Unrestrict versions in Gemfile

[pvalena]

also regenerate Gemfile.lock.

---

Test with Ruby 3.0: https://gist.github.com/pvalena/4ea74ca949efd18d15e14e4adb1886f9#file-rails-ex-test_ruby_3-0-log-L156

[ more testing follows ]

[jackorp]

I know that Gemfile.lock is what we really care about, but is it ok to leave rails without constraints?

[pvalena]

@yselkowitz PTAL.

[pvalena]

Gemfile.lock handles those versions for us as long as it works with all our Ruby versions it's IMO fine.

[yselkowitz]

See the specific comments wrt multi-arch. But is this compatible with ruby 2.y? I'm seeing the following with s2i (after fixing nokogiri and mini_portile2 as noted):

LoadError: cannot load such file -- bundler/setup
/opt/app-root/src/config/boot.rb:3:in `require'
/opt/app-root/src/config/boot.rb:3:in `<top (required)>'
/opt/app-root/src/config/application.rb:1:in `require_relative'
/opt/app-root/src/config/application.rb:1:in `<top (required)>'
/opt/app-root/src/Rakefile:4:in `require_relative'
/opt/app-root/src/Rakefile:4:in `<top (required)>'
/opt/app-root/src/bundle/ruby/2.7.0/gems/rake-13.0.3/exe/rake:27:in `<top (required)>'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `load'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `kernel_load'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:28:in `run'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:476:in `exec'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor.rb:399:in `dispatch'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:30:in `dispatch'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/base.rb:476:in `start'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:24:in `start'
/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:46:in `block in <top (required)>'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/friendly_errors.rb:123:in `with_friendly_errors'
/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:34:in `<top (required)>'
/opt/app-root/src/bin/bundle:3:in `load'
/opt/app-root/src/bin/bundle:3:in `<main>'

[pvalena]

FTR the original PR works for 2.5 ... 2.7 as well: https://git.io/J3zWg

Hopefully we can adapt it further to work with different archs (more in responses).

[pvalena]

See the specific comments wrt multi-arch. But is this compatible with ruby 2.y? I'm seeing the following with s2i (after fixing nokogiri and mini_portile2 as noted):

I'm still working out the fix on the Gemfile level.
Currently I'm trying platform and will try version (which will 99% work). Any other ideas/recommendations?

LoadError: cannot load such file -- bundler/setup
/opt/app-root/src/config/boot.rb:3:in `require'
/opt/app-root/src/config/boot.rb:3:in `<top (required)>'
/opt/app-root/src/config/application.rb:1:in `require_relative'
/opt/app-root/src/config/application.rb:1:in `<top (required)>'
/opt/app-root/src/Rakefile:4:in `require_relative'
/opt/app-root/src/Rakefile:4:in `<top (required)>'
/opt/app-root/src/bundle/ruby/2.7.0/gems/rake-13.0.3/exe/rake:27:in `<top (required)>'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `load'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `kernel_load'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:28:in `run'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:476:in `exec'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor.rb:399:in `dispatch'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:30:in `dispatch'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/base.rb:476:in `start'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:24:in `start'
/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:46:in `block in <top (required)>'
/usr/share/gems/gems/bundler-2.1.4/lib/bundler/friendly_errors.rb:123:in `with_friendly_errors'
/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:34:in `<top (required)>'
/opt/app-root/src/bin/bundle:3:in `load'
/opt/app-root/src/bin/bundle:3:in `<main>'

Not sure what the error here is. I'm testing it as posted on the gist. We'll also try it with the s2i-ruby-container test suite afterwards. Maybe @jackorp can reproduce?

[pvalena]

Lock file refresh: https://git.io/J3PKB
Test with current images: https://git.io/J3PKB

[pvalena]

Let me know if you find it ok, I'll squash relevant commits.

Also would you mind if I include these scripts? (I can put them in a separate branch, if you like.)

[pvalena]

Moved scripts to scripts branch: d6fa820

 refresh_lock.sh | 109 -------------------------------------------------------------------------------------------------------------
 test_cont.sh    |  11 -----------
 test_ubi.sh     |   9 ---------

Squashed the commits (no additional change; the previous commits are still hopefully viewable from this PR).

[pvalena]

@yselkowitz @jackorp PTAL.

[jackorp]

Tests on ruby fedora s2i 2.7 fail on sassc extension compilation: https://gist.github.com/jackorp/e9c74a1f6dbffc83ef61f6220926d753

[yselkowitz]

The other issue, even after you get the dependencies to compile/install, is that the application itself needs to be updated for compatibility with the latest rails. I've made progress on this but will have to follow up next week.

