summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorHiroshi SHIBATA <hsbt@ruby-lang.org>2021-06-28 19:25:33 +0900
committernagachika <nagachika@ruby-lang.org>2021-07-07 10:03:15 +0900
commit865221f0ba69f07f700e06b2d2f0a859a01dd233 (patch)
tree2bd6c79b1ada4af36c62a872e7e38d2f7129e7c1 /spec
parenta50de0adfff8166ea18570edafafb0ba501ff2fa (diff)
Merge RubyGems-3.2.21 and Bundler-2.2.21
Diffstat (limited to 'spec')
-rw-r--r--spec/bundler/commands/cache_spec.rb18
-rw-r--r--spec/bundler/install/gemfile/sources_spec.rb87
-rw-r--r--spec/bundler/other/major_deprecation_spec.rb34
-rw-r--r--spec/bundler/quality_spec.rb1
4 files changed, 119 insertions, 21 deletions
diff --git a/spec/bundler/commands/cache_spec.rb b/spec/bundler/commands/cache_spec.rb
index 3bae384620..9bb85c6587 100644
--- a/spec/bundler/commands/cache_spec.rb
+++ b/spec/bundler/commands/cache_spec.rb
@@ -362,6 +362,24 @@ RSpec.describe "bundle install with gem sources" do
expect(the_bundle).to include_gems "rack 1.0.0"
end
+ it "does not hit the remote at all when cache_all_platforms configured" do
+ build_repo2
+ install_gemfile <<-G
+ source "#{file_uri_for(gem_repo2)}"
+ gem "rack"
+ G
+
+ bundle :cache
+ simulate_new_machine
+ FileUtils.rm_rf gem_repo2
+
+ bundle "config set --local cache_all_platforms true"
+ bundle "config set --local path vendor/bundle"
+ bundle "install --local"
+ expect(out).not_to include("Fetching gem metadata")
+ expect(the_bundle).to include_gems "rack 1.0.0"
+ end
+
it "does not reinstall already-installed gems" do
install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}"
diff --git a/spec/bundler/install/gemfile/sources_spec.rb b/spec/bundler/install/gemfile/sources_spec.rb
index d13ba0e607..82129677b3 100644
--- a/spec/bundler/install/gemfile/sources_spec.rb
+++ b/spec/bundler/install/gemfile/sources_spec.rb
@@ -612,9 +612,66 @@ RSpec.describe "bundle install with gems on multiple sources" do
L
end
- it "does not install newer versions or generate lockfile changes when running bundle install, and warns", :bundler => "< 3" do
+ it "does not install newer versions but updates the lockfile format when running bundle install in non frozen mode, and doesn't warn" do
+ bundle :install, :artifice => "compact_index"
+ expect(err).to be_empty
+
+ expect(the_bundle).to include_gems("activesupport 6.0.3.4")
+ expect(the_bundle).not_to include_gems("activesupport 6.1.2.1")
+ expect(the_bundle).to include_gems("tzinfo 1.2.9")
+ expect(the_bundle).not_to include_gems("tzinfo 2.0.4")
+ expect(the_bundle).to include_gems("concurrent-ruby 1.1.8")
+ expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9")
+
+ expect(lockfile).to eq <<~L
+ GEM
+ remote: https://gem.repo2/
+ specs:
+ activesupport (6.0.3.4)
+ concurrent-ruby (~> 1.0, >= 1.0.2)
+ i18n (>= 0.7, < 2)
+ minitest (~> 5.1)
+ tzinfo (~> 1.1)
+ zeitwerk (~> 2.2, >= 2.2.2)
+ concurrent-ruby (1.1.8)
+ connection_pool (2.2.3)
+ i18n (1.8.9)
+ concurrent-ruby (~> 1.0)
+ minitest (5.14.3)
+ rack (2.2.3)
+ redis (4.2.5)
+ sidekiq (6.1.3)
+ connection_pool (>= 2.2.2)
+ rack (~> 2.0)
+ redis (>= 4.2.0)
+ thread_safe (0.3.6)
+ tzinfo (1.2.9)
+ thread_safe (~> 0.1)
+ zeitwerk (2.4.2)
+
+ GEM
+ remote: https://gem.repo3/
+ specs:
+ sidekiq-pro (5.2.1)
+ connection_pool (>= 2.2.3)
+ sidekiq (>= 6.1.0)
+
+ PLATFORMS
+ #{specific_local_platform}
+
+ DEPENDENCIES
+ activesupport
+ sidekiq-pro!
+
+ BUNDLED WITH
+ #{Bundler::VERSION}
+ L
+ end
+
+ it "does not install newer versions or generate lockfile changes when running bundle install in frozen mode, and warns", :bundler => "< 3" do
initial_lockfile = lockfile
+ bundle "config set --local frozen true"
bundle :install, :artifice => "compact_index"
expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.")
