Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve decidim installation path from Gemfile.lock #1

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Resolve decidim installation path from Gemfile.lock #1

wants to merge 6 commits into from
+85 −15

Conversation

ahukkanen
Copy link

@ahukkanen ahukkanen commented Jul 1, 2021
edited
Loading

Right now the local npm package installation process runs bundle show decidim to determine the decidim gem installation path.

As discussed at decidim/decidim#8159 with @leio10, this does not work correctly at Heroku because when the NPM dependencies are installed, Ruby and Bundler are not yet available.

This changes the behavior so that if bundle show decidim fails, it now reads the Decidim installation path from Gemfile.lock for git and path installations. This should ensure that the same version of the NPM dependencies are installed as defined in the package-lock.json to avoid the SHA integrity violations.

@leio10 I think this should provide a solution to the issue we discussed at:
decidim/decidim#8159 (comment)

NOTE: Right now I am using my own fork of @snyk/gemfile (the Gemfile.lock parser). The reason for this is that the current version of @snyk/gemfile does not work with the Decidim core's development_app and test_app Gemfiles because of this bug:
snyk/gemfile#11

@ahukkanen
Fix the install script
47225af
@ahukkanen
Point to the pack script directly during installation
429703a
@ahukkanen
Resolve the Decidim source path with @snyk/gemfile
e3b61b9 
Change the Decidim source path resolving to use @snyk/gemfile
instead of running `bundle` in a child process. Running `bundle`
won't work when ruby/bundler is not yet installed.

This allows resolving the Decidim source path from the
`Gemfile.lock` of the project when Decidim is installed either
from git or from a file path.
@ahukkanen
Improve the regexp matcher
8163494
@ahukkanen
Add back the bundle resolving and fall back to Gemfile.lock resolving
c3fd434
@ahukkanen
Make the resolve methods trying less nested
7e55134
@ahukkanen ahukkanen mentioned this pull request Jul 1, 2021
Closed
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ahukkanen