Sorbet Ruby setup fails due to frozen Gemfile.lock when updating gems in the /updater directory

[robaiken]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

bundler

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

When Dependabot attempts to update gems in the /updater directory, the Sorbet job fails because the gem.lock file in the project's root directory becomes outdated and does not reflect the changes made to the /updater directory's gem.lock file.

The Sorbet setup should complete successfully, updating the Gemfile.lock to reflect the changes made to the gem dependencies in the /updater directory's Gemfile. But fails with the following error message:

Run `bundle install` elsewhere and add the updated Gemfile to version control.
If this is a development machine, remove the Gemfile.lock freeze by running
`bundle config set frozen false`.
Error: The process '/opt/hostedtoolcache/Ruby/3.1.4/x64/bin/bundle' failed with exit code 1

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Related PR
#9520

Failing workflow action
https://github.com/dependabot/dependabot-core/actions/runs/8756996358/job/24038649196

Smallest manifest that reproduces the issue

No response

[jurre]

Thanks, yeah ideally we'd not have a weird setup with a top-level Gemfile.lock and dependencies pulled in from common both there and in updater, but until we sort that out having something in CI automate it is preferable over us having to manually run bundle from the top-level project to update the lockfile