search

rubygems / bundler

Manage your Ruby application's gem dependencies
https://bundler.io
MIT License
4.88k stars 1.99k forks source link

--conservative does not upgrade to latest git sha #5944

Closed sauloperez closed 7 years ago

sauloperez commented 7 years ago

I was trying to upgrade the git sha of our spree fork with bundle update --conservative spree but it doesn't change it although the branch of the fork we're poiting to has 3 new commits. When I do bundle update spree it does work but it also upgrades shared dependencies, what I wanted to avoid with the --conservative flag.

I'm not sure what's happening here because I haved used said flag successfully at least a couple times.

My bundler version is 1.15.3.

segiddins commented 7 years ago

Please share a Gemfile and Gemfile.lock we can use to reproduce the issue, thanks!

sauloperez commented 7 years ago

Sorry for the delay. I can consistently reproduce the issue with the Gemfile and Gemfile.lock below. Again, bundle update --conservative spree does nothing while bundle update spree changes the following:

diff --git a/Gemfile.lock b/Gemfile.lock
index 9d5300b5e..10f72052d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -8,7 +8,7 @@ GIT

 GIT
   remote: git://github.com/coopdevs/spree.git
-  revision: 598cae8456260073cc0bcf85004b67fb02b8724c
+  revision: eaca0c4351383515abcb4aa613838ef773905a96
   branch: spree-upgrade-step-6
   specs:
     spree (1.3.99)
@@ -212,7 +212,7 @@ GEM
       timers (~> 1.1.0)
     chronic (0.10.2)
     chunky_png (1.3.4)
-    climate_control (0.1.0)
+    climate_control (0.2.0)
     cliver (0.3.2)
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
@@ -467,7 +467,7 @@ GEM
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
     lumberjack (1.0.4)
-    mail (2.5.4)
+    mail (2.5.5)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     method_source (0.8.2)
@@ -552,7 +552,7 @@ GEM
     rainbow (2.2.2)
       rake
     raindrops (0.13.0)
-    rake (10.5.0)
+    rake (12.0.0)
     ransack (0.7.2)
       actionpack (~> 3.0)
       activerecord (~> 3.0)

Gemfile

source 'https://rubygems.org'
ruby "2.1.5"

gem 'rails', '3.2.21'
gem 'rails-i18n', '~> 3.0.0'
gem 'i18n', '~> 0.6.11'
gem 'i18n-js', '~> 3.0.0'

# Patched version. See http://rubysec.com/advisories/CVE-2015-5312/.
gem 'nokogiri', '>= 1.6.7.1'

gem 'pg'
gem 'spree', github: 'coopdevs/spree', branch: 'spree-upgrade-step-6'
gem 'spree_i18n', github: 'spree/spree_i18n', branch: '1-3-stable'
gem 'spree_auth_devise', github: 'openfoodfoundation/spree_auth_devise', branch: 'spree-upgrade-intermediate'

# Our branch contains two changes
# - Pass customer email and phone number to PayPal (merged to upstream master)
# - Change type of password from string to password to hide it in the form
gem 'spree_paypal_express', :github => "openfoodfoundation/better_spree_paypal_express", :branch => "spree-upgrade-intermediate"
#gem 'spree_paypal_express', :github => "spree-contrib/better_spree_paypal_express", :branch => "1-3-stable"

gem 'delayed_job_active_record'
gem 'daemons'

# Fix bug in simple_form preventing collection_check_boxes usage within form_for block
# When merged, revert to upstream gem
gem 'simple_form', :github => 'RohanM/simple_form'

gem 'unicorn'
gem 'angularjs-rails', '1.5.5'
gem 'bugsnag'
gem 'newrelic_rpm'
gem 'haml'
gem 'sass', "~> 3.3"
gem 'sass-rails', '~> 3.2.3', groups: [:default, :assets]
gem 'redcarpet'
gem 'aws-sdk'
gem 'db2fog'
gem 'andand'
gem 'truncate_html'
gem 'representative_view'
gem 'rabl'
gem "active_model_serializers"
gem 'oj'
gem 'deface', :github => 'spree/deface', :ref => '1110a13'
gem 'paperclip'
gem 'dalli'
gem 'geocoder'
gem 'gmaps4rails'
gem 'spinjs-rails'
gem 'rack-ssl', :require => 'rack/ssl'
gem 'custom_error_message', :github => 'jeremydurham/custom-err-msg'
gem 'angularjs-file-upload-rails', '~> 1.1.6'
gem 'roadie-rails', '~> 1.0.3'
gem 'figaro'
gem 'blockenspiel'
gem 'acts-as-taggable-on', '~> 3.4'
gem 'paper_trail', '~> 3.0.8'
gem 'diffy'

gem 'wicked_pdf'
gem 'wkhtmltopdf-binary'

gem 'foreigner'
gem 'immigrant'
gem 'roo', '~> 2.7.0'

gem 'whenever', require: false

# Gems used only for assets and not required
# in production environments by default.
group :assets do
  gem 'compass-rails'
  gem 'coffee-rails', '~> 3.2.1'

