RubyGems - bundler-multilock - Versions diffs - 1.0.0 - Mend

bundler-multilock 1.0.0

Files changed (13) hide show

checksums.yaml +7 -0
data/lib/bundler/multilock/check.rb +180 -0
data/lib/bundler/multilock/ext/bundler.rb +39 -0
data/lib/bundler/multilock/ext/definition.rb +21 -0
data/lib/bundler/multilock/ext/dsl.rb +63 -0
data/lib/bundler/multilock/ext/plugin/dsl.rb +17 -0
data/lib/bundler/multilock/ext/plugin.rb +19 -0
data/lib/bundler/multilock/ext/source_list.rb +16 -0
data/lib/bundler/multilock/lockfile_generator.rb +44 -0
data/lib/bundler/multilock/version.rb +7 -0
data/lib/bundler/multilock.rb +401 -0
data/plugins.rb +50 -0
metadata +152 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 648cdaff608ff51cfe15ab2c098cff90218068d650f9c0fa4825dca90d2cc573
+  data.tar.gz: 12be8f53d490c149f2e2691b4e694c8bc395673a2c30e622b5071b1b4771ddb4
+SHA512:
+  metadata.gz: 5e42ff819d3a1640e6c51dd326e01c9d3400a8193807cb1ed3400b72b9dc2b9fb0dc71289471545c74034c61f2c53884ef1f8c53618360d9490ff6193f72a19e
+  data.tar.gz: 916d273cb5dbe217d8b5d77be760f9db732e92b39177bfc5487f8868f93e0a90bca11afbeb4c09b3e508f99098f81275973b941e243e7668e0443cd61bcc888a

data/lib/bundler/multilock/check.rb ADDED Viewed

@@ -0,0 +1,180 @@
+# frozen_string_literal: true
+require "set"
+module Bundler
+  module Multilock
+    class Check
+      class << self
+        def run
+          new.run
+        end
+      end
+      def initialize
+        default_lockfile_contents = Bundler.default_lockfile.read
+        @default_lockfile = LockfileParser.new(default_lockfile_contents)
+        @default_specs = @default_lockfile.specs.to_h do |spec|
+          [[spec.name, spec.platform], spec]
+        end
+      end
+      def run
+        return true unless Bundler.default_lockfile.exist?
+        success = true
+        Multilock.lockfile_definitions.each do |lockfile_definition|
+          next unless lockfile_definition[:lockfile].exist?
+          success = false unless check(lockfile_definition)
+        end
+        success
+      end
+      # this is mostly equivalent to the built in checks in `bundle check`, but even
+      # more conservative, and returns false instead of exiting on failure
+      def base_check(lockfile_definition)
+        return false unless lockfile_definition[:lockfile].file?
+        Multilock.prepare_block = lockfile_definition[:prepare]
+        definition = Definition.build(lockfile_definition[:gemfile], lockfile_definition[:lockfile], false)
+        return false unless definition.send(:current_platform_locked?)
+        begin
+          definition.validate_runtime!
+          definition.resolve_only_locally!
+          not_installed = definition.missing_specs
+        rescue RubyVersionMismatch, GemNotFound, SolveFailure
+          return false
+        end
+        not_installed.empty? && definition.no_resolve_needed?
+      ensure
+        Multilock.prepare_block = nil
+      end
+      # this checks for mismatches between the default lockfile and the given lockfile,
+      # and for pinned dependencies in lockfiles requiring them
+      def check(lockfile_definition, allow_mismatched_dependencies: true)
+        success = true
+        proven_pinned = Set.new
+        needs_pin_check = []
+        lockfile = LockfileParser.new(lockfile_definition[:lockfile].read)
+        lockfile_path = lockfile_definition[:lockfile].relative_path_from(Dir.pwd)
+        unless lockfile.platforms == @default_lockfile.platforms
+          Bundler.ui.error("The platforms in #{lockfile_path} do not match the default lockfile.")
+          success = false
+        end
+        unless lockfile.bundler_version == @default_lockfile.bundler_version
+          Bundler.ui.error("bundler (#{lockfile.bundler_version}) in #{lockfile_path} " \
+                           "does not match the default lockfile's version (@#{@default_lockfile.bundler_version}).")
