Slide 1

Slide 1 text

A History of Bundles the story of Ruby’s dependency manager

Slide 2

Slide 2 text

André Arko @indirect

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

therubyway.io

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

The Road to 1.0 (2008-2010)

Slide 8

Slide 8 text

installing gems was easy

Slide 9

Slide 9 text

upgrading gems was hard

Slide 10

Slide 10 text

How Does Bundler Work, Anyway? see also André Arko, RubyConf 2015

Slide 11

Slide 11 text

Bundler was made for a very specific problem

Slide 12

Slide 12 text

two insights the design was driven by

Slide 13

Slide 13 text

dependency resolver okay, what is a

Slide 14

Slide 14 text

install-time sounds good, what about

Slide 15

Slide 15 text

lockfile neat, how about the

Slide 16

Slide 16 text

Bundler together, these things are

Slide 17

Slide 17 text

git gems were new and very cool

Slide 18

Slide 18 text

bundle gem another new thing was

Slide 19

Slide 19 text

Bundler: Painless Dependency Management see also André Arko, RailsConf 2010

Slide 20

Slide 20 text

Now It’s Too Slow (2010-2012)

Slide 21

Slide 21 text

at first we just wanted it to work

Slide 22

Slide 22 text

no one had giant apps when it was new,

Slide 23

Slide 23 text

small apps were also slow sadly, for different reasons,

Slide 24

Slide 24 text

@qrush wrote a new API a hero rises

Slide 25

Slide 25 text

`bundle install` Y U SO SLOW see also terence lee & andré arko, ruby on ales 2012

Slide 26

Slide 26 text

lots less data lots more requests, but

Slide 27

Slide 27 text

lots more requests lots less data, but

Slide 28

Slide 28 text

cool new stuff!

Slide 29

Slide 29 text

bundle clean cool new stuff!

Slide 30

Slide 30 text

bundle clean bundle outdated cool new stuff!

Slide 31

Slide 31 text

bundle clean bundle outdated bundle cache --all cool new stuff!

Slide 32

Slide 32 text

git clone https://github.com/foo/foo gem “foo”, github: “foo/foo” bundle config local.foo ~/path/to/foo git local development

Slide 33

Slide 33 text

ruby “1.9.3” application ruby versions

Slide 34

Slide 34 text

Victims of Our Own Success (2012-2014)

Slide 35

Slide 35 text

we DDoSed RubyGems.org so many new Bundler users

Slide 36

Slide 36 text

Bundler API a completely new

Slide 37

Slide 37 text

(that’s very nearly almost what Jamie Zawinski said, anyway) Some people, when confronted with a problem, think “I know, I'll write a webapp and throw it up on Heroku.” Now they have two problems.

Slide 38

Slide 38 text

sets of problems completely new

Slide 39

Slide 39 text

less contributors less popular technology

Slide 40

Slide 40 text

Deathmatch: Bundler vs. RubyGems see also `bundle install` Y U SO SLOW: Server Edition André Arko, Scottish RubyConf 2013 Terence Lee, Ruby on Ales 2013

Slide 41

Slide 41 text

still, some cool new stuff!

Slide 42

Slide 42 text

multithreaded installs still, some cool new stuff!

Slide 43

Slide 43 text

multithreaded installs non-recursive resolver still, some cool new stuff!

Slide 44

Slide 44 text

multithreaded installs non-recursive resolver https support for git still, some cool new stuff!

Slide 45

Slide 45 text

bundler’s first CVE also some uncool stuff:

Slide 46

Slide 46 text

multiple gem sources mean your app can be attacked

Slide 47

Slide 47 text

after the first source, use source blocks to stay safe source “https://rubygems.org" gem “some_gem” source “https://other-server.com" do gem “other_gem” end

Slide 48

Slide 48 text

A New Hope (2015-2017)

Slide 49

Slide 49 text

as devs burned out, community funding appeared

Slide 50

Slide 50 text

Ruby Central project grants

Slide 51

Slide 51 text

Stripe open source grants

Slide 52

Slide 52 text

Stripe and Engine Yard Bundler project funding

Slide 53

Slide 53 text

Ruby Together a non-profit trade association

Slide 54

Slide 54 text

funded by viewers like you rubytogether.org/join

Slide 55

Slide 55 text

funded work yielded serious progress

Slide 56

Slide 56 text

now using Fastly for all requests to RubyGems.org

Slide 57

Slide 57 text

Bundler API merger back into RubyGems.org

Slide 58

Slide 58 text

the compact index gem metadata format

Slide 59

Slide 59 text

Extreme Makeover: RubyGems Edition André Arko, RubyConf 2013 see also

Slide 60

Slide 60 text

bundle install now, finally, sometimes fast!

