bundler-multilock 1.1.2 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/bundler/multilock/check.rb +33 -35
- data/lib/bundler/multilock/lockfile_generator.rb +4 -0
- data/lib/bundler/multilock/version.rb +1 -1
- data/lib/bundler/multilock.rb +13 -10
- metadata +10 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae43b2fb6574790232991cd23d08d435ed0cc0d413b742a22873db23954dcd5a
|
|
4
|
+
data.tar.gz: c63455f34150db51a3d667bac13fb6376f94e26bc5cb004ae2b19b0d3c5613fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d7dddd5f731f05f34ad7dbe958ea7fd06a920749e571208d6b91bcf2cfde11816dd09885f887d2059dc5501f36c89ae5a41feebf9f02958487dc6dfa3ae8a0ff
|
|
7
|
+
data.tar.gz: 22a251eaaad1c1f79668bcb5417a1581ae7865489dfec949d5c44e05d783b085ef0e19780f6b4181ac32c178b458285614ba910bc8bc173397c15365f18b8e74
|
|
@@ -58,7 +58,7 @@ module Bundler
|
|
|
58
58
|
|
|
59
59
|
# this is mostly equivalent to the built in checks in `bundle check`, but even
|
|
60
60
|
# more conservative, and returns false instead of exiting on failure
|
|
61
|
-
def base_check(lockfile_definition, log_missing: false, return_missing: false)
|
|
61
|
+
def base_check(lockfile_definition, log_missing: false, return_missing: false, check_missing_deps: false)
|
|
62
62
|
return return_missing ? [] : false unless lockfile_definition[:lockfile].file?
|
|
63
63
|
|
|
64
64
|
Multilock.prepare_block = lockfile_definition[:prepare]
|
|
@@ -83,14 +83,17 @@ module Bundler
|
|
|
83
83
|
|
|
84
84
|
return not_installed if return_missing
|
|
85
85
|
|
|
86
|
-
not_installed.empty? && definition.no_resolve_needed?
|
|
86
|
+
return false unless not_installed.empty? && definition.no_resolve_needed?
|
|
87
|
+
return true unless check_missing_deps
|
|
88
|
+
|
|
89
|
+
(definition.locked_gems.dependencies.values - definition.dependencies).empty?
|
|
87
90
|
ensure
|
|
88
91
|
Multilock.prepare_block = nil
|
|
89
92
|
end
|
|
90
93
|
|
|
91
94
|
# this checks for mismatches between the parent lockfile and the given lockfile,
|
|
92
95
|
# and for pinned dependencies in lockfiles requiring them
|
|
93
|
-
def check(lockfile_definition
|
|
96
|
+
def check(lockfile_definition)
|
|
94
97
|
success = true
|
|
95
98
|
proven_pinned = Set.new
|
|
96
99
|
needs_pin_check = []
|
|
@@ -109,36 +112,8 @@ module Bundler
|
|
|
109
112
|
success = false
|
|
110
113
|
end
|
|
111
114
|
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
allow_mismatched_dependencies = lockfile_definition[:allow_mismatched_dependencies]
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
# build list of top-level dependencies that differ from the parent lockfile,
|
|
118
|
-
# and all _their_ transitive dependencies
|
|
119
|
-
if allow_mismatched_dependencies
|
|
120
|
-
transitive_dependencies = Set.new
|
|
121
|
-
# only dependencies that differ from the parent lockfile
|
|
122
|
-
pending_transitive_dependencies = lockfile.dependencies.reject do |name, dep|
|
|
123
|
-
parent_lockfile.dependencies[name] == dep
|
|
124
|
-
end.map(&:first)
|
|
125
|
-
|
|
126
|
-
until pending_transitive_dependencies.empty?
|
|
127
|
-
dep = pending_transitive_dependencies.shift
|
|
128
|
-
next if transitive_dependencies.include?(dep)
|
|
129
|
-
|
|
130
|
-
transitive_dependencies << dep
|
|
131
|
-
platform_specs = specs[dep]
|
|
132
|
-
unless platform_specs
|
|
133
|
-
# should only be bundler that's missing a spec
|
|
134
|
-
raise "Could not find spec for dependency #{dep}" unless dep == "bundler"
|
|
135
|
-
|
|
136
|
-
next
|
|
137
|
-
end
|
|
138
|
-
|
|
139
|
-
pending_transitive_dependencies.concat(platform_specs.flat_map(&:dependencies).map(&:name).uniq)
|
|
140
|
-
end
|
|
141
|
-
end
|
|
115
|
+
reverse_dependencies = cache_reverse_dependencies(lockfile)
|
|
116
|
+
parent_reverse_dependencies = cache_reverse_dependencies(parent_lockfile)
|
|
142
117
|
|
|
143
118
|
# look through top-level explicit dependencies for pinned requirements
|
|
144
119
|
if lockfile_definition[:enforce_pinned_additional_dependencies]
|
|
@@ -146,7 +121,7 @@ module Bundler
|
|
|
146
121
|
end
|
|
147
122
|
|
|
148
123
|
# check for conflicting requirements (and build list of pins, in the same loop)
|
|
149
|
-
specs.
|
|
124
|
+
lockfile.specs.each do |spec|
|
|
150
125
|
parent_spec = lockfile_specs[parent][[spec.name, spec.platform]]
|
|
151
126
|
|
|
152
127
|
if lockfile_definition[:enforce_pinned_additional_dependencies]
|
|
@@ -170,7 +145,15 @@ module Bundler
|
|
|
170
145
|
end
|
|
171
146
|
|
|
172
147
|
next if parent_spec.version == spec.version && same_source
|
|
173
|
-
|
|
148
|
+
|
|
149
|
+
# the version in the parent lockfile cannot possibly satisfy the requirements
|
|
150
|
+
# in this lockfile, and vice versa, so we assume it's intentional and allow it
|
|
151
|
+
unless reverse_dependencies[spec.name].satisfied_by?(parent_spec.version) ||
|
|
152
|
+
parent_reverse_dependencies[spec.name].satisfied_by?(spec.version)
|
|
153
|
+
# we're allowing it to differ from the parent, so pin check requirement comes into play
|
|
154
|
+
needs_pin_check << spec if lockfile_definition[:enforce_pinned_additional_dependencies]
|
|
155
|
+
next
|
|
156
|
+
end
|
|
174
157
|
|
|
175
158
|
Bundler.ui.error("#{spec}#{spec.git_version} in #{lockfile_path} " \
|
|
176
159
|
"does not match the parent lockfile's version " \
|
|
@@ -206,6 +189,21 @@ module Bundler
|
|
|
206
189
|
|
|
207
190
|
private
|
|
208
191
|
|
|
192
|
+
def cache_reverse_dependencies(lockfile)
|
|
193
|
+
reverse_dependencies = Hash.new { |h, k| h[k] = Gem::Requirement.default_prerelease }
|
|
194
|
+
|
|
195
|
+
lockfile.dependencies.each_value do |spec|
|
|
196
|
+
reverse_dependencies[spec.name].requirements.concat(spec.requirement.requirements)
|
|
197
|
+
end
|
|
198
|
+
lockfile.specs.each do |spec|
|
|
199
|
+
spec.dependencies.each do |dependency|
|
|
200
|
+
reverse_dependencies[dependency.name].requirements.concat(dependency.requirement.requirements)
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
reverse_dependencies
|
|
205
|
+
end
|
|
206
|
+
|
|
209
207
|
def find_pinned_dependencies(proven_pinned, dependencies)
|
|
210
208
|
dependencies.each do |dependency|
|
|
211
209
|
dependency.requirement.requirements.each do |requirement|
|
data/lib/bundler/multilock.rb
CHANGED
|
@@ -27,11 +27,6 @@ module Bundler
|
|
|
27
27
|
# BUNDLE_LOCKFILE will still override a lockfile tagged as active
|
|
28
28
|
# @param parent [String] The parent lockfile to sync dependencies from.
|
|
29
29
|
# Also used for comparing enforce_pinned_additional_dependencies against.
|
|
30
|
-
# @param allow_mismatched_dependencies [true, false]
|
|
31
|
-
# Allows version differences in dependencies between this lockfile and
|
|
32
|
-
# the default lockfile. Note that even with this option, only top-level
|
|
33
|
-
# dependencies that differ from the default lockfile, and their transitive
|
|
34
|
-
# depedencies, are allowed to mismatch.
|
|
35
30
|
# @param enforce_pinned_additional_dependencies [true, false]
|
|
36
31
|
# If dependencies are present in this lockfile that are not present in the
|
|
37
32
|
# default lockfile, enforce that they are pinned.
|
|
@@ -44,12 +39,15 @@ module Bundler
|
|
|
44
39
|
active: nil,
|
|
45
40
|
default: nil,
|
|
46
41
|
parent: nil,
|
|
47
|
-
allow_mismatched_dependencies:
|
|
42
|
+
allow_mismatched_dependencies: nil,
|
|
48
43
|
enforce_pinned_additional_dependencies: false,
|
|
49
44
|
&block)
|
|
50
45
|
# backcompat
|
|
51
46
|
active = default if active.nil?
|
|
52
47
|
Bundler.ui.warn("lockfile(default:) is deprecated. Use lockfile(active:) instead.") if default
|
|
48
|
+
unless allow_mismatched_dependencies.nil?
|
|
49
|
+
Bundler.ui.warn("lockfile(allow_mismatched_dependencies:) is deprecated.")
|
|
50
|
+
end
|
|
53
51
|
|
|
54
52
|
active = true if active.nil? && lockfile_definitions.empty? && lockfile.nil? && gemfile.nil?
|
|
55
53
|
|
|
@@ -81,7 +79,6 @@ module Bundler
|
|
|
81
79
|
active: active,
|
|
82
80
|
prepare: block,
|
|
83
81
|
parent: parent,
|
|
84
|
-
allow_mismatched_dependencies: allow_mismatched_dependencies,
|
|
85
82
|
enforce_pinned_additional_dependencies: enforce_pinned_additional_dependencies
|
|
86
83
|
})
|
|
87
84
|
|
|
@@ -149,7 +146,6 @@ module Bundler
|
|
|
149
146
|
require_relative "multilock/lockfile_generator"
|
|
150
147
|
|
|
151
148
|
Bundler.ui.debug("Syncing to alternate lockfiles")
|
|
152
|
-
Bundler.ui.info ""
|
|
153
149
|
|
|
154
150
|
attempts = 1
|
|
155
151
|
|
|
@@ -171,8 +167,8 @@ module Bundler
|
|
|
171
167
|
up_to_date = false
|
|
172
168
|
Bundler.settings.temporary(frozen: true) do
|
|
173
169
|
Bundler.ui.silence do
|
|
174
|
-
up_to_date = checker.base_check(lockfile_definition) &&
|
|
175
|
-
checker.check(lockfile_definition
|
|
170
|
+
up_to_date = checker.base_check(lockfile_definition, check_missing_deps: true) &&
|
|
171
|
+
checker.check(lockfile_definition)
|
|
176
172
|
end
|
|
177
173
|
end
|
|
178
174
|
if up_to_date
|
|
@@ -426,9 +422,16 @@ module Bundler
|
|
|
426
422
|
|
|
427
423
|
orig_definition = definition.dup # we might need it twice
|
|
428
424
|
|
|
425
|
+
# install gems for the exact current version of the lockfile
|
|
426
|
+
# this ensures it doesn't re-resolve with only (different)
|
|
427
|
+
# local gems after you've pulled down an update to the lockfile
|
|
428
|
+
# from someone else
|
|
429
429
|
if current_lockfile.exist? && install
|
|
430
430
|
Bundler.settings.temporary(frozen: true) do
|
|
431
431
|
current_definition = builder.to_definition(current_lockfile, {})
|
|
432
|
+
# if something has changed, we skip this step; it's unlocking anyway
|
|
433
|
+
next unless current_definition.no_resolve_needed?
|
|
434
|
+
|
|
432
435
|
current_definition.resolve_with_cache!
|
|
433
436
|
if current_definition.missing_specs.any?
|
|
434
437
|
Bundler.with_default_lockfile(current_lockfile) do
|
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-multilock
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1
|
|
4
|
+
version: 1.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Instructure
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 2.4.19
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '2.6'
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: 2.4.19
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '2.6'
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: debug
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|