Ryan Moran
Ryan Moran
You are totally right. Its unspecified here, but the `npm-install` and `yarn-install` buildpacks would need to detect that `node-gyp` is a dependency and that `cpython` is required.
An example app that would require `cpython` through `node-gyp` can be found at https://github.com/Gerg/gyp-app.
What's going on with the `Gemfile.lock` being modified at runtime? That seems pretty odd.
Unfortunately, this is all out of our control. The cache and its storage in a remote registry is a CNB platform/lifecycle concern. The buildpack can only optimize those steps that...
While this is pending, I have a hack that could resolve this. Should I open a PR against our code in `packit`? ```diff diff --git a/sbom/internal/formats/cyclonedx13/cyclonedxhelpers/component.go b/sbom/internal/formats/cyclonedx13/cyclonedxhelpers/component.go index 5f173ac..3d042ba 100644...
I don't think we should enforce a semantic that is different than what the Go development team itself defines. Its actually relatively common to see applications with relatively old `go`...
I think that could work. Maybe something like `BP_LOCK_GOMOD_VERSION=true`? If this gets set, we'd treat a `go.mod` file with the directive `go 1.17` as `1.17.x` instead of `>= 1.17.0`.
Resolved by https://github.com/paketo-buildpacks/go-dist/runs/7634149232?check_suite_focus=true