Dependabot-core: Support bundler package cache

Created on 21 May 2019 · 8Comments · Source: dependabot/dependabot-core

Our app uses the bundle package feature to cache the gem files in the repo, which speeds up CI and deploys (since it doesn't have to download any files from rubygems or elsewhere).

It looks like the PRs that dependabot open only update the Gemfile and Gemfile.lock, but don't add/remove the changed .gem files from ./vendor/cache. Could support for this be added?

https://bundler.io/v1.6/bundle_package.html

language-support Lbundler feature-request

Source

paul

👍20

Most helpful comment

Until this is available automatically, I've created a GitHub Action that does this. Feel free to copy and adapt to your needs:

https://gist.github.com/filipkis/fab89a09f54ffdd8e70c063755e7ce7f

filipkis on 8 Feb 2020

👍2

All 8 comments

We use bundle package as well. Without support for this feature, we must manually intervene before merging the PR's opened by dependabot.

jknipp on 30 May 2019

We'd love to add support for this. Once things quieten down and we have some extra resource we'll get it done :-)

greysteil on 30 May 2019

❤1 👍1

Love to have this feature 👍

runlevel5 on 5 Sep 2019

👍1

:+1: also a big fan of this feature.

jmonteiro on 25 Nov 2019

Until this is available automatically, I've created a GitHub Action that does this. Feel free to copy and adapt to your needs:

https://gist.github.com/filipkis/fab89a09f54ffdd8e70c063755e7ce7f

filipkis on 8 Feb 2020

👍2

@filipkis thanks for sharing that workflow :)

There's a small gotcha with it, if you ask dependabot to rebase after the workflow has run, the commit that the workflow pushed will be lost – it is because the commit is made with the same email/username as dependabot, and then dependabot doesn't understand that changes have been made.

See the discussion from https://github.com/Starkast/wikimum/pull/151#issuecomment-594515386 and the comments from @feelepxyz about it.

dentarg on 5 Mar 2020

I think this is now solved? https://github.blog/changelog/2020-09-23-dependabot-supports-vendoring-for-ruby-bundler/

dentarg on 30 Sep 2020

I think this is now solved? https://github.blog/changelog/2020-09-23-dependabot-supports-vendoring-for-ruby-bundler/

Yep! 🎉

There's a small gotcha with it, if you ask dependabot to rebase after the workflow has run, the commit that the workflow pushed will be lost – it is because the commit is made with the same email/username as dependabot, and then dependabot doesn't understand that changes have been made.

FYI, nowadays, if you want dependabot to ignore/rebase over a(n) (automated) commit you made, you can include [dependabot skip] in the PR message and dependabot will force push changes over it.