Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: heroku/buildpacks-ruby
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v5.1.0
Choose a base ref
...
head repository: heroku/buildpacks-ruby
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 11 commits
  • 16 files changed
  • 4 contributors

Commits on Mar 10, 2025

  1. Bump ring from 0.17.11 to 0.17.13 (#400) 

    Bumps [ring](https://github.com/briansmith/ring) from 0.17.11 to 0.17.13.
- [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md)
- [Commits](https://github.com/briansmith/ring/commits)

---
updated-dependencies:
- dependency-name: ring
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 10, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e66d39e View commit details

Commits on Mar 11, 2025

  1. Set an explicit PR reviewer for CNB builder release PRs (#401) 

    Currently for CNB releases, the PR opened against `cnb-builder-images`
doesn't have an explicit reviewer set by the automation, which means it
uses that repo's `CODEOWNERS` default of requesting review from the
whole Languages team.

As of heroku/languages-github-actions#289, the
automation now supports passing a list of reviewers, which we can set
for CNBs owned by a specific language owner.

This will help reduce review-request-spam to other team members.

Plus corrects the workflow names given this repo contains only
a single CNB.

GUS-W-18011095.
    @edmorley
    edmorley authored Mar 11, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    b5fd48a View commit details

Commits on Mar 12, 2025

  1. Configure gem install location via GEM_* (#402) 

    * Configure gem install location via GEM_*

The previous logic used the `BUNDLE_PATH` environment variable to direct bundler where to install gems. This had the side effect of adding additional paths to the directory structure, so the files wouldn't be in `<layer-path>` they would be in a `<layer-path>/ruby/<major>.<minor>.0/` directory such as `<layer-path>/ruby/3.4.0`. The classic buildpack handles this by shelling out to Ruby https://github.com/heroku/heroku-buildpack-ruby/blob/b3ccc41885135ae495c604a512b523c81241914d/lib/language_pack/ruby.rb#L157. This change diverges and takes an alternative approach, using the `GEM_HOME` and `GEM_PATH` environment variables to configure installation location rather than configuring bundler directly.

When `bundle install` is run, it will install into the first `GEM_PATH` (there can be multiple). This install will be direct (without any additional directories under it). This is what we want. This also allows us to remove `BUNDLE_BIN` which is no longer needed (bundler will install binaries into `GEM_PATH/bin`).

- `BUNDLE_DEPLOYMENT` does more than forces the `Gemfile.lock` to be frozen, it also installs gems into `vendor/bundle`, which we don't want. This has been changed to `BUNDLE_FROZEN=1`.

Unfortunately, removing `BUNDLE_PATH` causes the automatic clean after install logic (`BUNDLE_CLEAN=1`) to error with a warning saying that it is unsafe because there's no explicit path. To work around this, I added a manual call to `bundle clean --force` after the `bundle install`. This requires I also remove the `BUNDLE_CLEAN=1` environment variable.

Because this changes the structure of the underlying gems on disk, I need to clear the cache manually by updating the key to `v2`.

* Clear old files

Gems will now be installed directly into `<layer-path>` instead of `<layer-path>/ruby/X.Y.0`. This mechanism cleans previously installed gems left in the cache by checking the cache key of `v1`. This cache will also be evicted when the application changes Ruby version.

* Apply suggestions from code review

Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com>

---------

Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com>
    @schneems @edmorley
    schneems and edmorley authored Mar 12, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    a800e1b View commit details

  2. Prepare release v6.0.0 (#403) 

    ## heroku/ruby

### Changed

- Gem install behavior and configuration ([#402](#402))
  - Gem install path is now configured with `GEM_HOME` and `GEM_PATH` instead of `BUNDLE_PATH`.
  - Cleaning gems is now accomplished via running `bundle clean --force`. Previously it was accomplished by setting `BUNDLE_CLEAN=1`.
  - The `BUNDLE_DEPLOYMENT=1` environment variable is changed to `BUNDLE_FROZEN=1`.
  - The `BUNDLE_BIN` environment variable is no longer set.

Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
    @heroku-linguist
    heroku-linguist[bot] authored Mar 12, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    8a3ef48 View commit details

Commits on Mar 13, 2025

  1. Fix docker run with arguments (#404) 

    Fixes an issue where `docker run` with a command was not working correctly. Before:

```
$ docker run --rm --entrypoint /cnb/lifecycle/launcher sample-app "echo 'hi'"
hi
⛄️ 3.4.2 🚀 /Users/rschneeman/Documents/projects/work/buildpacks-ruby (main)
$ docker run --rm sample-app "echo 'hi'"
bash: echo 'hi': No such file or directory
$ pack inspect sample-app | grep Processes: -A10
Processes:
  TYPE                 SHELL        COMMAND        ARGS                                                                                         WORK DIR
  web (default)                     bash           -c bundle exec rackup --host "[::]" --port "${PORT:?Error: PORT env var is not set!}"        /workspace
```

