Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Bundler to avoid permission error on GHA #2265

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update Bundler to avoid permission error on GHA #2265

wants to merge 2 commits into from

Conversation

pocke
Copy link
Member

@pocke pocke commented Jan 31, 2025
edited
Loading

The following error happens in GHA and updating Bundler will solve it.

The installation path is insecure. Bundler cannot continue.

ref: rubygems/rubygems#7983 (comment)

Also, this update causes the following error on Windows ucrt and mswin CI.

Bundler found mismatched checksums. This is a potential security risk.
net-smtp (0.5.0)
sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
    from the API at https://rubygems.org/
net-smtp (0.5.0)
sha256=5040e34a1bbf11aa501e53d036d9c5e17a30004a08ed24304d7b1dc69c806c4d
    from the gem at D:/ruby-ucrt/lib/ruby/gems/3.5.0+0/cache/net-smtp-0.5.0.gem

If you trust the API at https://rubygems.org/, to resolve this issue you can:
1. remove the gem at
D:/ruby-ucrt/lib/ruby/gems/3.5.0+0/cache/net-smtp-0.5.0.gem
  2. run `bundle install`

To ignore checksum security warnings, disable checksum validation with
  `bundle config set --local disable_checksum_validation true`

Because their Rubies are the latest build. So, the bundled gems contain different content from the RubyGems' one.
To solve this problem, I updated the GHA to remove all bundled gems before bundle install on these CI.

@pocke
Update Bundler to avoid permission error on GHA
88aa628 
The following error happens in GHA and updating Bundler will solve it.

```
The installation path is insecure. Bundler cannot continue.
```
@pocke pocke force-pushed the Update_Bundler_to_avoid_permission_error_on_GHA branch 2 times, most recently from 6747cb0 to 4263f07 Compare January 31, 2025 11:16
@pocke pocke force-pushed the Update_Bundler_to_avoid_permission_error_on_GHA branch from 4263f07 to 7ca28f0 Compare January 31, 2025 11:21
pocke
pocke commented Jan 31, 2025
View reviewed changes
.github/workflows/windows.yml
# It introduce checksum mismatches for bundled gems. So remove them before `bundle install`
- name: Purge gem caches
run: |
ruby -e '
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Writing PowerShell is difficult for me🙃 I use Ruby instead...

@tk0miya tk0miya mentioned this pull request Feb 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pocke