Gumroad’s source is available

2025-04-049:56486205github.com

Contribute to antiwork/gumroad development by creating an account on GitHub.

Show article

Gumroad logo

Sell your stuff. See what sticks.

License • Code of Conduct • Contributing

Before you begin, ensure you have the following installed:

https://nodejs.org/en/download

We use docker and docker compose to setup the services for development environment.

For MacOS: Grab the docker mac installation from the Docker website
For Linux:

sudo wget -qO- https://get.docker.com/ | sh
sudo usermod -aG docker $(whoami)

Install a local version of MySQL 8.0.x to match the version running in production.

The local version of MySQL is a dependency of the Ruby mysql2 gem. You do not need to start an instance of the MySQL service locally. The app will connect to a MySQL instance running in the Docker container.

brew install mysql@8.0 percona-toolkit
brew link --force mysql@8.0 # to use Homebrew's `openssl`:
brew install openssl
bundle config --global build.mysql2 --with-opt-dir="$(brew --prefix openssl)" # ensure MySQL is not running as a service
brew services stop mysql@8.0

We use imagemagick for preview editing.

For MacOS: brew install imagemagick
For Linux: sudo apt-get install imagemagick

For newer image formats we use libvips for image processing with ActiveStorage.

For MacOS: brew install libvips
For Linux: sudo apt-get install libvips-dev

We use ffprobe that comes with FFmpeg package to fetch metadata from video files.

For MacOS: brew install ffmpeg
For Linux: sudo apt-get install ffmpeg

We use pdftk to stamp PDF files with the Gumroad logo and the buyers' emails.

For MacOS: Download from here
For Linux: sudo apt-get install pdftk

We use Bundler to install Ruby gems.

If you have a license for Sidekiq Pro, configure its credentials:

bundle config gems.contribsys.com <key>

If you don't have a license for Sidekiq Pro, set the environment variable GUMROAD_SIDEKIQ_PRO_DISABLED in your shell:

export GUMROAD_SIDEKIQ_PRO_DISABLED=true
echo "export GUMROAD_SIDEKIQ_PRO_DISABLED=true" >> ~/.bashrc

Run bundle install to install the necessary dependencies.

Also make sure to install dotenv as it is required for some console commands:

Make sure the correct version of npm is enabled:

Install dependencies:

App can be booted without any custom credentials. But if you would like to use services that require custom credentials (e.g. S3, Stripe, Resend, etc.), you can copy the .env.example file to .env and fill in the values.

For other operating systems, see mkcert installation instructions.

Generate certificates by running:

bin/generate_ssl_certificates

If you installed Docker Desktop (on a Mac or Windows machine), you can run the following command to start the Docker services:

If you are on Linux, or installed Docker via a package manager on a mac, you may have to manually give docker superuser access to open ports 80 and 443. To do that, use sudo make local instead.

This command will not terminate. You run this in one tab and start the application in another tab. If you want to run Docker services in the background, use LOCAL_DETACHED=true make local instead.

For Linux (Debian / Ubuntu) you might need the following:

apt install libxslt-dev libxml2-dev

This starts the rails server, the javascript build system, and a Sidekiq worker.

If you know what foreman does and you don't want to use it you can inspect the contents of the Procfile.dev file and run the required components individually.

You can now access the application at https://gumroad.dev.

You can log in with the username seller@gumroad.com and the password password. The two-factor authentication code is 000000.

Read more about logging in as a user with a different team role at Users & authentication.

You will need to explicitly reindex Elasticsearch to populate the indices after setup, otherwise you will see index_not_found_exception errors when you visit the dev application. You can reset them using:

# Run this in a rails console:
DevTools.delete_all_indices_and_reindex_all

To send push notifications:

INITIALIZE_RPUSH_APPS=true bundle exec rpush start -e development -f

We use ESLint for JS, and Rubocop for Ruby. Your editor should support displaying and fixing issues reported by these inline, and CI will automatically check and fix (if possible) these.

If you'd like, you can run git config --local core.hooksPath .githooks to check for these locally when committing.

