non-hermetic bundle install
Closed this issue · 6 comments
bundle install passes in PATH variable, which can head to non-hermetic builds.
In our case, we had $GEM_HOME/bin:$BUNDLE_PATH/gems/bin: in our PATH variable that resulted in gems getting downloaded in a different directory.
May be better to remove PATH altogether.
I don't remember why I implemented it like that, but I think that w/o PATH and certain common dependencies, it failed to compile native extensions. It would be great to solve it, but I'm not sure how exactly. The implementation implies that gems will be installed into the Ruby toolchain, so PATH should not have affected that.
I also currently work on a completely new bundle implementation that only fetches gems in a repository rule, but actually installs them in a separate regular rule. This should in theory make it work in the RBE environment (e.g. gems are fetched on a macOS machine where WORKSPACE is evaluated, while installation happens in a remote Linux machine where BUILD is executed). When I finally make it work properly, this issue might be solved as well.
Dug into this a bit more, and discovered that my original diagnosis was not quite right. PATH environment was not the cause, but instead it was BUNDLE_PATH, which is loaded in the following order:
BUNDLE_PATHset in$BUNDLE_APP_CONFIG/configBUNDLE_PATHset in<project_dir>/.bundle/configBUNDLE_PATHenv var directlyBUNDLE_PATHset in~/.bundle/configGEM_HOME, ifBUNDLE_PATHis not yet.
bundle install --path [directory] is the simplest fix i think. Although, according to official doc, it is being deprecated in favor of the path in config setting mentioned above.
So propose this instead: set BUNDLE_IGNORE_CONFIG=1 to avoid parsing any bundle config files, and set the BUNDLE_PATH env var to the desired location in bazel's output directory (the remaining bundle configs can still be supported by introducing an env var to rb_bundle).
Rules currently don't use BUNDLE_PATH at all and instead install gems into the Ruby toolchain itself. We might switch and use the desired path, but can we try first by simply adding BUNDLE_IGNORE_CONFIG=1?
Can you try the most recent version and let me know if it helps?
Thanks; tested it out. This definitely fixes the issue for BUNDLE_PATH specified in config files (1, 2, 4 above). However if BUNDLE_PATH or GEM_HOME environment variables are set (3, 5 above) in a local environment, it will still direct the gem to be downloaded to the location specified by the env var.
You can also repro it locally by:
export BUNDLE_PATH=<some_path>BUNDLE_IGNORE_CONFIG=1 bundle config get path
I would have expected repository_ctx.execute(...) to only pass in the specified environment variables, but it looks like it's inheriting BUNDLE_PATH regardless.