-
-
Notifications
You must be signed in to change notification settings - Fork 269
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundler installation fails on Ruby 2.1 due to RubyGems.org dependency API deprecation #493
Comments
I think this can be worked around by using Lines 17 to 23 in 55283cc
Lines 91 to 94 in 55283cc
2.2 failed too at https://github.com/ruby/setup-ruby/actions/runs/4658840660/jobs/8253314480?pr=494#step:3:24 (segfault though 😦) but 1.9 and 2.0 didn't fail, but looks to me they should have failed too 🤔 Is it the RubyGems version that matter? (Really old versions does not know about the "Dependency API"?) |
Seems related: rubygems/rubygems.org#3698 |
The Test bundler: 1.x for old Ruby job from that run also failed with an error that's possibly related (again with 2.2):
That rubygems.org bug looks like exactly the same issue. I've searched through the rubygems commit history looking for references to the dependencies API. It was first used by v2.0.0 (rubygems/rubygems@01c296c). The reference was finally removed in v3.2.3 (rubygems/rubygems@6b5d465). There are changes to how it used and how API errors are handled along the way. The Ruby 2.1 build is using rubygems v2.2.5. That version uses the API in When installing bundler with Ruby 2.1 today (no brownout)
Perhaps the brownout was returning a 200 OK or 204 No Content for HEAD requests, whilst returning 404 Not Found for GET requests? If that's the case then the removal of the dependencies API might resolve this issue. |
Going by the tests added in rubygems/rubygems.org#3477 that looks like a possible explanation... @indirect or @segiddins probably knows more? |
... I think that's likely, let me check our CDN |
Is there anything we can do about this in setup-ruby? |
We fixed an issue with the server responses during the brownout that we believe will correct the fallback behavior in older Bundler versions. We’ll find out for sure in the next brownout in a couple of days. 👍🏻
…----
On Apr 15, 2023, at 6:49 AM, Benoit Daloze ***@***.***> wrote:
Is there anything we can do about this in setup-ruby?
Maybe always using Bundler 1.12+ on Ruby 2.1, and maybe on 1.9 & 2.0 too?
I'd love to have a PR from RubyGems folks about this since I guess they know best the envisioned solution for those old Rubies.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Thanks @indirect and @segiddins. There's another brownout today (2023-04-17). I can confirm GET and HEAD requests are both now returning 404 Not Found:
Ruby 2.1 is now able to install bundler: https://github.com/tzinfo/tzinfo/actions/runs/4657567472/jobs/8382560503 The issue that @dentarg spotted with Ruby 2.2 (Marshal.load reentered at marshal_load) has also now been independently raised as #496. |
@philr can this be closed? |
Yes, I've not seen any issues with Ruby 2.1 since the fixes were made to make the API requests return a 404. |
Ensure the following before filing this issue
I verified it reproduces with the latest version with
- uses: ruby/setup-ruby@v1
(see Versioning policy)I tried to reproduce the issue locally by following the workflow steps (including all commands done by
ruby/setup-ruby
, except forDownloading Ruby
&Extracting Ruby
),and it did not reproduce locally (if it does reproduce locally, it's not a ruby/setup-ruby issue)
Are you running on a GitHub-hosted runner or a self-hosted runner?
GitHub-hosted runner
Link to the failed workflow job (must be a public workflow job, so the necessary information is available)
https://github.com/tzinfo/tzinfo/actions/runs/4657561879/jobs/8242275341
Any other notes?
I can reproduce this issue locally with the same versions of Ruby and RubyGems. I think this still counts as an issue because it makes Ruby 2.1 with bundler unusable through setup-ruby.
The RubyGems.org dependency API is being deprecated and removed, see: https://blog.rubygems.org/2023/02/22/dependency-api-deprecation.html, https://blog.rubygems.org/2023/04/07/dependency-api-deprecation-delayed.html, rubygems/rubygems.org#3477 and rubygems/rubygems.org#3692.
There's a brownout period today (April 10) where the dependencies API is returning 404 responses. This causes the
gem install bundler -v ~> 1.0
command issued under 'Installing Bundler' to fail with Ruby 2.1 on Ubuntu:and Windows:
Other Ruby versions appear to be unaffected.
The text was updated successfully, but these errors were encountered: