heroku-buildpack-ruby
heroku-buildpack-ruby copied to clipboard
heroku
Upstream bundler change removes credentials from Gemfile.lock, breaking Heroku build process
See https://github.com/rubygems/rubygems/pull/7560#issuecomment-2110229891
This buildpack currently uses Bundler 2.5.6.
If you have a gem with credentials in its URL (e.g. via the instructions at Getting Started with Karafka Pro), then Bundler 2.5.10 or later no longer writes the credentials to Gemfile.lock.
When you try to deploy to Heroku, this buildpack fails because Bundler 2.5.6 does not properly support this use case.
Relevant build output:
-----> Installing dependencies using bundler 2.5.6
Running: BUNDLE_WITHOUT='development:test' BUNDLE_PATH=vendor/bundle BUNDLE_BIN=vendor/bundle/bin BUNDLE_DEPLOYMENT=1 bundle install -j4
Fetching gem metadata from https://rubygems.org/........
Authentication is required for gems.karafka.io.
Please supply credentials for this source. You can do this by running:
`bundle config set --global gems.karafka.io username:password`
or by storing the credentials in the `BUNDLE_GEMS__KARAFKA__IO` environment
variable
The workaround is to downgrade back to Bundler 2.5.6 or earlier when generating Gemfile.lock.
This is fixed in Bundler 2.5.12 and up (https://github.com/rubygems/rubygems/pull/7720)
But we can't seem to get Heroku to install the gems using 2.5.12, for example. Installing bundelr 2.5.6 and locking the Gemfile to that worked https://github.com/heroku/heroku-buildpack-ruby/blob/5fc57092a991af0af158c121b331e75eff05aa8c/lib/language_pack/helpers/bundler_wrapper.rb#L41-L43
