-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle development dependencies duplicated in gemspec vs Gemfile #6014
Conversation
70a885c
to
f90cc02
Compare
Thinking about this again after hitting this today (open-telemetry/opentelemetry-ruby-contrib#716) I would suggest warning as a good start in here. |
If a Gemfile duplicates a development dependency also defined in a local gemspec with a different requirement, the requirement in the local gemspec will be silently ignored. This surprised me. I think we should either: * Make sure both requirements are considered, like it happens for runtime dependencies (I added a spec to illustrate the current behavior here). * Add a warning that the requirement in the gemspec will be ignored. I think the former is slightly preferable, but it may cause some bundle's that previously resolve to no longer resolver. I went with the latter but the more I think about it, the more this seems like it should behave like the former.
f90cc02
to
ad68439
Compare
What about release? Is patch bump ok since it just introduces warning? 🤔 |
I think patch should be fine, yes? |
I'm ok with patch. |
👋 Something in the last couple days broke Ruby HEAD CI in Shopify/job-iteration
Neither of those PRs touches dependencies, so it must be something upstream, and I'm not positive, but this PR seems related. In # gemfiles/rails_edge.gemfile (for example)
eval_gemfile "../Gemfile"
gem "activejob", github: "rails/rails", branch: "main"
gem "activerecord", github: "rails/rails", branch: "main" # Gemfile
# ...
gemspec
# ... # job-iteration.gemspec
# ...
spec.add_development_dependency("activerecord")
spec.add_dependency("activejob", ">= 5.2")
end The error we're now seeing is
I've tentatively opened Shopify/job-iteration#438 to change our approach, in case the way we were doing it was technically incorrect (and we'll probably merge it even if it isn't), but I wanted to flag this so we can identify if this PR is the cause of the error or not, and if it is, to surface that it may not be a safe change to make as a patch version update. |
@sambostock can you extract and share minimal steps to reproduce this? There should be warning, not failure. |
@simi I've created a minimal repo which reproduces the failure in this CI run. Note matrix statuses:
I chose "rails_edge" and I should emphasize I'm not confident it's due to this PR, this is just the most relevant looking change I was able to find so far, and the timeline (this commit appeared in ruby/ruby on November 12 at 21:06 EST) makes it seem possibly related, as this approach was working on Ruby HEAD just a few days ago (as early as earlier on November 12 at 12:15 EST). |
Thanks for the report, will look into this before releasing this PR 👍. |
Probably I ran into the same issue here: https://github.com/ifad/chronomodel/actions/runs/7021550132/job/19103883939 The use case is similar to the above one, we're using specific relevant
relevant gemspec:
|
This is next on my list, thanks for the examples! |
Reproduced! Looking into it now. |
#7215 fixes this. Thanks for diligently reporting the problem so early ❤️. |
I'm running into the same issue as this comment. We're using Appraisal to test that our gem works with multiple versions of a gem (e.g. Rails). This means our Gemfile + gemspec look something like this when we're testing:
OR like this:
From the wording of this issue, it seems like our use case is discouraged, but it should just warn rather than error outright. Could you clarify what the best practice for us would be or if this could be fixed? Edit:
|
@WesleyW Seems like a similar bug, I'll try to fix it for final ruby release. |
I think in your case the warning is intended (at least when both Gemfile and gemspec specify some requirement). The way to silence the warning would be to remove either of them. |
Fixed by #7319, thanks for letting us know! |
Amazing! Tried it out locally and confirmed it works. Thank you for such a quick fix! |
What was the end-user or developer problem that led to this PR?
If a Gemfile duplicates a development dependency also defined in a local gemspec with a different requirement, the requirement in the local gemspec will be silently ignored.
This surprised me.
What is your fix for the problem, implemented in this PR?
I think we should either:
Make sure both requirements are considered, like it happens for runtime dependencies (I added a spec to illustrate the current behavior here).
Add a warning that the requirement in the gemspec will be ignored.
I think the former is slightly preferable, but it may cause some bundle's that previously resolved to no longer resolver.
I went with the latter but the more I think about it, the more this seems like it should behave like the former.
Make sure the following tasks are checked