diff options
author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-06-28 19:25:33 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2021-07-07 10:03:15 +0900 |
commit | 865221f0ba69f07f700e06b2d2f0a859a01dd233 (patch) | |
tree | 2bd6c79b1ada4af36c62a872e7e38d2f7129e7c1 /spec | |
parent | a50de0adfff8166ea18570edafafb0ba501ff2fa (diff) |
Merge RubyGems-3.2.21 and Bundler-2.2.21
Diffstat (limited to 'spec')
-rw-r--r-- | spec/bundler/commands/cache_spec.rb | 18 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/sources_spec.rb | 87 | ||||
-rw-r--r-- | spec/bundler/other/major_deprecation_spec.rb | 34 | ||||
-rw-r--r-- | spec/bundler/quality_spec.rb | 1 |
4 files changed, 119 insertions, 21 deletions
diff --git a/spec/bundler/commands/cache_spec.rb b/spec/bundler/commands/cache_spec.rb index 3bae384620..9bb85c6587 100644 --- a/spec/bundler/commands/cache_spec.rb +++ b/spec/bundler/commands/cache_spec.rb @@ -362,6 +362,24 @@ RSpec.describe "bundle install with gem sources" do expect(the_bundle).to include_gems "rack 1.0.0" end + it "does not hit the remote at all when cache_all_platforms configured" do + build_repo2 + install_gemfile <<-G + source "#{file_uri_for(gem_repo2)}" + gem "rack" + G + + bundle :cache + simulate_new_machine + FileUtils.rm_rf gem_repo2 + + bundle "config set --local cache_all_platforms true" + bundle "config set --local path vendor/bundle" + bundle "install --local" + expect(out).not_to include("Fetching gem metadata") + expect(the_bundle).to include_gems "rack 1.0.0" + end + it "does not reinstall already-installed gems" do install_gemfile <<-G source "#{file_uri_for(gem_repo1)}" diff --git a/spec/bundler/install/gemfile/sources_spec.rb b/spec/bundler/install/gemfile/sources_spec.rb index d13ba0e607..82129677b3 100644 --- a/spec/bundler/install/gemfile/sources_spec.rb +++ b/spec/bundler/install/gemfile/sources_spec.rb @@ -612,9 +612,66 @@ RSpec.describe "bundle install with gems on multiple sources" do L end - it "does not install newer versions or generate lockfile changes when running bundle install, and warns", :bundler => "< 3" do + it "does not install newer versions but updates the lockfile format when running bundle install in non frozen mode, and doesn't warn" do + bundle :install, :artifice => "compact_index" + expect(err).to be_empty + + expect(the_bundle).to include_gems("activesupport 6.0.3.4") + expect(the_bundle).not_to include_gems("activesupport 6.1.2.1") + expect(the_bundle).to include_gems("tzinfo 1.2.9") + expect(the_bundle).not_to include_gems("tzinfo 2.0.4") + expect(the_bundle).to include_gems("concurrent-ruby 1.1.8") + expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9") + + expect(lockfile).to eq <<~L + GEM + remote: https://gem.repo2/ + specs: + activesupport (6.0.3.4) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + zeitwerk (~> 2.2, >= 2.2.2) + concurrent-ruby (1.1.8) + connection_pool (2.2.3) + i18n (1.8.9) + concurrent-ruby (~> 1.0) + minitest (5.14.3) + rack (2.2.3) + redis (4.2.5) + sidekiq (6.1.3) + connection_pool (>= 2.2.2) + rack (~> 2.0) + redis (>= 4.2.0) + thread_safe (0.3.6) + tzinfo (1.2.9) + thread_safe (~> 0.1) + zeitwerk (2.4.2) + + GEM + remote: https://gem.repo3/ + specs: + sidekiq-pro (5.2.1) + connection_pool (>= 2.2.3) + sidekiq (>= 6.1.0) + + PLATFORMS + #{specific_local_platform} + + DEPENDENCIES + activesupport + sidekiq-pro! + + BUNDLED WITH + #{Bundler::VERSION} + L + end + + it "does not install newer versions or generate lockfile changes when running bundle install in frozen mode, and warns", :bundler => "< 3" do initial_lockfile = lockfile + bundle "config set --local frozen true" bundle :install, :artifice => "compact_index" expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") @@ -629,9 +686,10 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(lockfile).to eq(initial_lockfile) end - it "fails when running bundle install", :bundler => "3" do + it "fails when running bundle install in frozen mode", :bundler => "3" do initial_lockfile = lockfile + bundle "config set --local frozen true" bundle :install, :artifice => "compact_index", :raise_on_error => false expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") @@ -694,9 +752,9 @@ RSpec.describe "bundle install with gems on multiple sources" do L end - it "it