After running the bundle install
command, \'Gemfile.lock\' is created in the working directory. What do the directives inside that file mean?
F
I've spent the last few months messing around with Gemfiles and Gemfile.locks a lot whilst building an automated dependency update tool1. The below is far from definitive, but it's a good starting point for understanding the Gemfile.lock format. You might also want to check out the source code for Bundler's lockfile parser.
You'll find the following headings in a lockfile generated by Bundler 1.x:
GEM (optional but very common)
These are dependencies sourced from a Rubygems server. That may be the main Rubygems index, at Rubygems.org, or it may be a custom index, such as those available from Gemfury and others. Within this section you'll see:
remote:
one or more lines specifying the location of the Rubygems index(es)specs:
a list of dependencies, with their version number, and the constraints on any subdependenciesGIT (optional)
These are dependencies sourced from a given git remote. You'll see a different one of these sections for each git remote, and within each section you'll see:
remote:
the git remote. E.g., git@github.com:rails/rails
revision:
the commit reference the Gemfile.lock is locked totag:
(optional) the tag specified in the Gemfilespecs:
the git dependency found at this remote, with its version number, and the constraints on any subdependenciesPATH (optional)
These are dependencies sourced from a given path
, provided in the Gemfile. You'll see a different one of these sections for each path dependency, and within each section you'll see:
remote:
the path. E.g., plugins/vendored-dependency
specs:
the git dependency found at this remote, with its version number, and the constraints on any subdependenciesPLATFORMS
The Ruby platform the Gemfile.lock was generated against. If any dependencies in the Gemfile specify a platform then they will only be included in the Gemfile.lock when the lockfile is generated on that platform (e.g., through an install).
DEPENDENCIES
A list of the dependencies which are specified in the Gemfile
, along with the version constraint specified there.
Dependencies specified with a source other than the main Rubygems index (e.g., git dependencies, path-based, dependencies) have a !
which means they are "pinned" to that source2 (although one must sometimes look in the Gemfile to determine in).
RUBY VERSION (optional)
The Ruby version specified in the Gemfile, when this Gemfile.lock was created. If a Ruby version is specified in a .ruby_version
file instead this section will not be present (as Bundler will consider the Gemfile / Gemfile.lock agnostic to the installer's Ruby version).
BUNDLED WITH (Bundler >= v1.10.x)
The version of Bundler used to create the Gemfile.lock. Used to remind installers to update their version of Bundler, if it is older than the version that created the file.
PLUGIN SOURCE (optional and very rare)
In theory, a Gemfile can specify Bundler plugins, as well as gems3, which would then be listed here. In practice, I'm not aware of any available plugins, as of July 2017. This part of Bundler is still under active development!