Resolve decidim installation path from Gemfile.lock
#1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change the Decidim source path resolving to use @snyk/gemfile instead of running `bundle` in a child process. Running `bundle` won't work when ruby/bundler is not yet installed. This allows resolving the Decidim source path from the `Gemfile.lock` of the project when Decidim is installed either from git or from a file path.
Closed
12 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Right now the local npm package installation process runs
bundle show decidimto determine thedecidimgem installation path.As discussed at decidim/decidim#8159 with @leio10, this does not work correctly at Heroku because when the NPM dependencies are installed, Ruby and Bundler are not yet available.
This changes the behavior so that if
bundle show decidimfails, it now reads the Decidim installation path fromGemfile.lockfor git and path installations. This should ensure that the same version of the NPM dependencies are installed as defined in thepackage-lock.jsonto avoid the SHA integrity violations.@leio10 I think this should provide a solution to the issue we discussed at:
decidim/decidim#8159 (comment)
NOTE: Right now I am using my own fork of
@snyk/gemfile(theGemfile.lockparser). The reason for this is that the current version of@snyk/gemfiledoes not work with the Decidim core's development_app and test_app Gemfiles because of this bug:snyk/gemfile#11