Reputation: 61
How to avoid Bundler Authentication Call in production for a gem only used in development group?
We currently host a gem (custom version of rubocop) in a private Github repo for one of our rails applications. In order to successfully bundle install that gem, bundler needs to have credentials with read permissions to that repo. We only use this gem for local development, and so the gem is listed under the development group in our project's Gemfile:
group :development do
...
source 'https://rubygems.pkg.github.com/<org>' do
gem '<custom-gem>'
end
end
Associated entry in Gemfile.lock
GEM
remote: https://rubygems.pkg.github.com/<org>/
specs:
<org>-rubocop (0.1.2)
rubocop (= 0.77.0)
rubocop-rails (= 2.4.0)
For production, we do not need this gem, however we encountered an error during the deploy phase where bundle is still asking for the credentials, even though the gem will not be in use.
This error may have manifested itself after upgrading bundler from 2.2.28 to 2.3.7, but we're not positive about that.
Is it possible to configure bundler to avoid making the authentication call for a gem that will not be in use? If we can avoid this authentication call, then we can avoid specifying sensitive credentials in our production environment, which would be a lot less work...Any bundler documentation or existing Github issue that answers this question would be greatly appreciated!
Other details:
Ruby 3.1.1
Rails 7.0.2.3
In production build, we are specifying the following command:
bundle config set --local without 'development test' && bundle install
Build Logs tipping us off to the issue:
Step #1 - "build-push": Authentication is required for rubygems.pkg.github.com.
Step #1 - "build-push": Please supply credentials for this source. You can do this by running:
Step #1 - "build-push": `bundle config set --global rubygems.pkg.github.com username:password`
Step #1 - "build-push": or by storing the credentials in the `BUNDLE_RUBYGEMS__PKG__GITHUB__COM`
Upvotes: 6
Views: 1145
Answers (3)
Reputation: 61
Not sure if this is an all-encompassing answer to the issue, but the following changes seem to resolve the problem. I'd love to hear from anyone who might have some thoughts that might explain why this solution works or thoughts disproving my hypothesis : )
Our Gemfile.lock had the following entry:
PLATFORMS
x86_64-darwin-21
Adding the following platform entry:
bundle lock --add-platform x86_64-linux
Results in a the Platforms entry to be updated to
PLATFORMS
x86_64-darwin-21
x86_64-linux
After this update, bundler seems to be respecting the gem groups and does not make an authentication request to the private repo hosting our custom gem.
Upvotes: 0
Reputation: 2661
If I had to guess, I think your command needs to be updated to have a colon-separated list of groups to skip.
From the Bundler Docs
without (BUNDLE_WITHOUT): A :-separated list of groups whose gems bundler should not install.
So try to update your command to the following and see what happens:
bundle config set --local without 'development:test' && bundle install
Upvotes: 0
Related Questions
- Ruby Bundler Authentication Error
- Bundler: How can I configure a group of gems so that they are not downloaded in Production?
- Store credentials for gems server
- Rails: group :production do
- Ruby on Rails: Bundler & Capistrano: specify which groups (development, test) are to be excluded when deploying
- Bypassing bundler for auxiliary development gems
- Bundler in production not ignoring the development and test gems
- bundler Rails require different gem in development
- Cannot bundle in production
- Is there a way to use Bundler for production gems?