rubygems
bundler lock should have an option to ignore 'without' groups
our svm scanning system relies on Gemfile.lock,
so atm we put a big unless ENV["SKIP_DEV"] around our test/dev gems
to create a new lockfile,
but it would be nice to no need that and have bundle lock --ignore-without
Post steps to reproduce the problem
# Gemfile
gem 'rake', group: :test
bundle
bundle set without test
bundle
cat Gemfile.lock | grep rake # still htere
The with and without configurations are options that are generally poorly understood, since this confusion comes up quite often.
The way they work is that they never affect resolution or the lockfile, they only affect what gets installed (for bundle install), put in the $LOAD_PATH (for bundle exec), and so on. The reason they don't affect bundle lock is that Bundler wants to enforce a consistent set of production dependencies, regardless of the gems that finally get used. In other words, it would be bad if a production depedency (say, Rails), resolved to a different version depending on whether you activate development gems or not.
I think the above makes sense, but seeing how often these are misunderstood makes me wonder if there's a better approach or if we need to provide some "complement" to the base functionality.
I don't love a --ignore-without flag because it somewhat suggests that without configuration is not doing with it intends. I think --ignore-groups or something like that would be better? But also, a flag feels off because then other commands (even with without configuration set) will re-add the gems.
So maybe some configuration symmetric to with and without that also causes groups to be ignored for resolution, like lock_with and lock_without?
lock-without sounds good to me, nice symmetry and obvious what it does compared to "without"