@@ -629,9 +686,10 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(lockfile).to eq(initial_lockfile)
end
- it "fails when running bundle install", :bundler => "3" do
+ it "fails when running bundle install in frozen mode", :bundler => "3" do
initial_lockfile = lockfile
+ bundle "config set --local frozen true"
bundle :install, :artifice => "compact_index", :raise_on_error => false
expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.")
@@ -694,9 +752,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
L
end
- it "it keeps the current lockfile format and upgrades the requested gem when running bundle update with an argument, and warns", :bundler => "< 3" do
+ it "upgrades the lockfile format and upgrades the requested gem when running bundle update with an argument" do
bundle "update concurrent-ruby", :artifice => "compact_index"
- expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.")
+ expect(err).to be_empty
expect(the_bundle).to include_gems("activesupport 6.0.3.4")
expect(the_bundle).not_to include_gems("activesupport 6.1.2.1")
@@ -708,7 +766,6 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(lockfile).to eq <<~L
GEM
remote: https://gem.repo2/
- remote: https://gem.repo3/
specs:
activesupport (6.0.3.4)
concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -727,14 +784,18 @@ RSpec.describe "bundle install with gems on multiple sources" do
connection_pool (>= 2.2.2)
rack (~> 2.0)
redis (>= 4.2.0)
- sidekiq-pro (5.2.1)
- connection_pool (>= 2.2.3)
- sidekiq (>= 6.1.0)
thread_safe (0.3.6)
tzinfo (1.2.9)
thread_safe (~> 0.1)
zeitwerk (2.4.2)
+ GEM
+ remote: https://gem.repo3/
+ specs:
+ sidekiq-pro (5.2.1)
+ connection_pool (>= 2.2.3)
+ sidekiq (>= 6.1.0)
+
PLATFORMS
#{specific_local_platform}
@@ -746,16 +807,6 @@ RSpec.describe "bundle install with gems on multiple sources" do
#{Bundler::VERSION}
L
end
-
- it "fails when running bundle update with an argument", :bundler => "3" do
- initial_lockfile = lockfile
-
- bundle "update concurrent-ruby", :artifice => "compact_index", :raise_on_error => false
-
- expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.")
-
- expect(lockfile).to eq(initial_lockfile)
- end
end
context "when a top-level gem has an indirect dependency present in the default source, but with a different version from the one resolved" do
diff --git a/spec/bundler/other/major_deprecation_spec.rb b/spec/bundler/other/major_deprecation_spec.rb
index 41d8ef56bc..494d6a27b5 100644
--- a/spec/bundler/other/major_deprecation_spec.rb
+++ b/spec/bundler/other/major_deprecation_spec.rb
@@ -387,10 +387,38 @@ RSpec.describe "major deprecations" do
)
end
+ it "doesn't show lockfile deprecations if there's a lockfile", :bundler => "< 3" do
+ bundle "install"
+
+ expect(deprecations).to include(
+ "Your Gemfile contains multiple primary sources. " \
+ "Using `source` more than once without a block is a security risk, and " \
+ "may result in installing unexpected gems. To resolve this warning, use " \
+ "a block to indicate which gems should come from the secondary source."
+ )
+ expect(deprecations).not_to include(
+ "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
+ "Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
+ )
+ bundle "config set --local frozen true"
+ bundle "install"
+
+ expect(deprecations).to include(
+ "Your Gemfile contains multiple primary sources. " \
+ "Using `source` more than once without a block is a security risk, and " \
+ "may result in installing unexpected gems. To resolve this warning, use " \
+ "a block to indicate which gems should come from the secondary source."
+ )
+ expect(deprecations).not_to include(
+ "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
+ "Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
+ )
+ end
+
pending "fails with a helpful error", :bundler => "3"
end
- context "bundle install with a lockfile with a single rubygems section with multiple remotes" do
+ context "bundle install in frozen mode with a lockfile with a single rubygems section with multiple remotes" do
before do
build_repo gem_repo3 do
build_gem "rack", "0.9.1"
@@ -419,12 +447,14 @@ RSpec.describe "major deprecations" do
BUNDLED WITH
#{Bundler::VERSION}
L
+
+ bundle "config set --local frozen true"
end
it "shows a deprecation", :bundler => "< 3" do
bundle "install"
- expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch.")
+ expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure.")
end
pending "fails with a helpful error", :bundler => "3"
diff --git a/spec/bundler/quality_spec.rb b/spec/bundler/quality_spec.rb
index 524870ca9e..08ec8bed5c 100644
--- a/spec/bundler/quality_spec.rb
+++ b/spec/bundler/quality_spec.rb
@@ -169,7 +169,6 @@ RSpec.describe "The library itself" do
it "documents all used settings" do
exemptions = %w[
- deployment_means_frozen
forget_cli_options
gem.changelog
gem.ci
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 07:54:10 +0000