[katello-devel] Own gem repo
Shannon Hughes
shughes at redhat.com
Mon Jul 11 16:06:28 UTC 2011
justin summed this up well. +1 to keeping our internal gem repo. it was
a pain hunting down the auto-upgrades pointing to ruby-gems. while some
of this can be tuned to exact versions, i still feel the internal repo
that justin setup gives us more control and is more aligned with our rpm
build process.
On 07/11/2011 11:53 AM, Justin Sherrill wrote:
> On 07/11/2011 11:01 AM, Lukas Zapletal wrote:
>> On 07/11/2011 04:28 PM, Justin Sherrill wrote:
>>> Generally when you do a bundle install the Gemfile.lock file will be
>>> updated with all of the newest gems from the repo.
>>
>> Is this really true? Because on my box:
>>
>> # bundle install -> no change to the .lock file
>>
>> # bundle update -> change to the .lock file
>>
>> The same in the Bundler documentation.
>>
>
> So I wasn't able to reproduce the 'bundle install', but I can assure
> you it was an issue a while back. See internal discussion around
> march of this year and you'll see a lot of issues with 'bundle
> install'. I'm very certain it was an issue.
>
> I'm still very against moving back to rubygems.org. The way we have
> it now if a developer adds a gem as a requirement for katello they
> either have to add it to build an rpm for it (for production), or add
> it to our private gem repo (for development). If one of these does
> not happen then the issue becomes very apparent (which it did for you)
> and hopefullycan be fixed early.
>
> If we rely on rubygems.org the issue would not become apparent right
> away and it may take a few days for QA to hit it (because devs would
> just be blindly running 'bundle install').
>
>
> Actually I think i remember what the issue is. User A decides to add
> a new gem foo-1.1. He adds 'foo' to Gemfile. and does a bundle
> install. foo-1.1 gets added to Gemfile.lock. He then builds an rpm
> appropriately and adds it to the spec file.
>
> User B comes in a week or so later and does a bundle install. But
> wait! A newer version of foo (1.2) has been added to the rubygems
> repository. Since user b does not have foo installed at all, it will
> pull the latest (1.2) and update the Gemfile.lock. Gemfile.lock
> simply dictates what versions rails needs to run, not what will be
> installed by bundler. User B, not knowing that he had updated
> anything does his work and commits Gemfile.lock without really knowing
> it and breaks everyone else.
>
> This may seem like a rare situation, but it was happening almost
> weekly prior to us moving to our private repo.
>
>
> -Justin
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
--
Shannon Ray Hughes
shughes at redhat.com
Sr Software Engineer
Systems Management
More information about the katello-devel
mailing list