Skip to content

ci: use bundler-cache in setup-ruby and fix RuboCop configuration#745

Merged
andrehjr merged 3 commits intosplitrb:mainfrom
snaka:fix/delegate-bundle-to-setup-ruby
Feb 15, 2026
Merged

ci: use bundler-cache in setup-ruby and fix RuboCop configuration#745
andrehjr merged 3 commits intosplitrb:mainfrom
snaka:fix/delegate-bundle-to-setup-ruby

Conversation

@snaka
Copy link
Copy Markdown
Contributor

@snaka snaka commented Feb 15, 2026
edited
Loading

This PR fixes CI failures currently occurring on the main branch.

Background

The manual bundle install step was causing CI failures with the following error:

Bundler cannot reinstall erb-6.0.1 because there's a previous installation of it
at /opt/hostedtoolcache/Ruby/4.0.1/x64/lib/ruby/gems/4.0.0/gems/erb-6.0.1 that
is unsafe to remove.
The parent of
/opt/hostedtoolcache/Ruby/4.0.1/x64/lib/ruby/gems/4.0.0/gems/erb-6.0.1 is
world-writable and does not have the sticky bit set, making it insecure to
remove due to potential vulnerabilities.

This issue is related to stricter security checks introduced in RubyGems/Bundler 4.0.0 combined with incorrect directory permissions in GitHub Actions hosted toolcache. The same issue has been reported in
ruby/rubygems#7983 and ruby/setup-ruby#624.

Changes

  1. Use bundler-cache in ruby/setup-ruby action

    • Replaced manual bundle install with bundler-cache: true option
    • This is the recommended solution that avoids permission issues and improves caching
    • Gems are now installed under vendor/bundle directory

  2. Configure RuboCop to inherit default exclusions

    • Added inherit_mode configuration to merge Exclude patterns with RuboCop defaults
    • RuboCop's default configuration excludes common directories like vendor/**/*, but when a local .rubocop.yml defines AllCops.Exclude, it overrides the defaults instead of merging
    • By setting inherit_mode: { merge: [Exclude] }, we explicitly inherit the default exclusions while allowing custom exclusions
    • This ensures vendor/bundle (where gems are now installed) is properly excluded from linting

Sources:

snaka added 3 commits February 15, 2026 12:05
@snaka
ci: use bundler-cache in ruby/setup-ruby action
17ad5b0 
Replace manual bundle install with ruby/setup-ruby's built-in bundler-cache
feature for better compatibility with Ruby 4.0+ security features.
@snaka
chore: exclude vendor directory from RuboCop checks
4013b4a
@snaka
Fix RuboCop to inherit default Exclude patterns
615c37a 
- Add `inherit_mode: { merge: [Exclude] }` to inherit default exclusion patterns
- Remove explicit `vendor/**/*` exclusion (now inherited from default config)
- Remove obsolete `gemfiles/**/*` exclusion (gemfiles directory was removed)

This ensures that `vendor/bundle` is properly excluded when using
`bundler-cache: true` in GitHub Actions workflow, preventing RuboCop
from inspecting gem files and loading their .rubocop.yml configurations.

Fixes the issue where RuboCop tried to require 'rubocop-rake' from
gems installed in vendor/bundle.
@snaka snaka changed the title ci: use bundler-cache in setup-ruby and exclude vendor from RuboCop ci: use bundler-cache in setup-ruby and fix RuboCop configuration Feb 15, 2026
@andrehjr
Copy link
Copy Markdown
Member

andrehjr commented Feb 15, 2026

Awesome! Thanks @snaka 🎉

@andrehjr andrehjr merged commit 9477336 into splitrb:main Feb 15, 2026
@snaka snaka deleted the fix/delegate-bundle-to-setup-ruby branch February 16, 2026 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrehjr andrehjr andrehjr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snaka @andrehjr