A History of Bundles
the story of Ruby’s dependency manager
Slide 2
Slide 2 text
André Arko
@indirect
Slide 3
Slide 3 text
No content
Slide 4
Slide 4 text
therubyway.io
Slide 5
Slide 5 text
No content
Slide 6
Slide 6 text
No content
Slide 7
Slide 7 text
The Road to 1.0
(2008-2010)
Slide 8
Slide 8 text
installing gems
was easy
Slide 9
Slide 9 text
upgrading gems
was hard
Slide 10
Slide 10 text
How Does Bundler
Work, Anyway?
see also
André Arko, RubyConf 2015
Slide 11
Slide 11 text
Bundler was made
for a very specific problem
Slide 12
Slide 12 text
two insights
the design was driven by
Slide 13
Slide 13 text
dependency resolver
okay, what is a
Slide 14
Slide 14 text
install-time
sounds good, what about
Slide 15
Slide 15 text
lockfile
neat, how about the
Slide 16
Slide 16 text
Bundler
together, these things are
Slide 17
Slide 17 text
git gems
were new and very cool
Slide 18
Slide 18 text
bundle gem
another new thing was
Slide 19
Slide 19 text
Bundler: Painless
Dependency Management
see also
André Arko, RailsConf 2010
Slide 20
Slide 20 text
Now It’s Too Slow
(2010-2012)
Slide 21
Slide 21 text
at first
we just wanted it to work
Slide 22
Slide 22 text
no one had giant apps
when it was new,
Slide 23
Slide 23 text
small apps were also slow
sadly, for different reasons,
Slide 24
Slide 24 text
@qrush wrote a new API
a hero rises
Slide 25
Slide 25 text
`bundle install` Y U SO SLOW
see also
terence lee & andré arko, ruby on ales 2012
Slide 26
Slide 26 text
lots less data
lots more requests, but
Slide 27
Slide 27 text
lots more requests
lots less data, but
Slide 28
Slide 28 text
cool new stuff!
Slide 29
Slide 29 text
bundle clean
cool new stuff!
Slide 30
Slide 30 text
bundle clean
bundle outdated
cool new stuff!
Slide 31
Slide 31 text
bundle clean
bundle outdated
bundle cache --all
cool new stuff!
Slide 32
Slide 32 text
git clone https://github.com/foo/foo
gem “foo”, github: “foo/foo”
bundle config local.foo ~/path/to/foo
git local development
Slide 33
Slide 33 text
ruby “1.9.3”
application ruby versions
Slide 34
Slide 34 text
Victims of Our Own Success
(2012-2014)
Slide 35
Slide 35 text
we DDoSed RubyGems.org
so many new Bundler users
Slide 36
Slide 36 text
Bundler API
a completely new
Slide 37
Slide 37 text
(that’s very nearly almost what
Jamie Zawinski said, anyway)
Some people, when confronted
with a problem, think “I know,
I'll write a webapp and throw it
up on Heroku.” Now they have
two problems.
Slide 38
Slide 38 text
sets of problems
completely new
Slide 39
Slide 39 text
less contributors
less popular technology
Slide 40
Slide 40 text
Deathmatch: Bundler vs. RubyGems
see also
`bundle install` Y U SO SLOW: Server Edition
André Arko, Scottish RubyConf 2013
Terence Lee, Ruby on Ales 2013
Slide 41
Slide 41 text
still, some cool new stuff!
Slide 42
Slide 42 text
multithreaded installs
still, some cool new stuff!
Slide 43
Slide 43 text
multithreaded installs
non-recursive resolver
still, some cool new stuff!
Slide 44
Slide 44 text
multithreaded installs
non-recursive resolver
https support for git
still, some cool new stuff!
Slide 45
Slide 45 text
bundler’s first CVE
also some uncool stuff:
Slide 46
Slide 46 text
multiple gem sources
mean your app can be attacked
Slide 47
Slide 47 text
after the first source,
use source blocks to stay safe
source “https://rubygems.org"
gem “some_gem”
source “https://other-server.com" do
gem “other_gem”
end
Slide 48
Slide 48 text
A New Hope
(2015-2017)
Slide 49
Slide 49 text
as devs burned out,
community funding appeared
Slide 50
Slide 50 text
Ruby Central
project grants
Slide 51
Slide 51 text
Stripe
open source grants
Slide 52
Slide 52 text
Stripe and Engine Yard
Bundler project funding
Slide 53
Slide 53 text
Ruby Together
a non-profit trade association
Slide 54
Slide 54 text
funded by
viewers like you
rubytogether.org/join
Slide 55
Slide 55 text
funded work
yielded serious progress
Slide 56
Slide 56 text
now using Fastly
for all requests to RubyGems.org
Slide 57
Slide 57 text
Bundler API merger
back into RubyGems.org
Slide 58
Slide 58 text
the compact index
gem metadata format
Slide 59
Slide 59 text
Extreme Makeover:
RubyGems Edition
André Arko, RubyConf 2013
see also
Slide 60
Slide 60 text
bundle install
now, finally, sometimes fast!