[pvalena]

Tests on ruby s2i 2.7 fail on sassc extension compilation: https://gist.github.com/jackorp/e9c74a1f6dbffc83ef61f6220926d753

This seems like an issue with your Fedora Ruby image :).

[pvalena]

The other issue, even after you get the dependencies to compile/install, is that the application itself needs to be updated for compatibility with the latest rails. I've made progress on this but will have to follow up next week.

What application needs to be updated? You mean the "app" dir? There should be some automated conversion tool. Unfortunately I'll be unable to do it in the next few weeks. Note that this fixes compatibility with Ruby 3.0 which is soon comming anyway.

[pvalena]

I should also note that when using this PR, the build (and tests) for s2i-ruby-container succeed, incl. the Ruby 3.0 PR.

s2i-ruby-container uses rails-ex in tests.

[pvalena]

@yselkowitz any chance getting this merged soon? This blocks us in s2i-ruby-container.

For us, it works with this change.

[yselkowitz]

I don't see how, as the Rails code itself needs to be made compatible with the latest version:

$ s2i build . registry.redhat.io/ubi8/ruby-27 rails-relax
---> Installing application source ...
---> Building your Ruby application from source ...
---> Running 'bundle install --retry 2 --deployment --without development:test' ...
[DEPRECATED] The `--deployment` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set deployment 'true'`, and stop using this flag
[DEPRECATED] The `--path` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set path './bundle'`, and stop using this flag
[DEPRECATED] The `--without` flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use `bundle config set without 'development:test'`, and stop using this flag
The dependency tzinfo-data (>= 0) will be unused by any of the platforms Bundler is installing for. Bundler is installing for ruby but the dependency is only for x86-mingw32, x86-mswin32, x64-mingw32, java. To add those platforms to the bundle, run `bundle lock --add-platform x86-mingw32 x86-mswin32 x64-mingw32 java`.
Fetching gem metadata from https://rubygems.org/............
Fetching rake 13.0.3
Installing rake 13.0.3
Fetching concurrent-ruby 1.1.8
Installing concurrent-ruby 1.1.8
Fetching i18n 1.8.10
Installing i18n 1.8.10
Fetching minitest 5.14.4
Installing minitest 5.14.4
Fetching tzinfo 2.0.4
Installing tzinfo 2.0.4
Fetching zeitwerk 2.4.2
Installing zeitwerk 2.4.2
Fetching activesupport 6.1.3.1
Installing activesupport 6.1.3.1
Fetching builder 3.2.4
Installing builder 3.2.4
Fetching erubi 1.10.0
Installing erubi 1.10.0
Fetching mini_portile2 2.5.1
Installing mini_portile2 2.5.1
Fetching racc 1.5.2
Installing racc 1.5.2 with native extensions
Fetching nokogiri 1.11.3 (x86_64-linux)
Installing nokogiri 1.11.3 (x86_64-linux)
Fetching rails-dom-testing 2.0.3
Installing rails-dom-testing 2.0.3
Fetching crass 1.0.6
Installing crass 1.0.6
Fetching loofah 2.9.1
Installing loofah 2.9.1
Fetching rails-html-sanitizer 1.3.0
Installing rails-html-sanitizer 1.3.0
Fetching actionview 6.1.3.1
Installing actionview 6.1.3.1
Fetching rack 2.2.3
Installing rack 2.2.3
Fetching rack-test 1.1.0
Installing rack-test 1.1.0
Fetching actionpack 6.1.3.1
Installing actionpack 6.1.3.1
Fetching nio4r 2.5.7
Installing nio4r 2.5.7 with native extensions
Fetching websocket-extensions 0.1.5
Installing websocket-extensions 0.1.5
Fetching websocket-driver 0.7.3
Installing websocket-driver 0.7.3 with native extensions
Fetching actioncable 6.1.3.1
Installing actioncable 6.1.3.1
Fetching globalid 0.4.2
Installing globalid 0.4.2
Fetching activejob 6.1.3.1
Installing activejob 6.1.3.1
Fetching activemodel 6.1.3.1
Installing activemodel 6.1.3.1
Fetching activerecord 6.1.3.1
Installing activerecord 6.1.3.1
Fetching marcel 1.0.1
Installing marcel 1.0.1
Fetching mini_mime 1.0.3
Installing mini_mime 1.0.3
Fetching activestorage 6.1.3.1
Installing activestorage 6.1.3.1
Fetching mail 2.7.1
Installing mail 2.7.1
Fetching actionmailbox 6.1.3.1
Installing actionmailbox 6.1.3.1
Fetching actionmailer 6.1.3.1
Installing actionmailer 6.1.3.1
Fetching actiontext 6.1.3.1
Installing actiontext 6.1.3.1
Using bundler 2.1.4
Fetching coffee-script-source 1.12.2
Installing coffee-script-source 1.12.2
Fetching execjs 2.7.0
Installing execjs 2.7.0
Fetching coffee-script 2.4.1
Installing coffee-script 2.4.1
Fetching method_source 1.0.0
Installing method_source 1.0.0
Fetching thor 1.1.0
Installing thor 1.1.0
Fetching railties 6.1.3.1
Installing railties 6.1.3.1
Fetching coffee-rails 5.0.0
