep a copy of our built code in github along with a "tag" for that version. This allows us to see exactly what was pushed to npm for any particular version. The built code is not part of the master branch but exists only under a tag (which is sort of like a branch). When a user reports a bug and he's using version x.x.x, you can checkout that exact version and start debugging. When you fix the bug, you release a new "patch" and your user will get the changes the next time he runs npm install or npm update.
We have created a set of npm scripts to do most of this for us. Here is what we use (this goes in your package.json):
"scripts": {
"build": "node build.js",
"preversion": "npm run build",
"version": "git commit -am \"Update dist for release\" && git checkout -b release && git add -f dist/",
"postversion": "git push --tags && git checkout master && git branch -D release && git push",
"release:pre": "npm version prerelease && npm publish",
"release:patch": "npm version patch && npm publish",
"release:minor": "npm version minor && npm publish",
"release:major": "npm version major && npm publish"
}
I know that may look confusing so let me explain. Whenever we are ready to release new code, we run one of the release: commands. For example, when we run npm run release:minor, here is the list of commands which are run in order. I have annotated it so you can see what happens:
node build.js ## run the build code - you will want to run gulp instead
npm version minor ## bumps the version number in package.json and creates a new git tag
git commit -am "Update dist for release" ## commit the package.json change to git (with new version number) - we will push it at the end
git checkout -b release ## create a temporary "release" branch
git add -f dist/ ## force add our dist/ directory - you will want to add your build/ directory instead
npm publish ## push the code to npm
git push --tags ## push the built code and tags to github
git checkout master ## go back to the master branch
git branch -D release ## delete the temporary "release" branch
git push ## push the updated package.json to github
If you have any questions, please ask. You might want to do things in a slightly different order as your situation is a little different. Please feel free to ask questions. This code works really well on dozens of projects - we release new code multiple times a day.
this is my blog hosted in github.
http://john-qin.github.io/
now, i want to setup octopress on my ubuntu 12.04. I followed the instruction on this page.
http://octopress.org/docs/deploying/github/
I got stuck after "rake setup_github_pages". this instruction is for setting up brand new environment for octopress. I already have it in github. how do I pull the existing one? and where should I put them?
Octopress repositories have two branches, source and master. The source branch contains the files that are used to generate the blog and the master contains the blog itself.
When the local folders are initially configured according to the Octopress Setup Guide, the master branch is stored in a subfolder named _deploy. Since the folder name begins with an underscore, it is ignored when you git push origin source. Instead, the master branch (which contains your blog posts) gets updated when you rake deploy.
To recreate the local directory structure of an existing Octopress blog, follow these instructions.
First you need to clone the source branch to the local octopress folder.
git clone -b source git#github.com:username/username.github.com.git octopress
Then clone the master branch to the _deploy subfolder.
cd octopress
git clone git#github.com:username/username.github.com.git _deploy
Then run the rake installation to configure everything
gem install bundler
rbenv rehash # If you use rbenv, rehash to be able to run the bundle command
bundle install
rake setup_github_pages
It will prompt you for your repository URL. Enter the read/write url for your repository
(For example, 'git#github.com:your_username/your_username.github.com)
You now have a new local copy of your Octopress blog. Check out this post for more information.
After installing the MercurialEclipse Eclipse plugin, no more changes to any file are picked up by hg.
When I run
hg status
in the working directory, it returns nothing.
What could be at fault?