keeps the current lockfile format and upgrades the requested gem when running bundle update with an argument, and warns", :bundler => "< 3" do + it "upgrades the lockfile format and upgrades the requested gem when running bundle update with an argument" do bundle "update concurrent-ruby", :artifice => "compact_index" - expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") + expect(err).to be_empty expect(the_bundle).to include_gems("activesupport 6.0.3.4") expect(the_bundle).not_to include_gems("activesupport 6.1.2.1") @@ -708,7 +766,6 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(lockfile).to eq <<~L GEM remote: https://gem.repo2/ - remote: https://gem.repo3/ specs: activesupport (6.0.3.4) concurrent-ruby (~> 1.0, >= 1.0.2) @@ -727,14 +784,18 @@ RSpec.describe "bundle install with gems on multiple sources" do connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) - sidekiq-pro (5.2.1) - connection_pool (>= 2.2.3) - sidekiq (>= 6.1.0) thread_safe (0.3.6) tzinfo (1.2.9) thread_safe (~> 0.1) zeitwerk (2.4.2) + GEM + remote: https://gem.repo3/ + specs: + sidekiq-pro (5.2.1) + connection_pool (>= 2.2.3) + sidekiq (>= 6.1.0) + PLATFORMS #{specific_local_platform} @@ -746,16 +807,6 @@ RSpec.describe "bundle install with gems on multiple sources" do #{Bundler::VERSION} L end - - it "fails when running bundle update with an argument", :bundler => "3" do - initial_lockfile = lockfile - - bundle "update concurrent-ruby", :artifice => "compact_index", :raise_on_error => false - - expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") - - expect(lockfile).to eq(initial_lockfile) - end end context "when a top-level gem has an indirect dependency present in the default source, but with a different version from the one resolved" do diff --git a/spec/bundler/other/major_deprecation_spec.rb b/spec/bundler/other/major_deprecation_spec.rb index 41d8ef56bc..494d6a27b5 100644 --- a/spec/bundler/other/major_deprecation_spec.rb +++ b/spec/bundler/other/major_deprecation_spec.rb @@ -387,10 +387,38 @@ RSpec.describe "major deprecations" do ) end + it "doesn't show lockfile deprecations if there's a lockfile", :bundler => "< 3" do + bundle "install" + + expect(deprecations).to include( + "Your Gemfile contains multiple primary sources. " \ + "Using `source` more than once without a block is a security risk, and " \ + "may result in installing unexpected gems. To resolve this warning, use " \ + "a block to indicate which gems should come from the secondary source." + ) + expect(deprecations).not_to include( + "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \ + "Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." + ) + bundle "config set --local frozen true" + bundle "install" + + expect(deprecations).to include( + "Your Gemfile contains multiple primary sources. " \ + "Using `source` more than once without a block is a security risk, and " \ + "may result in installing unexpected gems. To resolve this warning, use " \ + "a block to indicate which gems should come from the secondary source." + ) + expect(deprecations).not_to include( + "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \ + "Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." + ) + end + pending "fails with a helpful error", :bundler => "3" end - context "bundle install with a lockfile with a single rubygems section with multiple remotes" do + context "bundle install in frozen mode with a lockfile with a single rubygems section with multiple remotes" do before do build_repo gem_repo3 do build_gem "rack", "0.9.1" @@ -419,12 +447,14 @@ RSpec.describe "major deprecations" do BUNDLED WITH #{Bundler::VERSION} L + + bundle "config set --local frozen true" end it "shows a deprecation", :bundler => "< 3" do bundle "install" - expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch.") + expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure.") end pending "fails with a helpful error", :bundler => "3" diff --git a/spec/bundler/quality_spec.rb b/spec/bundler/quality_spec.rb index 524870ca9e..08ec8bed5c 100644 --- a/spec/bundler/quality_spec.rb +++ b/spec/bundler/quality_spec.rb @@ -169,7 +169,6 @@ RSpec.describe "The library itself" do it "documents all used settings" do exemptions = %w[ - deployment_means_frozen forget_cli_options gem.changelog gem.ci |