Ignore Gemfile.lock

[pbanaszkiewicz]

Gemfile.lock is generated by bundler when installing dependencies for
this project.

Error from #220 happened because Gemfile.lock was in the repository
and every time the dependencies updated and saved to the *lock file,
the old version from repository overwrote it. And then failed to
build the website.

By ignoring Gemfile.lock we'll be able to generate it on a per-machine
need and it won't be overwritten by building scripts (since it's being
removed from the repository as well).

[jduckles]

@pbanaszkiewicz Sorry, the set of changes looked benign. Didn't know it would cause these.

[pbanaszkiewicz]

@jduckles neither did I…

[jduckles]

live and learn!

[andreabedini]

Actually Gemfile.lock should be included in the repository since its presence guarantees that two developers work with the same gem versions, thus guaranteeing reproducibility. See http://stackoverflow.com/questions/4151495/should-gemfile-lock-be-included-in-gitignore

[pbanaszkiewicz]

@andreabedini will pinning gem versions in Gemfile guarantee reproducibility? Is Gemfile.lock duplicating the functionality here?

Coming from Python world, Gemfile.lock seems like a snapshot of venv/lib directory to me - especially since Bundler treats it as "always right". And I'm not far from truth. Strangely we have only one file for Gemfile + Gemfile.lock purposes in Python.

[andreabedini]

@andreabedini[1] will pinning gem versions in Gemfile guarantee
reproducibility? Is Gemfile.lock duplicating the functionality here?

possibly but you would need to make sure all dependencies (and their own
dependencies) are pinned down.

Coming from Python world, Gemfile.lock seems like a snapshot of
venv/lib directory to me - especially since Bundler treats it as
"always right". And I'm not far from truth[2]. Strangely we have only
one file for Gemfile + Gemfile.lock purposes in Python.

The idea is that Gemfile tells you what you want and Gemfile.lock
tells you what you got in the end. So I can do a checkout of the repo
and let bundler install the exact same versions you have installed so
that everything works again.

That said, including Gemfile.lock into VCS is seems to best practice
according to pages linked above. No need to shove our Python workflow
into Ruby world ;-) (I'm mostly a Python person too).

---

Andrea Bedini @andreabedini[3], http://www.andreabedini.com use
keybase.io/andreabedini to send me private messages

Links:

1. https://github.com/andreabedini
2. http://bundler.io/v1.11/rationale.html
3. htttp://twitter.com/andreabedini

[andreabedini]

FYI I found this to be an interesting read http://www.kennethreitz.org/essays/a-better-pip-workflow