38bd8dffec
Instead of calling `gem install <x>` many times, let's define the `Gemfile` and `Gemfile.lock` and run `bundle install`. This ensures dependencies are pinned and don't quietly move with a new invocation of `gem install`. There is also a side benefit to using `bundler`: we can later use the newly-introduced feature to include and verify checksums (https://github.com/rubygems/rubygems/pull/6374). `bundler` generally installs everything in the expected gem directory that is used by `ruby`, but for gems installed from a Git source, `bundler` puts those gems in a special `bundler/gems` directory. We don't use any gems from Git sources now--`gitlab-ruby-shadow` is now used instead of `ruby-shadow`--there is no issue. Also, note that if we want to ensure `gitlab-ctl` doesn't try to pull in gems from GitLab Rails, we could invoke `bundler`, but this is a slightly riskier change. Relates to https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8368 Changelog: changed |
||
---|---|---|
.. | ||
gitlab | ||
rubocop |