Skip to content

Update to 4.0.0-preview2 #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 19, 2025
Merged

Update to 4.0.0-preview2 #517

merged 1 commit into from
Nov 19, 2025
+48 −48

Conversation

@tianon
Copy link
Member

@tianon tianon commented Nov 17, 2025

3.5 is now 4.0: ruby/ruby@6d81969

@tianon
Copy link
Member Author

tianon commented Nov 17, 2025

lol, lmao, great; it lights up like the Christmas tree 4.0 will eventually be

@yosifkit
Copy link
Member

yosifkit commented Nov 17, 2025 

Could not find compatible versions

Because bundler-audit >= 0.6.1 depends on bundler >= 1.2.0, < 3
and the current Bundler version (4.0.0.dev) does not satisfy bundler >= 1.2.0,
< 3,
  bundler-audit >= 0.6.1 cannot be used.
So, because Gemfile depends on bundler-audit = 0.9.1,
  version solving has failed.

ruby-binstubs test will be fixed by rubysec/bundler-audit#409 once a release happens (and we bump our Gemfile)

The `--deployment` flag has been removed because it relied on being remembered
across bundler invocations, which bundler no longer does. Instead please use
`bundle config set deployment true`, and stop using this flag
	'ruby-nonroot' [6/8]...failed

For ruby-bundler and ruby-nonroot, I think we just need to do the config set or maybe BUNDLE_DEPLOYMENT would work.

@yosifkit yosifkit mentioned this pull request Nov 17, 2025
Merged
@tianon
Copy link
Member Author

tianon commented Nov 18, 2025

Close + reopen to pick up docker-library/official-images#20310 in CI

@tianon tianon closed this Nov 18, 2025
@tianon tianon reopened this Nov 18, 2025
@ctrochalakis ctrochalakis mentioned this pull request Nov 18, 2025
Merged
@Earlopain
Copy link
Contributor

Earlopain commented Nov 18, 2025

Do the test containers have git available (no idea how this gets run)? If that is the case, you can temporarily pin to the repository, that should get this green then:

# Pinned to commit to allow bundler 4. Revert once https://github.com/rubysec/bundler-audit/pull/409 is released
gem 'bundler-audit', git: "https://github.com/rubysec/bundler-audit", ref: "309d20356a7ea435d0f92982b6fcb2a4bd57db66"

@tianon
Copy link
Member Author

tianon commented Nov 18, 2025

Heh, yeah, the rabbit hole goes deeper though, unfortunately! Here's what I'm at right now:

diff --git a/test/tests/ruby-binstubs/Gemfile b/test/tests/ruby-binstubs/Gemfile
index dd9516655..5760efb93 100644
--- a/test/tests/ruby-binstubs/Gemfile
+++ b/test/tests/ruby-binstubs/Gemfile
@@ -1,3 +1,8 @@
 source 'https://rubygems.org'
-gem 'bundler-audit', '0.9.1'
+
+# https://github.com/rubysec/bundler-audit/pull/409
+# TODO drop this all back down to just "gem 'bundler-audit', '0.9.3'" once it's released: https://github.com/rubysec/bundler-audit/releases
+gem 'rubygems-tasks', github: 'postmodern/rubygems-tasks', ref: '8a080d9a730218e957bb8a1c9ab72f025c61d229' # https://github.com/postmodern/rubygems-tasks/pull/28 (this is a dep of bundler-audit)
+gem 'bundler-audit', github: 'rubysec/bundler-audit', ref: '309d20356a7ea435d0f92982b6fcb2a4bd57db66'
+
 gem 'brakeman', '5.4.1'

and it fails like this, after bundle install:

/usr/local/lib/ruby/4.0.0+0/rubygems.rb:263:in 'Gem.find_spec_for_exe': can't find gem bundler-audit (>= 0.a) with executable bundler-audit (Gem::GemNotFoundException)
	from /usr/local/lib/ruby/4.0.0+0/rubygems.rb:237:in 'Gem.find_and_activate_spec_for_exe'
	from /usr/local/lib/ruby/4.0.0+0/rubygems.rb:282:in 'Gem.activate_and_load_bin_path'
	from /usr/local/bundle/bin/bundler-audit:25:in '<main>'

(adding rubygems-tasks explicitly was an attempt to fix this issue, because I wasn't convinced it was installing bundler-audit successfully since the output changes and in a way that makes very little sense, so it's probably not necessary since it didn't fix this)

@Earlopain
Copy link
Contributor

Earlopain commented Nov 18, 2025

Hm, it works locally for me. How are you testing in the container? I didn't really figure that one out.

