-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ci] bump CI jobs to use Ruby 2.5 since some dependencies now require 2.5 #18339
[ci] bump CI jobs to use Ruby 2.5 since some dependencies now require 2.5 #18339
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👋 Nice catch the issue, however, this solution doesn't work as you expected. So I suggested a different way. (CI just passes because it uses Ruby 2.4 to build the gem file to be installed presumably.)
I'm happy to help get this resolved tonight (GMT) if you don't have enough time or need time to figure this out! 🤝
fastlane.gemspec
Outdated
# need to lock under 0.15 using less than Ruby 2.5 to prevent install issues when using 'gem install' | ||
# 'gem install' does not respect Ruby versions and would try installing 0.15 on Ruby 2.4 or less | ||
# signet - https://github.com/googleapis/signet/commit/bd6fe87948f8fc7702720dae651e82f4fd348b5d | ||
# googleauth - https://github.com/googleapis/google-auth-library-ruby/commit/6644806ab47cea6d08e1901c2ed808e53a579bc3 | ||
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5') | ||
spec.add_dependency('signet', '<= 0.14.1') | ||
spec.add_dependency('googleauth', '<= 0.15.1') | ||
STDERR.puts("WARNING: Locking to a potentially insecure version of 'signet' and 'googleauth' because you are using a version of Ruby which is marked as End-Of-Life. Please upgrade your Ruby installation to 2.5 or later") | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is one of the known issues in RubyGem or rubygem.org but this branching based on RUBY_VERSION
doesn't effectively work. Even worse this can cause unexpected result when releasing a new version of the gem.
- Using RUBY_VERSION in a gemspec doesn't work kamui/retriable#79
- Do not use RUBY_VERSION in gemspec rubocop/ruby-style-guide#763
So I would suggest doing followings
- Don't lock them in
gemspec
and let users choose their dependencies - Move this logic in
Gemfile
in order to make sure fastlane developers/contributors can install proper dependencies - Announce
gem install fastlane
orgem "fastlane"
inGemfile
starts installing new dependencies that don't support Ruby 2.4 so you need to either- Lock
signet
andgoogleauth
in yourGemfile
withgem 'signet', '<= 0.14.1'
andgem 'googleauth', '<= 0.15.1'
- Install old dependencies with
gem install signet -v 0.14.1
andgem install googleauth -v 0.14
before runninggem install fastlane
orgem update fastlane
- Lock
We can fix CI in the above way (installing old ones first) but I think it's fine just to bump the used Ruby version for that checks as Ruby 2.4. will be deprecated near future anyway. If we want to make sure everyone's installation works we should prepare a different kind of checks for CI.
Hey @joshdholtz 👋 Thank you for your contribution to fastlane and congrats on getting this pull request merged 🎉 Please let us know if this change requires an immediate release by adding a comment here 👍 |
Motivation and Context
CI broke in #18328 because
signet
updated 0.15.0 to require Ruby 2.5+Description
Updating CI jobs to use Ruby 2.5