+          success = false
+        end
+        specs = lockfile.specs.group_by(&:name)
+        if allow_mismatched_dependencies
+          allow_mismatched_dependencies = lockfile_definition[:allow_mismatched_dependencies]
+        end
+        # build list of top-level dependencies that differ from the default lockfile,
+        # and all _their_ transitive dependencies
+        if allow_mismatched_dependencies
+          transitive_dependencies = Set.new
+          # only dependencies that differ from the default lockfile
+          pending_transitive_dependencies = lockfile.dependencies.reject do |name, dep|
+            @default_lockfile.dependencies[name] == dep
+          end.map(&:first)
+          until pending_transitive_dependencies.empty?
+            dep = pending_transitive_dependencies.shift
+            next if transitive_dependencies.include?(dep)
+            transitive_dependencies << dep
+            platform_specs = specs[dep]
+            unless platform_specs
+              # should only be bundler that's missing a spec
+              raise "Could not find spec for dependency #{dep}" unless dep == "bundler"
+              next
+            end
+            pending_transitive_dependencies.concat(platform_specs.flat_map(&:dependencies).map(&:name).uniq)
+          end
+        end
+        # look through top-level explicit dependencies for pinned requirements
+        if lockfile_definition[:enforce_pinned_additional_dependencies]
+          find_pinned_dependencies(proven_pinned, lockfile.dependencies.each_value)
+        end
+        # check for conflicting requirements (and build list of pins, in the same loop)
+        specs.values.flatten.each do |spec|
+          default_spec = @default_specs[[spec.name, spec.platform]]
+          if lockfile_definition[:enforce_pinned_additional_dependencies]
+            # look through what this spec depends on, and keep track of all pinned requirements
+            find_pinned_dependencies(proven_pinned, spec.dependencies)
+            needs_pin_check << spec unless default_spec
+          end
+          next unless default_spec
+          # have to ensure Path sources are relative to their lockfile before comparing
+          same_source = if [default_spec.source, spec.source].grep(Source::Path).length == 2
+                          lockfile_definition[:lockfile]
+                            .dirname
+                            .join(spec.source.path)
+                            .ascend
+                            .any?(Bundler.default_lockfile.dirname.join(default_spec.source.path))
+                        else
+                          default_spec.source == spec.source
+                        end
+          next if default_spec.version == spec.version && same_source
+          next if allow_mismatched_dependencies && transitive_dependencies.include?(spec.name)
+          Bundler.ui.error("#{spec}#{spec.git_version} in #{lockfile_path} " \
+                           "does not match the default lockfile's version " \
+                           "(@#{default_spec.version}#{default_spec.git_version}); " \
+                           "this may be due to a conflicting requirement, which would require manual resolution.")
+          success = false
+        end
+        # now that we have built a list of every gem that is pinned, go through
+        # the gems that were in this lockfile, but not the default lockfile, and
+        # ensure it's pinned _somehow_
+        needs_pin_check.each do |spec|
+          pinned = case spec.source
+                   when Source::Git
+                     spec.source.ref == spec.source.revision
+                   when Source::Path
+                     true
+                   when Source::Rubygems
+                     proven_pinned.include?(spec.name)
+                   else
+                     false
+                   end
+          next if pinned
+          Bundler.ui.error("#{spec} in #{lockfile_path} has not been pinned to a specific version,  " \
+                           "which is required since it is not part of the default lockfile.")
+          success = false
+        end
+        success
+      end
+      private
+      def find_pinned_dependencies(proven_pinned, dependencies)
+        dependencies.each do |dependency|
+          dependency.requirement.requirements.each do |requirement|
+            proven_pinned << dependency.name if requirement.first == "="
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/bundler.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module BundlerClassMethods
+        def self.prepended(klass)
+          super
+          klass.attr_writer :cache_root, :default_lockfile, :root
+        end
+        ::Bundler.singleton_class.prepend(self)
+        def app_cache(custom_path = nil)
+          super(custom_path || @cache_root)
+        end
+        def default_lockfile(force_original: false)
+          return @default_lockfile if @default_lockfile && !force_original
+          super()
+        end
+        def with_default_lockfile(lockfile)
+          previous_default_lockfile, @default_lockfile = @default_lockfile, lockfile
+          yield
+        ensure
+          @default_lockfile = previous_default_lockfile
+        end
+        def reset!
