A History of Bundles: 2010 to 2017

Transcript

1. A History of Bundles the story of Ruby’s dependency manager

2. André Arko @indirect

3. None

4. therubyway.io

5. None
6. None

7. The Road to 1.0 (2008-2010)

8. installing gems was easy

9. upgrading gems was hard

10. How Does Bundler Work, Anyway? see also André Arko, RubyConf

    2015

11. Bundler was made for a very specific problem

12. two insights the design was driven by

13. dependency resolver okay, what is a

14. install-time sounds good, what about

15. lockfile neat, how about the

16. Bundler together, these things are

17. git gems were new and very cool

18. bundle gem another new thing was

19. Bundler: Painless Dependency Management see also André Arko, RailsConf 2010

20. Now It’s Too Slow (2010-2012)

21. at first we just wanted it to work

22. no one had giant apps when it was new,

23. small apps were also slow sadly, for different reasons,

24. @qrush wrote a new API a hero rises

25. `bundle install` Y U SO SLOW see also terence lee

    & andré arko, ruby on ales 2012

26. lots less data lots more requests, but

27. lots more requests lots less data, but

28. cool new stuff!

29. bundle clean cool new stuff!

30. bundle clean bundle outdated cool new stuff!

31. bundle clean bundle outdated bundle cache --all cool new stuff!

32. git clone https://github.com/foo/foo gem “foo”, github: “foo/foo” bundle config local.foo

    ~/path/to/foo git local development

33. ruby “1.9.3” application ruby versions

34. Victims of Our Own Success (2012-2014)

35. we DDoSed RubyGems.org so many new Bundler users

36. Bundler API a completely new

37. (that’s very nearly almost what Jamie Zawinski said, anyway) Some

    people, when confronted with a problem, think “I know, I'll write a webapp and throw it up on Heroku.” Now they have two problems.

38. sets of problems completely new

39. less contributors less popular technology

40. Deathmatch: Bundler vs. RubyGems see also `bundle install` Y U

    SO SLOW: Server Edition André Arko, Scottish RubyConf 2013 Terence Lee, Ruby on Ales 2013

41. still, some cool new stuff!

42. multithreaded installs still, some cool new stuff!

43. multithreaded installs non-recursive resolver still, some cool new stuff!

44. multithreaded installs non-recursive resolver https support for git still, some

    cool new stuff!

45. bundler’s first CVE also some uncool stuff:

46. multiple gem sources mean your app can be attacked

47. after the first source, use source blocks to stay safe

    source “https://rubygems.org" gem “some_gem” source “https://other-server.com" do gem “other_gem” end

48. A New Hope (2015-2017)

49. as devs burned out, community funding appeared

50. Ruby Central project grants

51. Stripe open source grants

52. Stripe and Engine Yard Bundler project funding

53. Ruby Together a non-profit trade association

54. funded by viewers like you rubytogether.org/join

55. funded work yielded serious progress

56. now using Fastly for all requests to RubyGems.org

57. Bundler API merger back into RubyGems.org

58. the compact index gem metadata format

59. Extreme Makeover: RubyGems Edition André Arko, RubyConf 2013 see also

60. bundle install now, finally, sometimes fast!

61. other notable features

62. Gemfile → gems.rb (optional) other notable features

63. Gemfile → gems.rb (optional) Ruby version locked, upgradable other notable

    features

64. Gemfile → gems.rb (optional) Ruby version locked, upgradable bundle lock

    + --add-platform other notable features

65. Gemfile → gems.rb (optional) Ruby version locked, upgradable bundle lock

    + --add-platform bundle doctor other notable features

66. Gemfile → gems.rb (optional) Ruby version locked, upgradable bundle lock

    + --add-platform bundle doctor bundle pristine other notable features

67. bundle update --major bundle update --minor bundle update --patch other

    notable features

68. bundle update --major bundle update --minor bundle update --patch bundle

    config mirror other notable features

69. bundle update --major bundle update --minor bundle update --patch bundle

    config mirror checksum validation on install other notable features

70. a plugin system! (beta) • command plugins: bundle ack •

    lifecycle plugins: before/after install/update, etc • source plugins: gem “foo”, mercurial: “https://example.com” other notable features

71. The Future (2017-????)

72. Bundler 2 see also Colby Swandale, Ruby Kaigi 2017

73. best practices bundle config only_update_to_newer_versions true

74. best practices bundle config disable_multisource true bundle config only_update_to_newer_versions true

75. best practices bundle config specific_platform true bundle config disable_multisource true

    bundle config only_update_to_newer_versions true

76. best practices bundle config global_gem_cache true bundle config specific_platform true

    bundle config disable_multisource true bundle config only_update_to_newer_versions true

77. best practices bundle config default_install_uses_path true bundle config global_gem_cache true

    bundle config specific_platform true bundle config disable_multisource true bundle config only_update_to_newer_versions true

78. best practices override GitHub gems to use HTTPS with this

    line at the top of your Gemfile git_source(:github) {|r| “https://github.com/#{r}" } (or use bundle init to generate a Gemfile with this)

79. power user tools

80. power user tools instead of $ bundle exec rspec you

    can run $ bundle binstubs rspec-core once, then commit (and use) the stub $ bin/rspec

81. power user tools bundle viz

82. power user tools $ bundle lock --add-platform java $ git

    add Gemfile.lock $ git commit -am “Locked for JRuby”

83. power user tools $ git clone github.com/foo/foo ~/src/foo $ bundle

    config local.foo ~/src/foo [ make changes in ~/src/foo ] $ bundle exec rails s [ commit changes in ~/src/foo ] $ bundle exec rails s $ git add Gemfile.lock $ git commit -m “Use the latest foo”

84. power user tools bundler inline

85. power user tools $ cat http.rb require 'bundler/inline' gemfile do

    source 'https://rubygems.org' gem 'http' end puts HTTP.get('http://example.com')

86. $ gem uninstall http Successfully uninstalled http-3.0.0 $ ruby http.rb

    <!doctype html> <html> […] power user tools needed gems installed here

87. power user tools search your gems with $ grep -R

    STRING $(bundle show --paths) then, open the gem you found in $EDITOR with $ bundle open GEMNAME make changes as needed for debugging, then $ bundle pristine GEMNAME

88. power user tools silence gem install messages with $ bundle

    config --system ignore_messages true

89. power user tools silence gem install messages with $ bundle

    config --system ignore_messages true and you will never be told to HTTParty hard, ever again

90. the end… so far read this talk at arko.net questions?

    tweet at @indirect!