When creating a new Rails application, why is there a Gemfile.lock file without running bundle install?

Question

And, how does the system install all the gems for the application without going through the bundle install process?

Note: This question is about the process of creating a new application. Not the same question as In Rails, why there is a new Gemfile.lock when no bundle or bundle install was run? (and a new Gemfile timestamp too) .

Answer 1

When you do rails new <app>, as part of setup it runs bundle install for you.

Answer 2

Gemfile.lock is a snapshot of the gems and their versions created when you run bundle install. As explained in the Checking Your Code into Version Control section of the Bundler rationale:

Gemfile.lock makes your application a single package of both your own code and the third-party code it ran the last time so you know for sure that everything worked. Specifying exact versions of the third-party code you depend on in your Gemfile would not provide the same guarantee, because gems usually declare a range of versions for their dependencies.

Gems can be installed outside of bundler by RubyGems (e.g. gem install gem_name) but it's best to use RVM which allows you to install separate versions of Ruby and manage individual gemsets for each application as explained in the RVM best practices.