RubyGems - bundler-multilock - Versions diffs - 1.0.0 - Mend

bundler-multilock 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +7 -0
data/lib/bundler/multilock/check.rb +180 -0
data/lib/bundler/multilock/ext/bundler.rb +39 -0
data/lib/bundler/multilock/ext/definition.rb +21 -0
data/lib/bundler/multilock/ext/dsl.rb +63 -0
data/lib/bundler/multilock/ext/plugin/dsl.rb +17 -0
data/lib/bundler/multilock/ext/plugin.rb +19 -0
data/lib/bundler/multilock/ext/source_list.rb +16 -0
data/lib/bundler/multilock/lockfile_generator.rb +44 -0
data/lib/bundler/multilock/version.rb +7 -0
data/lib/bundler/multilock.rb +401 -0
data/plugins.rb +50 -0
metadata +152 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 648cdaff608ff51cfe15ab2c098cff90218068d650f9c0fa4825dca90d2cc573
+  data.tar.gz: 12be8f53d490c149f2e2691b4e694c8bc395673a2c30e622b5071b1b4771ddb4
+SHA512:
+  metadata.gz: 5e42ff819d3a1640e6c51dd326e01c9d3400a8193807cb1ed3400b72b9dc2b9fb0dc71289471545c74034c61f2c53884ef1f8c53618360d9490ff6193f72a19e
+  data.tar.gz: 916d273cb5dbe217d8b5d77be760f9db732e92b39177bfc5487f8868f93e0a90bca11afbeb4c09b3e508f99098f81275973b941e243e7668e0443cd61bcc888a

data/lib/bundler/multilock/check.rb ADDED Viewed

@@ -0,0 +1,180 @@
+# frozen_string_literal: true
+require "set"
+module Bundler
+  module Multilock
+    class Check
+      class << self
+        def run
+          new.run
+        end
+      end
+      def initialize
+        default_lockfile_contents = Bundler.default_lockfile.read
+        @default_lockfile = LockfileParser.new(default_lockfile_contents)
+        @default_specs = @default_lockfile.specs.to_h do |spec|
+          [[spec.name, spec.platform], spec]
+        end
+      end
+      def run
+        return true unless Bundler.default_lockfile.exist?
+        success = true
+        Multilock.lockfile_definitions.each do |lockfile_definition|
+          next unless lockfile_definition[:lockfile].exist?
+          success = false unless check(lockfile_definition)
+        end
+        success
+      end
+      # this is mostly equivalent to the built in checks in `bundle check`, but even
+      # more conservative, and returns false instead of exiting on failure
+      def base_check(lockfile_definition)
+        return false unless lockfile_definition[:lockfile].file?
+        Multilock.prepare_block = lockfile_definition[:prepare]
+        definition = Definition.build(lockfile_definition[:gemfile], lockfile_definition[:lockfile], false)
+        return false unless definition.send(:current_platform_locked?)
+        begin
+          definition.validate_runtime!
+          definition.resolve_only_locally!
+          not_installed = definition.missing_specs
+        rescue RubyVersionMismatch, GemNotFound, SolveFailure
+          return false
+        end
+        not_installed.empty? && definition.no_resolve_needed?
+      ensure
+        Multilock.prepare_block = nil
+      end
+      # this checks for mismatches between the default lockfile and the given lockfile,
+      # and for pinned dependencies in lockfiles requiring them
+      def check(lockfile_definition, allow_mismatched_dependencies: true)
+        success = true
+        proven_pinned = Set.new
+        needs_pin_check = []
+        lockfile = LockfileParser.new(lockfile_definition[:lockfile].read)
+        lockfile_path = lockfile_definition[:lockfile].relative_path_from(Dir.pwd)
+        unless lockfile.platforms == @default_lockfile.platforms
+          Bundler.ui.error("The platforms in #{lockfile_path} do not match the default lockfile.")
+          success = false
+        end
+        unless lockfile.bundler_version == @default_lockfile.bundler_version
+          Bundler.ui.error("bundler (#{lockfile.bundler_version}) in #{lockfile_path} " \
+                           "does not match the default lockfile's version (@#{@default_lockfile.bundler_version}).")
+          success = false
+        end
+        specs = lockfile.specs.group_by(&:name)
+        if allow_mismatched_dependencies
+          allow_mismatched_dependencies = lockfile_definition[:allow_mismatched_dependencies]
+        end
+        # build list of top-level dependencies that differ from the default lockfile,
+        # and all _their_ transitive dependencies
+        if allow_mismatched_dependencies
+          transitive_dependencies = Set.new
+          # only dependencies that differ from the default lockfile
+          pending_transitive_dependencies = lockfile.dependencies.reject do |name, dep|
+            @default_lockfile.dependencies[name] == dep
+          end.map(&:first)
+          until pending_transitive_dependencies.empty?
+            dep = pending_transitive_dependencies.shift
+            next if transitive_dependencies.include?(dep)
+            transitive_dependencies << dep
+            platform_specs = specs[dep]
+            unless platform_specs
+              # should only be bundler that's missing a spec
+              raise "Could not find spec for dependency #{dep}" unless dep == "bundler"
+              next
+            end
+            pending_transitive_dependencies.concat(platform_specs.flat_map(&:dependencies).map(&:name).uniq)
+          end
+        end
+        # look through top-level explicit dependencies for pinned requirements
+        if lockfile_definition[:enforce_pinned_additional_dependencies]
+          find_pinned_dependencies(proven_pinned, lockfile.dependencies.each_value)
+        end
+        # check for conflicting requirements (and build list of pins, in the same loop)
+        specs.values.flatten.each do |spec|
+          default_spec = @default_specs[[spec.name, spec.platform]]
+          if lockfile_definition[:enforce_pinned_additional_dependencies]
+            # look through what this spec depends on, and keep track of all pinned requirements
+            find_pinned_dependencies(proven_pinned, spec.dependencies)
+            needs_pin_check << spec unless default_spec
+          end
+          next unless default_spec
+          # have to ensure Path sources are relative to their lockfile before comparing
+          same_source = if [default_spec.source, spec.source].grep(Source::Path).length == 2
+                          lockfile_definition[:lockfile]
+                            .dirname
+                            .join(spec.source.path)
+                            .ascend
+                            .any?(Bundler.default_lockfile.dirname.join(default_spec.source.path))
+                        else
+                          default_spec.source == spec.source
+                        end
+          next if default_spec.version == spec.version && same_source
+          next if allow_mismatched_dependencies && transitive_dependencies.include?(spec.name)
+          Bundler.ui.error("#{spec}#{spec.git_version} in #{lockfile_path} " \
+                           "does not match the default lockfile's version " \
+                           "(@#{default_spec.version}#{default_spec.git_version}); " \
+                           "this may be due to a conflicting requirement, which would require manual resolution.")
+          success = false
+        end
+        # now that we have built a list of every gem that is pinned, go through
+        # the gems that were in this lockfile, but not the default lockfile, and
+        # ensure it's pinned _somehow_
+        needs_pin_check.each do |spec|
+          pinned = case spec.source
+                   when Source::Git
+                     spec.source.ref == spec.source.revision
+                   when Source::Path
+                     true
+                   when Source::Rubygems
+                     proven_pinned.include?(spec.name)
+                   else
+                     false
+                   end
+          next if pinned
+          Bundler.ui.error("#{spec} in #{lockfile_path} has not been pinned to a specific version,  " \
+                           "which is required since it is not part of the default lockfile.")
+          success = false
+        end
+        success
+      end
+      private
+      def find_pinned_dependencies(proven_pinned, dependencies)
+        dependencies.each do |dependency|
+          dependency.requirement.requirements.each do |requirement|
+            proven_pinned << dependency.name if requirement.first == "="
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/bundler.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module BundlerClassMethods
+        def self.prepended(klass)
+          super
+          klass.attr_writer :cache_root, :default_lockfile, :root
+        end
+        ::Bundler.singleton_class.prepend(self)
+        def app_cache(custom_path = nil)
+          super(custom_path || @cache_root)
+        end
+        def default_lockfile(force_original: false)
+          return @default_lockfile if @default_lockfile && !force_original
+          super()
+        end
+        def with_default_lockfile(lockfile)
+          previous_default_lockfile, @default_lockfile = @default_lockfile, lockfile
+          yield
+        ensure
+          @default_lockfile = previous_default_lockfile
+        end
+        def reset!
+          super
+          Multilock.reset!
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/definition.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module Definition
+        ::Bundler::Definition.prepend(self)
+        def initialize(lockfile, *args)
+          # we changed the default lockfile in Bundler::Multilock.add_lockfile
+          # since DSL.evaluate was called (re-entrantly); sub the proper value in
+          if !lockfile.equal?(Bundler.default_lockfile) &&
+             Bundler.default_lockfile(force_original: true) == lockfile
+            lockfile = Bundler.default_lockfile
+          end
+          super
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/dsl.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+require "set"
+module Bundler
+  module Multilock
+    module Ext
+      module Dsl
+        module ClassMethods
+          ::Bundler::Dsl.singleton_class.prepend(self)
+          # Significant changes:
+          #  * evaluate the prepare block as part of the gemfile
+          #  * mark Multilock as loaded once the main gemfile is evaluated
+          #    so that they're not loaded multiple times
+          def evaluate(gemfile, lockfile, unlock)
+            builder = new
+            builder.eval_gemfile(gemfile, &Multilock.prepare_block) if Multilock.prepare_block
+            builder.eval_gemfile(gemfile)
+            Multilock.loaded!
+            builder.to_definition(lockfile, unlock)
+          end
+        end
+        ::Bundler::Dsl.prepend(self)
+        def initialize
+          super
+          @gemfiles = Set.new
+        end
+        # Significant changes:
+        #  * allow a block
+        def eval_gemfile(gemfile, contents = nil, &block)
+          expanded_gemfile_path = Pathname.new(gemfile).expand_path(@gemfile&.parent)
+          original_gemfile = @gemfile
+          @gemfile = expanded_gemfile_path
+          @gemfiles << expanded_gemfile_path
+          contents ||= Bundler.read_file(@gemfile.to_s)
+          if block
+            instance_eval(&block)
+          else
+            instance_eval(contents.dup.tap { |x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
+          end
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          message = "There was an error " \
+                    "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
+                    "`#{File.basename gemfile.to_s}`: #{e.message}"
+          raise Bundler::Dsl::DSLError.new(message, gemfile, e.backtrace, contents)
+        ensure
+          @gemfile = original_gemfile
+        end
+        def lockfile(*args, **kwargs, &block)
+          return if Multilock.loaded?
+          Multilock.add_lockfile(*args, builder: self, **kwargs, &block)
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/plugin/dsl.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module PluginExt
+        module DSL
+          ::Bundler::Plugin::DSL.include(self)
+          def lockfile(...)
+            # pass
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/plugin.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module PluginExt
+        module ClassMethods
+          ::Bundler::Plugin.singleton_class.prepend(self)
+          def load_plugin(name)
+            return if @loaded_plugin_names.include?(name)
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/ext/source_list.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    module Ext
+      module SourceList
+        ::Bundler::SourceList.prepend(self)
+        # consider them equivalent if the replacements just have a bunch of dups
+        def equivalent_sources?(lock_sources, replacement_sources)
+          super(lock_sources, replacement_sources.uniq)
+        end
+      end
+    end
+  end
+end

data/lib/bundler/multilock/lockfile_generator.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require "bundler/lockfile_generator"
+module Bundler
+  module Multilock
+    # generates a lockfile based on another LockfileParser
+    class LockfileGenerator < Bundler::LockfileGenerator
+      def self.generate(lockfile)
+        new(LockfileAdapter.new(lockfile)).generate!
+      end
+      private
+      class LockfileAdapter < SimpleDelegator
+        def sources
+          self
+        end
+        def lock_sources
+          __getobj__.sources
+        end
+        def resolve
+          specs
+        end
+        def dependencies
+          super.values
+        end
+        def locked_ruby_version
+          ruby_version
+        end
+      end
+      private_constant :LockfileAdapter
+      def add_bundled_with
+        add_section("BUNDLED WITH", definition.bundler_version.to_s)
+      end
+    end
+  end
+end

data/lib/bundler/multilock/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module Bundler
+  module Multilock
+    VERSION = "1.0.0"
+  end
+end

data/lib/bundler/multilock.rb ADDED Viewed

@@ -0,0 +1,401 @@
+# frozen_string_literal: true
+require_relative "multilock/ext/bundler"
+require_relative "multilock/ext/definition"
+require_relative "multilock/ext/dsl"
+require_relative "multilock/ext/plugin"
+require_relative "multilock/ext/plugin/dsl"
+require_relative "multilock/ext/source_list"
+require_relative "multilock/version"
+module Bundler
+  module Multilock
+    class << self
+      # @!visibility private
+      attr_reader :lockfile_definitions
+      # @!visibility private
+      attr_accessor :prepare_block
+      # @param lockfile [String] The lockfile path (defaults to Gemfile.lock)
+      # @param builder [Dsl] The Bundler DSL
+      # @param gemfile [String, nil]
+      #   The Gemfile for this lockfile (defaults to Gemfile)
+      # @param default [Boolean]
+      #   If this lockfile should be the default (instead of Gemfile.lock)
+      # @param allow_mismatched_dependencies [true, false]
+      #   Allows version differences in dependencies between this lockfile and
+      #   the default lockfile. Note that even with this option, only top-level
+      #   dependencies that differ from the default lockfile, and their transitive
+      #   depedencies, are allowed to mismatch.
+      # @param enforce_pinned_additional_dependencies [true, false]
+      #   If dependencies are present in this lockfile that are not present in the
+      #   default lockfile, enforce that they are pinned.
+      # @yield
+      #   Block executed only when this lockfile is active.
+      # @return [true, false] if the lockfile is the current lockfile
+      def add_lockfile(lockfile = nil,
+                       builder:,
+                       gemfile: nil,
+                       default: nil,
+                       allow_mismatched_dependencies: true,
+                       enforce_pinned_additional_dependencies: false,
+                       &block)
+        # terminology gets confusing here. The "default" param means
+        # "use this lockfile when not overridden by BUNDLE_LOCKFILE"
+        # but Bundler.defaul_lockfile (usually) means "Gemfile.lock"
+        # so refer to the former as "current" internally
+        current = default
+        current = true if current.nil? && lockfile_definitions.empty? && lockfile.nil? && gemfile.nil?
+        # allow short-form lockfile names
+        lockfile = "Gemfile.#{lockfile}.lock" if lockfile && !(lockfile.include?("/") || lockfile.end_with?(".lock"))
+        # if a gemfile was provided, but not a lockfile, infer the default lockfile for that gemfile
+        lockfile ||= "#{gemfile}.lock" if gemfile
+        # use absolute paths
+        lockfile = Bundler.root.join(lockfile).expand_path if lockfile
+        # use the default lockfile (Gemfile.lock) if none was given
+        lockfile ||= Bundler.default_lockfile(force_original: true)
+        if current && (old_current = lockfile_definitions.find { |definition| definition[:current] })
+          raise ArgumentError, "Only one lockfile (#{old_current[:lockfile]}) can be flagged as the default"
+        end
+        raise ArgumentError, "Lockfile #{lockfile} is already defined" if lockfile_definitions.any? do |definition|
+                                                                            definition[:lockfile] == lockfile
+                                                                          end
+        env_lockfile = ENV["BUNDLE_LOCKFILE"]
+        if env_lockfile
+          unless env_lockfile.include?("/") || env_lockfile.end_with?(".lock")
+            env_lockfile = "Gemfile.#{env_lockfile}.lock"
+          end
+          env_lockfile = Bundler.root.join(env_lockfile).expand_path
+          current = env_lockfile == lockfile
+        end
+        lockfile_definitions << (lockfile_def = {
+          gemfile: (gemfile && Bundler.root.join(gemfile).expand_path) || Bundler.default_gemfile,
+          lockfile: lockfile,
+          current: current,
+          prepare: block,
+          allow_mismatched_dependencies: allow_mismatched_dependencies,
+          enforce_pinned_additional_dependencies: enforce_pinned_additional_dependencies
+        })
+        if (defined?(CLI::Check) ||
+            defined?(CLI::Install) ||
+            defined?(CLI::Lock) ||
+            defined?(CLI::Update)) &&
+           !defined?(CLI::Cache)
+          # always use Gemfile.lock for `bundle check`, `bundle install`,
+          # `bundle lock`, and `bundle update`. `bundle cache` delegates to
+          # `bundle install`, but we want that to run as normal.
+          current = lockfile == Bundler.default_lockfile(force_original: true)
+        end
+        if current
+          block&.call
+          Bundler.default_lockfile = lockfile
+          # we started evaluating the project's primary gemfile, but got told to use a lockfile
+          # associated with a different Gemfile. so we need to evaluate that Gemfile instead
+          if lockfile_def[:gemfile] != Bundler.default_gemfile
+            # share a cache between all lockfiles
+            Bundler.cache_root = Bundler.root
+            ENV["BUNDLE_GEMFILE"] = lockfile_def[:gemfile].to_s
+            Bundler.root = Bundler.default_gemfile.dirname
+            Bundler.default_lockfile = lockfile
+            builder.eval_gemfile(Bundler.default_gemfile)
+            return false
+          end
+        end
+        true
+      end
+      # @!visibility private
+      def after_install_all(install: true)
+        loaded!
+        previous_recursive = @recursive
+        return if lockfile_definitions.empty?
+        return if ENV["BUNDLE_LOCKFILE"] # explicitly working against a single lockfile
+        # must be running `bundle cache`
+        return unless Bundler.default_lockfile == Bundler.default_lockfile(force_original: true)
+        require_relative "multilock/check"
+        if Bundler.frozen_bundle? && !install
+          # only do the checks if we're frozen
+          exit 1 unless Check.run
+          return
+        end
+        # this hook will be called recursively when it has to install gems
+        # for a secondary lockfile. defend against that
+        return if @recursive
+        @recursive = true
+        require "tempfile"
+        require_relative "multilock/lockfile_generator"
+        Bundler.ui.info ""
+        default_lockfile_contents = Bundler.default_lockfile.read.freeze
+        default_specs = LockfileParser.new(default_lockfile_contents).specs.to_h do |spec|
+          [[spec.name, spec.platform], spec]
+        end
+        default_root = Bundler.root
+        attempts = 1
+        checker = Check.new
+        Bundler.settings.temporary(cache_all_platforms: true, suppress_install_using_messages: true) do
+          lockfile_definitions.each do |lockfile_definition|
+            # we already wrote the default lockfile
+            next if lockfile_definition[:lockfile] == Bundler.default_lockfile(force_original: true)
+            # root needs to be set so that paths are output relative to the correct root in the lockfile
+            Bundler.root = lockfile_definition[:gemfile].dirname
+            relative_lockfile = lockfile_definition[:lockfile].relative_path_from(Dir.pwd)
+            # already up to date?
+            up_to_date = false
+            Bundler.settings.temporary(frozen: true) do
+              Bundler.ui.silence do
+                up_to_date = checker.base_check(lockfile_definition) &&
+                             checker.check(lockfile_definition, allow_mismatched_dependencies: false)
+              end
+            end
+            if up_to_date
+              attempts = 1
+              next
+            end
+            if Bundler.frozen_bundle?
+              # if we're frozen, you have to use the pre-existing lockfile
+              unless lockfile_definition[:lockfile].exist?
+                Bundler.ui.error("The bundle is locked, but #{relative_lockfile} is missing. " \
+                                 "Please make sure you have checked #{relative_lockfile} " \
+                                 "into version control before deploying.")
+                exit 1
+              end
+              Bundler.ui.info("Installing gems for #{relative_lockfile}...")
+              write_lockfile(lockfile_definition, lockfile_definition[:lockfile], install: install)
+            else
+              Bundler.ui.info("Syncing to #{relative_lockfile}...") if attempts == 1
+              # adjust locked paths from the default lockfile to be relative to _this_ gemfile
+              adjusted_default_lockfile_contents =
+                default_lockfile_contents.gsub(/PATH\n  remote: ([^\n]+)\n/) do |remote|
+                  remote_path = Pathname.new($1)
+                  next remote if remote_path.absolute?
+                  relative_remote_path = remote_path.expand_path(default_root).relative_path_from(Bundler.root).to_s
+                  remote.sub($1, relative_remote_path)
+                end
+              # add a source for the current gem
+              gem_spec = default_specs[[File.basename(Bundler.root), "ruby"]]
+              if gem_spec
+                adjusted_default_lockfile_contents += <<~TEXT
+                  PATH
+                    remote: .
+                    specs:
+                  #{gem_spec.to_lock}
+                TEXT
+              end
+              if lockfile_definition[:lockfile].exist?
+                # if the lockfile already exists, "merge" it together
+                default_lockfile = LockfileParser.new(adjusted_default_lockfile_contents)
+                lockfile = LockfileParser.new(lockfile_definition[:lockfile].read)
+                dependency_changes = false
+                # replace any duplicate specs with what's in the default lockfile
+                lockfile.specs.map! do |spec|
+                  default_spec = default_specs[[spec.name, spec.platform]]
+                  next spec unless default_spec
+                  dependency_changes ||= spec != default_spec
+                  default_spec
+                end
+                lockfile.specs.replace(default_lockfile.specs + lockfile.specs).uniq!
+                lockfile.sources.replace(default_lockfile.sources + lockfile.sources).uniq!
+                lockfile.platforms.replace(default_lockfile.platforms).uniq!
+                # prune more specific platforms
+                lockfile.platforms.delete_if do |p1|
+                  lockfile.platforms.any? do |p2|
+                    p2 != "ruby" && p1 != p2 && MatchPlatform.platforms_match?(p2, p1)
+                  end
+                end
+                lockfile.instance_variable_set(:@ruby_version, default_lockfile.ruby_version)
+                lockfile.instance_variable_set(:@bundler_version, default_lockfile.bundler_version)
+                new_contents = LockfileGenerator.generate(lockfile)
+              else
+                # no lockfile? just start out with the default lockfile's contents to inherit its
+                # locked gems
+                new_contents = adjusted_default_lockfile_contents
+              end
+              had_changes = false
+              # Now build a definition based on the given Gemfile, with the combined lockfile
+              Tempfile.create do |temp_lockfile|
+                temp_lockfile.write(new_contents)
+                temp_lockfile.flush
+                had_changes = write_lockfile(lockfile_definition,
+                                             temp_lockfile.path,
+                                             install: install,
+                                             dependency_changes: dependency_changes)
+              end
+              # if we had changes, bundler may have updated some common
+              # dependencies beyond the default lockfile, so re-run it
+              # once to reset them back to the default lockfile's version.
+              # if it's already good, the `check` check at the beginning of
+              # the loop will skip the second sync anyway.
+              if had_changes && attempts < 3
+                attempts += 1
+                redo
+              else
+                attempts = 1
+              end
+            end
+          end
+        end
+        exit 1 unless checker.run
+      ensure
+        @recursive = previous_recursive
+      end
+      # @!visibility private
+      def loaded!
+        return if loaded?
+        @loaded = true
+        return if lockfile_definitions.empty?
+        return unless lockfile_definitions.none? { |definition| definition[:current] }
+        # Gemfile.lock isn't explicitly specified, otherwise it would be current
+        return if lockfile_definitions.none? do |definition|
+                    definition[:lockfile] == Bundler.default_lockfile(force_original: true)
+                  end
+        raise GemfileNotFound, "Could not locate lockfile #{ENV["BUNDLE_LOCKFILE"].inspect}" if ENV["BUNDLE_LOCKFILE"]
+        raise GemfileEvalError, "No lockfiles marked as default"
+      end
+      # @!visibility private
+      def loaded?
+        @loaded
+      end
+      # @!visibility private
+      def inject_preamble
+        minor_version = Gem::Version.new(::Bundler::Multilock::VERSION).segments[0..1].join(".")
+        bundle_preamble1_match = %(plugin "bundler-multilock")
+        bundle_preamble1 = <<~RUBY
+          plugin "bundler-multilock", "~> #{minor_version}"
+        RUBY
+        bundle_preamble2 = <<~RUBY
+          return unless Plugin.installed?("bundler-multilock")
+          Plugin.send(:load_plugin, "bundler-multilock")
+        RUBY
+        gemfile = Bundler.default_gemfile.read
+        injection_point = 0
+        while gemfile.match?(/^(?:#|\n|source)/, injection_point)
+          if gemfile[injection_point] == "\n"
+            injection_point += 1
+          else
+            injection_point = gemfile.index("\n", injection_point)
+            injection_point += 1 if injection_point
+            injection_point ||= -1
+          end
+        end
+        modified = inject_specific_preamble(gemfile, injection_point, bundle_preamble2, add_newline: true)
+        modified = true if inject_specific_preamble(gemfile,
+                                                    injection_point,
+                                                    bundle_preamble1,
+                                                    match: bundle_preamble1_match,
+                                                    add_newline: false)
+        Bundler.default_gemfile.write(gemfile) if modified
+      end
+      # @!visibility private
+      def reset!
+        @lockfile_definitions = []
+        @loaded = false
+      end
+      private
+      def inject_specific_preamble(gemfile, injection_point, preamble, add_newline:, match: preamble)
+        return false if gemfile.include?(match)
+        add_newline = false unless gemfile[injection_point - 1] == "\n"
+        gemfile.insert(injection_point, "\n") if add_newline
+        gemfile.insert(injection_point, preamble)
+        true
+      end
+      def write_lockfile(lockfile_definition, lockfile, install:, dependency_changes: false)
+        self.prepare_block = lockfile_definition[:prepare]
+        definition = Definition.build(lockfile_definition[:gemfile], lockfile, false)
+        definition.instance_variable_set(:@dependency_changes, dependency_changes) if dependency_changes
+        if lockfile_definition[:lockfile].exist?
+          definition.instance_variable_set(:@lockfile_contents,
+                                           lockfile_definition[:lockfile].read)
+        end
+        resolved_remotely = false
+        begin
+          previous_ui_level = Bundler.ui.level
+          Bundler.ui.level = "warn"
+          begin
+            definition.resolve_with_cache!
+          rescue GemNotFound, SolveFailure
+            definition = Definition.build(lockfile_definition[:gemfile], lockfile, false)
+            definition.resolve_remotely!
+            resolved_remotely = true
+          end
+          definition.lock(lockfile_definition[:lockfile], true)
+        ensure
+          Bundler.ui.level = previous_ui_level
+        end
+        # if we're running `bundle install` or `bundle update`, and something is missing from
+        # the secondary lockfile, install it.
+        if install && (definition.missing_specs.any? || resolved_remotely)
+          Bundler.with_default_lockfile(lockfile_definition[:lockfile]) do
+            Installer.install(lockfile_definition[:gemfile].dirname, definition, {})
+          end
+        end
+        !definition.nothing_changed?
+      ensure
+        self.prepare_block = nil
+      end
+    end
+    reset!
+    @recursive = false
+    @prepare_block = nil
+  end
+end

data/plugins.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+#
+# Copyright (C) 2023 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+require_relative "lib/bundler/multilock"
+# this is terrible, but we can't prepend into these modules because we only load
+# _inside_ of the CLI commands already running
+if defined?(Bundler::CLI::Check)
+  require_relative "lib/bundler/multilock/check"
+  at_exit do
+    next unless $!.nil?
+    next if $!.is_a?(SystemExit) && !$!.success?
+    next if Bundler::Multilock::Check.run
+    Bundler.ui.warn("You can attempt to fix by running `bundle install`")
+    exit 1
+  end
+end
+if defined?(Bundler::CLI::Lock)
+  at_exit do
+    next unless $!.nil?
+    next if $!.is_a?(SystemExit) && !$!.success?
+    Bundler::Multilock.after_install_all(install: false)
+  end
+end
+Bundler::Plugin.add_hook(Bundler::Plugin::Events::GEM_AFTER_INSTALL_ALL) do |_|
+  Bundler::Multilock.after_install_all
+end
+Bundler::Multilock.inject_preamble unless Bundler::Multilock.loaded?

metadata ADDED Viewed

@@ -0,0 +1,152 @@
+--- !ruby/object:Gem::Specification
+name: bundler-multilock
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Instructure
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-09-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.19
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.4.19
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop-inst
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.24'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.24'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/bundler/multilock.rb
+- lib/bundler/multilock/check.rb
+- lib/bundler/multilock/ext/bundler.rb
+- lib/bundler/multilock/ext/definition.rb
+- lib/bundler/multilock/ext/dsl.rb
+- lib/bundler/multilock/ext/plugin.rb
+- lib/bundler/multilock/ext/plugin/dsl.rb
+- lib/bundler/multilock/ext/source_list.rb
+- lib/bundler/multilock/lockfile_generator.rb
+- lib/bundler/multilock/version.rb
+- plugins.rb
+homepage: https://github.com/instructure/bundler-multilock
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: Support Multiple Lockfiles
+test_files: []