rbs icon indicating copy to clipboard operation
rbs copied to clipboard
verified publisher icon ruby

Updating collection lock is required on `bundle install`

Open pocke opened this issue 4 years ago • 2 comments

Problem

bundle install (and bundle update) requires rbs collection update when it updates Gemfile.lock about gems which have sig/. For example:

  1. Install gem X v1.0.0 with bundler
  2. rbs collection install
    • rbs_collection.lock.yaml has gem X entry with v1.0.0
  3. bundle exec rbs validate or something
    • It works
  4. Update gem X to v1.0.1 with bundler
    • Gemfile.lock is updated
  5. bundle exec rbs validate or something
    • It doesn't work because rbs_collection.lock.yaml specifies gem X v1.0.0 but the version doesn't exist in the Bundler environment.
    • So we need to re-run rbs collection install to update rbs_collection.lock.yaml.

I think it is not a bug, but it takes time. Too strict I guess.

I can imagine this behavior will be a blocker of dependabot. For example:

  1. Dependabot creates a PR to update gem X from v1.0.0 to v1.0.1
  2. CI runs with rbs collection install --freeze and steep check
  3. It fails because rbs_collection.lock.yaml has gem X v1.0.0 but actually v1.0.1 is installed.

Solution idea

Add an option to relax the version specification. For example

  • The configuration file has an option like prefer_gemfile_lock_version (the naming is tentative)
  • If the option is enabled, rbs collection ignores version in rbs_collection.lock.yaml fi the source is rubygems. Then it uses versions in Gemfile.lock instaed.
  • The problem is solved...?

I got feedback from @ybiquitous. Thanks! https://twitter.com/ybiquitous/status/1438019865130848258

I guess your problem is the same as mine. If your problem is a different one, feel free comment to on this issue or create a new issue. Thanks.

pocke avatar Sep 16 '21 16:09 pocke

Today we (I and @soutaro) discussed this problem.

  • We should omit version number from rbs_collection.lock.yaml if the source is rubygems 
    •  - name: foo
-  version: 1.0.0
   source:
     type: rubygems
  • Then, RBS detects the version from Gemfile.lock
  • Other sources, stdlib and git, will not be changed.

This change will solve the problem, but it looks like a workaround... So I decided to leave it in a while.

pocke avatar Sep 17 '21 07:09 pocke

What do you think about adding a bundler plugin for rbs https://bundler.io/guides/bundler_plugins.html? Would it work if it called rbs collection install on after-install-all hook?

Adam-Stomski avatar Nov 17 '21 13:11 Adam-Stomski