credentials_manager 0.16.2 has been removed #7582

Closed
felipesabino opened this Issue Dec 19, 2016 · 12 comments

Projects

None yet

8 participants

@felipesabino
felipesabino commented Dec 19, 2016 edited

New Issue Checklist

  • Updated fastlane to the latest version My issue is related to old version support and its removal from rubygems, so latest version does not apply here
  • I have read the Contribution Guidelines

Issue Description

Builds were broken overnight due to removal of gems from rubygems.

Your bundle is locked to credentials_manager (0.16.2), but that version could not be found in any of the sources listed in your Gemfile. If you haven't changed sources, that means the author of credentials_manager (0.16.2) has removed it. You'll need to update your bundle to a different version of credentials_manager (0.16.2) that hasn't been removed in order to install

My legacy environments were fixed old fastlane version (1.103.0) and builds started breaking because credentials_manager version 0.16.2 has been removed from rubygems.

The release note says it was removed due to circular references (more specifically between fastlane and scan gems), but that was not my case environments as I was using older versions.

Having an immutable build environment is crucial and Fastlane has been a huge step towards that, so I believe removing old versions from rubygems in favor of new releases goes totally against it.

Environment

Here is a gist link to my Gemfile, Gemfile.lock and my travis build error output: https://gist.github.com/felipesabino/3f2a8510ff5b58987381a76a7c9a6837

Workaround

If you can't change the build environment right now (my case), you can workaround it by manually monkey patching the Gemfile to have credentials_manager and any other gem fixed to the github source

gem 'credentials_manager', '0.16.2', :git => 'https://github.com/fastlane/fastlane.git', :tag => 'credentials_manager/0.16.2'

In my case (Gemfile and Gemfile.lock attached) I also had to fix scan to 0.14.1

@fastlane-bot

It seems like you have not included the output of fastlane env.

To make it easier for us help you resolve this issue, please update the issue to include the output of fastlane env ๐Ÿ‘

@felipesabino

Just as an FYI, I did not added fastlane env output as this command was added only at 1.106.0 and my problem relates to 1.103.0 version and legacy support (Explanation at the issue description)

cc @fastlane-bot

@tapi
tapi commented Dec 19, 2016

This didn't just affect old builds. We updated to ~> 2.0 on Friday which was pegged to credentials_manager 0.16.2 so things that worked EOD Friday were busted Today morning.

@dpassage

I encountered the same issue today as well. Agree with @felipesabino about the build environment - progress is great and all, but intentionally breaking older installs is extremely problematic for a tool depended on by so many.

@jonah-williams

I had fastlane pinned to 1.111.0 which depended on credentials_manager (>= 0.16.2, < 1.0.0) which now fails. Should be easy enough for me to update but yanking gem versions like this seems like an unfriendly move and something that should be avoided.

@moming2k

My fastlane also pineed to 1.11.0 and failed start from this morning

@KrauseFx
Member

The release note says it was removed due to circular references (more specifically between fastlane and scan gems

Yes, we've had lots of users getting a circular dependency error, so we had to do this change to fix their setup. See next reply for more details.

Should be easy enough for me to update but yanking gem versions like this seems like an unfriendly move and something that should be avoided

Yes, completely agree, this was not something we wanted to do, really sorry this happened. We wanted to avoid yanking any releases, however lots of people that don't use bundler ran into this error, forcing us to yank releases and push new major releases.

I actually added further information about this, over here.

Having an immutable build environment is crucial and Fastlane has been a huge step towards that, so I believe removing old versions from rubygems in favor of new releases goes totally against it.

I completely agree, and actually gave all of this a lot of thought. Taking parts of my reply from here:

True, but due to fastlane's nature of usually needing the most up-to-date spaceship release, we really want people to be on the latest release usually. While this is not ideal as builds might not be reproducible, there is no way (to my knowledge) to do that, with the third party API changing, and us needing to update spaceship regularly to stay up to date.

Due to spaceship we are forced to always have people running on the latest release, otherwise their build isn't immutable anyway (due to changing third party APIs out of our control).

My fastlane also pineed to 1.11.0 and failed start from this morning

I assume you don't mean 1.11.0? Could you update to 2.1.1 and see if that fixes your issue?


Furthermore, I looked into the yanked release, and it seemed like we yanked a really old release (https://github.com/fastlane/fastlane/releases/tag/credentials_manager%2F0.16.0), I'll try to push it up again, let's see if that fixes the issue.

If you have any other feedback, please do let us know. We're always happy to hear how we can make it better and easier for you all ๐Ÿ‘

@felipesabino

We wanted to avoid yanking any releases, however lots of people that don't use bundler ran into this error, forcing us to yank releases and push new major releases.

I understand, but removing already published gems creates a huge trust problem and seems like node's left-pad issue all over again.

If people don't use bundler and have version conflicts we need to ask them to use it, as you even suggested me before when I tried to solve a version conflict on cocoapods at #4627 the wrong way

Furthermore, I looked into the yanked release, and it seemed like we yanked a really old release (https://github.com/fastlane/fastlane/releases/tag/credentials_manager%2F0.16.0), I'll try to push it up again, let's see if that fixes the issue.

Restoring would be awesome and I had issues with both 0.16.0 and 0.16.2, not sure what other gem versions were removed.

@KrauseFx
Member

I understand, but removing already published gems creates a huge trust problem and seems like node's left-pad issue all over again.

We didn't want to yank any of the published gems, I don't know yet why this happened. That was not planned.

If people don't use bundler and have version conflicts we need to ask them to use it, as you even suggested me before when I tried to solve a version conflict on cocoapods at #4627 the wrong way

Agreed, however lots of people don't want that, that's why we built the bundled fastlane for them a few weeks ago.

Restoring would be awesome and I had issues with both 0.16.0 and 0.16.2, not sure what other gem versions were removed.

It looks like RubyGems doesn't support unyanking of releases any more, so the only thing we can (and probably will) do is to release a credentials_manager 0.16.4 with the content of 0.16.2

@sharat
sharat commented Dec 22, 2016

not all the gems are getting updated due the error thrown by credential_manager circular dependencies. I have installed only GitHub (hub), Cocoapods and Fastlane gems in the machine.

Here's the fastlane env output

๐Ÿšซ fastlane environment ๐Ÿšซ

Stack

Key Value
OS 10.12.2
Ruby 2.3.1
Bundler? false
Git git version 2.11.0
Installation Source /usr/local/bin/fastlane
Host Mac OS X 10.12.2 (16C67)
Ruby Lib Dir ~/.rbenv/versions/2.3.1/lib
OpenSSL Version OpenSSL 1.0.2h 3 May 2016
Is contained false
Xcode Path /Applications/Xcode.app/Contents/Developer/
Xcode Version 8.1

System Locale

Error
No Locale with UTF8 found ๐Ÿšซ

fastlane files:

No Fastfile found

No Appfile found

fastlane gems

Gem Version Update-Status
credentials_manager 0.16.2 ๐Ÿšซ Update availaible
spaceship 0.39.0 ๐Ÿšซ Update availaible
fastlane 2.0.3 ๐Ÿšซ Update availaible

Loaded fastlane plugins:

No plugins Loaded

Loaded gems
Gem Version
did_you_mean 1.0.2
slack-notifier 1.5.1
CFPropertyList 2.3.4
claide 1.0.1
colored 1.2
nanaimo 0.2.3
xcodeproj 1.4.1
rouge 1.11.1
xcpretty 0.2.4
terminal-notifier 1.7.1
plist 3.2.0
public_suffix 2.0.4
addressable 2.5.0
multipart-post 2.0.0
highline 1.7.8
security 0.1.3
credentials_manager 0.16.2
multi_xml 0.6.0
faraday_middleware 0.10.1
unf_ext 0.0.7.2
unf 0.1.4
domain_name 0.5.20161129
http-cookie 1.0.3
faraday-cookie_jar 0.0.6
fastimage 2.0.1
babosa 1.0.2
xcode-install 2.0.9
word_wrap 1.0.0
excon 0.54.0
gh_inspector 1.0.2
uber 0.0.15
representable 2.3.0
retriable 2.1.0
mime-types-data 3.2016.0521
mime-types 3.1
hurley 0.2
little-plugger 1.1.4
multi_json 1.12.1
logging 2.1.0
jwt 1.5.6
memoist 0.15.0
os 0.9.6
signet 0.7.3
googleauth 0.5.1
httpclient 2.8.3
google-api-client 0.9.20
mini_magick 4.5.1
rubyzip 1.2.0
xcpretty-travis-formatter 0.0.4
dotenv 2.1.1
bundler 1.13.6
i18n 0.7.0
json 1.8.3
thread_safe 0.3.5
tzinfo 1.2.2
minitest 5.10.1
activesupport 4.2.7.1
commander 4.4.2
io-console 0.4.6
unicode-display_width 1.1.2
terminal-table 1.7.3

generated on: 2016-12-22

@sharat
sharat commented Dec 23, 2016

The latest version 2.2.0 solves circular dependency issues. [sudo] gem update fastlane was a smooth go today.

@KrauseFx
Member

Great to hear ๐Ÿ‘

@KrauseFx KrauseFx closed this Dec 23, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment