search

ruby / rbs

Type Signature for Ruby
Other
1.94k stars 212 forks source link

Updating collection lock is required on `bundle install` #794

Open pocke opened 3 years ago

pocke commented 3 years ago

Problem

bundle install (and bundle update) requires rbs collection update when it updates Gemfile.lock about gems which have sig/. For example:

  1. Install gem X v1.0.0 with bundler
  2. rbs collection install
    • rbs_collection.lock.yaml has gem X entry with v1.0.0
  3. bundle exec rbs validate or something
    • It works
  4. Update gem X to v1.0.1 with bundler
    • Gemfile.lock is updated
  5. bundle exec rbs validate or something
    • It doesn't work because rbs_collection.lock.yaml specifies gem X v1.0.0 but the version doesn't exist in the Bundler environment.
    • So we need to re-run rbs collection install to update rbs_collection.lock.yaml.

I think it is not a bug, but it takes time. Too strict I guess.

I can imagine this behavior will be a blocker of dependabot. For example:

  1. Dependabot creates a PR to update gem X from v1.0.0 to v1.0.1
  2. CI runs with rbs collection install --freeze and steep check
  3. It fails because rbs_collection.lock.yaml has gem X v1.0.0 but actually v1.0.1 is installed.

Solution idea

Add an option to relax the version specification. For example

I got feedback from @ybiquitous. Thanks! https://twitter.com/ybiquitous/status/1438019865130848258

I guess your problem is the same as mine. If your problem is a different one, feel free comment to on this issue or create a new issue. Thanks.

pocke commented 3 years ago

Today we (I and @soutaro) discussed this problem.

This change will solve the problem, but it looks like a workaround... So I decided to leave it in a while.

Adam-Stomski commented 2 years ago

What do you think about adding a bundler plugin for rbs https://bundler.io/guides/bundler_plugins.html? Would it work if it called rbs collection install on after-install-all hook?