Merge branch '21583-railsapi-base64-gem'

Refs #21583.

Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>

diff --git a/services/api/Gemfile b/services/api/Gemfile
index 9cc5f1b7bc175c421eb18a12ed41052ade1928c1..473d1e916977d54205d08386fc66241141c400ff 100644 (file)
--- a/services/api/Gemfile
+++ b/services/api/Gemfile
@@ -58,6 +58,28 @@ gem 'webrick'
 
 gem 'mini_portile2', '~> 2.8', '>= 2.8.1'
 
+# If we're running on Ruby 2.x, we'll go down the `else` branch below.
+plugin 'bundler-override' if RUBY_VERSION >= "3.0"
+if bundler_override_paths = Bundler::Plugin.index.load_paths("bundler-override")
+  require File.join(bundler_override_paths[0], "bundler-override")
+  # Ruby 3.4 drops base64 as a default gem. Because of this, various other gems
+  # are starting to declare base64 as a dependency. However, locking one
+  # specific version of base64 makes it more difficult to support older Rubies
+  # that still have it as a default. See <https://dev.arvados.org/issues/21583>.
+  # Because we are focused on supporting distros with those older Rubies, we
+  # drop base64 dependencies here. These overrides can go away once we shift to
+  # supporting Ruby 3.4+.
+  override 'faraday', drop: ['base64']
+else
+  # The plugin is not available, either because Ruby is too old or Bundler
+  # is installing it this run. That's fine as long as Bundler isn't updating
+  # Gemfile.lock. Unfortunately we can't know that for sure here, because
+  # bundler needs to read Gemfile in order to figure out whether it's going
+  # to update Gemfile.lock. Flagging the situation for the user is the best
+  # we can do.
+  Bundler.ui.warn("bundler-override plugin not available - do NOT commit any changes to Gemfile.lock")
+end
+
 # Install any plugin gems
 Dir.glob(File.join(File.dirname(__FILE__), 'lib', '**', "Gemfile")) do |f|
     eval(IO.read(f), binding)

diff --git a/services/api/Gemfile.lock b/services/api/Gemfile.lock
index 003b886cee3f357a71ee5bd9d08e5707eecae50f..4adb27dff56f4857913bd21d0ba760230d3e63fc 100644 (file)
--- a/services/api/Gemfile.lock
+++ b/services/api/Gemfile.lock
@@ -104,7 +104,6 @@ GEM
       addressable (>= 2.3.1)
       extlib (>= 0.9.15)
       multi_json (>= 1.0.0)
-    base64 (0.2.0)
     builder (3.2.4)
     byebug (11.1.3)
     concurrent-ruby (1.2.3)
@@ -119,7 +118,6 @@ GEM
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
     faraday (2.8.1)
-      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-gzip (2.0.1)

diff --git a/services/api/test/integration/gemfile_lock_test.rb b/services/api/test/integration/gemfile_lock_test.rb
new file mode 100644 (file)
index 0000000..2128c10
--- /dev/null
+++ b/services/api/test/integration/gemfile_lock_test.rb
@@ -0,0 +1,20 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'test_helper'
+
+class GemfileLockTest < ActionDispatch::IntegrationTest
+  # Like the assertion message says, refer to Gemfile for this test's
+  # rationale. This test can go away once we start supporting Ruby 3.4+.
+  test "base64 gem is not locked to a specific version" do
+    gemfile_lock_path = Rails.root.join("Gemfile.lock")
+    File.open(gemfile_lock_path) do |f|
+      assert_equal(
+        f.each_line.any?(/^\s*base64\s+\(/),
+        false,
+        "Gemfile.lock includes a specific version of base64 - revert and refer to the comments in Gemfile",
+      )
+    end
+  end
+end