Bundler requires test gems when parsing dependencies

ylecuyer commented 2 years ago

Is there an existing issue for this?

[X] I have searched the existing issues

Package ecosystem

Bundler

Package manager version

bundler 2.4.0.dev

Language version

ruby 2.7.6p219

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

Hello, when running this:

gitlab_bundler_parser = Dependabot::FileParsers.for_package_manager('bundler').new(dependency_files: files, source: gitlab_source, credentials: credentials)
dependencies = gitlab_bundler_parser.parse

I get an error, after adding DEBUG_HELPERS=true I see this is because this line:

{"BUNDLER_VERSION"=>"2.3.18", "BUNDLE_GEMFILE"=>"/home/ylecuyer/.rbenv/versions/2.7.6/lib/ruby/gems/2.7.0/gems/dependabot-bundler-0.202.0/helpers/v2/Gemfile", "GEM_HOME"=>"/home/ylecuyer/.rbenv/versions/2.7.6/lib/ruby/gems/2.7.0/gems/dependabot-bundler-0.202.0/helpers/v2/.bundle"}
bundle exec ruby /home/ylecuyer/.rbenv/versions/2.7.6/lib/ruby/gems/2.7.0/gems/dependabot-bundler-0.202.0/helpers/v2/run.rb

Is trying to fetch the dependencies listed here: https://github.com/dependabot/dependabot-core/blob/main/bundler/helpers/v2/Gemfile

Afaiu this gemfile is usefull only for spec and shouldn't error when running outside of specs.

I tried removing those lines: https://github.com/dependabot/dependabot-core/blob/main/bundler/lib/dependabot/bundler/native_helpers.rb#L48-L50 and it worked for me

It looks like this has been changed last year with https://github.com/dependabot/dependabot-core/commit/1535a204faf63ef331dd5ef48d9ed45f29173bc7#diff-833398d42331e02a2fd4bc36f042c10f78764d39a6d6a6b537e80e024cc55e0cR19 it is strange that I am the first one encountering the issue, maybe I'm doing something wrong.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

ylecuyer commented 2 years ago

I have made a repro here (just need to change the repo and the github token)

repro.zip

ylecuyer@inwin:/tmp/repro$ docker build .
Sending build context to Docker daemon  9.216kB
Step 1/4 : FROM ruby:3.1.2
 ---> e739755aa18e
Step 2/4 : COPY . .
 ---> 4dbf468cae82
Step 3/4 : RUN bundle install
 ---> Running in 984c9e6d58cf
Fetching gem metadata from https://rubygems.org/..........
Using bundler 2.3.7
Fetching byebug 11.1.3
Fetching minitest 5.16.3
Fetching public_suffix 5.0.0
Fetching ast 2.4.2
Fetching aws-eventstream 1.2.0
Fetching concurrent-ruby 1.1.10
Fetching aws-partitions 1.627.0
Fetching jmespath 1.6.1
Installing ast 2.4.2
Installing aws-eventstream 1.2.0
Installing jmespath 1.6.1
Installing aws-partitions 1.627.0
Installing byebug 11.1.3 with native extensions
Installing minitest 5.16.3
Installing public_suffix 5.0.0
Fetching citrus 3.0.2
Fetching coderay 1.1.3
Fetching commonmarker 0.23.5
Installing citrus 3.0.2
Fetching http-accept 1.7.0
Installing coderay 1.1.3
Installing concurrent-ruby 1.1.10
Installing http-accept 1.7.0
Installing commonmarker 0.23.5 with native extensions
Fetching unf_ext 0.0.8.2
Fetching mime-types-data 3.2022.0105
Installing mime-types-data 3.2022.0105
Fetching netrc 0.11.0
Installing netrc 0.11.0
Fetching excon 0.92.4
Installing unf_ext 0.0.8.2 with native extensions
Fetching faraday-em_http 1.0.0
Installing faraday-em_http 1.0.0
Fetching faraday-em_synchrony 1.0.0
Installing excon 0.92.4
Installing faraday-em_synchrony 1.0.0
Fetching faraday-excon 1.1.0
Installing faraday-excon 1.1.0
Fetching faraday-httpclient 1.0.1
Fetching multipart-post 2.2.3
Installing faraday-httpclient 1.0.1
Installing multipart-post 2.2.3
Fetching faraday-net_http 1.0.1
Fetching faraday-net_http_persistent 1.2.0
Fetching faraday-patron 1.0.0
Fetching faraday-rack 1.0.0
Installing faraday-net_http 1.0.1
Installing faraday-patron 1.0.0
Fetching faraday-retry 1.0.3
Installing faraday-net_http_persistent 1.2.0
Installing faraday-rack 1.0.0
Installing faraday-retry 1.0.3
Using ruby2_keywords 0.0.5
Fetching multi_xml 0.6.0
Using racc 1.6.0
Fetching unicode-display_width 2.2.0
Fetching method_source 1.0.0
Fetching parser 3.1.2.1
Installing unicode-display_width 2.2.0
Installing method_source 1.0.0
Installing multi_xml 0.6.0
Fetching aws-sigv4 1.5.1
Fetching addressable 2.8.1
Fetching toml-rb 2.2.0
Fetching mime-types 3.4.1
Installing aws-sigv4 1.5.1
Fetching faraday-multipart 1.0.4
Installing toml-rb 2.2.0
Installing mime-types 3.4.1
Installing faraday-multipart 1.0.4
Installing addressable 2.8.1
Fetching nokogiri 1.13.8 (x86_64-linux)
Fetching terminal-table 3.0.2
Installing parser 3.1.2.1
Fetching i18n 1.12.0
Installing terminal-table 3.0.2
Fetching tzinfo 2.0.5
Fetching pry 0.13.1
Installing i18n 1.12.0
Installing tzinfo 2.0.5
Fetching aws-sdk-core 3.143.0
Installing pry 0.13.1
Fetching faraday 1.10.0
Fetching httparty 0.20.0
Installing faraday 1.10.0
Installing aws-sdk-core 3.143.0
Installing httparty 0.20.0
Fetching activesupport 7.0.3.1
Fetching gitlab 4.19.0
Installing activesupport 7.0.3.1
Fetching sawyer 0.9.2
Installing gitlab 4.19.0
Installing sawyer 0.9.2
Fetching octokit 4.25.1
Installing octokit 4.25.1
Fetching aws-sdk-ecr 1.56.0
Fetching aws-sdk-codecommit 1.51.0
Installing nokogiri 1.13.8 (x86_64-linux)
Installing aws-sdk-ecr 1.56.0
Installing aws-sdk-codecommit 1.51.0
Fetching unf 0.1.4
Installing unf 0.1.4
Fetching domain_name 0.5.20190701
Installing domain_name 0.5.20190701
Fetching http-cookie 1.0.5
Installing http-cookie 1.0.5
Fetching rest-client 2.1.0
Installing rest-client 2.1.0
Fetching docker_registry2 1.12.0
Fetching pry-byebug 3.9.0
Installing docker_registry2 1.12.0
Installing pry-byebug 3.9.0
Fetching dependabot-common 0.202.0
Installing dependabot-common 0.202.0
Fetching dependabot-bundler 0.202.0
Installing dependabot-bundler 0.202.0
Bundle complete! 3 Gemfile dependencies, 60 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
Post-install message from httparty:
When you HTTParty, you must party hard!
Removing intermediate container 984c9e6d58cf
 ---> 2999ee3f6419
Step 4/4 : RUN DEBUG_HELPERS=true bundle exec ruby main.rb
 ---> Running in afefc9a56f8d
{"BUNDLER_VERSION"=>"1.17.3", "BUNDLE_GEMFILE"=>"/usr/local/bundle/gems/dependabot-bundler-0.202.0/helpers/v1/Gemfile", "GEM_HOME"=>"/usr/local/bundle/gems/dependabot-bundler-0.202.0/helpers/v1/.bundle"}
bundle exec ruby /usr/local/bundle/gems/dependabot-bundler-0.202.0/helpers/v1/run.rb

/usr/local/lib/ruby/3.1.0/bundler/resolver.rb:269:in `block in verify_gemfile_dependencies_are_found!': Could not find gem 'rspec (~> 3.8)' in locally installed gems. (Bundler::GemNotFound)
    from /usr/local/lib/ruby/3.1.0/bundler/resolver.rb:252:in `map!'
    from /usr/local/lib/ruby/3.1.0/bundler/resolver.rb:252:in `verify_gemfile_dependencies_are_found!'
    from /usr/local/lib/ruby/3.1.0/bundler/resolver.rb:48:in `start'
    from /usr/local/lib/ruby/3.1.0/bundler/resolver.rb:23:in `resolve'
    from /usr/local/lib/ruby/3.1.0/bundler/definition.rb:269:in `resolve'
    from /usr/local/lib/ruby/3.1.0/bundler/definition.rb:468:in `materialize'
    from /usr/local/lib/ruby/3.1.0/bundler/definition.rb:190:in `specs'
    from /usr/local/lib/ruby/3.1.0/bundler/definition.rb:238:in `specs_for'
    from /usr/local/lib/ruby/3.1.0/bundler/runtime.rb:18:in `setup'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:151:in `setup'
    from /usr/local/lib/ruby/3.1.0/bundler/setup.rb:20:in `block in <top (required)>'
    from /usr/local/lib/ruby/3.1.0/bundler/ui/shell.rb:136:in `with_level'
    from /usr/local/lib/ruby/3.1.0/bundler/ui/shell.rb:88:in `silence'
    from /usr/local/lib/ruby/3.1.0/bundler/setup.rb:20:in `<top (required)>'
    from <internal:/usr/local/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
    from <internal:/usr/local/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
/usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:166:in `handle_eval_error': Error evaluating your dependency files: (Dependabot::DependencyFileNotEvaluatable)
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:157:in `rescue in parsed_gemfile'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:139:in `parsed_gemfile'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:63:in `block in gemfile_dependencies'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:62:in `each'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:62:in `gemfile_dependencies'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:22:in `parse'
    from main.rb:30:in `<main>'
/usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:129:in `rescue in run_helper_subprocess': Dependabot::SharedHelpers::HelperSubprocessFailed
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:78:in `run_helper_subprocess'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/native_helpers.rb:44:in `block in run_bundler_subprocess'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:382:in `block in with_original_env'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:698:in `with_env'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:382:in `with_original_env'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/native_helpers.rb:40:in `run_bundler_subprocess'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:145:in `block in parsed_gemfile'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:49:in `block in in_a_temporary_directory'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:49:in `chdir'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:49:in `in_a_temporary_directory'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:38:in `in_a_temporary_repo_directory'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:141:in `parsed_gemfile'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:63:in `block in gemfile_dependencies'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:62:in `each'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:62:in `gemfile_dependencies'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:22:in `parse'
    from main.rb:30:in `<main>'
/usr/local/lib/ruby/3.1.0/json/common.rb:216:in `parse': 859: unexpected token at '' (JSON::ParserError)
    from /usr/local/lib/ruby/3.1.0/json/common.rb:216:in `parse'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:119:in `run_helper_subprocess'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/native_helpers.rb:44:in `block in run_bundler_subprocess'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:382:in `block in with_original_env'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:698:in `with_env'
    from /usr/local/lib/ruby/3.1.0/bundler.rb:382:in `with_original_env'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/native_helpers.rb:40:in `run_bundler_subprocess'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:145:in `block in parsed_gemfile'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:49:in `block in in_a_temporary_directory'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:49:in `chdir'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:49:in `in_a_temporary_directory'
    from /usr/local/bundle/gems/dependabot-common-0.202.0/lib/dependabot/shared_helpers.rb:38:in `in_a_temporary_repo_directory'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:141:in `parsed_gemfile'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:63:in `block in gemfile_dependencies'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:62:in `each'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:62:in `gemfile_dependencies'
    from /usr/local/bundle/gems/dependabot-bundler-0.202.0/lib/dependabot/bundler/file_parser.rb:22:in `parse'
    from main.rb:30:in `<main>'
The command '/bin/sh -c DEBUG_HELPERS=true bundle exec ruby main.rb' returned a non-zero code: 1

deivid-rodriguez commented 2 years ago

Hei @ylecuyer!

It is strange that I am the first one encountering the issue, maybe I'm doing something wrong.

You're not alone, I've been bitten by this too :)

Basically you're right, it's quite strange that this Gemfile is used at "production runtime" even if it includes test dependencies only

I think the only reason this is needed by now is:

To make native helper specs work.
To infer the proper Bundler version that needs to be used (if the Gemfile.lock includes Bundler 2.x, then that version is used, otherwise Bundler 1.x is used).

But there should be better ways to do this of course without "leaking" test env details to the regular runtime.

For now your workaround should be the one used by our environment:

https://github.com/dependabot/dependabot-core/blob/66b7bda7a5c710432137dce0a83f05996657e552/bundler/helpers/v2/build#L24

Namely, configure Bundler to ignore test gems.

But we will improve this, thanks for reporting!

dependabot / dependabot-core