After:

```
$ cargo libcnb package && pack build sample-app \
  --buildpack packaged/x86_64-unknown-linux-musl/debug/heroku_ruby \
  --path buildpacks/ruby/tests/fixtures/default_ruby --clear-cache
$ docker run --rm sample-app "echo 'hi'"
hi
```

The root cause is that when you `docker run` something, it uses the default command and uses the arguments you provide as arguments to that command. In this case we want the full shell, so the command needs to be `bash -c <arguments>` instead of `bash <arguments>`.
    @schneems
    schneems authored Mar 13, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    3f1189e View commit details

Commits on Mar 18, 2025

  1. Reduce scopes granted to GITHUB_TOKEN in GitHub Actions workflows (#… 

    …406)

As part of security-hardening our GHA workflows, this reduces the
permissions granted to the automatically set `GITHUB_TOKEN` env var
in GitHub Actions workflows to no more than what is required by that
workflow.

See:
https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication

GUS-W-18053749.
    @edmorley
    edmorley authored Mar 18, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    9d2641c View commit details

  2. Pin SHA of third-party GitHub Actions (#405) 

    The full-version Git tags used by Actions are mutable (as seen in recent
events in the wider GitHub Actions community), so pinning third-party
Actions to a SHA is recommended:
https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

The version tag has been added after the pin as a comment (as a
readability aid) in a format that Dependabot will keep up to date:
dependabot/dependabot-core#4691

I've also enabled Dependabot grouping for GitHub Actions updates
to reduce PR noise.

GUS-W-18051077.
    @edmorley
    edmorley authored Mar 18, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    4c309f5 View commit details

  3. Bump the rust-dependencies group with 8 updates (#407) 

    Bumps the rust-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.31` | `4.5.32` |
| [indoc](https://github.com/dtolnay/indoc) | `2.0.5` | `2.0.6` |
| [libcnb](https://github.com/heroku/libcnb.rs) | `0.27.0` | `0.28.0` |
| [libherokubuildpack](https://github.com/heroku/libcnb.rs) | `0.27.0` | `0.28.0` |
| [serde](https://github.com/serde-rs/serde) | `1.0.218` | `1.0.219` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.17.1` | `3.19.0` |
| [thiserror](https://github.com/dtolnay/thiserror) | `2.0.11` | `2.0.12` |
| [libcnb-test](https://github.com/heroku/libcnb.rs) | `0.27.0` | `0.28.0` |


Updates `clap` from 4.5.31 to 4.5.32
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@v4.5.31...clap_complete-v4.5.32)

Updates `indoc` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/dtolnay/indoc/releases)
- [Commits](dtolnay/indoc@2.0.5...2.0.6)

Updates `libcnb` from 0.27.0 to 0.28.0
- [Release notes](https://github.com/heroku/libcnb.rs/releases)
- [Changelog](https://github.com/heroku/libcnb.rs/blob/main/CHANGELOG.md)
- [Commits](heroku/libcnb.rs@v0.27.0...v0.28.0)

Updates `libherokubuildpack` from 0.27.0 to 0.28.0
- [Release notes](https://github.com/heroku/libcnb.rs/releases)
- [Changelog](https://github.com/heroku/libcnb.rs/blob/main/CHANGELOG.md)
- [Commits](heroku/libcnb.rs@v0.27.0...v0.28.0)

Updates `serde` from 1.0.218 to 1.0.219
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](serde-rs/serde@v1.0.218...v1.0.219)

Updates `tempfile` from 3.17.1 to 3.19.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.17.1...v3.19.0)

Updates `thiserror` from 2.0.11 to 2.0.12
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@2.0.11...2.0.12)

Updates `libcnb-test` from 0.27.0 to 0.28.0
- [Release notes](https://github.com/heroku/libcnb.rs/releases)
- [Changelog](https://github.com/heroku/libcnb.rs/blob/main/CHANGELOG.md)
- [Commits](heroku/libcnb.rs@v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: indoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: libcnb
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
- dependency-name: libherokubuildpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: libcnb-test
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 18, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    e2e2bd8 View commit details

Commits on Mar 19, 2025

  1. Bump default ruby and bundler versions (#408) 

    * Bump default ruby and bundler versions

* Update test

The purpose of this test is to validate that metadata stays valid between versions. However the Ruby version change between default version bumps was causing a cache invalidation. This test is made more robust by specifying an explicit Ruby version

* Attempt to reduce non-deterministic output

#409
    @schneems
    schneems authored Mar 19, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    4a15d5d View commit details

  2. Prepare release v7.0.0 (#410) 

    ## heroku/ruby

### Changed

- Default Ruby version is now 3.3.7 and default bundler version is now 2.5.23 ([#408](#408))

### Fixed

- The `docker run` command no longer requires an entrypoint when using default processes provided by `heroku/ruby` directly (and not the `heroku/procfile` buildpack) ([#404](#404))

Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
    @heroku-linguist
    heroku-linguist[bot] authored Mar 19, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    40b7ac6 View commit details

Commits on Mar 25, 2025

  1. Add cargo-llvm-cov test coverage reports in CI (#411) 

    Related:

- heroku/buildpacks-jvm#766
- heroku/buildpacks-go#349

GUS-W-17554053
    @schneems
    schneems authored Mar 25, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    fdbc121 View commit details
5 changes: 5 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -21,3 +21,8 @@ updates:
- "dependencies"
- "github actions"
- "skip changelog"
groups:
github-actions:
update-types:
- "minor"
- "patch"
37 changes: 31 additions & 6 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ jobs:
- name: Update Rust toolchain
run: rustup update
- name: Rust Cache
uses: Swatinem/rust-cache@v2.7.7
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
- name: Clippy
run: cargo clippy --all-targets --locked -- --deny warnings
- name: rustfmt
@@ -36,7 +36,7 @@ jobs:
- name: Update Rust toolchain
run: rustup update
- name: Rust Cache
uses: Swatinem/rust-cache@v2.7.7
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
- name: Run unit tests
run: cargo test --locked

@@ -52,9 +52,9 @@ jobs:
- name: Install Rust linux-musl target
run: rustup target add x86_64-unknown-linux-musl
- name: Rust Cache
uses: Swatinem/rust-cache@v2.7.7
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
- name: Install Pack CLI
uses: buildpacks/github-actions/setup-pack@v5.8.8
uses: buildpacks/github-actions/setup-pack@0f05ba41fb74d56ab4cb27485f538a8d65b4122e # v5.8.9
- name: Run integration tests
# Runs only tests annotated with the `ignore` attribute (which in this repo, are the integration tests).
run: cargo test --locked -- --ignored
@@ -75,9 +75,9 @@ jobs:
- name: Install Rust linux-musl target
run: rustup target add ${{ matrix.target }}
- name: Rust Cache
uses: Swatinem/rust-cache@v2.7.7
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
- name: Install Pack CLI
uses: buildpacks/github-actions/setup-pack@v5.8.8
uses: buildpacks/github-actions/setup-pack@0f05ba41fb74d56ab4cb27485f538a8d65b4122e # v5.8.9
- name: Pull builder and run images
run: |
docker pull "heroku/builder:24"
@@ -95,3 +95,28 @@ jobs:
run: pack build my-image --force-color --builder heroku/builder:24 --trust-extra-buildpacks --buildpack heroku/nodejs-engine --buildpack packaged/${{ matrix.target }}/debug/heroku_ruby --path tmp/ruby-getting-started --pull-policy never
- name: "PRINT: Cached getting started guide output"
run: pack build my-image --force-color --builder heroku/builder:24 --trust-extra-buildpacks --buildpack heroku/nodejs-engine --buildpack packaged/${{ matrix.target }}/debug/heroku_ruby --path tmp/ruby-getting-started --pull-policy never

unit-test-coverage:
name: Generate test coverage report
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install nightly Rust toolchain
run: rustup install nightly
- name: Rust Cache
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@62730e3d4f6bd81d824694e963e06d7153968c93 # v2.49.29
with:
tool: cargo-llvm-cov
- name: Run unit tests and generate coverage report
run: cargo +nightly llvm-cov --locked --html
- name: Upload HTML coverage report
uses: actions/upload-artifact@v4
with:
name: "llvm-cov-html-${{github.event.repository.name}}-${{github.sha}}"
path: "target/llvm-cov/html"
if-no-files-found: "error"
5 changes: 4 additions & 1 deletion .github/workflows/prepare-release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Prepare Buildpack Releases
name: Prepare Buildpack Release

on:
workflow_dispatch:
@@ -13,6 +13,9 @@ on:
- minor
- patch

# Disable all GITHUB_TOKEN permissions, since the GitHub App token is used instead.
permissions: {}

jobs:
prepare-release:
uses: heroku/languages-github-actions/.github/workflows/_buildpacks-prepare-release.yml@latest
6 changes: 5 additions & 1 deletion .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Release Buildpacks
name: Release Buildpack

on:
workflow_dispatch:
@@ -8,13 +8,17 @@ on:
type: boolean
default: false

# Disable all GITHUB_TOKEN permissions, since the GitHub App token is used instead.
permissions: {}

jobs:
release:
name: Release
uses: heroku/languages-github-actions/.github/workflows/_buildpacks-release.yml@latest
with:
app_id: ${{ vars.LINGUIST_GH_APP_ID }}
dry_run: ${{ inputs.dry_run }}
reviewers: 'schneems'
secrets:
app_private_key: ${{ secrets.LINGUIST_GH_PRIVATE_KEY }}
cnb_registry_token: ${{ secrets.CNB_REGISTRY_RELEASE_BOT_GITHUB_TOKEN }}
Loading