-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the same Ruby version in CI and Gemfile.lock #173
Conversation
Otherwise when a new minor Ruby version is released you may encounter similar problems as before. |
Currently: https://github.com/handshake-org/handshake-org.github.io/actions/runs/4468312416/jobs/7848896393
While the actual Ruby version specified in Gemfile.lock is 3.2.0 |
If I understood correctly, it will allow minor updates but no major one: I think we should let it break for Allows us to catch any issue with versioning if there's any and update the dependencies. Previously that was also broken, as the constraints on versions were not correct (would allow breaking changes). If at some point in ruby 3.x totally breaks the builder, then we can specify latest that works. |
I changed "Otherwise when a new major Ruby versions is released you may encounter similar problems as before." to "Otherwise when a new minor Ruby version is released you may encounter similar problems as before.". I intended to write "minor", not "major", i.e. when Ruby 3.3.0 is released.
I'm not sure what you mean by "it", but likely you don't understand this change correctly. My patch fixes the Ruby version to exactly one specified and used in Gemfile.lock. "Use the same Ruby version in CI and Gemfile.lock"
I don't get why we should let the CI build break.
There is no issue with versioning when it's done correctly. There is no need to update dependencies generally, you may want to update in case of security issues (we generally don't care because it's in Github CI, not public facing) or some features necessary, or bugs.
Why it was broken was explained in #165, see ruby/setup-ruby#442 (comment).
Of course, every time the CI build breaks we can update dependencies until the build succeeds (after a couple months may be). Or the build can be written, so it doesn't break. |
I agree with the fix of CI build being fixed to gemfile.lock sounds good. Regardless of the Gemfile itself, locking build to lockfile (verified build) sounds reasonable.
Yeah, this should have been
There were no warnings on build. Only heads up for i18. |
Gemfile is just an instruction to install necessary gems. Gemfile.lock is a king, it contains the full list of installed gems with exact versions. Bundler installs gems from Gemfile.lock.
Even a patch version could be breaking together with some gems though unlikely. A minor version is likely to be breaking.
Yes, Gemfile.lock just records the installed versions during
3.2.x (i.e. 3.2.0 vs 3.2.Z) shouldn't break the code. In this project
From https://github.com/handshake-org/handshake-org.github.io/actions/runs/4468355857/jobs/7848999143:
Fixed in #174. |
See #165.