@tianon
Copy link
Member Author

tianon commented Nov 18, 2025
edited
Loading

Our test harness effectively does ./run.sh image, so I'm doing ./run.sh ruby:4.0-rc. A few layers of abstraction later, it essentially does docker build to copy Gemfile and container.sh into the image, then runs container.sh, which copies the Gemfile to a new (known-writable) directory, and then goes into it and runs bundle install and then bundle audit version.

https://github.com/docker-library/official-images/tree/215fa7075010e3f2da20008b1a3a223b788beb0d/test/tests/ruby-binstubs

@tianon
Copy link
Member Author

tianon commented Nov 18, 2025

It's really driving me nuts; bundle info bundler-audit just before bundle audit version works fine:

Use `bundle info [gemname]` to see where a bundled gem is installed.
  * bundler-audit (0.9.2 309d203)
	Summary: Patch-level verification for Bundler
	Homepage: https://github.com/rubysec/bundler-audit#readme
	Documentation: https://rubydoc.info/gems/bundler-audit
	Source Code: https://github.com/rubysec/bundler-audit
	Changelog: https://github.com/rubysec/bundler-audit/blob/master/ChangeLog.md
	Bug Tracker: https://github.com/rubysec/bundler-audit/issues
	Path: /usr/local/bundle/bundler/gems/bundler-audit-309d20356a7e

@Earlopain
Copy link
Contributor

Earlopain commented Nov 18, 2025

Oh, this might just not work as a git gem. I already had bundler-audit available previously, if I uninstall it fails to find the git gem locally for me as well.

Seems irrelevant actually which version is in the gemfile, it always uses the latest available version. So the gemfile is just there to install the gems, and for bundler audit it is irrelevant and simply uses whatever is already installed (I wonder if that is a bundler bug)

I guess this is ruby/rubygems#6957 or one of the related PRs/Issues

@tianon tianon mentioned this pull request Nov 19, 2025
Merged
@tianon
Copy link
Member Author

tianon commented Nov 19, 2025

I've opened docker-library/official-images#20318 with a different potential solution that hopefully still preserves the intent of the test -- I'm running it against all current tags of ruby and jruby now. 👍

@Earlopain
Copy link
Contributor

Earlopain commented Nov 19, 2025

Nice, I looked for a different one but no luck. I think this is a good replacement, it adds the command in exactly the same way

@yosifkit yosifkit closed this Nov 19, 2025
@yosifkit yosifkit reopened this Nov 19, 2025
@tianon tianon merged commit 8416c3f into docker-library:master Nov 19, 2025
66 of 78 checks passed
@tianon tianon deleted the 4.0 branch November 19, 2025 23:08
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Nov 19, 2025
@docker-library-bot
Update ruby
c5935d6 
Changes:

- docker-library/ruby@8416c3f: Merge pull request docker-library/ruby#517 from infosiftr/4.0
- docker-library/ruby@7e8d616: Update to 4.0.0-preview2
@tianon tianon mentioned this pull request Nov 19, 2025
Merged
yosifkit pushed a commit to docker-library/official-images that referenced this pull request Nov 19, 2025
@tianon @docker-library-bot
Update ruby (#20324)
af5185c 
Changes:

- docker-library/ruby@8416c3f: Merge pull request docker-library/ruby#517 from infosiftr/4.0
- docker-library/ruby@7e8d616: Update to 4.0.0-preview2

Co-authored-by: Docker Library Bot <doi+docker-library-bot@docker.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yosifkit yosifkit yosifkit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tianon @yosifkit @Earlopain