You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We package gems to vendor/cache, and check them into our git repository. On deploying to servers, bundle install can normally just use that cache rather than contacting a gem repository. Some of our gems are in a private repository, and the servers don't have credentials for downloading gems directly from them - they can just rely on offline installs from vendor/cache.
It seems like if bootboot is present in the Gemfile, bundle install always tries to re-resolve the lockfile & contacts all gem sources (which then fails due to not having the credentials for our private gem repo).
Here's a tiny sample Gemfile:
source"https://rubygems.org"gem"thor"
$ bundle config set --local cache_all true; bundle config set --local path vendor/bundle; bundle config set --local cache_path vendor/cache
$ bundle package
Fetching gem metadata from https://rubygems.org/.
Using bundler 2.4.6
Fetching thor 1.2.1
Installing thor 1.2.1
Bundle complete! 1 Gemfile dependency, 2 gems now installed.
Bundled gems are installed into `./vendor/bundle`
Updating files in vendor/cache
* thor-1.2.1.gem
$ bundle install --local --verbose
Running `bundle install --local --verbose` with bundler 2.4.6
Found no changes, using resolution from the lockfile
Using bundler 2.4.6
0: bundler (2.4.6) from /Users/jon/.gem/ruby/3.1.0/gems/bundler-2.4.6/lib/bundler/source
Using thor 1.2.1
0: thor (1.2.1) from /Users/jon/Developer/bootboot-test/vendor/bundle/ruby/3.1.0/specifications/thor-1.2.1.gemspec
Updating files in vendor/cache
Bundle complete! 1 Gemfile dependency, 2 gems now installed.
Bundled gems are installed into `./vendor/bundle`
The last bundle install mimics what would happen on a deploy, and doesn't make any connection to the internet.
bash-5.1$ bundle config set --local cache_all true; bundle config set --local path vendor/bundle; bundle config set --local cache_path vendor/cache
bash-5.1$ bundle package
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...
Using bootboot 0.2.2
Using bundler 2.4.6
Installed plugin bootboot
Fetching gem metadata from https://rubygems.org/.
Using bundler 2.4.6
Fetching thor 1.2.1
Installing thor 1.2.1
Bundle complete! 1 Gemfile dependency, 2 gems now installed.
Bundled gems are installed into `./vendor/bundle`
Updating files in vendor/cache
* thor-1.2.1.gem
bash-5.1$ bundle install --local --verbose
Running `bundle install --local --verbose` with bundler 2.4.6
Found changes from the lockfile, re-resolving dependencies because bundler is unlocking HTTP GET https://index.rubygems.org/versions
HTTP 304 Not Modified https://index.rubygems.org/versions
Fetching gem metadata from https://rubygems.org/
Looking up gems ["bootboot"]
Resolving dependencies...
Using bootboot 0.2.2
Using bundler 2.4.6
Found no changes, using resolution from the lockfile
Using bundler 2.4.6
0: bundler (2.4.6) from /Users/jon/.gem/ruby/3.1.0/gems/bundler-2.4.6/lib/bundler/source
Using thor 1.2.1
0: thor (1.2.1) from /Users/jon/Developer/bootboot-test/vendor/bundle/ruby/3.1.0/specifications/thor-1.2.1.gemspec
Updating files in vendor/cache
Bundle complete! 1 Gemfile dependency, 2 gems now installed.
Bundled gems are installed into `./vendor/bundle`
It always reports "Found changes from the lockfile" and tries to contact all gem sources listed in the Gemfile. That's not so bad here where it only needs to contact rubygems.org, but doesn't work so well for us where we're trying to avoid having our private gem repo credentials on the servers.
Is this expected behaviour? Any workarounds I might try, short of just adding our gem credentials to our deployment servers?
The text was updated successfully, but these errors were encountered:
We package gems to vendor/cache, and check them into our git repository. On deploying to servers,
bundle install
can normally just use that cache rather than contacting a gem repository. Some of our gems are in a private repository, and the servers don't have credentials for downloading gems directly from them - they can just rely on offline installs from vendor/cache.It seems like if bootboot is present in the Gemfile,
bundle install
always tries to re-resolve the lockfile & contacts all gem sources (which then fails due to not having the credentials for our private gem repo).Here's a tiny sample Gemfile:
The last
bundle install
mimics what would happen on a deploy, and doesn't make any connection to the internet.Now if we add bootboot to the Gemfile:
It always reports "Found changes from the lockfile" and tries to contact all gem sources listed in the Gemfile. That's not so bad here where it only needs to contact rubygems.org, but doesn't work so well for us where we're trying to avoid having our private gem repo credentials on the servers.
Is this expected behaviour? Any workarounds I might try, short of just adding our gem credentials to our deployment servers?
The text was updated successfully, but these errors were encountered: