Skip to content

Create Bundler container image

Why are we doing this work

The Bundler image will hold the Bundler ecosystem specific update logic. Images are built per ecosystem to save space. This issue covers the work needed to build the Bundler variant.

To get this working, we'll need to have the dependabot-bundler gem installed.

irb(main):001> require 'dependabot/bundler'
warning: parser/current is loading parser/ruby34, which recognizes 3.4.0-dev-compliant syntax, but you are running 3.4.7.
Please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
=> true
irb(main):002> Dependabot::FileFetchers.for_package_manager("bundler")
=> Dependabot::Bundler::FileFetcher
irb(main):003> Dependabot::FileFetchers.for_package_manager("cargo")
/usr/local/bundle/gems/dependabot-common-0.345.0/lib/dependabot/file_fetchers.rb:18:in 'Dependabot::FileFetchers.for_package_manager': Unsupported package_manager cargo (RuntimeError)
        from /usr/local/bundle/gems/sorbet-runtime-0.6.12698/lib/types/private/methods/call_validation_2_7.rb:968:in 'UnboundMethod#bind_call'
        from /usr/local/bundle/gems/sorbet-runtime-0.6.12698/lib/types/private/methods/call_validation_2_7.rb:968:in 'block in Dependabot::FileFetchers.create_validator_method_medium1'
        from (irb):3:in '<main>'
        from <internal:kernel>:168:in 'Kernel#loop'
        from /usr/local/lib/ruby/gems/3.4.0/gems/irb-1.14.3/exe/irb:9:in '<top (required)>'
        from /usr/local/bin/irb:25:in 'Kernel#load'
        from /usr/local/bin/irb:25:in '<main>'

As you can see, when you require the dependabot/bundler module, it'll register the the file fetcher (and updater). Thus, the only thing needed will be the additional install of the gem inside of the core image.

Relevant links

Non-functional requirements

  • Documentation: We should document the file types that we support for dependency updates.
  • Feature flag:
  • Performance:
  • Testing: We should test this against a test project to ensure that it runs as expected.

Implementation plan

  1. Add a bundler.Dockerfile to the dockerfile directory (maybe builds?)
  2. Install the Gem

Verification steps

  1. Run the Bundler updater image against a Ruby project using the Updater.
  2. Verify that it correctly detects the files to update.
Edited by Oscar Tovar