Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ci] bump CI jobs to use Ruby 2.5 since some dependencies now require 2.5 #18339

Merged
merged 10 commits into from
Mar 5, 2021
Merged

[ci] bump CI jobs to use Ruby 2.5 since some dependencies now require 2.5 #18339

merged 10 commits into from
Mar 5, 2021

Conversation

joshdholtz
Copy link
Member

@joshdholtz joshdholtz commented Mar 5, 2021
edited

Motivation and Context

CI broke in #18328 because signet updated 0.15.0 to require Ruby 2.5+

Description

Updating CI jobs to use Ruby 2.5

@google-cla google-cla bot added the cla: yes label Mar 5, 2021
@joshdholtz joshdholtz requested a review from ainame March 5, 2021 12:12
ainame
ainame requested changes Mar 5, 2021
View reviewed changes
Copy link
Contributor

@ainame ainame left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👋 Nice catch the issue, however, this solution doesn't work as you expected. So I suggested a different way. (CI just passes because it uses Ruby 2.4 to build the gem file to be installed presumably.)

I'm happy to help get this resolved tonight (GMT) if you don't have enough time or need time to figure this out! 🤝

fastlane.gemspec Outdated
Comment on lines 59 to 67
# need to lock under 0.15 using less than Ruby 2.5 to prevent install issues when using 'gem install'
# 'gem install' does not respect Ruby versions and would try installing 0.15 on Ruby 2.4 or less
# signet - https://github.com/googleapis/signet/commit/bd6fe87948f8fc7702720dae651e82f4fd348b5d
# googleauth - https://github.com/googleapis/google-auth-library-ruby/commit/6644806ab47cea6d08e1901c2ed808e53a579bc3
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5')
spec.add_dependency('signet', '<= 0.14.1')
spec.add_dependency('googleauth', '<= 0.15.1')
STDERR.puts("WARNING: Locking to a potentially insecure version of 'signet' and 'googleauth' because you are using a version of Ruby which is marked as End-Of-Life. Please upgrade your Ruby installation to 2.5 or later")
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is one of the known issues in RubyGem or rubygem.org but this branching based on RUBY_VERSION doesn't effectively work. Even worse this can cause unexpected result when releasing a new version of the gem.

So I would suggest doing followings

  • Don't lock them in gemspec and let users choose their dependencies
  • Move this logic in Gemfile in order to make sure fastlane developers/contributors can install proper dependencies
  • Announce gem install fastlane or gem "fastlane" in Gemfile starts installing new dependencies that don't support Ruby 2.4 so you need to either
    • Lock signet and googleauth in your Gemfile with gem 'signet', '<= 0.14.1' and gem 'googleauth', '<= 0.15.1'
    • Install old dependencies with gem install signet -v 0.14.1 and gem install googleauth -v 0.14 before running gem install fastlane or gem update fastlane

We can fix CI in the above way (installing old ones first) but I think it's fine just to bump the used Ruby version for that checks as Ruby 2.4. will be deprecated near future anyway. If we want to make sure everyone's installation works we should prepare a different kind of checks for CI.

@joshdholtz joshdholtz changed the title [fastlane] signet 0.15.0 only supports Ruby 2.5+ so fixing spec to allow for 0.14.0 for Ruby 2.4 [ci] bump CI jobs to use Ruby 2.5 since some dependencies now require 2.5 Mar 5, 2021
@joshdholtz joshdholtz merged commit bbcf827 into master Mar 5, 2021
@joshdholtz joshdholtz deleted the joshdholtz-signet-now-only-supports-ruby-2.5 branch March 5, 2021 19:05
@fastlane-bot
Copy link

Hey @joshdholtz 👋

Thank you for your contribution to fastlane and congrats on getting this pull request merged 🎉
The code change now lives in the master branch, however it wasn't released to RubyGems yet.
We usually ship about once a week, and your PR will be included in the next one.

Please let us know if this change requires an immediate release by adding a comment here 👍
We'll notify you once we shipped a new release with your changes 🚀

@joshdholtz joshdholtz mentioned this pull request Mar 8, 2021
Merged
@ainame ainame mentioned this pull request Mar 10, 2021
Closed
@fastlane fastlane locked and limited conversation to collaborators May 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ainame ainame ainame requested changes

Assignees
No one assigned
Labels
cla: yes status: included-in-next-release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@joshdholtz @fastlane-bot @ainame