CI: Expand ruby version matrix for broader Ruby compatibility#58
Conversation
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the gem’s supported Ruby baseline and CI matrix to validate compatibility across a wider set of modern Ruby versions, while removing the repository Gemfile.lock to avoid cross-version dependency resolution conflicts.
Changes:
- Drop Ruby 2.7 support (gemspec + RuboCop target) and re-enable CI for Ruby 3.0/3.1 while adding Ruby 4.0 to the matrix.
- Remove
Gemfile.lockfrom the repo and ignore it going forward. - Adjust BOM component hash construction formatting and tweak dev dependency constraints.
Reviewed changes
Copilot reviewed 4 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| lib/cyclonedx/bom_component.rb | Makes hashes/licenses array entries explicit hash objects. |
| Gemfile.lock | Removes the lockfile from the repository. |
| cyclonedx-ruby.gemspec | Raises minimum Ruby to 3.0 and adjusts cucumber dev dependency constraints. |
| .rubocop.yml | Updates RuboCop target Ruby version to 3.0. |
| .gitignore | Ignores Gemfile.lock going forward. |
| .github/workflows/ruby.yml | Expands CI Ruby version matrix (adds 4.0, re-adds 3.0/3.1). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
extern-c
force-pushed
the
ci/expand-ruby-version-matrix
branch
from
e5037d9 to
8ab4cf1
Compare
Signed-off-by: Amauri Bizerra <10775696+extern-c@users.noreply.github.com>
|
@pboling may i ask for a review? |
|
The benefits of omitting Gemfile.lock are negligible/non-existent when the surrounding harness allows it. Over time we can build that harness, so omitting it initially is fine. |
pboling
left a comment
pboling
left a comment
There was a problem hiding this comment.
LGTM! We'll add the Gemfile.lock back once it makes sense to do so (once we have appraisals splitting each ruby version into an isolated bucket).
|
thank you so much for your work. |
Description
This PR resolves issue #43 by addressing dependency conflicts and updating supported Ruby versions. CI was previously failing due to
Gemfile.lockconstraints across multiple Ruby versions.Ruby 2.7 support was also causing dependency incompatibilities.Please note that Ruby 2.7 reached end of life on March 31, 2023. Dropping support for this version helps reduce ongoing maintenance burden and avoid future dependency incompatibilities.Source: Ruby Maintenance Branches
I understand that there are different opinions on whether
Gemfile.lockshould be included in gems; however, in this case, I believe the benefits of omitting it outweigh the drawbacks.AI Tool Disclosure
[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.][e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.][Summarize the key prompts or instructions given to the AI tools]Affirmation