starter-workflows icon indicating copy to clipboard operation
starter-workflows copied to clipboard
verified publisher icon actions

ci/rubyonrails.yml bug

Open jamiemccarthy opened this issue 2 years ago • 4 comments

Issue

I believe there's a bug in ci/rubyonrails.yml.

In lines 48-54, the lint job sets up ruby with ruby/setup-ruby and bundler-cache: true. The next step attempts to run bin/bundler-audit.

In a stock configuration the working directory is /home/runner/work/REPO_NAME/REPO_NAME and there's no bin subdirectory. That always fails. (For the audit and for the other two CI steps as well.)

The bundler-audit binary is installed in /home/runner/work/REPO_NAME/REPO_NAME/vendor/bundle/ruby/RUBY_VERSION/bin/, and unless commands are run with bundle exec, that directory isn't in the $PATH.

The fix I would suggest is

  1. to run the three linting commands with bundle exec as a prefix (and not specifying the bin/ directory, that's inappropriate).

Other changes I would suggest:

  1. spell it bundle-audit, not bundler-audit, as suggested in its readme
  2. run ruby/setup-ruby at version v1, not pinned to a hash, as preferred in its readme

I'm happy to submit a PR for 1, 2, and/or 3. Just let me know which you'd like to see.

Proof-of-concept for fix 1

As a proof-of-concept I created a minimal repository where CI fails, here:

https://github.com/jamiemccarthy/setup-ruby-test

The CI fails with:

Run bin/bundler-audit --update
  bin/bundler-audit --update
  shell: /usr/bin/bash -e {0}
/home/runner/work/_temp/ff391cbf-e7a3-41a6-8b3d-f46f381a4f9c.sh: line 1: bin/bundler-audit: No such file or directory
Error: Process completed with exit code 127.

and the bundle exec one-line fix makes the CI pass, here:

https://github.com/jamiemccarthy/setup-ruby-test/pull/1

Run bundle exec bundler-audit --update
  bundle exec bundler-audit --update
  shell: /usr/bin/bash -e {0}
Download ruby-advisory-db ...
Cloning into '/home/runner/.local/share/ruby-advisory-db'...
ruby-advisory-db:
  advisories:	808 advisories
  last updated:	2023-09-15 19:19:13 -0700
  commit:	6bafd6d492bef2187cb39279befce0cba4283ea9
No vulnerabilities found

jamiemccarthy avatar Sep 17 '23 14:09 jamiemccarthy

ran into this issue. tx you for raising it. looking forward the PR :)

sbounmy avatar Nov 13 '23 15:11 sbounmy

I'd be happy to write a PR, if a project maintainer posts on this issue to say it might be worth submitting.

jamiemccarthy avatar Nov 13 '23 16:11 jamiemccarthy

This issue has become stale and will be closed automatically within a period of time. Sorry about that.

github-actions[bot] avatar Feb 12 '24 04:02 github-actions[bot]

Oops — I had forgotten about this issue until the bot reminded me! Since the only feedback I got was thumbs-ups, and suggesting I submit a PR, I went ahead and submitted #2302.

jamiemccarthy avatar Feb 12 '24 13:02 jamiemccarthy

Uploading direct-deposit-authorization-form-51edbca9818acba2a786df7d0da93ae96c9df451f29a5792835547ca17dceb9d.pdf…

Stephenson131313 avatar Mar 02 '24 05:03 Stephenson131313

This issue has become stale and will be closed automatically within a period of time. Sorry about that.

github-actions[bot] avatar Jun 01 '24 04:06 github-actions[bot]