After generating a Gemfile.lock from Gemfile, is there any tool to round-trip back to freeze versions in the Gemfile. I'd rather avoid doing it manually.
Background: It's good practice to freeze minor version on gems, e.g. if Gemfile.lock is 2.4.1, I'd want to update Gemfile to include ~> 2.4 (as explained here).
You should define the gem verions that you wanna freeze your app to in the GemFile itself before you run bundle install.
Once, you have that define and you run bundle install, it will generate a Gemfile.lock with the versions of all installed gems and their dependancies.
again, .lock file is auto-generated ans should not be manually editted. this is what the GemFile is for.
Related
I faced some issues with bundle install.
When we run 'bundle install' , One of the dependency gem in Gemfile.lock is get auto upgraded.
As per theory, "bundle install" will look the Gemfile.lock for version and won't resolve the version and will install the same versions. It will resolve only when there is no Gemfile.lock or when we give "bundle update".
In our server, we having Gemfile.lock but "bundle install" is updated the particular gem mentioned gemfile.lock(it's a dependency gem , so we not specified in gemfile), It should not happen like this, because already one version present in lock file, even though that version is get auto updated, Due to this upgrade some major functionality is broken in the site.
For your references:
bundler version - 1.17.2
ruby version - 2.5.3
gem version - 2.7.6
rails version - 5.2.3
that dependency gem name is "nokogiri", This gem locked as 1.11.7, But it's updated to "1.12.1" when i give "bundle install"
Any idea to prevent this issue in future?
First of all it'll be great if you shared the Gemfile.lock error so as to know what i particular might be causing that upgrade. But from afar I think as you said this gem is a dependency gem and it is not stated in your gemfile. It could be that another gem also depends on this gem and per that requirement it triggers an upgrade even before your supposed gem line is run which may be leading to the error. Read the error thoroughly and you can identify the gem(s) causing this.
After your update I have read around on this.
Exactly so as stated earlier on, one of these gems could be the reason why your particular gem gets updated with every bundler install. Unfortunately there is no true turn around to solving this but bundler does give a way around.
You can use the --frozen option with bundler which freezes your gemfile.lock to the current versions for each gem and does not update any gem but only installs new gems that you have. Unfortunately this has been deprecated and can only be done be done from /.bundle/config. This can be done from the command line in the root of your project.
run
bundle config frozen true to freeze bundler from updating your gems in gemfile.lock
You may have to grant write permissions to your user to be able to edit the bundle configurations.
I found this article as well from bigbinary.com
I need to revert back to an older set of gems in my dev environment. I've replaced my Gemfile.lock file with the old versions I need.
I thought I could just replace the Gemfile.lock and bundle install, but that doesn't seem to work. When I do that, then check the gem version numbers, I get the same versions I had before.
One of the gems I need to downgrade is the rake gem. The version I need is 11.1.2 but currently when I do gem list I get rake (12.0.0, 11.1.2, 10.4.2)
How can I revert rake and all the other gems back to their previous versions?
If you would like to clean out old gems no longer in your Gemfile.lock, you can run bundle clean.
However, even though the gems are still there, they are not being used if you run a task with bundle exec.
This is what I needed.. gem uninstall <gem name> and then if there are multiple gems you can pick which version you want to uninstall!
when i run bundle install the first time this will create a gemfile.lock for me
after this my question is :
if i run bundle install for the second time what does bundler do ?
i think it look first at gemfile.lock and check each line, and then look in the gemfile and check gems that not exist in gemfile.lock then install them !!! i'm not sure , and i which if someone can explain that to me (step by step )
second question is :
for example i add a gem like this gem 'nokogiri', '~> 1.4.2' , suppose after 1 month, version 1.4.3 is available. i think it will be installed automatically if i run bundle install again ?
can this new version "with tiny update" break things in my app ?
The duty of Gemfile.lock is to lock the versions of the gems you use.
bundle install installs all gems in your Gemfile that are not in your bundle and records the version in Gemfile.lock.
bundle install only installs the versions of your gems, that are recorder in Gemfile.lock. It will never update any gem.
For updating gems, use bundle update. It looks for new versions of your gems, installs them and records the new versions in Gemfile.lock.
If you specify a version in your Gemfile like in your example
gem 'nokogiri', '~> 1.4.2'
bundle upate would only update nokogiri to revisions < 1.5
Any update (in fact any change) might break your application, but minor updates are supposed to be completely backward compatible (stable API, only new tests, all old test pass)
From the documentation,
(...) the first time you run bundle install (and a Gemfile.lock does not exist), bundler will fetch all remote sources, resolve dependencies and install all needed gems.
If a Gemfile.lock does exist, and you have not updated your Gemfile, bundler will fetch all remote sources, but use the dependencies specified in the Gemfile.lock instead of resolving dependencies.
I am trying to run an app taken off Github.
I have run bundle install to install required gems from the Gemfile. However when running the app, an error message tells me the gems installed are the wrong version.
