I've noticed that on rubygems.org a lot of the gems suggest you specify them by major version rather than exact version. For example...
我注意到rubygems.org上的很多宝石建议你用主要的版本而不是精确的版本来指定它们。例如……
haml-rails宝石……
gem "haml-rails", "~> 0.3.4" # "$ bundle install" will acquire the
# latest version before 1.0.
However, based on the Bundler docs it sounded to me like it would be better to nail down the exact version like this...
然而,根据Bundler文档,我觉得最好是像这样确定确切的版本……
gem "haml-rails", "0.3.4"
So there's your haml-rails gem and all its dependencies won't drift forward. If you check out the project on a different machine a few weeks later and run $ bundle install you'll have precisely the same versions of everything you specified.
这就是你的haml-rails gem,它的所有依赖都不会向前移动。如果您在几周后在另一台机器上检查项目并运行$ bundle install,您将得到您指定的所有内容的完全相同的版本。
I've seen point releases break stuff, and I thought part of the whole idea of Bundler was to "Bundle.lock" all your gem versions.
我曾看到过《越狱》的一些片段,我认为《Bundler》的部分内容就是“捆绑”。锁定你所有的宝石版本。
But on rubygems.org they use "~>" a lot so maybe I'm missing something?
但是在rubygems.org网站上他们经常用"~>"所以也许我漏掉了什么?
Any clarification would be very helpful to me in understanding Bundler and gem management.
任何澄清都会对我理解Bundler和gem的管理很有帮助。
2 个解决方案
#1
52
This is the purpose of the Gemfile.lock file - running bundle install with a Gemfile.lock present only installs using the dependencies listed in there; it doesn't re-resolve the Gemfile. To update dependencies / update gem versions, you then have to explicitly do a bundle update, which will update your Gemfile.lock file.
这就是Gemfile的目的。锁文件-运行绑定包安装与Gemfile。只使用其中列出的依赖项安装lock present;它不会重新解析Gemfile。要更新依赖项/更新gem版本,您必须显式地执行包更新,它将更新Gemfile。锁文件。
If there wasn't a Gemfile.lock, deploying code to production would be a major issue because, as you mention, the dependencies and gem versions could change.
如果没有Gemfile的话。将代码锁定、部署到生产环境将是一个主要问题,因为正如您所提到的,依赖项和gem版本可能会改变。
In short, you should be generally safe using the pessimistic version constraint operator (~>) as rubygems.org advises. Just be sure to re-run your tests after you do a bundle update to make sure nothing breaks.
简而言之,使用rubygems.org建议的悲观版本约束操作符(~>)通常是安全的。只要确保在进行包更新之后重新运行测试,确保没有任何东西损坏。
There's a nice article by Yehuda Katz that has a little more info on Gemfile.lock.
Yehuda Katz写了一篇不错的文章,里面有更多关于Gemfile.lock的信息。
#2
5
I would definitely say use the exact version numbers. You can probably always just lock it down to a major version, or never specify any version, and be okay, but if you really want that fine grained level of control and to have 100% confidence in your program when being run on other machines, use the exact version numbers.
我肯定会说使用正确的版本号。您可能总是将其锁定到一个主版本,或者永远不指定任何版本,并且是可以的,但是如果您真的希望在其他机器上运行的时候,在您的程序中对您的程序有100%的信心,请使用精确的版本号。
I've been in situations where the exact version number wasn't specified, and when I or someone else did a bundle install, the project broke because it went to a newer version. This can be especially bad when deploying to production.
我曾经遇到过这样的情况:没有指定确切的版本号,当我或其他人进行捆绑安装时,项目失败了,因为它转到了更新的版本。在部署到生产环境时,这可能尤其糟糕。
Bundler does lock in your gem specifications, but if you're telling it to just use a major release, then it locks that in. So is just knows "Oh the version is locked in at > 0.1" or whatever, but not "Oh the version is locked in specifically at 0.1.2.3".
Bundler将锁定gem规范,但是如果您要求它只使用一个主要的版本,那么它将锁定该规范。所以,我们只知道“哦,这个版本被锁定在> 0.1”之类的,但不是“哦,这个版本锁定在0.1.2.3”。
#1
52
This is the purpose of the Gemfile.lock file - running bundle install with a Gemfile.lock present only installs using the dependencies listed in there; it doesn't re-resolve the Gemfile. To update dependencies / update gem versions, you then have to explicitly do a bundle update, which will update your Gemfile.lock file.
这就是Gemfile的目的。锁文件-运行绑定包安装与Gemfile。只使用其中列出的依赖项安装lock present;它不会重新解析Gemfile。要更新依赖项/更新gem版本,您必须显式地执行包更新,它将更新Gemfile。锁文件。
If there wasn't a Gemfile.lock, deploying code to production would be a major issue because, as you mention, the dependencies and gem versions could change.
如果没有Gemfile的话。将代码锁定、部署到生产环境将是一个主要问题,因为正如您所提到的,依赖项和gem版本可能会改变。
In short, you should be generally safe using the pessimistic version constraint operator (~>) as rubygems.org advises. Just be sure to re-run your tests after you do a bundle update to make sure nothing breaks.
简而言之,使用rubygems.org建议的悲观版本约束操作符(~>)通常是安全的。只要确保在进行包更新之后重新运行测试,确保没有任何东西损坏。
There's a nice article by Yehuda Katz that has a little more info on Gemfile.lock.
Yehuda Katz写了一篇不错的文章,里面有更多关于Gemfile.lock的信息。
#2
5
I would definitely say use the exact version numbers. You can probably always just lock it down to a major version, or never specify any version, and be okay, but if you really want that fine grained level of control and to have 100% confidence in your program when being run on other machines, use the exact version numbers.
我肯定会说使用正确的版本号。您可能总是将其锁定到一个主版本,或者永远不指定任何版本,并且是可以的,但是如果您真的希望在其他机器上运行的时候,在您的程序中对您的程序有100%的信心,请使用精确的版本号。
I've been in situations where the exact version number wasn't specified, and when I or someone else did a bundle install, the project broke because it went to a newer version. This can be especially bad when deploying to production.
我曾经遇到过这样的情况:没有指定确切的版本号,当我或其他人进行捆绑安装时,项目失败了,因为它转到了更新的版本。在部署到生产环境时,这可能尤其糟糕。
Bundler does lock in your gem specifications, but if you're telling it to just use a major release, then it locks that in. So is just knows "Oh the version is locked in at > 0.1" or whatever, but not "Oh the version is locked in specifically at 0.1.2.3".
Bundler将锁定gem规范,但是如果您要求它只使用一个主要的版本,那么它将锁定该规范。所以,我们只知道“哦,这个版本被锁定在> 0.1”之类的,但不是“哦,这个版本锁定在0.1.2.3”。