  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
  gem 'therubyracer'

  gem 'uglifier', '>= 1.0.3'

  gem 'turbo-sprockets-rails3'
  gem 'foundation-icons-sass-rails'
  gem 'momentjs-rails'
  gem 'angular-rails-templates', '~> 0.2.0'
end

gem "foundation-rails"
gem 'foundation_rails_helper', github: 'willrjmarshall/foundation_rails_helper', branch: "rails3"

gem 'jquery-rails'
gem 'jquery-migrate-rails'
gem 'css_splitter'

gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz'

group :test, :development do
  # Pretty printed test output
  gem 'turn', '~> 0.8.3', :require => false
  gem 'fuubar'
  gem 'rspec-rails'
  gem 'shoulda-matchers'
  gem 'factory_girl_rails', :require => false
  gem 'capybara'
  gem 'database_cleaner', '0.7.1', :require => false
  gem 'awesome_print'
  gem 'letter_opener'
  gem 'timecop'
  gem 'poltergeist'
  gem 'rspec-retry'
  gem 'json_spec'
  gem 'unicorn-rails'
  gem 'atomic'
  gem 'knapsack'
end

group :test do
  gem 'webmock'
  # See spec/spec_helper.rb for instructions
  #gem 'perftools.rb'
end

group :development do
  gem 'pry-byebug'
  gem 'debugger-linecache'
  gem 'guard'
  gem 'guard-livereload'
  gem 'rack-livereload'
  gem 'guard-rails'
  gem 'guard-rspec'
  gem 'parallel_tests'
  gem 'rubocop', '>= 0.49.1'

  # 1.0.9 fixed openssl issues on macOS https://github.com/eventmachine/eventmachine/issues/602
  # While we don't require this gem directly, no dependents forced the upgrade to a version
  # greater than 1.0.9, so we just required the latest available version here.
  gem 'eventmachine', '>= 1.2.3'
end

Gemfile.lock

https://raw.githubusercontent.com/Em-AK/openfoodnetwork/b5d5a55e6b40151dfd3a3d4f8ad6bfd6f72ec623/Gemfile.lock

I can't manage to paste its contents. Might be too large.

segiddins commented 7 years ago

I can't install the given bundle:

The gemspec at /Users/segiddins/.gem/ruby/2.1.5/bundler/gems/spree-598cae845626/core/spree_core.gemspec is not valid. Please fix this gemspec.
The validation error was 'duplicate dependency on kaminari (= 0.13.0), (= 0.13.0) use:
    add_runtime_dependency 'kaminari', '= 0.13.0', '= 0.13.0'
'
sauloperez commented 7 years ago

How did you get that? I get it to install all dependencies.

What if you try with this other Gemfile.lock below? I just replaced the spree's sha with the one where I fixed that duplicated dependency.

https://raw.githubusercontent.com/sauloperez/bundler-conservative-issue/master/Gemfile.lock

segiddins commented 7 years ago

I just ran bundle install with the given files

segiddins commented 7 years ago

So I've been looking into this and I believe it's happening because multiple gems are coming from that spree git repo, and thus its impossible to only update the "spree" gem conservatively.

sauloperez commented 7 years ago

but isn't that a bit odd? Spree has its own dependencies which happen to be in the same repo.

segiddins commented 7 years ago

It isn't odd -- all the dependencies from a git repo need to be at the same sha. If you'd like to update all of them, you can update the entire source

sauloperez commented 7 years ago

ok. Thanks for your attention @segiddins . I thought this could be handled by --conservative.

segiddins commented 7 years ago

Thanks for opening the issue, it was fun to dive into it! If you still want "--conservative", you might be about to use "bundle update --source SPREE_GIT_URL --conservative"

sauloperez commented 7 years ago

Oh, thanks! I'll give a try :ok_hand: