Fetch custom Ruby version file specified by ruby file: option in Gemfile#14617
Open
wt-l00 wants to merge 1 commit into
Open
Fetch custom Ruby version file specified by ruby file: option in Gemfile#14617wt-l00 wants to merge 1 commit into
ruby file: option in Gemfile#14617wt-l00 wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Bundler support for Gemfiles that specify a Ruby version file via the ruby file: DSL option, so Dependabot can fetch and use that file when preparing/update-checking/updating Bundler projects.
Changes:
- Detect
ruby file: "..."in the Gemfile and fetch the referenced version file as an additional support file. - Include the fetched custom Ruby version file in prepared dependency file sets (parser + update checker) and write it into the temp repo during lockfile updates.
- Add fixtures and specs covering fetching and processing a repository using
ruby file:.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| bundler/lib/dependabot/bundler/file_fetcher.rb | Fetches the custom Ruby version file referenced by ruby file: and includes it in fetched files. |
| bundler/lib/dependabot/bundler/file_parser/file_preparer.rb | Includes the custom Ruby version file in the prepared file set used by the parser. |
| bundler/lib/dependabot/bundler/update_checker/file_preparer.rb | Includes the custom Ruby version file in the prepared file set used by the update checker. |
| bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb | Writes the custom Ruby version file into the temporary working directory during lockfile updates. |
| bundler/spec/dependabot/bundler/file_fetcher_spec.rb | Adds a spec asserting the custom Ruby version file is fetched. |
| bundler/spec/dependabot/bundler/file_parser/file_preparer_spec.rb | Adds a spec asserting the custom Ruby version file is present in prepared files. |
| bundler/spec/dependabot/bundler/update_checker/latest_version_finder_spec.rb | Adds a regression spec using the new fixture project. |
| bundler/spec/dependabot/bundler/file_updater_spec.rb | Adds a regression spec ensuring updates work with ruby file: projects. |
| bundler/spec/fixtures/projects/bundler2/ruby_file_option/Gemfile | Fixture Gemfile using ruby file:. |
| bundler/spec/fixtures/projects/bundler2/ruby_file_option/Gemfile.lock | Fixture lockfile for the new project fixture. |
| bundler/spec/fixtures/projects/bundler2/ruby_file_option/custom-ruby-version | Fixture custom Ruby version file. |
| bundler/spec/fixtures/github/contents_ruby_with_custom_version_file.json | GitHub API contents fixture including the custom version file. |
| bundler/spec/fixtures/github/gemfile_with_ruby_file_option_content.json | GitHub API fixture for Gemfile content containing ruby file:. |
| bundler/spec/fixtures/github/custom_ruby_version_content.json | GitHub API fixture for the custom Ruby version file content. |
…mfile Add support for Bundler's `ruby file: "filename"` syntax, which allows managing the Ruby version via an external file. The FileFetcher now fetches the referenced file as a support file. - Add `ruby_file_version_filename` to extract the filename from Gemfile content using a regex - Add `ruby_file_version_file` to fetch the file via `fetch_support_file` - Wire it into `fetch_files` following the same pattern as `.ruby-version` and `.tool-versions` ref: ruby/rubygems@fb9354b
wt-l00
force-pushed
the
support_ruby_file_syntax
branch
from
b3a9150 to
c9c9adf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What are you trying to accomplish?
Gemfile supports a ruby file: "custom-ruby-version" syntax to read the Ruby version from an arbitrary file (e.g. mise.toml). However, the Bundler file fetcher only fetched .ruby-version and .tool-versions as version constraint files, and did not fetch the custom version file specified by the ruby file: option.
Without fetching this file, Dependabot cannot correctly interpret Ruby version constraints, which may cause dependency updates to fail.
This PR fixes the issue by detecting the ruby file: option in the Gemfile and including the specified file in the set of fetched files ref: https://github.com/ruby/rubygems/blob/98c0e49dcb59021223952ff41e310161e33a1626/bundler/lib/bundler/ruby_dsl.rb#L43-L65.
Anything you want to highlight for special attention from reviewers?
(/^\s*ruby\s+file:\s*['"]([^'"]+)['"]/). The extracted path is normalized via Pathname#cleanpath andrejected if it starts with .. to prevent directory traversal.
.tool-versions).
How will you know you've accomplished your goal?
The added spec verifies that when fetching files from a repository whose Gemfile contains ruby file: "custom-ruby-version", the specified custom version file is included in the fetched files, and the total number of fetched files is 3 (Gemfile, Gemfile.lock, and custom-ruby-version).
Checklist