Allow to bundle for a different Ruby version than the currently running version

[etiennebarrie]

Sometimes you're running a given Ruby version, but you want to be able to bundle for another, typically in automation systems, directly using the library code, not the bundle executable.

For example, Dependabot currently runs 3.1.4, but can bundle dependencies for 3.3.0 if you provide a ruby "3.3.0" line in your Gemfile.

The way it does that is by monkey-patching, it would be nice if there was first class support for this: dependabot/dependabot-core#6030 (comment)

[simi]

If you would like to just resolve the bundle, you can use bundle lock command. I did quick check and it doesn't complain if used on different Ruby than in Gemfile. 🤔

[deivid-rodriguez]

I mean, it normally works, but depending of required_ruby_version constraints in Dependencies, it may need a specific ruby version to resolve correctly, or just give a different result. This feature would allow to resolve as if you were using a given ruby version without having to install and switch to that ruby version.

[simi]

I'm not sure I do follow @deivid-rodriguez. Without Ruby installed, there is no way to install the bundle, since it is not known where to install the gems. It is possible to resolve (bundle lock) or download (bundle cache) the bundle. bundle lock seems ok with other Ruby version (not sure if the result is correct). bundle cache fails with other Ruby version (something we should probably fix). Is this issue about these problems or different ones? Any chance to provide steps to reproduce current problem?

[deivid-rodriguez]

Just double checking how bundle lock behaves in presence of the ruby DSL. It seems like the result is not correct? For example, if the Gemfile includes ruby "~> 2.7.0", bundle lock in Ruby 3.3 will lock, for example, nokogiri-1.16.0 in the Gemfile.lock file, which is incompatible with Ruby 2.7. I wouldn't expect that, but an error?

Regardless of that potential bug with the ruby DSL, this feature would be to be able to run something like bundle lock --ruby 2.7 while using Ruby 3.3, so that the generated lockfile resolves to nokogiri-1.15.5 (the latest version supporting Ruby 2.7) and thus keeping support for Ruby 2.7, even if you're locally using Ruby 3.3.

The use case of Dependabot is to be able to provide manifest updates that respect the Ruby version end users are using, without having to install and switch to that version in order to provide the update.

To do this, Dependabot currently monkeypatches Bundler to pass to the resolver the ruby version required by the manifest (for example, through ruby DSL), instead of passing the running Ruby, which is Bundler's default.