On inspecting the Gemfile.lock I note that the versions are older than the gems installed. (i.e. I have newer versions of gems installed and the application requires older gems.)
Is there a quick way to install all the gems as per the versions described in the Gemfile.lock file? Alternatively is there a method to ignore that file?
Gemfile:
source 'http://rubygems.org'
gem 'rails', "3.0.9"
gem "sass"
..
Gemfile.lock:
sass (3.1.1)
..
In the above example, even though sass is installed the app specially requires version 3.1.1.
With a valid Gemfile.lock file, bundle install alone should be sufficient, unless some particular gem version has been yanked. In that case you would need to look for an alternative gem version that is still currently available (usually bundle update name_of_yanked_gem would suffice).
About the sass 3.1.1, it is not so much that the application requires that particular version, but rather, that was likely the newest version available when the Gemfile.lock was last generated/updated given the overall version constraints as specified in Gemfile. As you have listed, there is no version range specified for sass itself, but other gems may impose further constraints if they have sass as a dependency.
Outright ignoring Gemfile.lock is not a good idea as under normal circumstances it will be specifying the gem versions that were last known to be still usable with the application.
try this ..
bundle install --deployment
With above deployment option, bundle then reads from Gemfile.lock.
What's more, the gems are installed to directory vendor/bundle, with the bundle directory being auto created.
Also, new directory .bundle is created directly under the rails root directory, and has a file named config, whose content is as follows ...
BUNDLE_FROZEN: '1'
BUNDLE_PATH: vendor/bundle
BUNDLE_DISABLE_SHARED_GEMS: '1'
Hope the above works for you.
Make sure you're running the web server with bundle execute rails server
I am a beginner to Ruby on Rails and I am using Rails 3.0.9.
What is the difference between Gemfile and Gemfile.lock in Rails?
The Gemfile is where you specify which gems you want to use, and lets you specify which versions.
The Gemfile.lock file is where Bundler records the exact versions that were installed. This way, when the same library/project is loaded on another machine, running bundle install will look at the Gemfile.lock and install the exact same versions, rather than just using the Gemfile and installing the most recent versions. (Running different versions on different machines could lead to broken tests, etc.) You shouldn't ever have to directly edit the lock file.
Check out Bundler's Purpose and Rationale, specifically the Checking Your Code into Version Control section.
Usually we write dependencies in Gemfile as:
gem "nokogiri", "~> 1.4.4"
gem 'bcrypt-ruby', '~> 3.0.0'
gem 'uglifier', '>= 1.2.3'
..
Here you basically say: "I want nokogiri as long as it’s greater than version 1.4.4", etc. Now suppose that I have set up my Gemfile 8 months ago and I successful setup my app with this requirement. 8 months ago nokogiri version was 1.4.4. My rails apps was running perfectly without any problems with this version.
Now think I'm trying to build with the same Gemfile. But if we look at nokogiri versions we see that the current stable version has changed to 1.4.9. That means if we try to build, bundler will install version 1.4.9 of nokogiri (suppose we don't have Gemfile.lock).
What does it mean ?
As you see if you don't have any Gemfile.lock and run:
bundle install
then the currently used gems can be different at any time. Your app used the version 1.4.4 and it works 8 months ago without any problems, but if you try to build it now you get the version 1.4.9. Maybe it's broken with the latest version of nokogiri, the awesome feature you used with 1.4.4 is not more available, etc..
To prevent this kind of problem Gemfile.lock is used. In Gemfile.lock only the exact versions are written and thus only these will be installed. That means if you distribute your app with a Gemfile.lock, every machine will have the same gems installed and most important they all get the same version. This will give you a stable and common deployment stack.
How is Gemfile.lock created?
It is automatically created with the first:
bundle install
command. After that everytime you run bundle install, bundle will first look up Gemfile.lock and install the gems specified there. It's an habit to distribute this file among your projects to provide consistently and stability.
How to update Gemfile.lock?
If you're happy with the the latest version of your apps than you can update Gemfile.lock. Just reflect your changes to Gemfile. That means change the dependencies to the new exact versions in Gemfile. After that run:
bundle install
This will update you Gemfile.lock with your newest version of apps.
The Gemfile.lock
When you run bundle install, Bundler will persist the full names and versions of all gems that you used (including dependencies of the gems specified in the Gemfile(5)) into a file called Gemfile.lock.
Bundler uses this file in all subsequent calls to bundle install, which guarantees that you always use the same exact code, even as your application moves across machines.
Because of the way dependency resolution works, even a seemingly small change (for instance, an update to a point-release of a dependency of a gem in your Gemfile(5)) can result in radically different gems being needed to satisfy all dependencies.
As a result, you SHOULD check your Gemfile.lock into version control. If you do not, every machine that checks out your repository (including your production server) will resolve all dependencies again, which will result in different versions of third-party code being used if any of the gems in the Gemfile(5) or any of their dependencies have been updated.