+          super
+          Multilock.reset!
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/definition.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module Definition
+        ::Bundler::Definition.prepend(self)
+        def initialize(lockfile, *args)
+          # we changed the default lockfile in Bundler::Multilock.add_lockfile
+          # since DSL.evaluate was called (re-entrantly); sub the proper value in
+          if !lockfile.equal?(Bundler.default_lockfile) &&
+             Bundler.default_lockfile(force_original: true) == lockfile
+            lockfile = Bundler.default_lockfile
+          end
+          super
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/dsl.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+require "set"
+module Bundler
+  module Multilock
+    module Ext
+      module Dsl
+        module ClassMethods
+          ::Bundler::Dsl.singleton_class.prepend(self)
+          # Significant changes:
+          #  * evaluate the prepare block as part of the gemfile
+          #  * mark Multilock as loaded once the main gemfile is evaluated
+          #    so that they're not loaded multiple times
+          def evaluate(gemfile, lockfile, unlock)
+            builder = new
+            builder.eval_gemfile(gemfile, &Multilock.prepare_block) if Multilock.prepare_block
+            builder.eval_gemfile(gemfile)
+            Multilock.loaded!
+            builder.to_definition(lockfile, unlock)
+          end
+        end
+        ::Bundler::Dsl.prepend(self)
+        def initialize
+          super
+          @gemfiles = Set.new
+        end
+        # Significant changes:
+        #  * allow a block
+        def eval_gemfile(gemfile, contents = nil, &block)
+          expanded_gemfile_path = Pathname.new(gemfile).expand_path(@gemfile&.parent)
+          original_gemfile = @gemfile
+          @gemfile = expanded_gemfile_path
+          @gemfiles << expanded_gemfile_path
+          contents ||= Bundler.read_file(@gemfile.to_s)
+          if block
+            instance_eval(&block)
+          else
+            instance_eval(contents.dup.tap { |x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
+          end
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          message = "There was an error " \
+                    "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
+                    "`#{File.basename gemfile.to_s}`: #{e.message}"
+          raise Bundler::Dsl::DSLError.new(message, gemfile, e.backtrace, contents)
+        ensure
+          @gemfile = original_gemfile
+        end
+        def lockfile(*args, **kwargs, &block)
+          return if Multilock.loaded?
+          Multilock.add_lockfile(*args, builder: self, **kwargs, &block)
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/plugin/dsl.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module PluginExt
+        module DSL
+          ::Bundler::Plugin::DSL.include(self)
+          def lockfile(...)
+            # pass
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/plugin.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module PluginExt
+        module ClassMethods
+          ::Bundler::Plugin.singleton_class.prepend(self)
+          def load_plugin(name)
+            return if @loaded_plugin_names.include?(name)
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/source_list.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module SourceList
+        ::Bundler::SourceList.prepend(self)
+        # consider them equivalent if the replacements just have a bunch of dups
+        def equivalent_sources?(lock_sources, replacement_sources)
+          super(lock_sources, replacement_sources.uniq)
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/lockfile_generator.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require "bundler/lockfile_generator"
+module Bundler
+  module Multilock
+    # generates a lockfile based on another LockfileParser
+    class LockfileGenerator < Bundler::LockfileGenerator
+      def self.generate(lockfile)
+        new(LockfileAdapter.new(lockfile)).generate!
