Skip to content

Update Rubygems to v3.2.33 to ensure bundler v2.2.33 is installed

Stan Hu requested to merge sh-update-bundler-ruby into master

What does this MR do?

Ruby v2.7.5 ships with bundler v2.1.4 by default, and that version contains a number of bugs in CVEs that have been fixed.

This update to RubyGems ensures bundler v2.2.33 is installed. Also use the --no-document flag to speed installs. This is already done in the UBI-8 build.

This is alternative approach to !1100 (closed).

Before

$ docker run -it registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:master bash
Begin parsing .erb templates from /srv/gitlab/config
Begin parsing .tpl templates from /srv/gitlab/config
root@8e020d67af46:/# gem list bundle

*** LOCAL GEMS ***

bundler (2.3.15, default: 2.2.19)

After

$ docker run -it  registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:sh-update-bundler-ruby bash
Begin parsing .erb templates from /srv/gitlab/config
Begin parsing .tpl templates from /srv/gitlab/config
root@6ccdfd3b158d:/# gem --version
3.2.33
root@6ccdfd3b158d:/# gem list bundler

*** LOCAL GEMS ***

bundler (2.3.15, default: 2.2.33)
$ docker run -it registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:sh-update-bundler-ruby-ubi8-ubi8  bash
gem list bundler
gem list bundler
Begin parsing .erb templates from /srv/gitlab/config
Begin parsing .tpl templates from /srv/gitlab/config
[root@3f2e0f8b582a /]# gem list bundler

*** LOCAL GEMS ***

bundler (2.3.15, default: 2.2.33)

Related issues

Relates to https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3471

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

  • Merge Request Title, and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Integration tests added to GitLab QA
  • The impact any change in container size has should be evaluated
Edited by Stan Hu

Merge request reports