Skip to content

Fix parsing some YAMLs due to outdated libyaml #7112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
deivid-rodriguez merged 1 commit into from
Apr 20, 2023
Merged

Fix parsing some YAMLs due to outdated libyaml #7112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion Dockerfile.updater-core
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,13 +95,24 @@ COPY --from=ruby:3.1.4 --chown=dependabot:dependabot /usr/local /usr/local
# This way other projects that import this library don't have to futz around with installing new / unexpected bundler versions.
ARG BUNDLER_V2_VERSION=2.4.11

# We had to explicitly bump this as the bundled version `0.2.2` in ubuntu 20.04 has a bug.
# Once Ubuntu base image pulls in a new enough yaml version, we may not need to
# explicitly manage this. However, if we do opt to pull it back out, see all changes
# required in https://github.com/dependabot/dependabot-core/pull/7112
ARG LIBYAML_VERSION=0.2.5
RUN curl -sL https://pyyaml.org/download/libyaml/yaml-$LIBYAML_VERSION.tar.gz -o libyaml.tar.gz && \
mkdir -p $DEPENDABOT_HOME/src/libyaml && \
tar -xvf libyaml.tar.gz -C $DEPENDABOT_HOME/src/libyaml && \
rm libyaml.tar.gz

RUN gem install bundler -v $BUNDLER_V2_VERSION --no-document && \
rm -rf /var/lib/gems/*/cache/* && \
bundle config set --global build.psych --with-libyaml-source-dir=$DEPENDABOT_HOME/src/libyaml/yaml-$LIBYAML_VERSION && \
bundle config set --local path 'vendor' && \
bundle config set --local frozen 'true' && \
bundle config set --local without 'development' && \
bundle install && \
rm -rf ~/.bundle
rm -rf ~/.bundle/cache
Copy link
Copy Markdown
Member

@jeffwidman jeffwidman Apr 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this change happen regardless of the libyaml bump? Or does somehow nuking the entire ~/.bundle dir help with docker image caching more than nuking ~/.bundle/cache?

Copy link
Copy Markdown
Contributor Author

@deivid-rodriguez deivid-rodriguez Apr 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's because I need to configure Bundler globally to use the downloaded sources and the previous rm -rf ~/.bundle would wipe out the configuration, which is also needed when installing gems from omnibus/.


COPY --chown=dependabot:dependabot LICENSE $DEPENDABOT_HOME

Expand Down
1 change: 1 addition & 0 deletions common/dependabot-common.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
spec.add_dependency "nokogiri", "~> 1.8"
spec.add_dependency "octokit", ">= 4.6", "< 7.0"
spec.add_dependency "parser", ">= 2.5", "< 4.0"
spec.add_dependency "psych", "~> 5.0"
spec.add_dependency "toml-rb", ">= 1.1.2", "< 3.0"

spec.add_development_dependency "debug", "~> 1.7.1"
Expand Down
4 changes: 4 additions & 0 deletions updater/Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ PATH
nokogiri (~> 1.8)
octokit (>= 4.6, < 7.0)
parser (>= 2.5, < 4.0)
psych (~> 5.0)
toml-rb (>= 1.1.2, < 3.0)

PATH
Expand Down Expand Up @@ -216,6 +217,8 @@ GEM
parser (3.2.2.0)
ast (~> 2.4.1)
pathname-common_prefix (0.0.1)
psych (5.1.0)
stringio
public_suffix (5.0.1)
racc (1.6.2)
rainbow (3.1.1)
Expand Down Expand Up @@ -268,6 +271,7 @@ GEM
faraday (>= 0.17.3, < 3)
sentry-raven (3.1.2)
faraday (>= 1.0)
stringio (3.0.6)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
thor (1.2.1)
Expand Down