+      end
+      private
+      class LockfileAdapter < SimpleDelegator
+        def sources
+          self
+        end
+        def lock_sources
+          __getobj__.sources
+        end
+        def resolve
+          specs
+        end
+        def dependencies
+          super.values
+        end
+        def locked_ruby_version
+          ruby_version
+        end
+      end
+      private_constant :LockfileAdapter
+      def add_bundled_with
+        add_section("BUNDLED WITH", definition.bundler_version.to_s)
+      end
+    end
+  end
+end

data/lib/bundler/multilock/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    VERSION = "1.0.0"
+  end
+end

data/lib/bundler/multilock.rb ADDED Viewed

@@ -0,0 +1,401 @@
+# frozen_string_literal: true
+require_relative "multilock/ext/bundler"
+require_relative "multilock/ext/definition"
+require_relative "multilock/ext/dsl"
+require_relative "multilock/ext/plugin"
+require_relative "multilock/ext/plugin/dsl"
+require_relative "multilock/ext/source_list"
+require_relative "multilock/version"
+module Bundler
+  module Multilock
+    class << self
+      # @!visibility private
+      attr_reader :lockfile_definitions
+      # @!visibility private
+      attr_accessor :prepare_block
+      # @param lockfile [String] The lockfile path (defaults to Gemfile.lock)
+      # @param builder [Dsl] The Bundler DSL
+      # @param gemfile [String, nil]
+      #   The Gemfile for this lockfile (defaults to Gemfile)
+      # @param default [Boolean]
+      #   If this lockfile should be the default (instead of Gemfile.lock)
+      # @param allow_mismatched_dependencies [true, false]
+      #   Allows version differences in dependencies between this lockfile and
+      #   the default lockfile. Note that even with this option, only top-level
+      #   dependencies that differ from the default lockfile, and their transitive
+      #   depedencies, are allowed to mismatch.
+      # @param enforce_pinned_additional_dependencies [true, false]
+      #   If dependencies are present in this lockfile that are not present in the
+      #   default lockfile, enforce that they are pinned.
+      # @yield
+      #   Block executed only when this lockfile is active.
+      # @return [true, false] if the lockfile is the current lockfile
+      def add_lockfile(lockfile = nil,
+                       builder:,
+                       gemfile: nil,
+                       default: nil,
+                       allow_mismatched_dependencies: true,
+                       enforce_pinned_additional_dependencies: false,
+                       &block)
+        # terminology gets confusing here. The "default" param means
+        # "use this lockfile when not overridden by BUNDLE_LOCKFILE"
+        # but Bundler.defaul_lockfile (usually) means "Gemfile.lock"
+        # so refer to the former as "current" internally
+        current = default
+        current = true if current.nil? && lockfile_definitions.empty? && lockfile.nil? && gemfile.nil?
+        # allow short-form lockfile names
+        lockfile = "Gemfile.#{lockfile}.lock" if lockfile && !(lockfile.include?("/") || lockfile.end_with?(".lock"))
+        # if a gemfile was provided, but not a lockfile, infer the default lockfile for that gemfile
+        lockfile ||= "#{gemfile}.lock" if gemfile
+        # use absolute paths
+        lockfile = Bundler.root.join(lockfile).expand_path if lockfile
+        # use the default lockfile (Gemfile.lock) if none was given
+        lockfile ||= Bundler.default_lockfile(force_original: true)
+        if current && (old_current = lockfile_definitions.find { |definition| definition[:current] })
+          raise ArgumentError, "Only one lockfile (#{old_current[:lockfile]}) can be flagged as the default"
+        end
+        raise ArgumentError, "Lockfile #{lockfile} is already defined" if lockfile_definitions.any? do |definition|
+                                                                            definition[:lockfile] == lockfile
+                                                                          end
+        env_lockfile = ENV["BUNDLE_LOCKFILE"]
+        if env_lockfile
+          unless env_lockfile.include?("/") || env_lockfile.end_with?(".lock")
+            env_lockfile = "Gemfile.#{env_lockfile}.lock"
+          end
+          env_lockfile = Bundler.root.join(env_lockfile).expand_path
+          current = env_lockfile == lockfile
+        end
+        lockfile_definitions << (lockfile_def = {
+          gemfile: (gemfile && Bundler.root.join(gemfile).expand_path) || Bundler.default_gemfile,
+          lockfile: lockfile,
+          current: current,
+          prepare: block,
+          allow_mismatched_dependencies: allow_mismatched_dependencies,
+          enforce_pinned_additional_dependencies: enforce_pinned_additional_dependencies
+        })
+        if (defined?(CLI::Check) ||
+            defined?(CLI::Install) ||
+            defined?(CLI::Lock) ||
+            defined?(CLI::Update)) &&
+           !defined?(CLI::Cache)
+          # always use Gemfile.lock for `bundle check`, `bundle install`,
+          # `bundle lock`, and `bundle update`. `bundle cache` delegates to
+          # `bundle install`, but we want that to run as normal.
+          current = lockfile == Bundler.default_lockfile(force_original: true)
+        end
+        if current
+          block&.call
+          Bundler.default_lockfile = lockfile
+          # we started evaluating the project's primary gemfile, but got told to use a lockfile
+          # associated with a different Gemfile. so we need to evaluate that Gemfile instead
+          if lockfile_def[:gemfile] != Bundler.default_gemfile
+            # share a cache between all lockfiles
+            Bundler.cache_root = Bundler.root
+            ENV["BUNDLE_GEMFILE"] = lockfile_def[:gemfile].to_s
+            Bundler.root = Bundler.default_gemfile.dirname
+            Bundler.default_lockfile = lockfile
+            builder.eval_gemfile(Bundler.default_gemfile)
+            return false
+          end
+        end
+        true
+      end
+      # @!visibility private
+      def after_install_all(install: true)
+        loaded!
+        previous_recursive = @recursive
+        return if lockfile_definitions.empty?
+        return if ENV["BUNDLE_LOCKFILE"] # explicitly working against a single lockfile
+        # must be running `bundle cache`
+        return unless Bundler.default_lockfile == Bundler.default_lockfile(force_original: true)
+        require_relative "multilock/check"
+        if Bundler.frozen_bundle? && !install
+          # only do the checks if we're frozen
+          exit 1 unless Check.run
+          return
+        end
+        # this hook will be called recursively when it has to install gems
+        # for a secondary lockfile. defend against that
+        return if @recursive
+        @recursive = true
+        require "tempfile"
+        require_relative "multilock/lockfile_generator"
+        Bundler.ui.info ""
+        default_lockfile_contents = Bundler.default_lockfile.read.freeze
+        default_specs = LockfileParser.new(default_lockfile_contents).specs.to_h do |spec|
+          [[spec.name, spec.platform], spec]
+        end
+        default_root = Bundler.root
+        attempts = 1
+        checker = Check.new
+        Bundler.settings.temporary(cache_all_platforms: true, suppress_install_using_messages: true) do
+          lockfile_definitions.each do |lockfile_definition|
+            # we already wrote the default lockfile
+            next if lockfile_definition[:lockfile] == Bundler.default_lockfile(force_original: true)
+            # root needs to be set so that paths are output relative to the correct root in the lockfile
+            Bundler.root = lockfile_definition[:gemfile].dirname
+            relative_lockfile = lockfile_definition[:lockfile].relative_path_from(Dir.pwd)
+            # already up to date?
+            up_to_date = false
+            Bundler.settings.temporary(frozen: true) do
+              Bundler.ui.silence do
+                up_to_date = checker.base_check(lockfile_definition) &&
+                             checker.check(lockfile_definition, allow_mismatched_dependencies: false)
+              end
+            end
+            if up_to_date
+              attempts = 1
+              next
+            end
+            if Bundler.frozen_bundle?
+              # if we're frozen, you have to use the pre-existing lockfile
+              unless lockfile_definition[:lockfile].exist?
+                Bundler.ui.error("The bundle is locked, but #{relative_lockfile} is missing. " \
+                                 "Please make sure you have checked #{relative_lockfile} " \
+                                 "into version control before deploying.")
+                exit 1
+              end
+              Bundler.ui.info("Installing gems for #{relative_lockfile}...")
+              write_lockfile(lockfile_definition, lockfile_definition[:lockfile], install: install)
+            else
+              Bundler.ui.info("Syncing to #{relative_lockfile}...") if attempts == 1
+              # adjust locked paths from the default lockfile to be relative to _this_ gemfile
+              adjusted_default_lockfile_contents =
+                default_lockfile_contents.gsub(/PATH\n  remote: ([^\n]+)\n/) do |remote|
+                  remote_path = Pathname.new($1)
+                  next remote if remote_path.absolute?
+                  relative_remote_path = remote_path.expand_path(default_root).relative_path_from(Bundler.root).to_s
+                  remote.sub($1, relative_remote_path)
+                end
+              # add a source for the current gem
+              gem_spec = default_specs[[File.basename(Bundler.root), "ruby"]]
+              if gem_spec
+                adjusted_default_lockfile_contents += <<~TEXT
+                  PATH
+                    remote: .
+                    specs:
+                  #{gem_spec.to_lock}
+                TEXT
+              end
+              if lockfile_definition[:lockfile].exist?
+                # if the lockfile already exists, "merge" it together
+                default_lockfile = LockfileParser.new(adjusted_default_lockfile_contents)
+                lockfile = LockfileParser.new(lockfile_definition[:lockfile].read)
+                dependency_changes = false
+                # replace any duplicate specs with what's in the default lockfile
+                lockfile.specs.map! do |spec|
+                  default_spec = default_specs[[spec.name, spec.platform]]
+                  next spec unless default_spec
+                  dependency_changes ||= spec != default_spec
+                  default_spec
+                end
+                lockfile.specs.replace(default_lockfile.specs + lockfile.specs).uniq!
+                lockfile.sources.replace(default_lockfile.sources + lockfile.sources).uniq!
+                lockfile.platforms.replace(default_lockfile.platforms).uniq!
+                # prune more specific platforms
+                lockfile.platforms.delete_if do |p1|
+                  lockfile.platforms.any? do |p2|
+                    p2 != "ruby" && p1 != p2 && MatchPlatform.platforms_match?(p2, p1)
+                  end
+                end
+                lockfile.instance_variable_set(:@ruby_version, default_lockfile.ruby_version)
+                lockfile.instance_variable_set(:@bundler_version, default_lockfile.bundler_version)
+                new_contents = LockfileGenerator.generate(lockfile)
+              else
+                # no lockfile? just start out with the default lockfile's contents to inherit its
+                # locked gems
+                new_contents = adjusted_default_lockfile_contents
+              end
+              had_changes = false
+              # Now build a definition based on the given Gemfile, with the combined lockfile
+              Tempfile.create do |temp_lockfile|
+                temp_lockfile.write(new_contents)
+                temp_lockfile.flush
+                had_changes = write_lockfile(lockfile_definition,
+                                             temp_lockfile.path,
+                                             install: install,
+                                             dependency_changes: dependency_changes)
+              end
+              # if we had changes, bundler may have updated some common
+              # dependencies beyond the default lockfile, so re-run it
+              # once to reset them back to the default lockfile's version.
+              # if it's already good, the `check` check at the beginning of
+              # the loop will skip the second sync anyway.
+              if had_changes && attempts < 3
+                attempts += 1
+                redo
+              else
+                attempts = 1
+              end
+            end
+          end
+        end
+        exit 1 unless checker.run
+      ensure
+        @recursive = previous_recursive
+      end
+      # @!visibility private
+      def loaded!
+        return if loaded?
+        @loaded = true
+        return if lockfile_definitions.empty?
+        return unless lockfile_definitions.none? { |definition| definition[:current] }
+        # Gemfile.lock isn't explicitly specified, otherwise it would be current
+        return if lockfile_definitions.none? do |definition|
+                    definition[:lockfile] == Bundler.default_lockfile(force_original: true)
+                  end
+        raise GemfileNotFound, "Could not locate lockfile #{ENV["BUNDLE_LOCKFILE"].inspect}" if ENV["BUNDLE_LOCKFILE"]
+        raise GemfileEvalError, "No lockfiles marked as default"
+      end
+      # @!visibility private
+      def loaded?
+        @loaded
+      end
+      # @!visibility private
+      def inject_preamble
+        minor_version = Gem::Version.new(::Bundler::Multilock::VERSION).segments[0..1].join(".")
+        bundle_preamble1_match = %(plugin "bundler-multilock")
+        bundle_preamble1 = <<~RUBY
+          plugin "bundler-multilock", "~> #{minor_version}"
+        RUBY
+        bundle_preamble2 = <<~RUBY
+          return unless Plugin.installed?("bundler-multilock")
+          Plugin.send(:load_plugin, "bundler-multilock")
+        RUBY
+        gemfile = Bundler.default_gemfile.read
+        injection_point = 0
+        while gemfile.match?(/^(?:#|\n|source)/, injection_point)
+          if gemfile[injection_point] == "\n"
+            injection_point += 1
+          else
+            injection_point = gemfile.index("\n", injection_point)
+            injection_point += 1 if injection_point
+            injection_point ||= -1
+          end
+        end
+        modified = inject_specific_preamble(gemfile, injection_point, bundle_preamble2, add_newline: true)
+        modified = true if inject_specific_preamble(gemfile,
+                                                    injection_point,
+                                                    bundle_preamble1,
+                                                    match: bundle_preamble1_match,
+                                                    add_newline: false)
+        Bundler.default_gemfile.write(gemfile) if modified
+      end
+      # @!visibility private
+      def reset!
+        @lockfile_definitions = []
+        @loaded = false
+      end
+      private
+      def inject_specific_preamble(gemfile, injection_point, preamble, add_newline:, match: preamble)
+        return false if gemfile.include?(match)
+        add_newline = false unless gemfile[injection_point - 1] == "\n"
+        gemfile.insert(injection_point, "\n") if add_newline
+        gemfile.insert(injection_point, preamble)
+        true
+      end
+      def write_lockfile(lockfile_definition, lockfile, install:, dependency_changes: false)
+        self.prepare_block = lockfile_definition[:prepare]
+        definition = Definition.build(lockfile_definition[:gemfile], lockfile, false)
+        definition.instance_variable_set(:@dependency_changes, dependency_changes) if dependency_changes
+        if lockfile_definition[:lockfile].exist?
+          definition.instance_variable_set(:@lockfile_contents,
+                                           lockfile_definition[:lockfile].read)
+        end
+        resolved_remotely = false
+        begin
+          previous_ui_level = Bundler.ui.level
+          Bundler.ui.level = "warn"
+          begin
+            definition.resolve_with_cache!
+          rescue GemNotFound, SolveFailure
+            definition = Definition.build(lockfile_definition[:gemfile], lockfile, false)
+            definition.resolve_remotely!
+            resolved_remotely = true
+          end
+          definition.lock(lockfile_definition[:lockfile], true)
+        ensure
+          Bundler.ui.level = previous_ui_level
+        end
+        # if we're running `bundle install` or `bundle update`, and something is missing from
+        # the secondary lockfile, install it.
+        if install && (definition.missing_specs.any? || resolved_remotely)
+          Bundler.with_default_lockfile(lockfile_definition[:lockfile]) do
+            Installer.install(lockfile_definition[:gemfile].dirname, definition, {})
+          end
+        end
+        !definition.nothing_changed?
+      ensure
+        self.prepare_block = nil
+      end
+    end
+    reset!
+    @recursive = false
+    @prepare_block = nil
+  end
+end

data/plugins.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+#
+# Copyright (C) 2023 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+require_relative "lib/bundler/multilock"
+# this is terrible, but we can't prepend into these modules because we only load
+# _inside_ of the CLI commands already running
+if defined?(Bundler::CLI::Check)
+  require_relative "lib/bundler/multilock/check"
+  at_exit do
+    next unless $!.nil?
+    next if $!.is_a?(SystemExit) && !$!.success?
+    next if Bundler::Multilock::Check.run
+    Bundler.ui.warn("You can attempt to fix by running `bundle install`")
+    exit 1
+  end
+end
+if defined?(Bundler::CLI::Lock)
+  at_exit do
+    next unless $!.nil?
+    next if $!.is_a?(SystemExit) && !$!.success?
+    Bundler::Multilock.after_install_all(install: false)
+  end
+end
+Bundler::Plugin.add_hook(Bundler::Plugin::Events::GEM_AFTER_INSTALL_ALL) do |_|
+  Bundler::Multilock.after_install_all
+end
+Bundler::Multilock.inject_preamble unless Bundler::Multilock.loaded?

metadata ADDED Viewed

@@ -0,0 +1,152 @@
+--- !ruby/object:Gem::Specification
+name: bundler-multilock
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Instructure
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-09-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.19
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.19
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop-inst
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.24'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.24'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/bundler/multilock.rb
+- lib/bundler/multilock/check.rb
+- lib/bundler/multilock/ext/bundler.rb
+- lib/bundler/multilock/ext/definition.rb
+- lib/bundler/multilock/ext/dsl.rb
+- lib/bundler/multilock/ext/plugin.rb
+- lib/bundler/multilock/ext/plugin/dsl.rb
+- lib/bundler/multilock/ext/source_list.rb
+- lib/bundler/multilock/lockfile_generator.rb
+- lib/bundler/multilock/version.rb
+- plugins.rb
+homepage: https://github.com/instructure/bundler-multilock
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: Support Multiple Lockfiles
+test_files: []