search

lobsters / lobsters-ansible

Ansible playbook for lobste.rs
ISC License
79 stars 25 forks source link

Prevent development dependencies in production #87

Open byroot opened 2 months ago

byroot commented 2 months ago

This would have caught https://github.com/lobsters/lobsters/pull/1312.

Of course now that they were installed, nothing will purge them, but as they get upgraded they'll be missing and won't be requireable in production.

pushcx commented 2 months ago

I couldn't find it on stream, but now that I see without I could immediately grep it: https://github.com/lobsters/lobsters-ansible/commit/25867967a2225d4dc99161f2d4bb2f2100079ced

So I think that part of your PR is redundant. But the BUNDLE_DEPLOYMENT: "true" is new to me and probably an improvement, based on your comment. I'll have to read the docs.

As for 'nothing will purge them', I can run bundle clean in prod sometime soon.

byroot commented 2 months ago

So I think that part of your PR is redundant.

Hum. If so that doesn't explain how rubocop could possibly have been loaded in production 🤔. Unless these gems were left around following your last month change and it didn't break yet? Really weird.

pushcx commented 2 months ago

I dumped the heap, was puzzled to see rubocop, and then added that commit to try to not load gems from the dev/test groups. It probably would've loaded anyways because I didn't run bundle clean, but I think you might be thinking of events in the wrong order.

byroot commented 2 months ago

I dumped the heap, was puzzled to see rubocop

You mean it's still there even after https://github.com/lobsters/lobsters/commit/47afb301c69799d32f0a1bd0d6568f58f90ff980 ?

pushcx commented 2 months ago

No, sorry, I was talking about the heaps we examined yesterday. I produced those before anything else.