Read the original article

Comments

By jvns 2025-04-0420:101 reply

I tried to grep the code for `api.` to get a sense for all the vendors this codebase is using, and which you'd need to have relationships with to run the code. Here's what I found:

payments:

  https://api.paypal.com 
  https://api.stripe.com

tax stuff:

  https://api.taxjar.com
  https://api.vatstack.com (EU VAT)
  https://apiservices.iras.gov.sg

for iOS app (?):

  https://api.appstoreconnect.apple.com 
  https://api.storekit.itunes.apple

AI stuff:

  https://api.iffy.com  (AI content moderation)
  https://api.helper.ai (AI support)
  https://api.openai.com

other:

  https://api.easypost.com  (shipping labels?)
  https://api.sendgrid.com (email)
  https://api.pwnedpasswords.com (haveibeenpwned)
  https://api.worldbank.org (for purchasing power parity?)
  https://api.dropboxapi.com (for "upload from dropbox"?)

By ricardobeat 2025-04-0421:451 reply

That's pretty refreshing compared to the average 400 external "partners" your average online t-shirt store has.

By rafram 2025-04-0422:481 reply

Most of those are probably indirect. Same here: Stripe doesn’t issue credit cards or even process transactions itself. It partners with a half-dozen or so credit card networks, and each network partners with thousands of banks around the world.

By ricardobeat 2025-04-062:34

No, I'm comparing to what you see on the average cookie consent banner [1]. If you dive into the 'manage' option, most e-commerce sites will literally have hundreds of third-parties listed that your data might be shared with. As far as I understand these are all direct integrations, either in the frontend or backend, not indirect - you don't have to ask for permission for companies downstream of your own providers.

[1] we don't get to see most companies codebases, so this is a good indicator of the amount of integrations

By rmason 2025-04-0410:223 reply

It launched right here on HN 14 years ago.

https://x.com/shl/status/1908090697984426227/photo/1

By Aurornis 2025-04-0415:433 reply

Gumroad became my cautionary tale for startup equity for early engineers.

I remember excitedly following the story from start. It was fun to follow along. Then around 2015 things weren’t working well, so they laid off most of the team. Investors sold the company back to the founder at a steep discount. As I recall, a major investor sold their ownership for $1.

Just like that, the founding engineers who worked so hard lost their jobs and saw their equity valued down to nothing.

It happens! However, the strange thing in this case was that the company kept going. They had laid (almost) everyone off and declared their equity worthless, yet the company was still making money and growing. My younger self struggled to understand how the founding engineers could have gone from working so hard on something to being laid off and seeing their equity wiped out while the business itself continued right on working and generating revenue.

A lot has been written to put positive spin on those events. The founder claims to have helped out some of the early engineers in vague ways. However, I’ll never forget being a young, aspiring startup engineer and watching an entire startup team get wiped out of the business they helped create and then the business just kept on trucking for the founder who walked away with ownership of the company.

By tuhins 2025-04-0419:26

I was one of them! Joined on August 5, 2012, got 0.5% of equity (I think?), it all went to more-or-less zero monetarily. I don't think most of us really hold any grudges against Sahil here. It was a very fun place to work, and I met some of my closest friends and made some of my strongest professional connections there. It was net-very-positive to my life and career, and I think we were all adults when we were opting-in to the experience.

As for Sahil/Gumroad making money and growing. Meh. He's worked on it for 13 years and showing dedication beyond what I would have for most things. It's fine.

By jokethrowaway 2025-04-0417:24

A friend built a startup for years and progress was not looking good. Eventually the entire development team quit and left without equities. The founder was then acquired for millions.

Another case: startup running out of money after a series B or C and a history of questionable expenses. Everybody but a few left. The founders sold their main product for cheap to some private equity firm, focused on a crappy internal tool they built and they used their last money to hire a literal army of sales people.

These sales guys were apparently amazing and somehow managed to sell the tool to a bunch of fortune 500 companies and are now making bank.

The main product they sold? It's still on life support, the original buyer just sold it to another holding.