Slide 61

Slide 61 text

other notable features

Slide 62

Slide 62 text

Gemfile → gems.rb (optional) other notable features

Slide 63

Slide 63 text

Gemfile → gems.rb (optional) Ruby version locked, upgradable other notable features

Slide 64

Slide 64 text

Gemfile → gems.rb (optional) Ruby version locked, upgradable bundle lock + --add-platform other notable features

Slide 65

Slide 65 text

Gemfile → gems.rb (optional) Ruby version locked, upgradable bundle lock + --add-platform bundle doctor other notable features

Slide 66

Slide 66 text

Gemfile → gems.rb (optional) Ruby version locked, upgradable bundle lock + --add-platform bundle doctor bundle pristine other notable features

Slide 67

Slide 67 text

bundle update --major bundle update --minor bundle update --patch other notable features

Slide 68

Slide 68 text

bundle update --major bundle update --minor bundle update --patch bundle config mirror other notable features

Slide 69

Slide 69 text

bundle update --major bundle update --minor bundle update --patch bundle config mirror checksum validation on install other notable features

Slide 70

Slide 70 text

a plugin system! (beta) • command plugins: bundle ack • lifecycle plugins: before/after install/update, etc • source plugins: gem “foo”, mercurial: “https://example.com” other notable features

Slide 71

Slide 71 text

The Future (2017-????)

Slide 72

Slide 72 text

Bundler 2 see also Colby Swandale, Ruby Kaigi 2017

Slide 73

Slide 73 text

best practices bundle config only_update_to_newer_versions true

Slide 74

Slide 74 text

best practices bundle config disable_multisource true bundle config only_update_to_newer_versions true

Slide 75

Slide 75 text

best practices bundle config specific_platform true bundle config disable_multisource true bundle config only_update_to_newer_versions true

Slide 76

Slide 76 text

best practices bundle config global_gem_cache true bundle config specific_platform true bundle config disable_multisource true bundle config only_update_to_newer_versions true

Slide 77

Slide 77 text

best practices bundle config default_install_uses_path true bundle config global_gem_cache true bundle config specific_platform true bundle config disable_multisource true bundle config only_update_to_newer_versions true

Slide 78

Slide 78 text

best practices override GitHub gems to use HTTPS with this line at the top of your Gemfile git_source(:github) {|r| “https://github.com/#{r}" } (or use bundle init to generate a Gemfile with this)

Slide 79

Slide 79 text

power user tools

Slide 80

Slide 80 text

power user tools instead of $ bundle exec rspec you can run $ bundle binstubs rspec-core once, then commit (and use) the stub $ bin/rspec

Slide 81

Slide 81 text

power user tools bundle viz

Slide 82

Slide 82 text

power user tools $ bundle lock --add-platform java $ git add Gemfile.lock $ git commit -am “Locked for JRuby”

Slide 83

Slide 83 text

power user tools $ git clone github.com/foo/foo ~/src/foo $ bundle config local.foo ~/src/foo [ make changes in ~/src/foo ] $ bundle exec rails s [ commit changes in ~/src/foo ] $ bundle exec rails s $ git add Gemfile.lock $ git commit -m “Use the latest foo”

Slide 84

Slide 84 text

power user tools bundler inline

Slide 85

Slide 85 text

power user tools $ cat http.rb require 'bundler/inline' gemfile do source 'https://rubygems.org' gem 'http' end puts HTTP.get('http://example.com')

Slide 86

Slide 86 text

$ gem uninstall http Successfully uninstalled http-3.0.0 $ ruby http.rb […] power user tools needed gems installed here

Slide 87

Slide 87 text

power user tools search your gems with $ grep -R STRING $(bundle show --paths) then, open the gem you found in $EDITOR with $ bundle open GEMNAME make changes as needed for debugging, then $ bundle pristine GEMNAME

Slide 88

Slide 88 text

power user tools silence gem install messages with $ bundle config --system ignore_messages true

Slide 89

Slide 89 text

power user tools silence gem install messages with $ bundle config --system ignore_messages true and you will never be told to HTTParty hard, ever again

Slide 90

Slide 90 text

the end… so far read this talk at arko.net questions? tweet at @indirect!