Slide 61
Slide 61 text
other notable features
Slide 62
Slide 62 text
Gemfile → gems.rb (optional)
other notable features
Slide 63
Slide 63 text
Gemfile → gems.rb (optional)
Ruby version locked, upgradable
other notable features
Slide 64
Slide 64 text
Gemfile → gems.rb (optional)
Ruby version locked, upgradable
bundle lock + --add-platform
other notable features
Slide 65
Slide 65 text
Gemfile → gems.rb (optional)
Ruby version locked, upgradable
bundle lock + --add-platform
bundle doctor
other notable features
Slide 66
Slide 66 text
Gemfile → gems.rb (optional)
Ruby version locked, upgradable
bundle lock + --add-platform
bundle doctor
bundle pristine
other notable features
Slide 67
Slide 67 text
bundle update --major
bundle update --minor
bundle update --patch
other notable features
Slide 68
Slide 68 text
bundle update --major
bundle update --minor
bundle update --patch
bundle config mirror
other notable features
Slide 69
Slide 69 text
bundle update --major
bundle update --minor
bundle update --patch
bundle config mirror
checksum validation on install
other notable features
Slide 70
Slide 70 text
a plugin system! (beta)
• command plugins:
bundle ack
• lifecycle plugins:
before/after install/update, etc
• source plugins:
gem “foo”, mercurial: “https://example.com”
other notable features
Slide 71
Slide 71 text
The Future
(2017-????)
Slide 72
Slide 72 text
Bundler 2
see also
Colby Swandale, Ruby Kaigi 2017
Slide 73
Slide 73 text
best practices
bundle config only_update_to_newer_versions true
Slide 74
Slide 74 text
best practices
bundle config disable_multisource true
bundle config only_update_to_newer_versions true
best practices
override GitHub gems to use HTTPS
with this line at the top of your Gemfile
git_source(:github) {|r| “https://github.com/#{r}" }
(or use bundle init to generate a Gemfile with this)
Slide 79
Slide 79 text
power user tools
Slide 80
Slide 80 text
power user tools
instead of
$ bundle exec rspec
you can run
$ bundle binstubs rspec-core
once, then commit (and use) the stub
$ bin/rspec
Slide 81
Slide 81 text
power user tools
bundle viz
Slide 82
Slide 82 text
power user tools
$ bundle lock --add-platform java
$ git add Gemfile.lock
$ git commit -am “Locked for JRuby”
Slide 83
Slide 83 text
power user tools
$ git clone github.com/foo/foo ~/src/foo
$ bundle config local.foo ~/src/foo
[ make changes in ~/src/foo ]
$ bundle exec rails s
[ commit changes in ~/src/foo ]
$ bundle exec rails s
$ git add Gemfile.lock
$ git commit -m “Use the latest foo”
Slide 84
Slide 84 text
power user tools
bundler inline
Slide 85
Slide 85 text
power user tools
$ cat http.rb
require 'bundler/inline'
gemfile do
source 'https://rubygems.org'
gem 'http'
end
puts HTTP.get('http://example.com')
Slide 86
Slide 86 text
$ gem uninstall http
Successfully uninstalled http-3.0.0
$ ruby http.rb
[…]
power user tools
needed gems installed here
Slide 87
Slide 87 text
power user tools
search your gems with
$ grep -R STRING $(bundle show --paths)
then, open the gem you found in $EDITOR with
$ bundle open GEMNAME
make changes as needed for debugging, then
$ bundle pristine GEMNAME
Slide 88
Slide 88 text
power user tools
silence gem install messages with
$ bundle config --system ignore_messages true
Slide 89
Slide 89 text
power user tools
silence gem install messages with
$ bundle config --system ignore_messages true
and you will never be told to HTTParty hard, ever again
Slide 90
Slide 90 text
the end… so far
read this talk at arko.net
questions? tweet at @indirect!