Installing coffee-rails 5.0.0
Fetching ffi 1.15.0
Installing ffi 1.15.0 with native extensions
Fetching jbuilder 2.11.2
Installing jbuilder 2.11.2
Fetching rb-fsevent 0.10.4
Installing rb-fsevent 0.10.4
Fetching rb-inotify 0.10.1
Installing rb-inotify 0.10.1
Fetching listen 3.5.1
Installing listen 3.5.1
Fetching pg 1.2.3
Installing pg 1.2.3 with native extensions
Fetching puma 5.2.2
Installing puma 5.2.2 with native extensions
Fetching sprockets 4.0.2
Installing sprockets 4.0.2
Fetching sprockets-rails 3.2.2
Installing sprockets-rails 3.2.2
Fetching rails 6.1.3.1
Installing rails 6.1.3.1
Fetching redis 4.2.5
Installing redis 4.2.5
Fetching sassc 2.4.0
Installing sassc 2.4.0 with native extensions
Fetching tilt 2.0.10
Installing tilt 2.0.10
Fetching sassc-rails 2.1.2
Installing sassc-rails 2.1.2
Fetching sass-rails 6.0.0
Installing sass-rails 6.0.0
Fetching sqlite3 1.4.2
Installing sqlite3 1.4.2 with native extensions
Fetching turbolinks-source 5.2.0
Installing turbolinks-source 5.2.0
Fetching turbolinks 5.2.1
Installing turbolinks 5.2.1
Fetching uglifier 4.2.0
Installing uglifier 4.2.0
Bundle complete! 18 Gemfile dependencies, 62 gems now installed.
Gems in the groups development and test were not installed.
Bundled gems are installed into `./bundle`
---> Cleaning up unused ruby gems ...
Running `bundle clean --verbose` with bundler 2.1.4
The dependency tzinfo-data (>= 0) will be unused by any of the platforms Bundler is installing for. Bundler is installing for ruby but the dependency is only for x86-mingw32, x86-mswin32, x64-mingw32, java. To add those platforms to the bundle, run `bundle lock --add-platform x86-mingw32 x86-mswin32 x64-mingw32 java`.
Frozen, using resolution from the lockfile
---> Starting asset compilation ...
rake aborted!
ArgumentError: Missing `secret_key_base` for 'production' environment, set this string with `bin/rails credentials:edit`
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:596:in `validate_secret_key_base'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:430:in `secret_key_base'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:177:in `key_generator'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:201:in `message_verifier'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activestorage-6.1.3.1/lib/active_storage/engine.rb:111:in `block (2 levels) in <class:Engine>'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/lazy_load_hooks.rb:68:in `block in execute_hook'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/lazy_load_hooks.rb:61:in `with_execution_control'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/lazy_load_hooks.rb:66:in `execute_hook'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/lazy_load_hooks.rb:52:in `block in run_load_hooks'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/lazy_load_hooks.rb:51:in `each'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/lazy_load_hooks.rb:51:in `run_load_hooks'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application/finisher.rb:140:in `block in <module:Finisher>'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/initializable.rb:32:in `instance_exec'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/initializable.rb:32:in `run'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/initializable.rb:61:in `block in run_initializers'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/initializable.rb:60:in `run_initializers'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:384:in `initialize!'
/opt/app-root/src/config/environment.rb:5:in `<top (required)>'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/dependencies.rb:332:in `require'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/dependencies.rb:332:in `block in require'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/dependencies.rb:299:in `load_dependency'
/opt/app-root/src/bundle/ruby/2.7.0/gems/activesupport-6.1.3.1/lib/active_support/dependencies.rb:332:in `require'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:360:in `require_environment!'
/opt/app-root/src/bundle/ruby/2.7.0/gems/railties-6.1.3.1/lib/rails/application.rb:526:in `block in run_tasks_blocks'
/opt/app-root/src/bundle/ruby/2.7.0/gems/sprockets-rails-3.2.2/lib/sprockets/rails/task.rb:61:in `block (2 levels) in define'
/opt/app-root/src/bundle/ruby/2.7.0/gems/rake-13.0.3/exe/rake:27:in `<top (required)>'
Tasks: TOP => environment
(See full trace by running task with --trace)
Build failed
ERROR: An error occurred: non-zero (13) exit code from registry.redhat.io/ubi8/ruby-27

[yselkowitz]

Filed pvalena#1

[pkubatrh]

@pvalena @yselkowitz Any update on this one?

[pvalena]

@yselkowitz I won't have time to finish your PR anytime soon. Can you finish it?

[jackorp]

Filed pvalena#2 as a continuation of pvalena#1, the Rails app now works for me.

[pvalena]

@yselkowitz does the change work for you now? Can you verify / test?

Thanks!

[yselkowitz]

While this is just a randomly generated key, officially the credential keys are not supposed to be committed to version control. However, I have been unable to find a way to make this work "out of the box" (at least with s2i) without this being present. Any better ideas?

[pvalena]

Well...

The next important file is config/master.key which is where your RAILS_MASTER_KEY will be kept. Now this is a very important file that can never be committed to your source control tool! I can’t stress this enough because this key will give anyone access to your encrypted keys and will leave your application vulnerable to attacks. To avoid this you need to add your config/master.key to your .gitignore file and this will keep your master.key a secret.

Not having it would mean we need to regenerate it on every s2i build (or users need to do it).

$ bin/rails credentials:edit

One thing to know is that if you don’t have either of these files, running the above command will automatically create them for you (thanks Rails).

Or it can be stored in some OpenShift secrets / ENV:

Option 2: create a RAILS_MASTER_KEY ENV variable. Rails will detect it and use it as your master key, e.g. in Heroku: heroku config:set RAILS_MASTER_KEY=.

https://medium.com/@thorntonbrenden/rails-and-the-legendary-master-key-15c8be7799f1

[pvalena]

@yselkowitz @jackorp Do you want to try to fix this?

[yselkowitz]

That seems doable for the openshift template, except that you still have to have something for 1) pure s2i, 2) those using previous versions of the templates (e.g. all current versions of OpenShift). What's the intended fallback then?

[yselkowitz]

Also, iiuc the master key is used to encrypt credentials.yml.enc, so if we want to introduce a RAILS_MASTER_KEY env, then afaics there has to be the means to create credentials during s2i/assemble (and also non-interactively, as rails credentials:edit uses $EDITOR).

FWIW, django-ex provides a fallback secret key but I suppose it doesn't have the equivalent of credentials.yml.enc?

[jackorp]

Hmm, not sure we can get away with just adding the key generation and then just calling /usr/libexec/s2i/assemble...

By trying to generate the key I am hitting the chicken or the egg problem.
If I try to generate the key before calling the rest of the s2i script, the packages are not yet installed, if I try to generate it as the last thing, it fails on rails asset compilation because it does not have the key and credentials yet.

[pvalena]

Well, it doesn't seem it contains much logic for rails-related stuff:

https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/s2i/bin/assemble

I think we can run bundle exec "rake assets:precompile" ourselves :) afterwards it will simply result it NOOP.

[pvalena]

Actually, I'm not sure that's the command we want to run (sorry), this one seems better:
https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/s2i/bin/assemble#L51
I wouldn't worry about any args though (but we can copy the logic whole to be sure).

[jackorp]

I wouldn't worry about any args though (but we can copy the logic whole to be sure).

Sure, sounds good.

[jackorp]

Opened PR with the assemble script that seems to be working: pvalena#3

[pvalena]

Tested with Ruby 2.5..3.0: https://git.io/JMLxD

[pvalena]

@yselkowitz thanks to @jackorp the issue should be fixed now. Please fire any OpenShift tests, otherwise we'll rely on s2i-ruby-container to do them, after we merge this.

[pvalena]

ReTested via s2i with the assemble script: https://git.io/JD4YM

[pvalena]

After much time, no feedback on this, and it's blocking further progress on dependent issues. Let's merge this.

[yselkowitz]

This is not fully compatible with ruby-26 and earlier, breaking OpenShift CI: https://bugzilla.redhat.com/show_bug.cgi?id=2058266