Gemfile and Gemfile.lock created by bundler 2.0.1, not worked with 2.0.2

[zw963]

I have a pair Gemfile and Gemfile.lock which created by bundler 2.0.1.

when i try to bundle install in docker container after a while. use following command

RUN gem install bundler -v '~> 2.0.0' 

RUN bundle install --without "development test" --deployment --retry=5

bundler 2.0.2 is installed by default, and when run install, get following error message:

# bundle install --without "development test" --deployment --retry=5
You are trying to install in deployment mode after changing
your Gemfile. Run `bundle install` elsewhere and add the
updated Gemfile.lock to version control.

The list of sources changed

You have added to the Gemfile:
* source: https://github.com/carrierwaveuploader/carrierwave-i18n.git (at master)
* source: https://github.com/elabs/pundit.git (at master)
* source: https://github.com/javan/whenever.git (at master)
* source: https://github.com/plataformatec/simple_form.git (at master)
* source: https://github.com/ziweizhou/griddler-mailgun.git (at master)

You have deleted from the Gemfile:
* source: git://github.com/carrierwaveuploader/carrierwave-i18n.git (at master@5dea35c)
* source: git://github.com/elabs/pundit.git (at master@74ea5fa)
* source: git://github.com/javan/whenever.git (at master@81fc0c6)
* source: git://github.com/plataformatec/simple_form.git (at master@b80775b)
* source: git://github.com/ziweizhou/griddler-mailgun.git (at master@659ea5c)

But those config is worked when install run 2.0.1 exactly.

RUN gem install bundler -v '2.0.1'

i don't ensure bundler if match the semantic version, if not match, please let me know, thank you.

[brlanier]

I ran into the same issue when using a Gemfile.lock created with 1.16.1 and then recreated under 1.17.3. Using bundler 2.0.2 runs into this error. Downgrading to bundler version 2.0.1 seems to work fine.

You are trying to install in deployment mode after changing
your Gemfile. Run `bundle install` elsewhere and add the
updated Gemfile.lock to version control.

The list of sources changed

You have added to the Gemfile:
* source: https://github.com/my_repo/forked_gem.git (at master)
* source: https://github.com/carrierwaveuploader/carrierwave.git (at c2ee2e8)

You have deleted from the Gemfile:
* source: git://github.com/my_repo/forked_gem.git (at master@463073f)
* source: git://github.com/carrierwaveuploader/carrierwave.git (at c2ee2e8@c2ee2e8)

The only thing I noticed is the revision/branch info seems different in the output. Goes from just branch to branch@revision. Apologies if I am using the incorrect terms there.

In my case, in the Gemfile I have three entries that list alternate sources. Only two get put in the output and I scrubbed the owner/repo on one because it is a private repo. So I am wondering if it is a syntax issue that is being overlooked or that was depreciated finally in the 2.0.2 release. From my Gemfile:

gem 'carrierwave', github: 'carrierwaveuploader/carrierwave', ref: 'c2ee2e8'
gem 'danger-rubocop', git: 'git://github.com/my_repo/danger-rubocop.git', branch: 'add_direct_danger_option'
gem 'forked_gem', github: 'my_repo/forked_gem', branch: 'master'

The danger-rubocop gem is installed fine and uses the git://github.com syntax (I guess git: vs github: style). Please understand this is an older project for us and nobody has taken the time to update to using https yet, so I understand those should be updated. But it seems the newest release may have a problem with the older syntax style(github:)? Just want to understand as I'm sure I have other projects with the same older syntax. Updating to use the git: style with full url seems to resolve this, but I either didn't see the backwards change or understand any change in the change log for 2.0.2 that would indicate this was a breaking change for any older projects.

[zw963]

@banyan , i still not test my Gemfile if worked after change github: to git, but, all my those changed gem is use github: ???? syntax.

[deivid-rodriguez]

Hi! I'm sorry I never got to answer this. This was a mistake on our part. We planned to release this change with bundler 2.0.0 but apparently there was a mistake and it was released with 2.0.2. So, yeah, a totally unexpected backwards incompatible change. Sorry about that.

Anyways, the way to fix this would be to run bundle install locallly (without the --deployment flag) and commit the updated lock file, that should be using https sources now.

I'm going to close this but let me know if you have any questions.