Fix Bundler vendoring when a subdirectory is configured by deivid-rodriguez · Pull Request #5567 · dependabot/dependabot-core

deivid-rodriguez · 2022-08-22T09:11:20Z

The actual fix is 51096421a9db36fcfcdf06131058374037681f16, but I also included some spec changes to be able to test it.

Previously we were passing an absolute path hardcoded to the root of the target repository as the cache path. Now we pass a relative path, to which we prepend the configured subdirectory if any.

Fixes #3736.

jurre

Thanks, that makes a lot of sense to me! Assuming CI passes, LGTM

deivid-rodriguez · 2022-08-22T09:37:01Z

Yeah, CI definitely needed since I only run specs manually for Bundler, yet I changed helpers in common, so let's see :)

I also tested this on https://github.com/gewo/dependabot-bundler-vendor, and the dry-run scripts seem to behave fine now.

I didn't create actual PRs, just tried the dry-run script. But I can do that before merging just to make sure. The only difference to real PRs should be that from my machine, dependabot will add an extra platform to the lockfile, it seems.

Before

$ bin/dry-run.rb bundler gewo/dependabot-bundler-vendor --clone ✅

To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
=> cloning into /home/dependabot/dependabot-core/tmp/gewo/dependabot-bundler-vendor
=> parsing dependency files
=> updating 1 dependencies: minitest

=== minitest (5.14.3)
 => checking for updates 1/1
🌍 https//rubygems.org:443/api/v1/versions/minitest.json
 => latest available version is 5.16.3
 => latest allowed version is 5.16.3
 => requirements to unlock: own
 => requirements update strategy: bump_versions
 => updating minitest from 5.14.3 to 5.16.3

    ± Gemfile.lock
    ~~~
    4c4
    <     minitest (5.14.3)
    ---
    >     minitest (5.16.3)
    6a7
    >   aarch64-linux
    ~~~
deleted vendor/cache/minitest-5.14.3.gem
added vendor/cache/minitest-5.16.3.gem
🌍 Total requests made: '1'
🎈 Package manager version log: {:ecosystem=>"bundler", :package_managers=>{"bundler"=>"2"}}

$ bin/dry-run.rb bundler gewo/dependabot-bundler-vendor --dir /acceptance --clone ❌

To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
=> cloning into /home/dependabot/dependabot-core/tmp/gewo/dependabot-bundler-vendor
=> parsing dependency files
=> updating 1 dependencies: minitest

=== minitest (5.14.3)
 => checking for updates 1/1
🌍 https//rubygems.org:443/api/v1/versions/minitest.json
 => latest available version is 5.16.3
 => latest allowed version is 5.16.3
 => requirements to unlock: own
 => requirements update strategy: bump_versions
 => updating minitest from 5.14.3 to 5.16.3

    ± Gemfile.lock
    ~~~
    4c4
    <     minitest (5.14.3)
    ---
    >     minitest (5.16.3)
    6a7
    >   aarch64-linux
    ~~~
🌍 Total requests made: '1'
🎈 Package manager version log: {:ecosystem=>"bundler", :package_managers=>{"bundler"=>"2"}}

(note the missing "added/deleted" logging in the output)

After

$ bin/dry-run.rb bundler gewo/dependabot-bundler-vendor --clone ✅

To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
=> cloning into /home/dependabot/dependabot-core/tmp/gewo/dependabot-bundler-vendor
=> parsing dependency files
=> updating 1 dependencies: minitest

=== minitest (5.14.3)
 => checking for updates 1/1
🌍 https//rubygems.org:443/api/v1/versions/minitest.json
 => latest available version is 5.16.3
 => latest allowed version is 5.16.3
 => requirements to unlock: own
 => requirements update strategy: bump_versions
 => updating minitest from 5.14.3 to 5.16.3

    ± Gemfile.lock
    ~~~
    4c4
    <     minitest (5.14.3)
    ---
    >     minitest (5.16.3)
    6a7
    >   aarch64-linux
    ~~~
deleted vendor/cache/minitest-5.14.3.gem
added vendor/cache/minitest-5.16.3.gem
🌍 Total requests made: '1'
🎈 Package manager version log: {:ecosystem=>"bundler", :package_managers=>{"bundler"=>"2"}}

$ bin/dry-run.rb bundler gewo/dependabot-bundler-vendor --dir /acceptance --clone ✅

To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
=> cloning into /home/dependabot/dependabot-core/tmp/gewo/dependabot-bundler-vendor
=> parsing dependency files
=> updating 1 dependencies: minitest

=== minitest (5.14.3)
 => checking for updates 1/1
🌍 https//rubygems.org:443/api/v1/versions/minitest.json
 => latest available version is 5.16.3
 => latest allowed version is 5.16.3
 => requirements to unlock: own
 => requirements update strategy: bump_versions
 => updating minitest from 5.14.3 to 5.16.3

    ± Gemfile.lock
    ~~~
    4c4
    <     minitest (5.14.3)
    ---
    >     minitest (5.16.3)
    6a7
    >   aarch64-linux
    ~~~
deleted vendor/cache/minitest-5.14.3.gem
added vendor/cache/minitest-5.16.3.gem
🌍 Total requests made: '1'
🎈 Package manager version log: {:ecosystem=>"bundler", :package_managers=>{"bundler"=>"2"}}

There was a `let` clause for potentially customizing the directory, but it was never being used.

Use `Bundler.settings.app_cache_path`, which is just a relative path to the cache folder, and prepend to that the configured directory.

deivid-rodriguez requested a review from a team as a code owner August 22, 2022 09:11

jurre approved these changes Aug 22, 2022

View reviewed changes

deivid-rodriguez force-pushed the deivid-rodriguez/bundler-vendor-subdir branch from 5109642 to c2ba91d Compare August 23, 2022 08:33

deivid-rodriguez added 3 commits August 23, 2022 11:43

Refactor spec logic to fetch dependency files

a9deceb

Let file updater specs actually use the customized directory

bb0df52

There was a `let` clause for potentially customizing the directory, but it was never being used.

Consider directory configuration when vendoring gems

49b7ccc

Use `Bundler.settings.app_cache_path`, which is just a relative path to the cache folder, and prepend to that the configured directory.

deivid-rodriguez force-pushed the deivid-rodriguez/bundler-vendor-subdir branch from c2ba91d to 49b7ccc Compare August 23, 2022 09:43

deivid-rodriguez merged commit 879c0b4 into main Aug 23, 2022

deivid-rodriguez deleted the deivid-rodriguez/bundler-vendor-subdir branch August 23, 2022 10:26

pavera mentioned this pull request Aug 23, 2022

v0.210.0 #5574

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Bundler vendoring when a subdirectory is configured#5567

Fix Bundler vendoring when a subdirectory is configured#5567
deivid-rodriguez merged 3 commits intomainfrom
deivid-rodriguez/bundler-vendor-subdir

deivid-rodriguez commented Aug 22, 2022

Uh oh!

jurre left a comment

Uh oh!

deivid-rodriguez commented Aug 22, 2022 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

deivid-rodriguez commented Aug 22, 2022

Uh oh!

jurre left a comment

Choose a reason for hiding this comment

Uh oh!

deivid-rodriguez commented Aug 22, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Before

After

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

deivid-rodriguez commented Aug 22, 2022 •

edited

Loading