-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change bundle install
with a lockfile to respect the BUNDLED WITH
bundler version
#4076
Change bundle install
with a lockfile to respect the BUNDLED WITH
bundler version
#4076
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
9bee17a
to
d56c8a0
Compare
Fixed some linting failures. (I'm having trouble getting rubocop to run locally, so had to rely on CI for that, heh.) |
d56c8a0
to
63c3171
Compare
I fixed the linter errors but introduced new ones, the first time. I think it's right, now. 😂 |
I have no idea what's causing those CI errors; will have to look into it another day. |
63c3171
to
9c68ba7
Compare
Getting back into this again. Rebased off master. |
9c68ba7
to
b1e6c4b
Compare
Rebased off master. Also realized I finished an item from the TODO checklist at some point already, so checked that off. |
I may be able to switch from rubygems/bundler/lib/bundler.rb Lines 422 to 425 in 9c88db9
|
I'm a bit stuck atm because I'm not sure how |
@duckinator that's feature of generated binstub by gem installer. rubygems/lib/rubygems/installer.rb Lines 214 to 231 in 5b910cc
example of rails binstub
|
Huh, okay, so there's no actual way to determine whether it was started using that mechanism or not. That makes me wonder if this all needs to be dragged up to the Bundler binstub. Thanks for the info, @simi. I'll have to think a bit on how to approach this. |
This is what all the other specs do, and for what's being tested here, the bundler version is not relevant.
If something inside bundler used the original environment, it would be reset to what it was before, which is most likely the global `GEM_HOME`, and most likely unintended.
This does not make any difference for the spec that added it, but the correct way to set sources is through the setter because `@sources` should be a `Gem::SourceList` instance.
If an exception happened during the setup or teardown of a pending spec, the runner would crash.
If an explicit RUBYOPT was passed to our test command helpers, the global RUBYOPT in the environment would be lost. This seems important on Windows since it has a global `-Eutf-8` that seems to cause issues when lost. This commit fixes that by properly merging both the explicit environment given and the one globally set.
With this in place, bundler can be managed in a local path just like any other gem.
Show a discreet warning and continue.
8f4d2f6
to
8783bc8
Compare
this is awesome. Thanks @duckinator and @deivid-rodriguez |
@deivid-rodriguez thank you for making sure this PR got wrapped up and merged. I appreciate it a lot! |
See rubygems/rubygems#4076 rubygems/bundler started respecting BUNDLED WITH directive with newer versions.
This check was added in 655c172 when bundler didn't fully enforce the BUNDLE WITH directive. See rubygems/rubygems#4076 bundle commands now respect this directive - so move the compatability logic well before any bundle commands.
...supplied by the buildpack. See rubygems/rubygems#4076
...supplied by the buildpack. See rubygems/rubygems#4076
Is it possible to DISABLE or OPT-OUT from that feature? Bundler keeps on downgrading itself in my Docker images. I just want to use the bundler that is already available, not downgrade to the version from an older image 😭 |
The proper way to handle is to update the bundler in |
This implements part of the Bundler Version Locking RFC.
What was the end-user or developer problem that led to this PR?
It's hard to ensure that all developers and environments of an application use the exact same bundler version. There's many reasons why that's a good thing, for example, wanting to enforce that a security release is used, so that nobody is vulnerable to a security issue.
What is your fix for the problem, implemented in this PR?
My fix is to respect the
BUNDLED WITH
version if there is a lockfile. This section was originally introduced for this exact purpose but was never actually enforced.The strategy is that when
bundle install
is run, if the running version does not match theBUNDLED WITH
version,bundler
will first install theBUNDLED WITH
version, and then re-exec using that version.This strategy is implemented as conservatively as we could:
BUNDLER_VERSION
environment variable or withbundle _<version>_
.BUNDLED WITH
version, bundler will go on using the running version as a fallback.bundler
is run in combination with the latest rubygems.Make sure the following tasks are checked