Bundler is quickly shaping up to meet all it’s promise as THE best way to manage your application dependencies. This afternoon we updated Heroku to the latest version – 1.0.0RC5. RC5 addresses all known outstanding issues including the git sourced gems. You can see a full changelog on github.
One key problem Bundler was designed to address was the shifting sands of various gems updating and changing dependencies. As many of you have probably found in the past before Bundler, deploying could unexpectedly install new versions of gems on you, breaking your application. Bundler has added a new flag: “—deployment” for this very issue.
When you run “bundle install” on your local development machine, Bundler will automatically create a Gemfile.lock file. The lock file includes a pinned version of all of your gem dependencies, for all groups. When the deploy process then uses the —deployment flag, the installation will only install the version of gems that are listed in the Gemfile.lock, which was generated on your development machine. This ensures that even your dependent gems change, the dependencies on the dependencies change, etc, you won’t be surprised by updating to a different version than you tested against.
To work, the —deployment flag requires that you have a Gemfile.lock. Currently, Heroku runs “bundle install” against your application if you don’t have a Gemfile.lock, and “bundle install —deployment” if you do. Starting next month, we will begin to use the —deployment flag 100% of the time. This means you must commit a Gemfile.lock to your git repo. Simply run bundle install locally, git add your Gemfile.lock, and you’ll be all set for the future.