Package Management

Summarized using AI

Locking It Down with Ruby & Lockfiles

Danielle Adams • June 18, 2018 • Earth

In her talk "Locking It Down with Ruby & Lockfiles" at GoRuCo 2018, Danielle Adams discusses the intricacies of dependency management within the Ruby ecosystem. She begins by sharing her personal journey as a speaker and her recent experience at Heroku, emphasizing her focus on developer experience.

The main theme of the presentation revolves around the evolution of dependency management in Ruby, particularly through tools like RubyGems and Bundler. Danielle outlines key aspects of dependency management, including:

  • Introduction to Dependency Management: Danielle introduces the concept of dependency management and the significance of locking dependencies, drawing parallels from her work with JavaScript applications and the conflicting methods of dependency locking between NPM and Yarn.

  • History of Ruby Dependency Management: She provides a brief history, highlighting that Ruby was released in 1995, RubyGems in 2004, and Bundler in 2009, which became essential for managing dependencies effectively.

  • Simplicity of Ruby’s Dependency Management: She praises the straightforward nature of installing gems within Ruby apps, allowing easy management of specific library versions across applications.

  • Bundler’s Conflict Resolution: A significant highlight of her talk is how Bundler resolves dependency conflicts efficiently, often going underappreciated by developers.

  • Packaging and Publishing Gems: Danielle explains how simple it is to package Ruby libraries and the process of pushing them to RubyGems, emphasizing accessibility for developers.

  • Debugging Ease: She notes that both Bundler and RubyGems are built in Ruby, simplifying debugging for developers as they don’t need to learn a different language to resolve issues.

In conclusion, Danielle argues that Ruby’s tools for dependency management are robust and effective, while also acknowledging areas where they can improve. She reinforces her appreciation for the Ruby ecosystem, highlighting the need for continuous learning from other programming languages.

Overall, Danielle’s presentation sheds light on how Ruby effectively manages dependencies, providing insights that can help developers appreciate the tools available within this programming ecosystem.

Locking It Down with Ruby & Lockfiles
Danielle Adams • June 18, 2018 • Earth

GORUCO 2018: Locking It Down with Ruby & Lockfiles by Danielle Adams

GORUCO 2018

00:00:14.330 Hey guys, as Luke said, I'm Danielle. I was here two years ago for my first career Go talk, or actually my first talk ever. I was pretty sure I was about to have a heart attack, but luckily I didn't, and I'm here today. Thanks to all for coming. In all seriousness, I'm going to talk about dependency management in Ruby. I'll share some things I appreciate about it and discuss how I think we can evolve.
00:00:35.210 So let's get started. There are two things you should know about me. First, I have a cat named Dennis. I had some paranoid thoughts that maybe he was trying to kill me, and when I took a quiz online, I found out I was right! So, this is him. The second thing is that I work at a company called Heroku, focusing on developer experience. I've been there a little over a month, and I have only broken one thing, so things are going pretty well!
00:01:04.619 Now, let's talk about dependency management in Ruby. Initially, when I proposed this talk, I was a little ambitious with the title. I had to shorten it for a ten-minute talk, so it became 'Locking It Down with Ruby.' Or as I like to say, it’s about the things I appreciate regarding Ruby package management and dependency locking. I started thinking about this because, as you heard before, I write a lot in Ember and JavaScript. There’s an ongoing conversation about the two conflicting ways to lock dependencies in a JavaScript application: NPM and Yarn — and of course Bower, who’s just watching from the sidelines.
00:01:40.440 There's a lot of discussion about how to lock dependencies, and it can be confusing. Even if you're experienced with the project, navigating these different methods can be a challenge. Since I started working on JavaScript applications, I've encountered various practices. When I talk about locking, I'm referring to locking an entire dependency tree for an application or locking a dependency that exists within the application level.
00:02:09.690 I’ve been managing JavaScript for a couple of years, which is quite a bit. The first method I've tried, which works okay, is pessimistic locking. This involves modifying the version of your package.json file — which is the equivalent of Gemfile — by stripping out the syntax so it gives a specific version rather than a range. When you install your packages, it resolves to that specific version. I've used this method, but there's also a shrinkwrap method that I won't get into, and it wasn't very effective.
00:03:02.160 Then, about a year and a half ago, Yarn came out, and six months later, NPM introduced their own lock file. This has sparked an ongoing discussion about which method is better. Now, I want to go back and provide a brief history of how Ruby came to be and how its dependency ecosystem evolved.
00:03:34.890 Originally, Ruby was released in 1995; I'll call that year zero. RubyGems was introduced in 2004, about nine years after Ruby. I'm combining RubyGems.org and the RubyGems tool because it simplifies the discussion, but they are separate components. Five years later, in 2009, Bundler emerged as a solution for managing dependencies, particularly after Rails was released. Different applications needed a more robust version-locking system.
00:04:24.225 Now, let’s talk about the good parts of Ruby dependency management. First, in my opinion, installing gems and managing them at the application level is really straightforward. You can see that you can easily install the command-line tool, which is just Rails. That initiates a Rails application with or without running Bundler. From there, you can add a gem library to your application, and you have the ability to run the specific version you need.
00:05:01.980 This is beneficial when you have different applications running on the same operating system, as Bundler scopes to the correct version, so you don’t have to worry about compatibility issues. One of the highlights is how Bundler resolves dependency conflicts, which often goes unappreciated. It’s an impressive mechanism that helps alleviate a lot of developer headaches.
00:05:51.810 Bundler utilizes your Gemfile to determine dependencies, as shown in an example I have. I learned while preparing this talk that I18n stands for internationalization. It consists of 18 letters between I and N! In this scenario, you might specify a dependency on a gem called concurrent Ruby, wanting a particular version in your application. Bundler will analyze this and generate a corresponding Gemfile.lock file, ensuring that it resolves correctly at the application level.
00:06:29.490 So even if you haven’t specified a dependency version, Bundler will determine an appropriate version through its backward resolution process. It analyzes dependencies and helps ensure you have a working application. This is one of the things I appreciate about the Ruby ecosystem.
00:07:07.860 Packaging and developing Ruby libraries is also remarkably simple. All you need is to create a folder containing your files, and RubyGems provides the necessary tools to create a packaged file. You can then push it to RubyGems, where it's stored and made readily available to developers for use in their applications or command-line tools.
00:08:00.699 Lastly, it's great that both Bundler and RubyGems are written in Ruby. This makes debugging much easier for developers, as you can step through your tools without needing to learn a new language. For instance, the command to install a gem is straightforward and reveals how it operates under the hood, which is particularly beneficial when troubleshooting.
00:08:53.060 In conclusion, I believe the tools provided by Ruby for dependency management work exceptionally well. While there are other languages and communities that Ruby can learn from, the Ruby ecosystem is quite robust. There are always areas for improvement, but overall, I'm quite pleased with how Ruby manages dependencies.
00:09:46.980 Thank you!
Explore all talks recorded at GORUCO 2018
+2