By adrr 2025-04-0417:234 reply

How did lose all their equity? You can’t declare equity is worthless. You can raise new rounds with different valuations and dilute previous investors/employees but they would also dilute themselves.

By hobofan 2025-04-0420:011 reply

Even if they don't "lose" their equity, it might just turn essentially worthless. Very often "equity" founding staff receives is in the form of (V)ESOP s = (virtual) employee stock options, or other equity grants that only materialize in the case of an "exit event". Depending on how the exit events are specified in the contract, the founder taking the company private (/ divestment from the investors) might have resulted in an exit event with $1 value of the company.

By beefnugs 2025-04-0518:36

Yeah so pure grift : if it was really dying then just keep your worthless-percent forever, or get emotionally manipulated into selling for $1 like a sucker

By rahimnathwani 2025-04-0417:26

Google 'drag along rights'.

By Aurornis 2025-04-053:43

> You can’t declare equity is worthless. You can raise new rounds with different valuations and dilute previous investors/employees but they would also dilute themselves.

The investors sold the company back to the founder for $1. That's as close as it gets to declaring equity as worthless.

By bigtunacan 2025-04-051:04

Equity for pre-IPO companies is often tied to an expiration. If there is no qualifying liquidity event before the expiration then your equity disappears unless the company takes action to reissue your equity. That sometimes happens for people who are still employed with the company, but almost never for former employees.

By ihowlatthemoon 2025-04-0410:312 reply

Original discussion thread here: https://news.ycombinator.com/item?id=2406614

By occamschainsaw 2025-04-0414:561 reply

Interesting discussion on the merits of the initial plan of a paid link shortening service and the opposite approach (easy-to-setup paid access to links).They were discussing adding Bitcoin as a payment method when it was 0.7 cents a pop.

By spiderice 2025-04-0415:16

That part made me chuckle.

> At the current ~$0.70 / bitcoin, this means that every American will be able to have ~$0.05 in his or her electronic wallet, once all bitcoins are generated. Assuming that the rest of the world does not participate at all and that bitcoins are evenly distributed.

> Sure, you could imagine an instant dollar-to-bitcoin-to-dollar conversion at the point of payment. Or you could imagine a bitcoin2.org that generates more coins. Or you could hope for a massive surge in the value of the bitcoin.

> I'd put my money on Paypal sticking around, though.

Even back that people pointed out the obvious flaw of Bitcoin remaining at $0.70. But I wonder if any of them believed it would be at $100,000 in 14 years

https://news.ycombinator.com/item?id=2407998

By owebmaster 2025-04-0410:541 reply

One day work to start a multi-million project, 13 years ago. That's the real vibing.

By ignoramous 2025-04-0412:361 reply

Some might not be aware: It wasn't always smooth sailing for Sahil (could have had a much comfortable life if he stayed put at Pinterest). https://news.ycombinator.com/item?id=37059594

By jatins 2025-04-0417:17

didn't he mention that he got fired from Pinterest?

By Multiplayer 2025-04-0416:011 reply

I'm reading a lot of complaints here but let's recognize some interesting aspects that Sahil is talking about: 1. It's the 5th largest rails codebase open to AI ingestion. 2. They are offering bounties for issues. Not large bounties but whatever, it's something.

I personally like rails and would love to see AI tools improve with it. No idea if this code base will really help that, and when but it can't hurt. In my experience I can get next apps up in a jiffy but rails is much more of a struggle. If anyone has any tips here, please post.

I'm always curious about how well bounties work especially now in an AI age. I wonder what the arbitrage on AI spend vs. bounty will be for people that take a run at them.

By irf1 2025-04-0419:14

I run a bounties platform (https://algora.io) and I've seen people who create bounties try to use some AI like Devin to solve them (@seveibar livestreamed trying it) just for fun and in all cases AI failed to solve the bounties.

A Rust project that rewarded 300+ bounties ($37k) is now building an AI coding agent with the aim to solve bounties on Algora - it's an interesting benchmark I guess.

Curious myself what the next years might look like, but from everything I've seen so far we're definitely not there yet.

Hacker News